Analysis
-
max time kernel
108s -
max time network
111s -
platform
windows10-2004_x64 -
resource
win10v2004-20250410-en -
resource tags
arch:x64arch:x86image:win10v2004-20250410-enlocale:en-usos:windows10-2004-x64system -
submitted
19/04/2025, 14:43
Static task
static1
URLScan task
urlscan1
Malware Config
Extracted
danabot
51.178.195.151
51.222.39.81
149.255.35.125
38.68.50.179
51.77.7.204
Signatures
-
Danabot family
-
Danabot x86 payload 1 IoCs
Detection of Danabot x86 payload, mapped in memory during the execution of its loader.
resource yara_rule behavioral1/files/0x0010000000023f16-1559.dat family_danabot -
Downloads MZ/PE file 1 IoCs
flow pid Process 258 4688 msedge.exe -
Executes dropped EXE 2 IoCs
pid Process 916 DanaBot.exe 5540 DanaBot.exe -
Loads dropped DLL 8 IoCs
pid Process 2996 regsvr32.exe 4328 regsvr32.exe 4328 regsvr32.exe 2996 regsvr32.exe 5476 rundll32.exe 5476 rundll32.exe 5000 rundll32.exe 5000 rundll32.exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs 6 IoCs
flow ioc 254 raw.githubusercontent.com 255 raw.githubusercontent.com 256 raw.githubusercontent.com 257 raw.githubusercontent.com 258 raw.githubusercontent.com 253 raw.githubusercontent.com -
Drops file in Program Files directory 5 IoCs
description ioc Process File created C:\Program Files\chrome_Unpacker_BeginUnzipping4848_2118089951\manifest.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping4848_2118089951\protocols.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping4848_2118089951\manifest.fingerprint msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping4848_576059420\manifest.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping4848_576059420\manifest.fingerprint msedge.exe -
Program crash 2 IoCs
pid pid_target Process procid_target 5576 5540 WerFault.exe 181 5652 916 WerFault.exe 180 -
System Location Discovery: System Language Discovery 1 TTPs 6 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language DanaBot.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language DanaBot.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language regsvr32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language regsvr32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe -
Checks processor information in registry 2 TTPs 4 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 chrome.exe -
Enumerates system info in registry 2 TTPs 6 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 3 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133895474131171703" chrome.exe Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry msedge.exe -
Modifies registry class 2 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ msedge.exe Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3833542908-3750648139-3436651901-1000\{669B8A1E-6375-4A24-813E-B33C2D4DDCAA} msedge.exe -
Suspicious behavior: EnumeratesProcesses 5 IoCs
pid Process 2156 chrome.exe 2156 chrome.exe 2156 chrome.exe 2156 chrome.exe 2156 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 25 IoCs
pid Process 4848 msedge.exe 4848 msedge.exe 4848 msedge.exe 4848 msedge.exe 2156 chrome.exe 2156 chrome.exe 2156 chrome.exe 2156 chrome.exe 4848 msedge.exe 4848 msedge.exe 2156 chrome.exe 2156 chrome.exe 2156 chrome.exe 4848 msedge.exe 2156 chrome.exe 4848 msedge.exe 2156 chrome.exe 2156 chrome.exe 4848 msedge.exe 4848 msedge.exe 4848 msedge.exe 4848 msedge.exe 4848 msedge.exe 4848 msedge.exe 4848 msedge.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 2156 chrome.exe Token: SeCreatePagefilePrivilege 2156 chrome.exe Token: SeShutdownPrivilege 2156 chrome.exe Token: SeCreatePagefilePrivilege 2156 chrome.exe Token: SeShutdownPrivilege 2156 chrome.exe Token: SeCreatePagefilePrivilege 2156 chrome.exe Token: SeShutdownPrivilege 2156 chrome.exe Token: SeCreatePagefilePrivilege 2156 chrome.exe Token: SeShutdownPrivilege 2156 chrome.exe Token: SeCreatePagefilePrivilege 2156 chrome.exe Token: SeShutdownPrivilege 2156 chrome.exe Token: SeCreatePagefilePrivilege 2156 chrome.exe Token: SeShutdownPrivilege 2156 chrome.exe Token: SeCreatePagefilePrivilege 2156 chrome.exe Token: SeShutdownPrivilege 2156 chrome.exe Token: SeCreatePagefilePrivilege 2156 chrome.exe Token: SeShutdownPrivilege 2156 chrome.exe Token: SeCreatePagefilePrivilege 2156 chrome.exe Token: SeShutdownPrivilege 2156 chrome.exe Token: SeCreatePagefilePrivilege 2156 chrome.exe Token: SeShutdownPrivilege 2156 chrome.exe Token: SeCreatePagefilePrivilege 2156 chrome.exe Token: SeShutdownPrivilege 2156 chrome.exe Token: SeCreatePagefilePrivilege 2156 chrome.exe Token: SeShutdownPrivilege 2156 chrome.exe Token: SeCreatePagefilePrivilege 2156 chrome.exe Token: SeShutdownPrivilege 2156 chrome.exe Token: SeCreatePagefilePrivilege 2156 chrome.exe Token: SeShutdownPrivilege 2156 chrome.exe Token: SeCreatePagefilePrivilege 2156 chrome.exe Token: SeShutdownPrivilege 2156 chrome.exe Token: SeCreatePagefilePrivilege 2156 chrome.exe Token: SeShutdownPrivilege 2156 chrome.exe Token: SeCreatePagefilePrivilege 2156 chrome.exe Token: SeShutdownPrivilege 2156 chrome.exe Token: SeCreatePagefilePrivilege 2156 chrome.exe Token: SeShutdownPrivilege 2156 chrome.exe Token: SeCreatePagefilePrivilege 2156 chrome.exe Token: SeShutdownPrivilege 2156 chrome.exe Token: SeCreatePagefilePrivilege 2156 chrome.exe Token: SeShutdownPrivilege 2156 chrome.exe Token: SeCreatePagefilePrivilege 2156 chrome.exe Token: SeShutdownPrivilege 2156 chrome.exe Token: SeCreatePagefilePrivilege 2156 chrome.exe Token: SeShutdownPrivilege 2156 chrome.exe Token: SeCreatePagefilePrivilege 2156 chrome.exe Token: SeShutdownPrivilege 2156 chrome.exe Token: SeCreatePagefilePrivilege 2156 chrome.exe Token: SeShutdownPrivilege 2156 chrome.exe Token: SeCreatePagefilePrivilege 2156 chrome.exe Token: SeShutdownPrivilege 2156 chrome.exe Token: SeCreatePagefilePrivilege 2156 chrome.exe Token: SeShutdownPrivilege 2156 chrome.exe Token: SeCreatePagefilePrivilege 2156 chrome.exe Token: SeShutdownPrivilege 2156 chrome.exe Token: SeCreatePagefilePrivilege 2156 chrome.exe Token: SeShutdownPrivilege 2156 chrome.exe Token: SeCreatePagefilePrivilege 2156 chrome.exe Token: SeShutdownPrivilege 2156 chrome.exe Token: SeCreatePagefilePrivilege 2156 chrome.exe Token: SeShutdownPrivilege 2156 chrome.exe Token: SeCreatePagefilePrivilege 2156 chrome.exe Token: SeShutdownPrivilege 2156 chrome.exe Token: SeCreatePagefilePrivilege 2156 chrome.exe -
Suspicious use of FindShellTrayWindow 38 IoCs
pid Process 4848 msedge.exe 4848 msedge.exe 2156 chrome.exe 2156 chrome.exe 2156 chrome.exe 2156 chrome.exe 2156 chrome.exe 2156 chrome.exe 2156 chrome.exe 2156 chrome.exe 2156 chrome.exe 2156 chrome.exe 2156 chrome.exe 2156 chrome.exe 2156 chrome.exe 2156 chrome.exe 2156 chrome.exe 2156 chrome.exe 2156 chrome.exe 2156 chrome.exe 2156 chrome.exe 2156 chrome.exe 2156 chrome.exe 2156 chrome.exe 2156 chrome.exe 2156 chrome.exe 2156 chrome.exe 2156 chrome.exe 4848 msedge.exe 4848 msedge.exe 4848 msedge.exe 4848 msedge.exe 4848 msedge.exe 4848 msedge.exe 4848 msedge.exe 4848 msedge.exe 4848 msedge.exe 4848 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2156 chrome.exe 2156 chrome.exe 2156 chrome.exe 2156 chrome.exe 2156 chrome.exe 2156 chrome.exe 2156 chrome.exe 2156 chrome.exe 2156 chrome.exe 2156 chrome.exe 2156 chrome.exe 2156 chrome.exe 2156 chrome.exe 2156 chrome.exe 2156 chrome.exe 2156 chrome.exe 2156 chrome.exe 2156 chrome.exe 2156 chrome.exe 2156 chrome.exe 2156 chrome.exe 2156 chrome.exe 2156 chrome.exe 2156 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4848 wrote to memory of 1808 4848 msedge.exe 87 PID 4848 wrote to memory of 1808 4848 msedge.exe 87 PID 4848 wrote to memory of 4144 4848 msedge.exe 90 PID 4848 wrote to memory of 4144 4848 msedge.exe 90 PID 4848 wrote to memory of 4688 4848 msedge.exe 88 PID 4848 wrote to memory of 4688 4848 msedge.exe 88 PID 4848 wrote to memory of 4144 4848 msedge.exe 90 PID 4848 wrote to memory of 4144 4848 msedge.exe 90 PID 4848 wrote to memory of 4144 4848 msedge.exe 90 PID 4848 wrote to memory of 4144 4848 msedge.exe 90 PID 4848 wrote to memory of 4144 4848 msedge.exe 90 PID 4848 wrote to memory of 4144 4848 msedge.exe 90 PID 4848 wrote to memory of 4144 4848 msedge.exe 90 PID 4848 wrote to memory of 4144 4848 msedge.exe 90 PID 4848 wrote to memory of 4144 4848 msedge.exe 90 PID 4848 wrote to memory of 4144 4848 msedge.exe 90 PID 4848 wrote to memory of 4144 4848 msedge.exe 90 PID 4848 wrote to memory of 4144 4848 msedge.exe 90 PID 4848 wrote to memory of 4144 4848 msedge.exe 90 PID 4848 wrote to memory of 4144 4848 msedge.exe 90 PID 4848 wrote to memory of 4144 4848 msedge.exe 90 PID 4848 wrote to memory of 4144 4848 msedge.exe 90 PID 4848 wrote to memory of 4144 4848 msedge.exe 90 PID 4848 wrote to memory of 4144 4848 msedge.exe 90 PID 4848 wrote to memory of 4144 4848 msedge.exe 90 PID 4848 wrote to memory of 4144 4848 msedge.exe 90 PID 4848 wrote to memory of 4144 4848 msedge.exe 90 PID 4848 wrote to memory of 4144 4848 msedge.exe 90 PID 4848 wrote to memory of 4144 4848 msedge.exe 90 PID 4848 wrote to memory of 4144 4848 msedge.exe 90 PID 4848 wrote to memory of 4144 4848 msedge.exe 90 PID 4848 wrote to memory of 4144 4848 msedge.exe 90 PID 4848 wrote to memory of 4144 4848 msedge.exe 90 PID 4848 wrote to memory of 4144 4848 msedge.exe 90 PID 4848 wrote to memory of 4144 4848 msedge.exe 90 PID 4848 wrote to memory of 4144 4848 msedge.exe 90 PID 4848 wrote to memory of 4144 4848 msedge.exe 90 PID 4848 wrote to memory of 4144 4848 msedge.exe 90 PID 4848 wrote to memory of 4144 4848 msedge.exe 90 PID 4848 wrote to memory of 4144 4848 msedge.exe 90 PID 4848 wrote to memory of 4144 4848 msedge.exe 90 PID 4848 wrote to memory of 4144 4848 msedge.exe 90 PID 4848 wrote to memory of 4144 4848 msedge.exe 90 PID 4848 wrote to memory of 4144 4848 msedge.exe 90 PID 4848 wrote to memory of 4144 4848 msedge.exe 90 PID 4848 wrote to memory of 4144 4848 msedge.exe 90 PID 4848 wrote to memory of 4144 4848 msedge.exe 90 PID 4848 wrote to memory of 4144 4848 msedge.exe 90 PID 4848 wrote to memory of 4144 4848 msedge.exe 90 PID 4848 wrote to memory of 4144 4848 msedge.exe 90 PID 4848 wrote to memory of 4144 4848 msedge.exe 90 PID 4848 wrote to memory of 4144 4848 msedge.exe 90 PID 4848 wrote to memory of 4144 4848 msedge.exe 90 PID 4848 wrote to memory of 4144 4848 msedge.exe 90 PID 4848 wrote to memory of 4144 4848 msedge.exe 90 PID 4848 wrote to memory of 1332 4848 msedge.exe 92 PID 4848 wrote to memory of 1332 4848 msedge.exe 92 PID 4848 wrote to memory of 1332 4848 msedge.exe 92 PID 4848 wrote to memory of 1332 4848 msedge.exe 92 PID 4848 wrote to memory of 1332 4848 msedge.exe 92 PID 4848 wrote to memory of 1332 4848 msedge.exe 92 PID 4848 wrote to memory of 1332 4848 msedge.exe 92 PID 4848 wrote to memory of 1332 4848 msedge.exe 92 PID 4848 wrote to memory of 1332 4848 msedge.exe 92
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://agf1⤵
- Drops file in Program Files directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:4848 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2c8,0x2cc,0x2d0,0x2c4,0x2ec,0x7ff92350f208,0x7ff92350f214,0x7ff92350f2202⤵PID:1808
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1812,i,6464629101475988030,16719470292543100503,262144 --variations-seed-version --mojo-platform-channel-handle=2160 /prefetch:32⤵
- Downloads MZ/PE file
PID:4688
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2124,i,6464629101475988030,16719470292543100503,262144 --variations-seed-version --mojo-platform-channel-handle=2104 /prefetch:22⤵PID:4144
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2460,i,6464629101475988030,16719470292543100503,262144 --variations-seed-version --mojo-platform-channel-handle=3028 /prefetch:82⤵PID:1332
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3452,i,6464629101475988030,16719470292543100503,262144 --variations-seed-version --mojo-platform-channel-handle=3508 /prefetch:12⤵PID:4320
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3472,i,6464629101475988030,16719470292543100503,262144 --variations-seed-version --mojo-platform-channel-handle=3500 /prefetch:12⤵PID:3960
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4084,i,6464629101475988030,16719470292543100503,262144 --variations-seed-version --mojo-platform-channel-handle=4164 /prefetch:12⤵PID:4800
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=4136,i,6464629101475988030,16719470292543100503,262144 --variations-seed-version --mojo-platform-channel-handle=4184 /prefetch:22⤵PID:1360
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3828,i,6464629101475988030,16719470292543100503,262144 --variations-seed-version --mojo-platform-channel-handle=3840 /prefetch:82⤵PID:3996
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5240,i,6464629101475988030,16719470292543100503,262144 --variations-seed-version --mojo-platform-channel-handle=5244 /prefetch:82⤵PID:2892
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3968,i,6464629101475988030,16719470292543100503,262144 --variations-seed-version --mojo-platform-channel-handle=5468 /prefetch:82⤵PID:3624
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3884,i,6464629101475988030,16719470292543100503,262144 --variations-seed-version --mojo-platform-channel-handle=5500 /prefetch:82⤵PID:2292
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --always-read-main-dll --field-trial-handle=5836,i,6464629101475988030,16719470292543100503,262144 --variations-seed-version --mojo-platform-channel-handle=5852 /prefetch:12⤵PID:4416
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --always-read-main-dll --field-trial-handle=3456,i,6464629101475988030,16719470292543100503,262144 --variations-seed-version --mojo-platform-channel-handle=4964 /prefetch:12⤵PID:5328
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3624,i,6464629101475988030,16719470292543100503,262144 --variations-seed-version --mojo-platform-channel-handle=5352 /prefetch:82⤵PID:5956
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3624,i,6464629101475988030,16719470292543100503,262144 --variations-seed-version --mojo-platform-channel-handle=5352 /prefetch:82⤵PID:6020
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6212,i,6464629101475988030,16719470292543100503,262144 --variations-seed-version --mojo-platform-channel-handle=6132 /prefetch:82⤵PID:6072
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6352,i,6464629101475988030,16719470292543100503,262144 --variations-seed-version --mojo-platform-channel-handle=6400 /prefetch:82⤵PID:2672
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6412,i,6464629101475988030,16719470292543100503,262144 --variations-seed-version --mojo-platform-channel-handle=5832 /prefetch:82⤵PID:5312
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5828,i,6464629101475988030,16719470292543100503,262144 --variations-seed-version --mojo-platform-channel-handle=6504 /prefetch:82⤵PID:5368
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5968,i,6464629101475988030,16719470292543100503,262144 --variations-seed-version --mojo-platform-channel-handle=6424 /prefetch:82⤵PID:5256
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5984,i,6464629101475988030,16719470292543100503,262144 --variations-seed-version --mojo-platform-channel-handle=6764 /prefetch:82⤵PID:5428
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5944,i,6464629101475988030,16719470292543100503,262144 --variations-seed-version --mojo-platform-channel-handle=6928 /prefetch:82⤵PID:5796
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6920,i,6464629101475988030,16719470292543100503,262144 --variations-seed-version --mojo-platform-channel-handle=5860 /prefetch:82⤵PID:1572
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --always-read-main-dll --field-trial-handle=6652,i,6464629101475988030,16719470292543100503,262144 --variations-seed-version --mojo-platform-channel-handle=6912 /prefetch:12⤵PID:3476
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6032,i,6464629101475988030,16719470292543100503,262144 --variations-seed-version --mojo-platform-channel-handle=5132 /prefetch:82⤵PID:6016
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3520,i,6464629101475988030,16719470292543100503,262144 --variations-seed-version --mojo-platform-channel-handle=4932 /prefetch:82⤵PID:5992
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4944,i,6464629101475988030,16719470292543100503,262144 --variations-seed-version --mojo-platform-channel-handle=4924 /prefetch:82⤵PID:6012
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --always-read-main-dll --field-trial-handle=5656,i,6464629101475988030,16719470292543100503,262144 --variations-seed-version --mojo-platform-channel-handle=5640 /prefetch:12⤵PID:5984
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7008,i,6464629101475988030,16719470292543100503,262144 --variations-seed-version --mojo-platform-channel-handle=5804 /prefetch:82⤵PID:2752
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5684,i,6464629101475988030,16719470292543100503,262144 --variations-seed-version --mojo-platform-channel-handle=5736 /prefetch:82⤵PID:5800
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --always-read-main-dll --field-trial-handle=5108,i,6464629101475988030,16719470292543100503,262144 --variations-seed-version --mojo-platform-channel-handle=7048 /prefetch:12⤵PID:5284
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --always-read-main-dll --field-trial-handle=6912,i,6464629101475988030,16719470292543100503,262144 --variations-seed-version --mojo-platform-channel-handle=5832 /prefetch:12⤵PID:5212
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=1628,i,6464629101475988030,16719470292543100503,262144 --variations-seed-version --mojo-platform-channel-handle=7048 /prefetch:82⤵PID:4024
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --always-read-main-dll --field-trial-handle=3832,i,6464629101475988030,16719470292543100503,262144 --variations-seed-version --mojo-platform-channel-handle=3596 /prefetch:12⤵PID:3192
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --always-read-main-dll --field-trial-handle=6872,i,6464629101475988030,16719470292543100503,262144 --variations-seed-version --mojo-platform-channel-handle=3840 /prefetch:12⤵PID:2680
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --always-read-main-dll --field-trial-handle=6908,i,6464629101475988030,16719470292543100503,262144 --variations-seed-version --mojo-platform-channel-handle=4420 /prefetch:12⤵PID:4084
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4416,i,6464629101475988030,16719470292543100503,262144 --variations-seed-version --mojo-platform-channel-handle=5904 /prefetch:82⤵PID:2576
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6584,i,6464629101475988030,16719470292543100503,262144 --variations-seed-version --mojo-platform-channel-handle=6720 /prefetch:82⤵PID:3480
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --always-read-main-dll --field-trial-handle=6660,i,6464629101475988030,16719470292543100503,262144 --variations-seed-version --mojo-platform-channel-handle=7124 /prefetch:12⤵PID:4276
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3676,i,6464629101475988030,16719470292543100503,262144 --variations-seed-version --mojo-platform-channel-handle=7408 /prefetch:82⤵PID:3340
-
-
C:\Users\Admin\Downloads\DanaBot.exe"C:\Users\Admin\Downloads\DanaBot.exe"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:916 -
C:\Windows\SysWOW64\regsvr32.exeC:\Windows\system32\regsvr32.exe -s C:\Users\Admin\DOWNLO~1\DanaBot.dll f1 C:\Users\Admin\DOWNLO~1\DanaBot.exe@9163⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:2996 -
C:\Windows\SysWOW64\rundll32.exeC:\Windows\SysWOW64\rundll32.exe C:\Users\Admin\DOWNLO~1\DanaBot.dll,f04⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:5000
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 916 -s 4683⤵
- Program crash
PID:5652
-
-
-
C:\Users\Admin\Downloads\DanaBot.exe"C:\Users\Admin\Downloads\DanaBot.exe"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:5540 -
C:\Windows\SysWOW64\regsvr32.exeC:\Windows\system32\regsvr32.exe -s C:\Users\Admin\DOWNLO~1\DanaBot.dll f1 C:\Users\Admin\DOWNLO~1\DanaBot.exe@55403⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:4328 -
C:\Windows\SysWOW64\rundll32.exeC:\Windows\SysWOW64\rundll32.exe C:\Users\Admin\DOWNLO~1\DanaBot.dll,f04⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:5476
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5540 -s 4403⤵
- Program crash
PID:5576
-
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2156 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9130adcf8,0x7ff9130add04,0x7ff9130add102⤵PID:880
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1980,i,16610594086673985879,4236792160590859176,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=1968 /prefetch:22⤵PID:4772
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=2088,i,16610594086673985879,4236792160590859176,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=2220 /prefetch:32⤵PID:1944
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2356,i,16610594086673985879,4236792160590859176,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=2372 /prefetch:82⤵PID:4440
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3128,i,16610594086673985879,4236792160590859176,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=3188 /prefetch:12⤵PID:4796
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3112,i,16610594086673985879,4236792160590859176,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=3136 /prefetch:12⤵PID:1940
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4292,i,16610594086673985879,4236792160590859176,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=4276 /prefetch:22⤵PID:3668
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3124,i,16610594086673985879,4236792160590859176,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=4560 /prefetch:12⤵PID:2808
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5228,i,16610594086673985879,4236792160590859176,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=4492 /prefetch:82⤵PID:6128
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5532,i,16610594086673985879,4236792160590859176,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5548 /prefetch:82⤵PID:1488
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5548,i,16610594086673985879,4236792160590859176,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5560 /prefetch:12⤵PID:5872
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4596,i,16610594086673985879,4236792160590859176,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5908 /prefetch:12⤵PID:2944
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5936,i,16610594086673985879,4236792160590859176,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=3460 /prefetch:12⤵PID:3352
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=3848,i,16610594086673985879,4236792160590859176,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=4680 /prefetch:12⤵PID:5596
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5424,i,16610594086673985879,4236792160590859176,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5568 /prefetch:82⤵PID:1628
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5796,i,16610594086673985879,4236792160590859176,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5844 /prefetch:82⤵PID:708
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5856,i,16610594086673985879,4236792160590859176,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=3464 /prefetch:82⤵PID:224
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=4424,i,16610594086673985879,4236792160590859176,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=4448 /prefetch:12⤵PID:5328
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=3192,i,16610594086673985879,4236792160590859176,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=3636 /prefetch:12⤵PID:2892
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"1⤵PID:2348
-
C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"1⤵PID:716
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start1⤵PID:5252
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start2⤵PID:5284
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc1⤵PID:5492
-
C:\Windows\System32\WaaSMedicAgent.exeC:\Windows\System32\WaaSMedicAgent.exe 690a1c382a68350c04d744143e79b63e VZRD1oavW0mdsD7AiDLjOQ.0.1.0.0.01⤵PID:5956
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 5540 -ip 55401⤵PID:5468
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 916 -ip 9161⤵PID:5432
Network
MITRE ATT&CK Enterprise v16
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
134B
MD5049c307f30407da557545d34db8ced16
SHA1f10b86ebfe8d30d0dc36210939ca7fa7a819d494
SHA256c36944790c4a1fa2f2acec5f7809a4d6689ecb7fb3b2f19c831c9adb4e17fc54
SHA51214f04e768956bdd9634f6a172104f2b630e2eeada2f73b9a249be2ec707f4a47ff60f2f700005ca95addd838db9438ad560e5136a10ed32df1d304d65f445780
-
Filesize
43B
MD5af3a9104ca46f35bb5f6123d89c25966
SHA11ffb1b0aa9f44bdbc57bdf4b98d26d3be0207ee8
SHA25681bd82ac27612a58be30a72dd8956b13f883e32ffb54a58076bd6a42b8afaeea
SHA5126a7a543fa2d1ead3574b4897d2fc714bb218c60a04a70a7e92ecfd2ea59d67028f91b6a2094313f606560087336c619093f1d38d66a3c63a1d1d235ca03d36d1
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\09425333-661c-4696-8221-82805b59c40b.tmp
Filesize11KB
MD5c21886cf27a5ecd6157cefd41f92632f
SHA171cfd2c9e461d65c2154c861f6882bf018f35cd5
SHA256d89b4069447d6ba976c402aa59d5430128579636f6d3df03495b9c168075440d
SHA512e8a0941b628e9f58b9ee25a3ab2c7c883ea134f09309542a69de296d6372a53124f5827b590755665965a951d28cac724dc098a85124dc42efe47e5b35b47bbd
-
Filesize
649B
MD5faceb02431a1f5f71e785b9379d32813
SHA15e1cdf80d357b2ac9616e2b10eceaf39d63b5afc
SHA256bfa753a996bb5ea1352e7dfc3724cdec906e7bd6c4cd62d5bad0a371da65d8d0
SHA512e0b36080aad138386a1350fb7c07f5bf55b2dc61412cd6521ca50aba5676609b0f4ff911abd5ddbe74732da3e1bf2562095e944580d08c5784446b3f78282eff
-
Filesize
217KB
MD5fc4f627ddf54943afa716e1ac1c695c3
SHA15377bdb788bc19b76e5b7cb8bcb9110394bf1812
SHA2561c569628639cf777d2a69e37daa3c970165d1e1fc7f4518b4810b050810d0d88
SHA512be9e9c47914d2973311e017bfd9846a7aaa88b3b90f49a45edb86aa594f32c2040aa25d1bfa927745524a7a145f2095b6f853de62d3a2118353633b990a3f2ab
-
Filesize
168B
MD5f3e27b0a09b829922988c19b08156369
SHA183a78b406f09710b0acb06e3ec9ae1402a476d5d
SHA2561316704adbde851c593b4b6652472b6cf5f1b79aff9010c6cb77589dde96b834
SHA5126ef09ed115cdfa8bd689d69f0cf17ff1fca3b7ddd8a9c9ed9e27cf324e48bdd7bbf2711cc81f73b13ad41ecb886a29ea900cfe15d4fe3cc95e26216829e81ba2
-
Filesize
2KB
MD57fe7d9428269ad5532b63679edbf3803
SHA1e1bcf94a0df26fc3acf759fa36d42e29678b1071
SHA2565f56a74d71d431c828e9aa2f9c10f3ff9d2f21b078145e4bb235deb3c86b702b
SHA5122577a0005b3341b1cfc87c6605d250f710d636b5924e30a1f628cd1f0d28c4e0f407af781f1eb5e6af48a20463fa1ad3560a5f0d457536a36951cc24cb139954
-
Filesize
11KB
MD52a10c5150bf87b9a37062398b08edfc1
SHA1f340209f6ccb6ca00a36fea9987ab0f8aa3b8d97
SHA256eeba1dac509111c6505cdc7e8cd73625681d235f1a0e32243ec14b975693d036
SHA5126a40e7a0b5b6a55127163e77b56edb9ea2c911b75be767aa2be63e116efdc96c33e3dbd51183aad29397ae61a10734ea3d3415e89e19d1876db6d1fe2297144c
-
Filesize
11KB
MD53f28e991044a0431a203cec781f75990
SHA1764e6f740b22c738678103c19ace4afbb0e2f647
SHA2560640fe2cdaa57e0ac62c4581e88b9b8662010e824415615eb50426d1f54853fd
SHA512616945406b1af54d6d42d5d435a67285da8f25c503f3554c53c5c89e8bafed2579744900a2db1f84e22b935f8aa5f8f265b4ead39408d4a1cc211ed1e344b357
-
Filesize
11KB
MD56646af40857701f9bc046e9a524c7f2f
SHA14e9679d1679e19188aa79ee2ebd983c5ff695c53
SHA256c62f2c51e5e046cb0f817c5395c8a230b1e7b0e5d53e6022e13bfe7a75537ffa
SHA51215bd3f57d5b9ff4c126c5baeb1beacc7323cec85c6c8606771ff8fd8fe1eaa8401a60e4986b51aeb252f043ac109fddf8ee9192c6c19206602137d42b26731ca
-
Filesize
15KB
MD559e82a568f101f61012733123fb9cbb5
SHA1820eb359299feefc1c83bdc0be1ef315cd90fda5
SHA2563936cdeb9eeb2b20efac0ae8b8be58ded267421a7b5e188b0fa45eddcbbeac5e
SHA512bfdb3421ce5b3a746ac9a102518a8e10dac00291881eb3e3378b014b608e85d602e16c47953a1432d927f7bf8b6e76643c6c88e94d3795bfdeffbcd6105c8be9
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize72B
MD5926b0bd5923bbfd216b60ba8101d94c0
SHA10cefae00db529c36bd451e9cb33f7efa96847b92
SHA2565c38a70455b36b161208cb38b5f4103ec34fa321d483ade1237e0e51b5603cdc
SHA5125a617c587f1ea3c869a6aba4de2d1b15a48de3a1e2af97ff910e05c364d2747739978e69e96ae01d03247bbc4005bb6a3d3282fd09ecdae958f646048fec37dd
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57c7d4.TMP
Filesize48B
MD5f793103e129501decf2392e2a2c3fab5
SHA1bd0e528eeb8b4cf79dc28fe17756359f8cc28a06
SHA2563c7e5a7acb4701ef3f8fa9469802d184d88ca126ba8224c22a25df6efaac2d81
SHA5129baacee5d9a82a417b711678ccba56fedc08ff0da216bbb8a53006109c05f74c71baee1a4a920a427dd6a0baf5d27186a3d4b9467a56837e92051464487fec3d
-
Filesize
151KB
MD554626dd36cffa1be8c3a6bf26cd3a923
SHA1e8a612f54c7ea517cc1dffc1dc4d7b4a9498f026
SHA256e7c928f07a1ffeaad56eb4a16a00e44df27e7e10e38a9b2d8c057c8683a4168e
SHA5123c8ad1d226702084e2e74569b00c8fac8e53eea64f3005259f8ca59cde2d77263b480722b51cba8e19506ea5d5b871ce3b4c6557d26e41e6e3fe1d686d5a969c
-
Filesize
78KB
MD52ce23bf43598b6bb007a1081a3eb6683
SHA1edf7e27118942ae7c1f01b525c6d668717ee4e88
SHA256ed07ae1ee474283123ae64f13ec0dbfd48700b83108de6fa4d2bb3ee5de36358
SHA51248afff5c531a5de2f1ea0e0e44316694e46d071c6f49fa3cc666268ff2a6d26bc0e9a7e981483b48c0aa7c634faf230d8edde4f9adc9e7ba2553f4630c518830
-
Filesize
151KB
MD51daeddd16a5450ef938cdaa967d1938d
SHA111f9f63ff0055864ac864e3b9d651011a04fde62
SHA25662664dfff7a29ba95c27ec890ef78787216775e2bdb5fa332eec98adbca837c8
SHA5124e7ae98fe95cf4c21f1b3697cc2efb00b5b98f44d1978945a099b61804ef3e0a7564c57b2f05797f2c68417760580dd707cb5a28309794b40be663ea5735e38d
-
Filesize
105KB
MD56e82345aefe362b4c5071e7df6c07407
SHA144176a6b5c2722280699b8cc9a174d168fd4c161
SHA256ee1ec48b6b166582c51a4141a84f48731ce18a62e4b7faeb9d60560c8f9c382a
SHA51220c0f5862226a3eb17832e7c793f809f2333e0e0068dbe61b5865517fdd9f84bb5ca8d97bdb19a005a25b789ac75a09067350940f042fb5123cdb682ce2c98d5
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\AutoLaunchProtocolsComponent\1.0.0.9\protocols.json
Filesize3KB
MD5f9fd82b572ef4ce41a3d1075acc52d22
SHA1fdded5eef95391be440cc15f84ded0480c0141e3
SHA2565f21978e992a53ebd9c138cb5391c481def7769e3525c586a8a94f276b3cd8d6
SHA51217084cc74462310a608355fbeafa8b51f295fb5fd067dfc641e752e69b1ee4ffba0e9eafa263aab67daab780b9b6be370dd3b54dd4ba8426ab499e50ff5c7339
-
Filesize
280B
MD5d9785e91e611c063a66ed926a2b4e8df
SHA1a26cc634c8e2faa4079541779b2cbccbbfbfb7c1
SHA2568d86adb417adc05b1a8d52677af389732a1379ae4ea5d922a935c7a9855eeba8
SHA512505a6a04c5b5f560fc70a91bc9d9519197209c55380c608421291ac0a241b99d48e6bae3e8d254964078ce9da085c1725fa1343171c8ede338a9de1f03fcf242
-
Filesize
280B
MD516d866444174f56021f3b8a32126a79f
SHA1487ecf8312a06dc849d90418de2cbf7e42d8dee6
SHA2564f6b9aa5ccb03e16a99c1bc90d963e5e105f812ece646764e00b0ee593d56c8c
SHA51283251093985709749995d32ae849764f26352048d270e9246ffa1e1fa56eb647df327a5557a068b7e99b8a690a75e4381eea59ee2851c52d1d428d28fe9a8c4a
-
Filesize
280B
MD50722bdc07c7e0af9e20da5d491d811c1
SHA117a074413aa7ce1bfdc3ba6f6bad547ae3546541
SHA25623623472219b27f1ed929c76d51f9d76d90ad02c4bf8d37d4da9404d61dfe2ff
SHA5127fd5b8edcec6191f45b5ef076782154a40a0321cf47d434376ce483c622d6f3d5fa3b24288646b28b340c757e4348da7cb410ed70629b16f8f3397c0f5491dd5
-
Filesize
62KB
MD5c813a1b87f1651d642cdcad5fca7a7d8
SHA10e6628997674a7dfbeb321b59a6e829d0c2f4478
SHA256df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3
SHA512af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b
-
Filesize
127KB
MD51939a03c4dcc6b3b4739457a1b2661f4
SHA1527933aa65f3e3bd080a76164c258d74c23292bc
SHA256fb5f0d3ac5e000507a99d802c568bf70ab44e0f5153db7cfb29636cf4c8f0046
SHA512f05f16756a813fb9d7ece9d17f9f30334210fda1315ebb2d2e116019876e5638bada96bccec1c30753026e38bd49839161aa307744244b46ab4a52417a031dfd
-
Filesize
63KB
MD5226541550a51911c375216f718493f65
SHA1f6e608468401f9384cabdef45ca19e2afacc84bd
SHA256caecff4179910ce0ff470f9fa9eb4349e8fb717fa1432cf19987450a4e1ef4a5
SHA5122947b309f15e0e321beb9506861883fde8391c6f6140178c7e6ee7750d6418266360c335477cae0b067a6a6d86935ec5f7acdfdacc9edffa8b04ec71be210516
-
Filesize
19KB
MD51bd4ae71ef8e69ad4b5ffd8dc7d2dcb5
SHA16dd8803e59949c985d6a9df2f26c833041a5178c
SHA256af18b3681e8e2a1e8dc34c2aa60530dc8d8a9258c4d562cbe20c898d5de98725
SHA512b3ff083b669aca75549396250e05344ba2f1c021468589f2bd6f1b977b7f11df00f958bbbd22f07708b5d30d0260f39d8de57e75382b3ab8e78a2c41ef428863
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize4KB
MD5052fdae5602cc1c609a759fb0888b9ab
SHA17e231e582ecb0b03cd13cd343979e91001208aec
SHA256cb0c794e4f4e93627481f9348a3a782ae175e082d4aeb2ecf8dfb685c1e5b05d
SHA5129cd5428b7e9f5bf26033179c1f9da365a57495d76d93edda8c100b81d275b513ab5a094e79fe22ce2a1b4adddfd2622bc5d899fc8f9499b9a1bf625435abb410
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe57b0c2.TMP
Filesize4KB
MD5a9547e076a72c4ce6b8ed43c19193aba
SHA1895b862e0564a0f4d2ecbedb65b7ce914139a788
SHA2568ab179a2ea63b5e53a9f8f0876341ab6711a5caa2eb49cd115115110cb9b6a20
SHA5129d0b3d40c3ce996806e8cd1e87ef416d92e325086b84544517e5390bdaf4388b4d895e4b0279454a88b6b90c415daec93dae0c50acbe4686c7b617a7fa028d00
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
Filesize
69KB
MD5164a788f50529fc93a6077e50675c617
SHA1c53f6cd0531fd98d6abbd2a9e5fbb4319b221f48
SHA256b305e470fb9f8b69a8cd53b5a8ffb88538c9f6a9c7c2c194a226e8f6c9b53c17
SHA512ec7d173b55283f3e59a468a0037921dc4e1bf3fab1c693330b9d8e5826273c917b374c4b802f3234bbb5e5e210d55e52351426867e0eb8c9f6fba1a053cb05d4
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\content.js
Filesize9KB
MD53d20584f7f6c8eac79e17cca4207fb79
SHA13c16dcc27ae52431c8cdd92fbaab0341524d3092
SHA2560d40a5153cb66b5bde64906ca3ae750494098f68ad0b4d091256939eea243643
SHA512315d1b4cc2e70c72d7eb7d51e0f304f6e64ac13ae301fd2e46d585243a6c936b2ad35a0964745d291ae9b317c316a29760b9b9782c88cc6a68599db531f87d59
-
Filesize
107KB
MD52b66d93c82a06797cdfd9df96a09e74a
SHA15f7eb526ee8a0c519b5d86c845fea8afd15b0c28
SHA256d4c064db769b3c109da2ed80a53fbab00987c17421a47921e41e213781d67954
SHA51295e45c0aea0e704be5f512dffaae377d4abef78da99b3bca769264d69be20f2570daf2f47905645217e1b2696e42b101f26149219f148b4d6dd97a6c2868b6f5
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
2KB
MD511e3f7dc2ade80abf0ef7943366151b5
SHA15e435f829440de911e25161844250d00f4c8ab63
SHA2563cf35a86b0cd2a56d3ad1f7c47083de9c1d8407e8d94df769dad1a4587f3c8ca
SHA512c959fcfa982e04662c4c5a37a9d34eaaa6897a5a819022e451394086d4141b2dc1393717fb6ef25281d4a12bdec6545e6ccb1f10f161a6b6843e21c5df4ae1bc
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
211B
MD55443ee4a9d30c2bc778d20b9cd879a58
SHA1d0e12f36c955e84cdc5c485d2200e545a7a06754
SHA2566ada0989ad9db1c2e5ddd14e81d744e6b8f8847ecf93811bec3344100596712a
SHA512d28f8f9f687736c87b0d7d57ed4dde19d1579a74270da518753a655b85010ae56bd3d5c4bbaf555ee2ce773451ea9b749b621bea6b8df7086d83e03888a5f714
-
Filesize
211B
MD539052adf6789ceeee5eb551cc756ebf7
SHA10eb9c299cf56a7022d321cb574e9efc9c263abf2
SHA256021626c2c00bb0e094ff4b83849930f6dd653dbb874e4af93d3be5b0c1cc0595
SHA512108c0c5f8abdf869996b445b40ca6e5f12a11ee85cc7ea093a68f75d57343203e9398315dcdb6c471f04aa27a9f7e35011de347181a6c2b212b950dc7b6a6c40
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries~RFe58949a.TMP
Filesize40B
MD520d4b8fa017a12a108c87f540836e250
SHA11ac617fac131262b6d3ce1f52f5907e31d5f6f00
SHA2566028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d
SHA512507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856
-
Filesize
14KB
MD51e3abdf584f2ef4dfbe719c2fb562fec
SHA13490ca28ab2ad9ba3df5f77235ad71c2802084a0
SHA256f341c1510308b7766dff3a91efa89197b40ef28bf4fccc0d954d6b24b7a124c2
SHA512cbd26a0c6f401e2a5e834e05395bd5446b4e4c26c5446a0d225a18f9e2422b49a8f7fad47c80028180fd97acf6dec11162a4e606e1ba9bf4ddb2051a7f4e74ae
-
Filesize
13KB
MD5d270354ce43222c08a5b57e63e294cac
SHA1b30d688fb1b2ebf1b5393a694f3e94b3200d6388
SHA2564aebd827c27e1f831dc3126c58a4467d6d657f5ba6453bb2c7af21ef7f9938a7
SHA512ff988cef52d69c09a9332eec309e209ddf6fdc466aae2dbcb1bf8396c4c0c37a55e26a1ad0a55b48be57d76f12d65f25b604d4f2f49b47ca87428774960a1f54
-
Filesize
15KB
MD5fd8a788bd496d8d4f4fbc1d41cbad8e2
SHA19dbe3fb1a913f89bbbef867e4e2a8e3f2800d709
SHA256c76b2e9ba7b520ec0d062195693fc2c1e6f83f5f71522723ea93ad29b67deb99
SHA512285d338542732a252f0ae247fb051ebbd1c300d649fd20caaa9644bf0866973bae13d19067245c6c10a766a1e60832a5daed41ee849ffae73d4081a99f61a4e6
-
Filesize
36KB
MD5440b05a9388247e3710060be86f29a4c
SHA14eb6eb37b79585296ec24a7e6780ea3498608254
SHA256de0d9752254ca4e7dcd02260f0024f2f949986a8bdbd09695b843d8ae29c2f90
SHA512656fe94bafe250983a3edb75e2d6d107a825d236b348b15a53ba44cba3922e7f81a711595b157b781bbcdf48a8c62b77503025df759aa26c4ead33d9b6718b10
-
Filesize
4KB
MD5b18e724910d325b296e2b427ec617a90
SHA15b14d454f2b9b1a2a950d287d2bbfd87d94ce909
SHA256775a433439e560c1701ab0ee12c49de49f10b4dd0011ae8248af8c6fa013a9c0
SHA5121a2d2d2351ec4c5121a07bc4d0592d1bef58d7dd4bb52434a8e9a058e2ab84c33355ffac215798ede5185a1e18b20fb417a94fae0f38ba46b15bcbfc65bddb39
-
Filesize
23KB
MD56303480f170ca05672e9dc78eef56415
SHA1be969a418eb00ae8f489e0b44d6598dab8df5098
SHA256f7309e9d5884e72e889cd27dcbb738a00c6dcfe3b8547bf19352dfd886bb9078
SHA51255a2f3cfbb5e94e547d6857b2b9f14a96252a9696a47fbe17ead693ee88829ec3f6c99a35b72ff6cb01fd1c1a8f7175e2a830efe588c35a3935c346d8ce0fbb3
-
Filesize
878B
MD53e7f3135d4fcb58c7b549ec5dbce7c7a
SHA18f3a2c4b5470f6cded77bbe1ebef95a55a06221c
SHA25644b63be6b091fded362e586667df64dcf04a93712b8bec05a3a2d0e89c1a9db9
SHA512e6fe7de1fe8dcf04738cd0b83931416d23a197b4d0673a23e53b4063e39d13e728e71517630fed211b81e46d3d50aab234985b313484a6b14829df98b38f0878
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog~RFe584b1d.TMP
Filesize469B
MD527c6a0db41e111e91be6f42ffae87db3
SHA1a3d51bf2c0efd8a02236af8938bfe0b2fe1a4430
SHA256050dc1e294d0bc6892f29f03a4586f1b88379827543bfe299c7bab68b50b6195
SHA512beac7a81819575a0dc22a880d2b65aead955e2c6b82de08b2e99090a7b60585dadde5c2b0af662968fee1df87a9f7fa5e8c7e5fa02cfbc6612ae0d94f2197f6a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\e4e083fa-e285-4abb-b479-d195c038f97e.tmp
Filesize22KB
MD546cbcd98b0383629cfcacbd887a8569e
SHA1f476b4699954bde9652cdb8c7dd85601e316e857
SHA256c3cfc4079d320d3cf4f3fd0d8b778814954f9ca4893bcd068b365858117b25d5
SHA5124b78fdcf64477200c96c5c8cdc7c79907e8394a2332bf808365467c5887c9493fd8ea547e7f5326b569cf375a9d9fd2d103f8aeb9dc70a4da32ff1895474dd25
-
Filesize
30KB
MD538d513d828acc0c387a84d454d7b984d
SHA106b3de829d040b8579b8809f59ed80b630131c44
SHA25683881bedb713cb4a07aebb68650d09461a0129103edca6155ae4c2f69d2926b7
SHA5123fa39a5c07d64c7ff24c33ac6ad2fb28dc36ab0a01f17bc04100a516c414e5d036e78b0a6f5dc6be31b4cc0e106951a4a02bff5d638824c663cae9469d73d50e
-
Filesize
6KB
MD5425975502d83757d0c559301f94f7d24
SHA13ef89f7df1f1e28d80a08b9bc3c7cb68c4b8a0e8
SHA256e60c4683d000c16c94b5d859de990a1074546f6fbd4962170dbdf0eaf93e1e2f
SHA51296f70b1d4868df3e2b5246902f255ef1d5029d691f4a798316fafca427f11b48f05bd0a11f555fe22f71612cdbdb144311e46db04b97194ed133bb9029ec28b3
-
Filesize
34KB
MD5582b0ed1282a79dbb75dff1c4aae9055
SHA1df94717e7044e6dfbf1880bce318c6481db9ffef
SHA25652ca4f8ae6ece5b846c468a96a95f1872aead3138071564cdbb9512354e7be9a
SHA5125a998207c34314803b3c692cde33e534b757f292f02262283f2a09cb5f8aa97d93a9b3b5733f5f64671de2351bfac2644311bc14a640746a8936dcafcb1d146f
-
Filesize
7KB
MD59e56f9aa333b1e38a65329cdee470fd4
SHA1143463793edf0d1b056465dc38585fb1abfa3b2e
SHA256dc43ef7f98b1d99fea92d4a0533156939fcb4899e4054c905918d5636e18adf5
SHA512e82684476c105f8559ca91e5272cc9b6501947fec0cea8216067fbbcaf5601993fd5dc668d448d00c4951e7d563b7f759669192957f4b73fab57e6314b74aed7
-
Filesize
12KB
MD585b3b0ca8e641248b6b0ad924e7a5593
SHA1aff774b4cf0760b0d8d0501df4f36c54aabd2eb7
SHA2562e3069b897a9d0c8beaeff6224be066a111a74900116c9f7afed3e85deefe45b
SHA512d3213ec75021b1d3d07332647edaf11533dc9fd6cded0fb5d076b05fc540567dfff07d132438ace4030ff58e4e42f31a581f7d256e17c78c9205ab66f33df249
-
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres
Filesize2KB
MD53b9ac5961c2a4f84fa8b0174ecf5930e
SHA1c11e0bdc52124605674efd45d73b51bb35a57a1a
SHA25682e670c01cb12d7d90bdd1014e6f7c9f4c057471595ff05e17f93f53c59f2d2e
SHA51292d6912126318d2d0bd1480b6c18d71200a33eb8224428a0738995bbd214384765dba4528d43fb077fd0c92b79530ecce199d4a86a6030b8533c347f9db42f8a
-
Filesize
10KB
MD578e47dda17341bed7be45dccfd89ac87
SHA11afde30e46997452d11e4a2adbbf35cce7a1404f
SHA25667d161098be68cd24febc0c7b48f515f199dda72f20ae3bbb97fcf2542bb0550
SHA5129574a66d3756540479dc955c4057144283e09cae11ce11ebce801053bb48e536e67dc823b91895a9e3ee8d3cb27c065d5e9030c39a26cbf3f201348385b418a5
-
Filesize
1B
MD55058f1af8388633f609cadb75a75dc9d
SHA13a52ce780950d4d969792a2559cd519d7ee8c727
SHA256cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA5120b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21
-
Filesize
153KB
MD5b0917d8e6c5b6be358bff67f84eb8336
SHA1a6e221edcb19a1cc81575b4ddd927fd9a6fbdd6d
SHA256dff2c9d9755f96713c08f4932a9091080808ec34c0823feac2206fa526f91e60
SHA512cd5822bbf91e8f7f5ab2b471a4bf8b464bde95465e2fccc6a57e5a287ca55d5062bdd6d4b3cd76f8529ee7a9081b6a7aad7dc2a7581c344ce4fd2d3256bdf451
-
Filesize
2.4MB
MD57e76f7a5c55a5bc5f5e2d7a9e886782b
SHA1fc500153dba682e53776bef53123086f00c0e041
SHA256abd75572f897cdda88cec22922d15b509ee8c840fa5894b0aecbef6de23908a3
SHA5120318e0040f4dbf954f27fb10a69bce2248e785a31d855615a1eaf303a772ad51d47906a113605d7bfd3c2b2265bf83c61538f78b071f85ee3c4948f5cde3fb24
-
Filesize
2.7MB
MD548d8f7bbb500af66baa765279ce58045
SHA12cdb5fdeee4e9c7bd2e5f744150521963487eb71
SHA256db0d72bc7d10209f7fa354ec100d57abbb9fe2e57ce72789f5f88257c5d3ebd1
SHA512aef8aa8e0d16aab35b5cc19487e53583691e4471064bc556a2ee13e94a0546b54a33995739f0fa3c4de6ff4c6abf02014aef3efb0d93ca6847bad2220c3302bd