Analysis

  • max time kernel
    108s
  • max time network
    111s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250410-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250410-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/04/2025, 14:43

General

  • Target

    http://agf

Malware Config

Extracted

Family

danabot

C2

51.178.195.151

51.222.39.81

149.255.35.125

38.68.50.179

51.77.7.204

rsa_pubkey.plain

Signatures

  • Danabot

    Danabot is a modular banking Trojan that has been linked with other malware.

  • Danabot family
  • Danabot x86 payload 1 IoCs

    Detection of Danabot x86 payload, mapped in memory during the execution of its loader.

  • Downloads MZ/PE file 1 IoCs
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 8 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 6 IoCs
  • Drops file in Program Files directory 5 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Program crash 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Checks processor information in registry 2 TTPs 4 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 6 IoCs
  • Modifies data under HKEY_USERS 3 IoCs
  • Modifies registry class 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 5 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 25 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 38 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://agf
    1⤵
    • Drops file in Program Files directory
    • Checks processor information in registry
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:4848
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2c8,0x2cc,0x2d0,0x2c4,0x2ec,0x7ff92350f208,0x7ff92350f214,0x7ff92350f220
      2⤵
        PID:1808
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1812,i,6464629101475988030,16719470292543100503,262144 --variations-seed-version --mojo-platform-channel-handle=2160 /prefetch:3
        2⤵
        • Downloads MZ/PE file
        PID:4688
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2124,i,6464629101475988030,16719470292543100503,262144 --variations-seed-version --mojo-platform-channel-handle=2104 /prefetch:2
        2⤵
          PID:4144
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2460,i,6464629101475988030,16719470292543100503,262144 --variations-seed-version --mojo-platform-channel-handle=3028 /prefetch:8
          2⤵
            PID:1332
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3452,i,6464629101475988030,16719470292543100503,262144 --variations-seed-version --mojo-platform-channel-handle=3508 /prefetch:1
            2⤵
              PID:4320
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3472,i,6464629101475988030,16719470292543100503,262144 --variations-seed-version --mojo-platform-channel-handle=3500 /prefetch:1
              2⤵
                PID:3960
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4084,i,6464629101475988030,16719470292543100503,262144 --variations-seed-version --mojo-platform-channel-handle=4164 /prefetch:1
                2⤵
                  PID:4800
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=4136,i,6464629101475988030,16719470292543100503,262144 --variations-seed-version --mojo-platform-channel-handle=4184 /prefetch:2
                  2⤵
                    PID:1360
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3828,i,6464629101475988030,16719470292543100503,262144 --variations-seed-version --mojo-platform-channel-handle=3840 /prefetch:8
                    2⤵
                      PID:3996
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5240,i,6464629101475988030,16719470292543100503,262144 --variations-seed-version --mojo-platform-channel-handle=5244 /prefetch:8
                      2⤵
                        PID:2892
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3968,i,6464629101475988030,16719470292543100503,262144 --variations-seed-version --mojo-platform-channel-handle=5468 /prefetch:8
                        2⤵
                          PID:3624
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3884,i,6464629101475988030,16719470292543100503,262144 --variations-seed-version --mojo-platform-channel-handle=5500 /prefetch:8
                          2⤵
                            PID:2292
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --always-read-main-dll --field-trial-handle=5836,i,6464629101475988030,16719470292543100503,262144 --variations-seed-version --mojo-platform-channel-handle=5852 /prefetch:1
                            2⤵
                              PID:4416
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --always-read-main-dll --field-trial-handle=3456,i,6464629101475988030,16719470292543100503,262144 --variations-seed-version --mojo-platform-channel-handle=4964 /prefetch:1
                              2⤵
                                PID:5328
                              • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3624,i,6464629101475988030,16719470292543100503,262144 --variations-seed-version --mojo-platform-channel-handle=5352 /prefetch:8
                                2⤵
                                  PID:5956
                                • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3624,i,6464629101475988030,16719470292543100503,262144 --variations-seed-version --mojo-platform-channel-handle=5352 /prefetch:8
                                  2⤵
                                    PID:6020
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6212,i,6464629101475988030,16719470292543100503,262144 --variations-seed-version --mojo-platform-channel-handle=6132 /prefetch:8
                                    2⤵
                                      PID:6072
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6352,i,6464629101475988030,16719470292543100503,262144 --variations-seed-version --mojo-platform-channel-handle=6400 /prefetch:8
                                      2⤵
                                        PID:2672
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6412,i,6464629101475988030,16719470292543100503,262144 --variations-seed-version --mojo-platform-channel-handle=5832 /prefetch:8
                                        2⤵
                                          PID:5312
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5828,i,6464629101475988030,16719470292543100503,262144 --variations-seed-version --mojo-platform-channel-handle=6504 /prefetch:8
                                          2⤵
                                            PID:5368
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5968,i,6464629101475988030,16719470292543100503,262144 --variations-seed-version --mojo-platform-channel-handle=6424 /prefetch:8
                                            2⤵
                                              PID:5256
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5984,i,6464629101475988030,16719470292543100503,262144 --variations-seed-version --mojo-platform-channel-handle=6764 /prefetch:8
                                              2⤵
                                                PID:5428
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5944,i,6464629101475988030,16719470292543100503,262144 --variations-seed-version --mojo-platform-channel-handle=6928 /prefetch:8
                                                2⤵
                                                  PID:5796
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6920,i,6464629101475988030,16719470292543100503,262144 --variations-seed-version --mojo-platform-channel-handle=5860 /prefetch:8
                                                  2⤵
                                                    PID:1572
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --always-read-main-dll --field-trial-handle=6652,i,6464629101475988030,16719470292543100503,262144 --variations-seed-version --mojo-platform-channel-handle=6912 /prefetch:1
                                                    2⤵
                                                      PID:3476
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6032,i,6464629101475988030,16719470292543100503,262144 --variations-seed-version --mojo-platform-channel-handle=5132 /prefetch:8
                                                      2⤵
                                                        PID:6016
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3520,i,6464629101475988030,16719470292543100503,262144 --variations-seed-version --mojo-platform-channel-handle=4932 /prefetch:8
                                                        2⤵
                                                          PID:5992
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4944,i,6464629101475988030,16719470292543100503,262144 --variations-seed-version --mojo-platform-channel-handle=4924 /prefetch:8
                                                          2⤵
                                                            PID:6012
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --always-read-main-dll --field-trial-handle=5656,i,6464629101475988030,16719470292543100503,262144 --variations-seed-version --mojo-platform-channel-handle=5640 /prefetch:1
                                                            2⤵
                                                              PID:5984
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7008,i,6464629101475988030,16719470292543100503,262144 --variations-seed-version --mojo-platform-channel-handle=5804 /prefetch:8
                                                              2⤵
                                                                PID:2752
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5684,i,6464629101475988030,16719470292543100503,262144 --variations-seed-version --mojo-platform-channel-handle=5736 /prefetch:8
                                                                2⤵
                                                                  PID:5800
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --always-read-main-dll --field-trial-handle=5108,i,6464629101475988030,16719470292543100503,262144 --variations-seed-version --mojo-platform-channel-handle=7048 /prefetch:1
                                                                  2⤵
                                                                    PID:5284
                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --always-read-main-dll --field-trial-handle=6912,i,6464629101475988030,16719470292543100503,262144 --variations-seed-version --mojo-platform-channel-handle=5832 /prefetch:1
                                                                    2⤵
                                                                      PID:5212
                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=1628,i,6464629101475988030,16719470292543100503,262144 --variations-seed-version --mojo-platform-channel-handle=7048 /prefetch:8
                                                                      2⤵
                                                                        PID:4024
                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --always-read-main-dll --field-trial-handle=3832,i,6464629101475988030,16719470292543100503,262144 --variations-seed-version --mojo-platform-channel-handle=3596 /prefetch:1
                                                                        2⤵
                                                                          PID:3192
                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --always-read-main-dll --field-trial-handle=6872,i,6464629101475988030,16719470292543100503,262144 --variations-seed-version --mojo-platform-channel-handle=3840 /prefetch:1
                                                                          2⤵
                                                                            PID:2680
                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --always-read-main-dll --field-trial-handle=6908,i,6464629101475988030,16719470292543100503,262144 --variations-seed-version --mojo-platform-channel-handle=4420 /prefetch:1
                                                                            2⤵
                                                                              PID:4084
                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4416,i,6464629101475988030,16719470292543100503,262144 --variations-seed-version --mojo-platform-channel-handle=5904 /prefetch:8
                                                                              2⤵
                                                                                PID:2576
                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6584,i,6464629101475988030,16719470292543100503,262144 --variations-seed-version --mojo-platform-channel-handle=6720 /prefetch:8
                                                                                2⤵
                                                                                  PID:3480
                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --always-read-main-dll --field-trial-handle=6660,i,6464629101475988030,16719470292543100503,262144 --variations-seed-version --mojo-platform-channel-handle=7124 /prefetch:1
                                                                                  2⤵
                                                                                    PID:4276
                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3676,i,6464629101475988030,16719470292543100503,262144 --variations-seed-version --mojo-platform-channel-handle=7408 /prefetch:8
                                                                                    2⤵
                                                                                      PID:3340
                                                                                    • C:\Users\Admin\Downloads\DanaBot.exe
                                                                                      "C:\Users\Admin\Downloads\DanaBot.exe"
                                                                                      2⤵
                                                                                      • Executes dropped EXE
                                                                                      • System Location Discovery: System Language Discovery
                                                                                      PID:916
                                                                                      • C:\Windows\SysWOW64\regsvr32.exe
                                                                                        C:\Windows\system32\regsvr32.exe -s C:\Users\Admin\DOWNLO~1\DanaBot.dll f1 C:\Users\Admin\DOWNLO~1\DanaBot.exe@916
                                                                                        3⤵
                                                                                        • Loads dropped DLL
                                                                                        • System Location Discovery: System Language Discovery
                                                                                        PID:2996
                                                                                        • C:\Windows\SysWOW64\rundll32.exe
                                                                                          C:\Windows\SysWOW64\rundll32.exe C:\Users\Admin\DOWNLO~1\DanaBot.dll,f0
                                                                                          4⤵
                                                                                          • Loads dropped DLL
                                                                                          • System Location Discovery: System Language Discovery
                                                                                          PID:5000
                                                                                      • C:\Windows\SysWOW64\WerFault.exe
                                                                                        C:\Windows\SysWOW64\WerFault.exe -u -p 916 -s 468
                                                                                        3⤵
                                                                                        • Program crash
                                                                                        PID:5652
                                                                                    • C:\Users\Admin\Downloads\DanaBot.exe
                                                                                      "C:\Users\Admin\Downloads\DanaBot.exe"
                                                                                      2⤵
                                                                                      • Executes dropped EXE
                                                                                      • System Location Discovery: System Language Discovery
                                                                                      PID:5540
                                                                                      • C:\Windows\SysWOW64\regsvr32.exe
                                                                                        C:\Windows\system32\regsvr32.exe -s C:\Users\Admin\DOWNLO~1\DanaBot.dll f1 C:\Users\Admin\DOWNLO~1\DanaBot.exe@5540
                                                                                        3⤵
                                                                                        • Loads dropped DLL
                                                                                        • System Location Discovery: System Language Discovery
                                                                                        PID:4328
                                                                                        • C:\Windows\SysWOW64\rundll32.exe
                                                                                          C:\Windows\SysWOW64\rundll32.exe C:\Users\Admin\DOWNLO~1\DanaBot.dll,f0
                                                                                          4⤵
                                                                                          • Loads dropped DLL
                                                                                          • System Location Discovery: System Language Discovery
                                                                                          PID:5476
                                                                                      • C:\Windows\SysWOW64\WerFault.exe
                                                                                        C:\Windows\SysWOW64\WerFault.exe -u -p 5540 -s 440
                                                                                        3⤵
                                                                                        • Program crash
                                                                                        PID:5576
                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe"
                                                                                    1⤵
                                                                                    • Checks processor information in registry
                                                                                    • Enumerates system info in registry
                                                                                    • Modifies data under HKEY_USERS
                                                                                    • Suspicious behavior: EnumeratesProcesses
                                                                                    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                                                                    • Suspicious use of AdjustPrivilegeToken
                                                                                    • Suspicious use of FindShellTrayWindow
                                                                                    • Suspicious use of SendNotifyMessage
                                                                                    PID:2156
                                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9130adcf8,0x7ff9130add04,0x7ff9130add10
                                                                                      2⤵
                                                                                        PID:880
                                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1980,i,16610594086673985879,4236792160590859176,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=1968 /prefetch:2
                                                                                        2⤵
                                                                                          PID:4772
                                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=2088,i,16610594086673985879,4236792160590859176,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=2220 /prefetch:3
                                                                                          2⤵
                                                                                            PID:1944
                                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2356,i,16610594086673985879,4236792160590859176,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=2372 /prefetch:8
                                                                                            2⤵
                                                                                              PID:4440
                                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3128,i,16610594086673985879,4236792160590859176,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=3188 /prefetch:1
                                                                                              2⤵
                                                                                                PID:4796
                                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3112,i,16610594086673985879,4236792160590859176,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=3136 /prefetch:1
                                                                                                2⤵
                                                                                                  PID:1940
                                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4292,i,16610594086673985879,4236792160590859176,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=4276 /prefetch:2
                                                                                                  2⤵
                                                                                                    PID:3668
                                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3124,i,16610594086673985879,4236792160590859176,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=4560 /prefetch:1
                                                                                                    2⤵
                                                                                                      PID:2808
                                                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5228,i,16610594086673985879,4236792160590859176,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=4492 /prefetch:8
                                                                                                      2⤵
                                                                                                        PID:6128
                                                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5532,i,16610594086673985879,4236792160590859176,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5548 /prefetch:8
                                                                                                        2⤵
                                                                                                          PID:1488
                                                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5548,i,16610594086673985879,4236792160590859176,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5560 /prefetch:1
                                                                                                          2⤵
                                                                                                            PID:5872
                                                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4596,i,16610594086673985879,4236792160590859176,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5908 /prefetch:1
                                                                                                            2⤵
                                                                                                              PID:2944
                                                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5936,i,16610594086673985879,4236792160590859176,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=3460 /prefetch:1
                                                                                                              2⤵
                                                                                                                PID:3352
                                                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=3848,i,16610594086673985879,4236792160590859176,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=4680 /prefetch:1
                                                                                                                2⤵
                                                                                                                  PID:5596
                                                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5424,i,16610594086673985879,4236792160590859176,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5568 /prefetch:8
                                                                                                                  2⤵
                                                                                                                    PID:1628
                                                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5796,i,16610594086673985879,4236792160590859176,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5844 /prefetch:8
                                                                                                                    2⤵
                                                                                                                      PID:708
                                                                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5856,i,16610594086673985879,4236792160590859176,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=3464 /prefetch:8
                                                                                                                      2⤵
                                                                                                                        PID:224
                                                                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=4424,i,16610594086673985879,4236792160590859176,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=4448 /prefetch:1
                                                                                                                        2⤵
                                                                                                                          PID:5328
                                                                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=3192,i,16610594086673985879,4236792160590859176,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=3636 /prefetch:1
                                                                                                                          2⤵
                                                                                                                            PID:2892
                                                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
                                                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
                                                                                                                          1⤵
                                                                                                                            PID:2348
                                                                                                                          • C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
                                                                                                                            "C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
                                                                                                                            1⤵
                                                                                                                              PID:716
                                                                                                                            • C:\Windows\system32\cmd.exe
                                                                                                                              C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
                                                                                                                              1⤵
                                                                                                                                PID:5252
                                                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
                                                                                                                                  2⤵
                                                                                                                                    PID:5284
                                                                                                                                • C:\Windows\system32\svchost.exe
                                                                                                                                  C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
                                                                                                                                  1⤵
                                                                                                                                    PID:5492
                                                                                                                                  • C:\Windows\System32\WaaSMedicAgent.exe
                                                                                                                                    C:\Windows\System32\WaaSMedicAgent.exe 690a1c382a68350c04d744143e79b63e VZRD1oavW0mdsD7AiDLjOQ.0.1.0.0.0
                                                                                                                                    1⤵
                                                                                                                                      PID:5956
                                                                                                                                    • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                      C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 5540 -ip 5540
                                                                                                                                      1⤵
                                                                                                                                        PID:5468
                                                                                                                                      • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                        C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 916 -ip 916
                                                                                                                                        1⤵
                                                                                                                                          PID:5432

                                                                                                                                        Network

                                                                                                                                        MITRE ATT&CK Enterprise v16

                                                                                                                                        Replay Monitor

                                                                                                                                        Loading Replay Monitor...

                                                                                                                                        Downloads

                                                                                                                                        • C:\Program Files\chrome_Unpacker_BeginUnzipping4848_2118089951\manifest.json

                                                                                                                                          Filesize

                                                                                                                                          134B

                                                                                                                                          MD5

                                                                                                                                          049c307f30407da557545d34db8ced16

                                                                                                                                          SHA1

                                                                                                                                          f10b86ebfe8d30d0dc36210939ca7fa7a819d494

                                                                                                                                          SHA256

                                                                                                                                          c36944790c4a1fa2f2acec5f7809a4d6689ecb7fb3b2f19c831c9adb4e17fc54

                                                                                                                                          SHA512

                                                                                                                                          14f04e768956bdd9634f6a172104f2b630e2eeada2f73b9a249be2ec707f4a47ff60f2f700005ca95addd838db9438ad560e5136a10ed32df1d304d65f445780

                                                                                                                                        • C:\Program Files\chrome_Unpacker_BeginUnzipping4848_576059420\manifest.json

                                                                                                                                          Filesize

                                                                                                                                          43B

                                                                                                                                          MD5

                                                                                                                                          af3a9104ca46f35bb5f6123d89c25966

                                                                                                                                          SHA1

                                                                                                                                          1ffb1b0aa9f44bdbc57bdf4b98d26d3be0207ee8

                                                                                                                                          SHA256

                                                                                                                                          81bd82ac27612a58be30a72dd8956b13f883e32ffb54a58076bd6a42b8afaeea

                                                                                                                                          SHA512

                                                                                                                                          6a7a543fa2d1ead3574b4897d2fc714bb218c60a04a70a7e92ecfd2ea59d67028f91b6a2094313f606560087336c619093f1d38d66a3c63a1d1d235ca03d36d1

                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\09425333-661c-4696-8221-82805b59c40b.tmp

                                                                                                                                          Filesize

                                                                                                                                          11KB

                                                                                                                                          MD5

                                                                                                                                          c21886cf27a5ecd6157cefd41f92632f

                                                                                                                                          SHA1

                                                                                                                                          71cfd2c9e461d65c2154c861f6882bf018f35cd5

                                                                                                                                          SHA256

                                                                                                                                          d89b4069447d6ba976c402aa59d5430128579636f6d3df03495b9c168075440d

                                                                                                                                          SHA512

                                                                                                                                          e8a0941b628e9f58b9ee25a3ab2c7c883ea134f09309542a69de296d6372a53124f5827b590755665965a951d28cac724dc098a85124dc42efe47e5b35b47bbd

                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

                                                                                                                                          Filesize

                                                                                                                                          649B

                                                                                                                                          MD5

                                                                                                                                          faceb02431a1f5f71e785b9379d32813

                                                                                                                                          SHA1

                                                                                                                                          5e1cdf80d357b2ac9616e2b10eceaf39d63b5afc

                                                                                                                                          SHA256

                                                                                                                                          bfa753a996bb5ea1352e7dfc3724cdec906e7bd6c4cd62d5bad0a371da65d8d0

                                                                                                                                          SHA512

                                                                                                                                          e0b36080aad138386a1350fb7c07f5bf55b2dc61412cd6521ca50aba5676609b0f4ff911abd5ddbe74732da3e1bf2562095e944580d08c5784446b3f78282eff

                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

                                                                                                                                          Filesize

                                                                                                                                          217KB

                                                                                                                                          MD5

                                                                                                                                          fc4f627ddf54943afa716e1ac1c695c3

                                                                                                                                          SHA1

                                                                                                                                          5377bdb788bc19b76e5b7cb8bcb9110394bf1812

                                                                                                                                          SHA256

                                                                                                                                          1c569628639cf777d2a69e37daa3c970165d1e1fc7f4518b4810b050810d0d88

                                                                                                                                          SHA512

                                                                                                                                          be9e9c47914d2973311e017bfd9846a7aaa88b3b90f49a45edb86aa594f32c2040aa25d1bfa927745524a7a145f2095b6f853de62d3a2118353633b990a3f2ab

                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                                                                          Filesize

                                                                                                                                          168B

                                                                                                                                          MD5

                                                                                                                                          f3e27b0a09b829922988c19b08156369

                                                                                                                                          SHA1

                                                                                                                                          83a78b406f09710b0acb06e3ec9ae1402a476d5d

                                                                                                                                          SHA256

                                                                                                                                          1316704adbde851c593b4b6652472b6cf5f1b79aff9010c6cb77589dde96b834

                                                                                                                                          SHA512

                                                                                                                                          6ef09ed115cdfa8bd689d69f0cf17ff1fca3b7ddd8a9c9ed9e27cf324e48bdd7bbf2711cc81f73b13ad41ecb886a29ea900cfe15d4fe3cc95e26216829e81ba2

                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                                                                                                          Filesize

                                                                                                                                          2KB

                                                                                                                                          MD5

                                                                                                                                          7fe7d9428269ad5532b63679edbf3803

                                                                                                                                          SHA1

                                                                                                                                          e1bcf94a0df26fc3acf759fa36d42e29678b1071

                                                                                                                                          SHA256

                                                                                                                                          5f56a74d71d431c828e9aa2f9c10f3ff9d2f21b078145e4bb235deb3c86b702b

                                                                                                                                          SHA512

                                                                                                                                          2577a0005b3341b1cfc87c6605d250f710d636b5924e30a1f628cd1f0d28c4e0f407af781f1eb5e6af48a20463fa1ad3560a5f0d457536a36951cc24cb139954

                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                          Filesize

                                                                                                                                          11KB

                                                                                                                                          MD5

                                                                                                                                          2a10c5150bf87b9a37062398b08edfc1

                                                                                                                                          SHA1

                                                                                                                                          f340209f6ccb6ca00a36fea9987ab0f8aa3b8d97

                                                                                                                                          SHA256

                                                                                                                                          eeba1dac509111c6505cdc7e8cd73625681d235f1a0e32243ec14b975693d036

                                                                                                                                          SHA512

                                                                                                                                          6a40e7a0b5b6a55127163e77b56edb9ea2c911b75be767aa2be63e116efdc96c33e3dbd51183aad29397ae61a10734ea3d3415e89e19d1876db6d1fe2297144c

                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                          Filesize

                                                                                                                                          11KB

                                                                                                                                          MD5

                                                                                                                                          3f28e991044a0431a203cec781f75990

                                                                                                                                          SHA1

                                                                                                                                          764e6f740b22c738678103c19ace4afbb0e2f647

                                                                                                                                          SHA256

                                                                                                                                          0640fe2cdaa57e0ac62c4581e88b9b8662010e824415615eb50426d1f54853fd

                                                                                                                                          SHA512

                                                                                                                                          616945406b1af54d6d42d5d435a67285da8f25c503f3554c53c5c89e8bafed2579744900a2db1f84e22b935f8aa5f8f265b4ead39408d4a1cc211ed1e344b357

                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                          Filesize

                                                                                                                                          11KB

                                                                                                                                          MD5

                                                                                                                                          6646af40857701f9bc046e9a524c7f2f

                                                                                                                                          SHA1

                                                                                                                                          4e9679d1679e19188aa79ee2ebd983c5ff695c53

                                                                                                                                          SHA256

                                                                                                                                          c62f2c51e5e046cb0f817c5395c8a230b1e7b0e5d53e6022e13bfe7a75537ffa

                                                                                                                                          SHA512

                                                                                                                                          15bd3f57d5b9ff4c126c5baeb1beacc7323cec85c6c8606771ff8fd8fe1eaa8401a60e4986b51aeb252f043ac109fddf8ee9192c6c19206602137d42b26731ca

                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

                                                                                                                                          Filesize

                                                                                                                                          15KB

                                                                                                                                          MD5

                                                                                                                                          59e82a568f101f61012733123fb9cbb5

                                                                                                                                          SHA1

                                                                                                                                          820eb359299feefc1c83bdc0be1ef315cd90fda5

                                                                                                                                          SHA256

                                                                                                                                          3936cdeb9eeb2b20efac0ae8b8be58ded267421a7b5e188b0fa45eddcbbeac5e

                                                                                                                                          SHA512

                                                                                                                                          bfdb3421ce5b3a746ac9a102518a8e10dac00291881eb3e3378b014b608e85d602e16c47953a1432d927f7bf8b6e76643c6c88e94d3795bfdeffbcd6105c8be9

                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

                                                                                                                                          Filesize

                                                                                                                                          72B

                                                                                                                                          MD5

                                                                                                                                          926b0bd5923bbfd216b60ba8101d94c0

                                                                                                                                          SHA1

                                                                                                                                          0cefae00db529c36bd451e9cb33f7efa96847b92

                                                                                                                                          SHA256

                                                                                                                                          5c38a70455b36b161208cb38b5f4103ec34fa321d483ade1237e0e51b5603cdc

                                                                                                                                          SHA512

                                                                                                                                          5a617c587f1ea3c869a6aba4de2d1b15a48de3a1e2af97ff910e05c364d2747739978e69e96ae01d03247bbc4005bb6a3d3282fd09ecdae958f646048fec37dd

                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57c7d4.TMP

                                                                                                                                          Filesize

                                                                                                                                          48B

                                                                                                                                          MD5

                                                                                                                                          f793103e129501decf2392e2a2c3fab5

                                                                                                                                          SHA1

                                                                                                                                          bd0e528eeb8b4cf79dc28fe17756359f8cc28a06

                                                                                                                                          SHA256

                                                                                                                                          3c7e5a7acb4701ef3f8fa9469802d184d88ca126ba8224c22a25df6efaac2d81

                                                                                                                                          SHA512

                                                                                                                                          9baacee5d9a82a417b711678ccba56fedc08ff0da216bbb8a53006109c05f74c71baee1a4a920a427dd6a0baf5d27186a3d4b9467a56837e92051464487fec3d

                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                                                                          Filesize

                                                                                                                                          151KB

                                                                                                                                          MD5

                                                                                                                                          54626dd36cffa1be8c3a6bf26cd3a923

                                                                                                                                          SHA1

                                                                                                                                          e8a612f54c7ea517cc1dffc1dc4d7b4a9498f026

                                                                                                                                          SHA256

                                                                                                                                          e7c928f07a1ffeaad56eb4a16a00e44df27e7e10e38a9b2d8c057c8683a4168e

                                                                                                                                          SHA512

                                                                                                                                          3c8ad1d226702084e2e74569b00c8fac8e53eea64f3005259f8ca59cde2d77263b480722b51cba8e19506ea5d5b871ce3b4c6557d26e41e6e3fe1d686d5a969c

                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                                                                          Filesize

                                                                                                                                          78KB

                                                                                                                                          MD5

                                                                                                                                          2ce23bf43598b6bb007a1081a3eb6683

                                                                                                                                          SHA1

                                                                                                                                          edf7e27118942ae7c1f01b525c6d668717ee4e88

                                                                                                                                          SHA256

                                                                                                                                          ed07ae1ee474283123ae64f13ec0dbfd48700b83108de6fa4d2bb3ee5de36358

                                                                                                                                          SHA512

                                                                                                                                          48afff5c531a5de2f1ea0e0e44316694e46d071c6f49fa3cc666268ff2a6d26bc0e9a7e981483b48c0aa7c634faf230d8edde4f9adc9e7ba2553f4630c518830

                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\e1de9458-1749-41ce-9fe7-bffb503387aa.tmp

                                                                                                                                          Filesize

                                                                                                                                          151KB

                                                                                                                                          MD5

                                                                                                                                          1daeddd16a5450ef938cdaa967d1938d

                                                                                                                                          SHA1

                                                                                                                                          11f9f63ff0055864ac864e3b9d651011a04fde62

                                                                                                                                          SHA256

                                                                                                                                          62664dfff7a29ba95c27ec890ef78787216775e2bdb5fa332eec98adbca837c8

                                                                                                                                          SHA512

                                                                                                                                          4e7ae98fe95cf4c21f1b3697cc2efb00b5b98f44d1978945a099b61804ef3e0a7564c57b2f05797f2c68417760580dd707cb5a28309794b40be663ea5735e38d

                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\blocklist

                                                                                                                                          Filesize

                                                                                                                                          105KB

                                                                                                                                          MD5

                                                                                                                                          6e82345aefe362b4c5071e7df6c07407

                                                                                                                                          SHA1

                                                                                                                                          44176a6b5c2722280699b8cc9a174d168fd4c161

                                                                                                                                          SHA256

                                                                                                                                          ee1ec48b6b166582c51a4141a84f48731ce18a62e4b7faeb9d60560c8f9c382a

                                                                                                                                          SHA512

                                                                                                                                          20c0f5862226a3eb17832e7c793f809f2333e0e0068dbe61b5865517fdd9f84bb5ca8d97bdb19a005a25b789ac75a09067350940f042fb5123cdb682ce2c98d5

                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\AutoLaunchProtocolsComponent\1.0.0.9\protocols.json

                                                                                                                                          Filesize

                                                                                                                                          3KB

                                                                                                                                          MD5

                                                                                                                                          f9fd82b572ef4ce41a3d1075acc52d22

                                                                                                                                          SHA1

                                                                                                                                          fdded5eef95391be440cc15f84ded0480c0141e3

                                                                                                                                          SHA256

                                                                                                                                          5f21978e992a53ebd9c138cb5391c481def7769e3525c586a8a94f276b3cd8d6

                                                                                                                                          SHA512

                                                                                                                                          17084cc74462310a608355fbeafa8b51f295fb5fd067dfc641e752e69b1ee4ffba0e9eafa263aab67daab780b9b6be370dd3b54dd4ba8426ab499e50ff5c7339

                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                                                          Filesize

                                                                                                                                          280B

                                                                                                                                          MD5

                                                                                                                                          d9785e91e611c063a66ed926a2b4e8df

                                                                                                                                          SHA1

                                                                                                                                          a26cc634c8e2faa4079541779b2cbccbbfbfb7c1

                                                                                                                                          SHA256

                                                                                                                                          8d86adb417adc05b1a8d52677af389732a1379ae4ea5d922a935c7a9855eeba8

                                                                                                                                          SHA512

                                                                                                                                          505a6a04c5b5f560fc70a91bc9d9519197209c55380c608421291ac0a241b99d48e6bae3e8d254964078ce9da085c1725fa1343171c8ede338a9de1f03fcf242

                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                                                          Filesize

                                                                                                                                          280B

                                                                                                                                          MD5

                                                                                                                                          16d866444174f56021f3b8a32126a79f

                                                                                                                                          SHA1

                                                                                                                                          487ecf8312a06dc849d90418de2cbf7e42d8dee6

                                                                                                                                          SHA256

                                                                                                                                          4f6b9aa5ccb03e16a99c1bc90d963e5e105f812ece646764e00b0ee593d56c8c

                                                                                                                                          SHA512

                                                                                                                                          83251093985709749995d32ae849764f26352048d270e9246ffa1e1fa56eb647df327a5557a068b7e99b8a690a75e4381eea59ee2851c52d1d428d28fe9a8c4a

                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                                                          Filesize

                                                                                                                                          280B

                                                                                                                                          MD5

                                                                                                                                          0722bdc07c7e0af9e20da5d491d811c1

                                                                                                                                          SHA1

                                                                                                                                          17a074413aa7ce1bfdc3ba6f6bad547ae3546541

                                                                                                                                          SHA256

                                                                                                                                          23623472219b27f1ed929c76d51f9d76d90ad02c4bf8d37d4da9404d61dfe2ff

                                                                                                                                          SHA512

                                                                                                                                          7fd5b8edcec6191f45b5ef076782154a40a0321cf47d434376ce483c622d6f3d5fa3b24288646b28b340c757e4348da7cb410ed70629b16f8f3397c0f5491dd5

                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000091

                                                                                                                                          Filesize

                                                                                                                                          62KB

                                                                                                                                          MD5

                                                                                                                                          c813a1b87f1651d642cdcad5fca7a7d8

                                                                                                                                          SHA1

                                                                                                                                          0e6628997674a7dfbeb321b59a6e829d0c2f4478

                                                                                                                                          SHA256

                                                                                                                                          df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3

                                                                                                                                          SHA512

                                                                                                                                          af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b

                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000092

                                                                                                                                          Filesize

                                                                                                                                          127KB

                                                                                                                                          MD5

                                                                                                                                          1939a03c4dcc6b3b4739457a1b2661f4

                                                                                                                                          SHA1

                                                                                                                                          527933aa65f3e3bd080a76164c258d74c23292bc

                                                                                                                                          SHA256

                                                                                                                                          fb5f0d3ac5e000507a99d802c568bf70ab44e0f5153db7cfb29636cf4c8f0046

                                                                                                                                          SHA512

                                                                                                                                          f05f16756a813fb9d7ece9d17f9f30334210fda1315ebb2d2e116019876e5638bada96bccec1c30753026e38bd49839161aa307744244b46ab4a52417a031dfd

                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000093

                                                                                                                                          Filesize

                                                                                                                                          63KB

                                                                                                                                          MD5

                                                                                                                                          226541550a51911c375216f718493f65

                                                                                                                                          SHA1

                                                                                                                                          f6e608468401f9384cabdef45ca19e2afacc84bd

                                                                                                                                          SHA256

                                                                                                                                          caecff4179910ce0ff470f9fa9eb4349e8fb717fa1432cf19987450a4e1ef4a5

                                                                                                                                          SHA512

                                                                                                                                          2947b309f15e0e321beb9506861883fde8391c6f6140178c7e6ee7750d6418266360c335477cae0b067a6a6d86935ec5f7acdfdacc9edffa8b04ec71be210516

                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000094

                                                                                                                                          Filesize

                                                                                                                                          19KB

                                                                                                                                          MD5

                                                                                                                                          1bd4ae71ef8e69ad4b5ffd8dc7d2dcb5

                                                                                                                                          SHA1

                                                                                                                                          6dd8803e59949c985d6a9df2f26c833041a5178c

                                                                                                                                          SHA256

                                                                                                                                          af18b3681e8e2a1e8dc34c2aa60530dc8d8a9258c4d562cbe20c898d5de98725

                                                                                                                                          SHA512

                                                                                                                                          b3ff083b669aca75549396250e05344ba2f1c021468589f2bd6f1b977b7f11df00f958bbbd22f07708b5d30d0260f39d8de57e75382b3ab8e78a2c41ef428863

                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                                                                          Filesize

                                                                                                                                          4KB

                                                                                                                                          MD5

                                                                                                                                          052fdae5602cc1c609a759fb0888b9ab

                                                                                                                                          SHA1

                                                                                                                                          7e231e582ecb0b03cd13cd343979e91001208aec

                                                                                                                                          SHA256

                                                                                                                                          cb0c794e4f4e93627481f9348a3a782ae175e082d4aeb2ecf8dfb685c1e5b05d

                                                                                                                                          SHA512

                                                                                                                                          9cd5428b7e9f5bf26033179c1f9da365a57495d76d93edda8c100b81d275b513ab5a094e79fe22ce2a1b4adddfd2622bc5d899fc8f9499b9a1bf625435abb410

                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe57b0c2.TMP

                                                                                                                                          Filesize

                                                                                                                                          4KB

                                                                                                                                          MD5

                                                                                                                                          a9547e076a72c4ce6b8ed43c19193aba

                                                                                                                                          SHA1

                                                                                                                                          895b862e0564a0f4d2ecbedb65b7ce914139a788

                                                                                                                                          SHA256

                                                                                                                                          8ab179a2ea63b5e53a9f8f0876341ab6711a5caa2eb49cd115115110cb9b6a20

                                                                                                                                          SHA512

                                                                                                                                          9d0b3d40c3ce996806e8cd1e87ef416d92e325086b84544517e5390bdaf4388b4d895e4b0279454a88b6b90c415daec93dae0c50acbe4686c7b617a7fa028d00

                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

                                                                                                                                          Filesize

                                                                                                                                          2B

                                                                                                                                          MD5

                                                                                                                                          99914b932bd37a50b983c5e7c90ae93b

                                                                                                                                          SHA1

                                                                                                                                          bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                                                                                                                                          SHA256

                                                                                                                                          44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                                                                                                                                          SHA512

                                                                                                                                          27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

                                                                                                                                          Filesize

                                                                                                                                          69KB

                                                                                                                                          MD5

                                                                                                                                          164a788f50529fc93a6077e50675c617

                                                                                                                                          SHA1

                                                                                                                                          c53f6cd0531fd98d6abbd2a9e5fbb4319b221f48

                                                                                                                                          SHA256

                                                                                                                                          b305e470fb9f8b69a8cd53b5a8ffb88538c9f6a9c7c2c194a226e8f6c9b53c17

                                                                                                                                          SHA512

                                                                                                                                          ec7d173b55283f3e59a468a0037921dc4e1bf3fab1c693330b9d8e5826273c917b374c4b802f3234bbb5e5e210d55e52351426867e0eb8c9f6fba1a053cb05d4

                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\content.js

                                                                                                                                          Filesize

                                                                                                                                          9KB

                                                                                                                                          MD5

                                                                                                                                          3d20584f7f6c8eac79e17cca4207fb79

                                                                                                                                          SHA1

                                                                                                                                          3c16dcc27ae52431c8cdd92fbaab0341524d3092

                                                                                                                                          SHA256

                                                                                                                                          0d40a5153cb66b5bde64906ca3ae750494098f68ad0b4d091256939eea243643

                                                                                                                                          SHA512

                                                                                                                                          315d1b4cc2e70c72d7eb7d51e0f304f6e64ac13ae301fd2e46d585243a6c936b2ad35a0964745d291ae9b317c316a29760b9b9782c88cc6a68599db531f87d59

                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

                                                                                                                                          Filesize

                                                                                                                                          107KB

                                                                                                                                          MD5

                                                                                                                                          2b66d93c82a06797cdfd9df96a09e74a

                                                                                                                                          SHA1

                                                                                                                                          5f7eb526ee8a0c519b5d86c845fea8afd15b0c28

                                                                                                                                          SHA256

                                                                                                                                          d4c064db769b3c109da2ed80a53fbab00987c17421a47921e41e213781d67954

                                                                                                                                          SHA512

                                                                                                                                          95e45c0aea0e704be5f512dffaae377d4abef78da99b3bca769264d69be20f2570daf2f47905645217e1b2696e42b101f26149219f148b4d6dd97a6c2868b6f5

                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

                                                                                                                                          Filesize

                                                                                                                                          111B

                                                                                                                                          MD5

                                                                                                                                          285252a2f6327d41eab203dc2f402c67

                                                                                                                                          SHA1

                                                                                                                                          acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

                                                                                                                                          SHA256

                                                                                                                                          5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

                                                                                                                                          SHA512

                                                                                                                                          11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

                                                                                                                                          Filesize

                                                                                                                                          2KB

                                                                                                                                          MD5

                                                                                                                                          11e3f7dc2ade80abf0ef7943366151b5

                                                                                                                                          SHA1

                                                                                                                                          5e435f829440de911e25161844250d00f4c8ab63

                                                                                                                                          SHA256

                                                                                                                                          3cf35a86b0cd2a56d3ad1f7c47083de9c1d8407e8d94df769dad1a4587f3c8ca

                                                                                                                                          SHA512

                                                                                                                                          c959fcfa982e04662c4c5a37a9d34eaaa6897a5a819022e451394086d4141b2dc1393717fb6ef25281d4a12bdec6545e6ccb1f10f161a6b6843e21c5df4ae1bc

                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

                                                                                                                                          Filesize

                                                                                                                                          2B

                                                                                                                                          MD5

                                                                                                                                          d751713988987e9331980363e24189ce

                                                                                                                                          SHA1

                                                                                                                                          97d170e1550eee4afc0af065b78cda302a97674c

                                                                                                                                          SHA256

                                                                                                                                          4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                                                                                                                          SHA512

                                                                                                                                          b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

                                                                                                                                          Filesize

                                                                                                                                          211B

                                                                                                                                          MD5

                                                                                                                                          5443ee4a9d30c2bc778d20b9cd879a58

                                                                                                                                          SHA1

                                                                                                                                          d0e12f36c955e84cdc5c485d2200e545a7a06754

                                                                                                                                          SHA256

                                                                                                                                          6ada0989ad9db1c2e5ddd14e81d744e6b8f8847ecf93811bec3344100596712a

                                                                                                                                          SHA512

                                                                                                                                          d28f8f9f687736c87b0d7d57ed4dde19d1579a74270da518753a655b85010ae56bd3d5c4bbaf555ee2ce773451ea9b749b621bea6b8df7086d83e03888a5f714

                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

                                                                                                                                          Filesize

                                                                                                                                          211B

                                                                                                                                          MD5

                                                                                                                                          39052adf6789ceeee5eb551cc756ebf7

                                                                                                                                          SHA1

                                                                                                                                          0eb9c299cf56a7022d321cb574e9efc9c263abf2

                                                                                                                                          SHA256

                                                                                                                                          021626c2c00bb0e094ff4b83849930f6dd653dbb874e4af93d3be5b0c1cc0595

                                                                                                                                          SHA512

                                                                                                                                          108c0c5f8abdf869996b445b40ca6e5f12a11ee85cc7ea093a68f75d57343203e9398315dcdb6c471f04aa27a9f7e35011de347181a6c2b212b950dc7b6a6c40

                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries~RFe58949a.TMP

                                                                                                                                          Filesize

                                                                                                                                          40B

                                                                                                                                          MD5

                                                                                                                                          20d4b8fa017a12a108c87f540836e250

                                                                                                                                          SHA1

                                                                                                                                          1ac617fac131262b6d3ce1f52f5907e31d5f6f00

                                                                                                                                          SHA256

                                                                                                                                          6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

                                                                                                                                          SHA512

                                                                                                                                          507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                                          Filesize

                                                                                                                                          14KB

                                                                                                                                          MD5

                                                                                                                                          1e3abdf584f2ef4dfbe719c2fb562fec

                                                                                                                                          SHA1

                                                                                                                                          3490ca28ab2ad9ba3df5f77235ad71c2802084a0

                                                                                                                                          SHA256

                                                                                                                                          f341c1510308b7766dff3a91efa89197b40ef28bf4fccc0d954d6b24b7a124c2

                                                                                                                                          SHA512

                                                                                                                                          cbd26a0c6f401e2a5e834e05395bd5446b4e4c26c5446a0d225a18f9e2422b49a8f7fad47c80028180fd97acf6dec11162a4e606e1ba9bf4ddb2051a7f4e74ae

                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                                          Filesize

                                                                                                                                          13KB

                                                                                                                                          MD5

                                                                                                                                          d270354ce43222c08a5b57e63e294cac

                                                                                                                                          SHA1

                                                                                                                                          b30d688fb1b2ebf1b5393a694f3e94b3200d6388

                                                                                                                                          SHA256

                                                                                                                                          4aebd827c27e1f831dc3126c58a4467d6d657f5ba6453bb2c7af21ef7f9938a7

                                                                                                                                          SHA512

                                                                                                                                          ff988cef52d69c09a9332eec309e209ddf6fdc466aae2dbcb1bf8396c4c0c37a55e26a1ad0a55b48be57d76f12d65f25b604d4f2f49b47ca87428774960a1f54

                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                                          Filesize

                                                                                                                                          15KB

                                                                                                                                          MD5

                                                                                                                                          fd8a788bd496d8d4f4fbc1d41cbad8e2

                                                                                                                                          SHA1

                                                                                                                                          9dbe3fb1a913f89bbbef867e4e2a8e3f2800d709

                                                                                                                                          SHA256

                                                                                                                                          c76b2e9ba7b520ec0d062195693fc2c1e6f83f5f71522723ea93ad29b67deb99

                                                                                                                                          SHA512

                                                                                                                                          285d338542732a252f0ae247fb051ebbd1c300d649fd20caaa9644bf0866973bae13d19067245c6c10a766a1e60832a5daed41ee849ffae73d4081a99f61a4e6

                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

                                                                                                                                          Filesize

                                                                                                                                          36KB

                                                                                                                                          MD5

                                                                                                                                          440b05a9388247e3710060be86f29a4c

                                                                                                                                          SHA1

                                                                                                                                          4eb6eb37b79585296ec24a7e6780ea3498608254

                                                                                                                                          SHA256

                                                                                                                                          de0d9752254ca4e7dcd02260f0024f2f949986a8bdbd09695b843d8ae29c2f90

                                                                                                                                          SHA512

                                                                                                                                          656fe94bafe250983a3edb75e2d6d107a825d236b348b15a53ba44cba3922e7f81a711595b157b781bbcdf48a8c62b77503025df759aa26c4ead33d9b6718b10

                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

                                                                                                                                          Filesize

                                                                                                                                          4KB

                                                                                                                                          MD5

                                                                                                                                          b18e724910d325b296e2b427ec617a90

                                                                                                                                          SHA1

                                                                                                                                          5b14d454f2b9b1a2a950d287d2bbfd87d94ce909

                                                                                                                                          SHA256

                                                                                                                                          775a433439e560c1701ab0ee12c49de49f10b4dd0011ae8248af8c6fa013a9c0

                                                                                                                                          SHA512

                                                                                                                                          1a2d2d2351ec4c5121a07bc4d0592d1bef58d7dd4bb52434a8e9a058e2ab84c33355ffac215798ede5185a1e18b20fb417a94fae0f38ba46b15bcbfc65bddb39

                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

                                                                                                                                          Filesize

                                                                                                                                          23KB

                                                                                                                                          MD5

                                                                                                                                          6303480f170ca05672e9dc78eef56415

                                                                                                                                          SHA1

                                                                                                                                          be969a418eb00ae8f489e0b44d6598dab8df5098

                                                                                                                                          SHA256

                                                                                                                                          f7309e9d5884e72e889cd27dcbb738a00c6dcfe3b8547bf19352dfd886bb9078

                                                                                                                                          SHA512

                                                                                                                                          55a2f3cfbb5e94e547d6857b2b9f14a96252a9696a47fbe17ead693ee88829ec3f6c99a35b72ff6cb01fd1c1a8f7175e2a830efe588c35a3935c346d8ce0fbb3

                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

                                                                                                                                          Filesize

                                                                                                                                          878B

                                                                                                                                          MD5

                                                                                                                                          3e7f3135d4fcb58c7b549ec5dbce7c7a

                                                                                                                                          SHA1

                                                                                                                                          8f3a2c4b5470f6cded77bbe1ebef95a55a06221c

                                                                                                                                          SHA256

                                                                                                                                          44b63be6b091fded362e586667df64dcf04a93712b8bec05a3a2d0e89c1a9db9

                                                                                                                                          SHA512

                                                                                                                                          e6fe7de1fe8dcf04738cd0b83931416d23a197b4d0673a23e53b4063e39d13e728e71517630fed211b81e46d3d50aab234985b313484a6b14829df98b38f0878

                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog~RFe584b1d.TMP

                                                                                                                                          Filesize

                                                                                                                                          469B

                                                                                                                                          MD5

                                                                                                                                          27c6a0db41e111e91be6f42ffae87db3

                                                                                                                                          SHA1

                                                                                                                                          a3d51bf2c0efd8a02236af8938bfe0b2fe1a4430

                                                                                                                                          SHA256

                                                                                                                                          050dc1e294d0bc6892f29f03a4586f1b88379827543bfe299c7bab68b50b6195

                                                                                                                                          SHA512

                                                                                                                                          beac7a81819575a0dc22a880d2b65aead955e2c6b82de08b2e99090a7b60585dadde5c2b0af662968fee1df87a9f7fa5e8c7e5fa02cfbc6612ae0d94f2197f6a

                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\e4e083fa-e285-4abb-b479-d195c038f97e.tmp

                                                                                                                                          Filesize

                                                                                                                                          22KB

                                                                                                                                          MD5

                                                                                                                                          46cbcd98b0383629cfcacbd887a8569e

                                                                                                                                          SHA1

                                                                                                                                          f476b4699954bde9652cdb8c7dd85601e316e857

                                                                                                                                          SHA256

                                                                                                                                          c3cfc4079d320d3cf4f3fd0d8b778814954f9ca4893bcd068b365858117b25d5

                                                                                                                                          SHA512

                                                                                                                                          4b78fdcf64477200c96c5c8cdc7c79907e8394a2332bf808365467c5887c9493fd8ea547e7f5326b569cf375a9d9fd2d103f8aeb9dc70a4da32ff1895474dd25

                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                                                          Filesize

                                                                                                                                          30KB

                                                                                                                                          MD5

                                                                                                                                          38d513d828acc0c387a84d454d7b984d

                                                                                                                                          SHA1

                                                                                                                                          06b3de829d040b8579b8809f59ed80b630131c44

                                                                                                                                          SHA256

                                                                                                                                          83881bedb713cb4a07aebb68650d09461a0129103edca6155ae4c2f69d2926b7

                                                                                                                                          SHA512

                                                                                                                                          3fa39a5c07d64c7ff24c33ac6ad2fb28dc36ab0a01f17bc04100a516c414e5d036e78b0a6f5dc6be31b4cc0e106951a4a02bff5d638824c663cae9469d73d50e

                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                                                          Filesize

                                                                                                                                          6KB

                                                                                                                                          MD5

                                                                                                                                          425975502d83757d0c559301f94f7d24

                                                                                                                                          SHA1

                                                                                                                                          3ef89f7df1f1e28d80a08b9bc3c7cb68c4b8a0e8

                                                                                                                                          SHA256

                                                                                                                                          e60c4683d000c16c94b5d859de990a1074546f6fbd4962170dbdf0eaf93e1e2f

                                                                                                                                          SHA512

                                                                                                                                          96f70b1d4868df3e2b5246902f255ef1d5029d691f4a798316fafca427f11b48f05bd0a11f555fe22f71612cdbdb144311e46db04b97194ed133bb9029ec28b3

                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                                                          Filesize

                                                                                                                                          34KB

                                                                                                                                          MD5

                                                                                                                                          582b0ed1282a79dbb75dff1c4aae9055

                                                                                                                                          SHA1

                                                                                                                                          df94717e7044e6dfbf1880bce318c6481db9ffef

                                                                                                                                          SHA256

                                                                                                                                          52ca4f8ae6ece5b846c468a96a95f1872aead3138071564cdbb9512354e7be9a

                                                                                                                                          SHA512

                                                                                                                                          5a998207c34314803b3c692cde33e534b757f292f02262283f2a09cb5f8aa97d93a9b3b5733f5f64671de2351bfac2644311bc14a640746a8936dcafcb1d146f

                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                                                          Filesize

                                                                                                                                          7KB

                                                                                                                                          MD5

                                                                                                                                          9e56f9aa333b1e38a65329cdee470fd4

                                                                                                                                          SHA1

                                                                                                                                          143463793edf0d1b056465dc38585fb1abfa3b2e

                                                                                                                                          SHA256

                                                                                                                                          dc43ef7f98b1d99fea92d4a0533156939fcb4899e4054c905918d5636e18adf5

                                                                                                                                          SHA512

                                                                                                                                          e82684476c105f8559ca91e5272cc9b6501947fec0cea8216067fbbcaf5601993fd5dc668d448d00c4951e7d563b7f759669192957f4b73fab57e6314b74aed7

                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                                                          Filesize

                                                                                                                                          12KB

                                                                                                                                          MD5

                                                                                                                                          85b3b0ca8e641248b6b0ad924e7a5593

                                                                                                                                          SHA1

                                                                                                                                          aff774b4cf0760b0d8d0501df4f36c54aabd2eb7

                                                                                                                                          SHA256

                                                                                                                                          2e3069b897a9d0c8beaeff6224be066a111a74900116c9f7afed3e85deefe45b

                                                                                                                                          SHA512

                                                                                                                                          d3213ec75021b1d3d07332647edaf11533dc9fd6cded0fb5d076b05fc540567dfff07d132438ace4030ff58e4e42f31a581f7d256e17c78c9205ab66f33df249

                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

                                                                                                                                          Filesize

                                                                                                                                          2KB

                                                                                                                                          MD5

                                                                                                                                          3b9ac5961c2a4f84fa8b0174ecf5930e

                                                                                                                                          SHA1

                                                                                                                                          c11e0bdc52124605674efd45d73b51bb35a57a1a

                                                                                                                                          SHA256

                                                                                                                                          82e670c01cb12d7d90bdd1014e6f7c9f4c057471595ff05e17f93f53c59f2d2e

                                                                                                                                          SHA512

                                                                                                                                          92d6912126318d2d0bd1480b6c18d71200a33eb8224428a0738995bbd214384765dba4528d43fb077fd0c92b79530ecce199d4a86a6030b8533c347f9db42f8a

                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\7ae283ad-307e-4625-9a3e-0f8c2c68058f.tmp

                                                                                                                                          Filesize

                                                                                                                                          10KB

                                                                                                                                          MD5

                                                                                                                                          78e47dda17341bed7be45dccfd89ac87

                                                                                                                                          SHA1

                                                                                                                                          1afde30e46997452d11e4a2adbbf35cce7a1404f

                                                                                                                                          SHA256

                                                                                                                                          67d161098be68cd24febc0c7b48f515f199dda72f20ae3bbb97fcf2542bb0550

                                                                                                                                          SHA512

                                                                                                                                          9574a66d3756540479dc955c4057144283e09cae11ce11ebce801053bb48e536e67dc823b91895a9e3ee8d3cb27c065d5e9030c39a26cbf3f201348385b418a5

                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\7f644442-26c1-43b3-ad73-cf9e0d25ec7b.tmp

                                                                                                                                          Filesize

                                                                                                                                          1B

                                                                                                                                          MD5

                                                                                                                                          5058f1af8388633f609cadb75a75dc9d

                                                                                                                                          SHA1

                                                                                                                                          3a52ce780950d4d969792a2559cd519d7ee8c727

                                                                                                                                          SHA256

                                                                                                                                          cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

                                                                                                                                          SHA512

                                                                                                                                          0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\scoped_dir4848_279977556\dba2b50e-5e89-4a60-a81c-2f2e62647a74.tmp

                                                                                                                                          Filesize

                                                                                                                                          153KB

                                                                                                                                          MD5

                                                                                                                                          b0917d8e6c5b6be358bff67f84eb8336

                                                                                                                                          SHA1

                                                                                                                                          a6e221edcb19a1cc81575b4ddd927fd9a6fbdd6d

                                                                                                                                          SHA256

                                                                                                                                          dff2c9d9755f96713c08f4932a9091080808ec34c0823feac2206fa526f91e60

                                                                                                                                          SHA512

                                                                                                                                          cd5822bbf91e8f7f5ab2b471a4bf8b464bde95465e2fccc6a57e5a287ca55d5062bdd6d4b3cd76f8529ee7a9081b6a7aad7dc2a7581c344ce4fd2d3256bdf451

                                                                                                                                        • C:\Users\Admin\Downloads\DanaBot.dll

                                                                                                                                          Filesize

                                                                                                                                          2.4MB

                                                                                                                                          MD5

                                                                                                                                          7e76f7a5c55a5bc5f5e2d7a9e886782b

                                                                                                                                          SHA1

                                                                                                                                          fc500153dba682e53776bef53123086f00c0e041

                                                                                                                                          SHA256

                                                                                                                                          abd75572f897cdda88cec22922d15b509ee8c840fa5894b0aecbef6de23908a3

                                                                                                                                          SHA512

                                                                                                                                          0318e0040f4dbf954f27fb10a69bce2248e785a31d855615a1eaf303a772ad51d47906a113605d7bfd3c2b2265bf83c61538f78b071f85ee3c4948f5cde3fb24

                                                                                                                                        • C:\Users\Admin\Downloads\DanaBot.exe

                                                                                                                                          Filesize

                                                                                                                                          2.7MB

                                                                                                                                          MD5

                                                                                                                                          48d8f7bbb500af66baa765279ce58045

                                                                                                                                          SHA1

                                                                                                                                          2cdb5fdeee4e9c7bd2e5f744150521963487eb71

                                                                                                                                          SHA256

                                                                                                                                          db0d72bc7d10209f7fa354ec100d57abbb9fe2e57ce72789f5f88257c5d3ebd1

                                                                                                                                          SHA512

                                                                                                                                          aef8aa8e0d16aab35b5cc19487e53583691e4471064bc556a2ee13e94a0546b54a33995739f0fa3c4de6ff4c6abf02014aef3efb0d93ca6847bad2220c3302bd

                                                                                                                                        • memory/916-1573-0x0000000000400000-0x0000000000AAD000-memory.dmp

                                                                                                                                          Filesize

                                                                                                                                          6.7MB

                                                                                                                                        • memory/2996-1569-0x00000000025C0000-0x000000000282B000-memory.dmp

                                                                                                                                          Filesize

                                                                                                                                          2.4MB

                                                                                                                                        • memory/4328-1567-0x0000000002600000-0x000000000286B000-memory.dmp

                                                                                                                                          Filesize

                                                                                                                                          2.4MB

                                                                                                                                        • memory/5000-1572-0x0000000002620000-0x000000000288B000-memory.dmp

                                                                                                                                          Filesize

                                                                                                                                          2.4MB

                                                                                                                                        • memory/5476-1571-0x0000000002270000-0x00000000024DB000-memory.dmp

                                                                                                                                          Filesize

                                                                                                                                          2.4MB

                                                                                                                                        • memory/5540-1574-0x0000000000400000-0x0000000000AAD000-memory.dmp

                                                                                                                                          Filesize

                                                                                                                                          6.7MB