Analysis Overview
Threat Level: Known bad
The file http://agf was found to be: Known bad.
Malicious Activity Summary
Danabot family
Danabot x86 payload
Danabot
Downloads MZ/PE file
Loads dropped DLL
Executes dropped EXE
Legitimate hosting services abused for malware hosting/C2
Drops file in Program Files directory
System Location Discovery: System Language Discovery
Program crash
Browser Information Discovery
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious behavior: EnumeratesProcesses
Checks processor information in registry
Enumerates system info in registry
Modifies registry class
Suspicious use of AdjustPrivilegeToken
Suspicious use of SendNotifyMessage
Modifies data under HKEY_USERS
MITRE ATT&CK
Enterprise Matrix V16
Analysis: static1
Detonation Overview
Reported
2025-04-19 14:43
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2025-04-19 14:43
Reported
2025-04-19 14:45
Platform
win10v2004-20250410-en
Max time kernel
108s
Max time network
111s
Command Line
Signatures
Danabot
Danabot family
Danabot x86 payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Downloads MZ/PE file
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\DanaBot.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\DanaBot.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping4848_2118089951\manifest.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping4848_2118089951\protocols.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping4848_2118089951\manifest.fingerprint | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping4848_576059420\manifest.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping4848_576059420\manifest.fingerprint | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Browser Information Discovery
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\Downloads\DanaBot.exe |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\Downloads\DanaBot.exe |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\DanaBot.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\DanaBot.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133895474131171703" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3833542908-3750648139-3436651901-1000\{669B8A1E-6375-4A24-813E-B33C2D4DDCAA} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://agf
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2c8,0x2cc,0x2d0,0x2c4,0x2ec,0x7ff92350f208,0x7ff92350f214,0x7ff92350f220
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1812,i,6464629101475988030,16719470292543100503,262144 --variations-seed-version --mojo-platform-channel-handle=2160 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2124,i,6464629101475988030,16719470292543100503,262144 --variations-seed-version --mojo-platform-channel-handle=2104 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2460,i,6464629101475988030,16719470292543100503,262144 --variations-seed-version --mojo-platform-channel-handle=3028 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3452,i,6464629101475988030,16719470292543100503,262144 --variations-seed-version --mojo-platform-channel-handle=3508 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3472,i,6464629101475988030,16719470292543100503,262144 --variations-seed-version --mojo-platform-channel-handle=3500 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4084,i,6464629101475988030,16719470292543100503,262144 --variations-seed-version --mojo-platform-channel-handle=4164 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=4136,i,6464629101475988030,16719470292543100503,262144 --variations-seed-version --mojo-platform-channel-handle=4184 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9130adcf8,0x7ff9130add04,0x7ff9130add10
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3828,i,6464629101475988030,16719470292543100503,262144 --variations-seed-version --mojo-platform-channel-handle=3840 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5240,i,6464629101475988030,16719470292543100503,262144 --variations-seed-version --mojo-platform-channel-handle=5244 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1980,i,16610594086673985879,4236792160590859176,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=1968 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=2088,i,16610594086673985879,4236792160590859176,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=2220 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2356,i,16610594086673985879,4236792160590859176,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=2372 /prefetch:8
C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3128,i,16610594086673985879,4236792160590859176,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=3188 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3112,i,16610594086673985879,4236792160590859176,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=3136 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4292,i,16610594086673985879,4236792160590859176,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=4276 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3968,i,6464629101475988030,16719470292543100503,262144 --variations-seed-version --mojo-platform-channel-handle=5468 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3884,i,6464629101475988030,16719470292543100503,262144 --variations-seed-version --mojo-platform-channel-handle=5500 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3124,i,16610594086673985879,4236792160590859176,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=4560 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --always-read-main-dll --field-trial-handle=5836,i,6464629101475988030,16719470292543100503,262144 --variations-seed-version --mojo-platform-channel-handle=5852 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --always-read-main-dll --field-trial-handle=3456,i,6464629101475988030,16719470292543100503,262144 --variations-seed-version --mojo-platform-channel-handle=4964 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3624,i,6464629101475988030,16719470292543100503,262144 --variations-seed-version --mojo-platform-channel-handle=5352 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3624,i,6464629101475988030,16719470292543100503,262144 --variations-seed-version --mojo-platform-channel-handle=5352 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5228,i,16610594086673985879,4236792160590859176,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=4492 /prefetch:8
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5532,i,16610594086673985879,4236792160590859176,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5548 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Windows\System32\WaaSMedicAgent.exe
C:\Windows\System32\WaaSMedicAgent.exe 690a1c382a68350c04d744143e79b63e VZRD1oavW0mdsD7AiDLjOQ.0.1.0.0.0
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6212,i,6464629101475988030,16719470292543100503,262144 --variations-seed-version --mojo-platform-channel-handle=6132 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6352,i,6464629101475988030,16719470292543100503,262144 --variations-seed-version --mojo-platform-channel-handle=6400 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6412,i,6464629101475988030,16719470292543100503,262144 --variations-seed-version --mojo-platform-channel-handle=5832 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5828,i,6464629101475988030,16719470292543100503,262144 --variations-seed-version --mojo-platform-channel-handle=6504 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5968,i,6464629101475988030,16719470292543100503,262144 --variations-seed-version --mojo-platform-channel-handle=6424 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5984,i,6464629101475988030,16719470292543100503,262144 --variations-seed-version --mojo-platform-channel-handle=6764 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5944,i,6464629101475988030,16719470292543100503,262144 --variations-seed-version --mojo-platform-channel-handle=6928 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6920,i,6464629101475988030,16719470292543100503,262144 --variations-seed-version --mojo-platform-channel-handle=5860 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5548,i,16610594086673985879,4236792160590859176,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5560 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4596,i,16610594086673985879,4236792160590859176,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5908 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5936,i,16610594086673985879,4236792160590859176,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=3460 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --always-read-main-dll --field-trial-handle=6652,i,6464629101475988030,16719470292543100503,262144 --variations-seed-version --mojo-platform-channel-handle=6912 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=3848,i,16610594086673985879,4236792160590859176,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=4680 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6032,i,6464629101475988030,16719470292543100503,262144 --variations-seed-version --mojo-platform-channel-handle=5132 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3520,i,6464629101475988030,16719470292543100503,262144 --variations-seed-version --mojo-platform-channel-handle=4932 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4944,i,6464629101475988030,16719470292543100503,262144 --variations-seed-version --mojo-platform-channel-handle=4924 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5424,i,16610594086673985879,4236792160590859176,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5568 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5796,i,16610594086673985879,4236792160590859176,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5844 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5856,i,16610594086673985879,4236792160590859176,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=3464 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --always-read-main-dll --field-trial-handle=5656,i,6464629101475988030,16719470292543100503,262144 --variations-seed-version --mojo-platform-channel-handle=5640 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=4424,i,16610594086673985879,4236792160590859176,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=4448 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=3192,i,16610594086673985879,4236792160590859176,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=3636 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7008,i,6464629101475988030,16719470292543100503,262144 --variations-seed-version --mojo-platform-channel-handle=5804 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5684,i,6464629101475988030,16719470292543100503,262144 --variations-seed-version --mojo-platform-channel-handle=5736 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --always-read-main-dll --field-trial-handle=5108,i,6464629101475988030,16719470292543100503,262144 --variations-seed-version --mojo-platform-channel-handle=7048 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --always-read-main-dll --field-trial-handle=6912,i,6464629101475988030,16719470292543100503,262144 --variations-seed-version --mojo-platform-channel-handle=5832 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=1628,i,6464629101475988030,16719470292543100503,262144 --variations-seed-version --mojo-platform-channel-handle=7048 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --always-read-main-dll --field-trial-handle=3832,i,6464629101475988030,16719470292543100503,262144 --variations-seed-version --mojo-platform-channel-handle=3596 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --always-read-main-dll --field-trial-handle=6872,i,6464629101475988030,16719470292543100503,262144 --variations-seed-version --mojo-platform-channel-handle=3840 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --always-read-main-dll --field-trial-handle=6908,i,6464629101475988030,16719470292543100503,262144 --variations-seed-version --mojo-platform-channel-handle=4420 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4416,i,6464629101475988030,16719470292543100503,262144 --variations-seed-version --mojo-platform-channel-handle=5904 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6584,i,6464629101475988030,16719470292543100503,262144 --variations-seed-version --mojo-platform-channel-handle=6720 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --always-read-main-dll --field-trial-handle=6660,i,6464629101475988030,16719470292543100503,262144 --variations-seed-version --mojo-platform-channel-handle=7124 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3676,i,6464629101475988030,16719470292543100503,262144 --variations-seed-version --mojo-platform-channel-handle=7408 /prefetch:8
C:\Users\Admin\Downloads\DanaBot.exe
"C:\Users\Admin\Downloads\DanaBot.exe"
C:\Users\Admin\Downloads\DanaBot.exe
"C:\Users\Admin\Downloads\DanaBot.exe"
C:\Windows\SysWOW64\regsvr32.exe
C:\Windows\system32\regsvr32.exe -s C:\Users\Admin\DOWNLO~1\DanaBot.dll f1 C:\Users\Admin\DOWNLO~1\DanaBot.exe@916
C:\Windows\SysWOW64\regsvr32.exe
C:\Windows\system32\regsvr32.exe -s C:\Users\Admin\DOWNLO~1\DanaBot.dll f1 C:\Users\Admin\DOWNLO~1\DanaBot.exe@5540
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 5540 -ip 5540
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 916 -ip 916
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 916 -s 468
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe C:\Users\Admin\DOWNLO~1\DanaBot.dll,f0
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe C:\Users\Admin\DOWNLO~1\DanaBot.dll,f0
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5540 -s 440
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 150.171.28.11:80 | edge.microsoft.com | tcp |
| NL | 142.250.145.101:443 | clients2.google.com | tcp |
| US | 150.171.28.11:443 | edge.microsoft.com | tcp |
| US | 8.8.8.8:53 | copilot.microsoft.com | udp |
| US | 8.8.8.8:53 | copilot.microsoft.com | udp |
| GB | 2.18.66.73:443 | copilot.microsoft.com | tcp |
| NL | 142.250.145.101:443 | clients2.google.com | tcp |
| GB | 2.18.66.73:443 | copilot.microsoft.com | tcp |
| NL | 142.250.145.101:443 | clients2.google.com | tcp |
| GB | 2.18.66.73:443 | copilot.microsoft.com | tcp |
| US | 150.171.28.11:443 | edge.microsoft.com | tcp |
| US | 8.8.8.8:53 | clients2.googleusercontent.com | udp |
| US | 8.8.8.8:53 | clients2.googleusercontent.com | udp |
| NL | 173.194.69.132:443 | clients2.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com | udp |
| US | 8.8.8.8:53 | msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com | udp |
| GB | 2.18.190.170:443 | msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com | tcp |
| GB | 104.86.110.104:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 150.171.28.11:443 | edge.microsoft.com | tcp |
| NL | 142.250.153.103:443 | www.google.com | tcp |
| NL | 142.250.153.103:443 | www.google.com | tcp |
| NL | 142.250.153.103:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| NL | 142.250.153.103:443 | www.google.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 150.171.28.11:443 | edge.microsoft.com | tcp |
| US | 150.171.28.11:443 | edge.microsoft.com | tcp |
| US | 150.171.28.11:443 | edge.microsoft.com | tcp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 150.171.27.11:443 | edge.microsoft.com | tcp |
| US | 8.8.8.8:53 | edgeassetservice.azureedge.net | udp |
| US | 8.8.8.8:53 | edgeassetservice.azureedge.net | udp |
| US | 13.107.246.64:443 | edgeassetservice.azureedge.net | tcp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| NL | 142.250.145.139:443 | clients2.google.com | udp |
| US | 150.171.28.11:443 | edge.microsoft.com | tcp |
| US | 150.171.27.11:443 | edge.microsoft.com | tcp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| NL | 173.194.79.95:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.28.10:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | csp.withgoogle.com | udp |
| NL | 74.125.128.141:443 | csp.withgoogle.com | tcp |
| NL | 74.125.128.141:443 | csp.withgoogle.com | tcp |
| NL | 74.125.128.141:443 | csp.withgoogle.com | tcp |
| NL | 74.125.128.141:443 | csp.withgoogle.com | tcp |
| NL | 74.125.128.141:443 | csp.withgoogle.com | tcp |
| NL | 74.125.128.141:443 | csp.withgoogle.com | tcp |
| NL | 74.125.128.141:443 | csp.withgoogle.com | udp |
| US | 8.8.8.8:53 | edge-consumer-static.azureedge.net | udp |
| US | 8.8.8.8:53 | edge-consumer-static.azureedge.net | udp |
| US | 13.107.246.64:443 | edge-consumer-static.azureedge.net | tcp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| GB | 104.86.110.104:443 | www.bing.com | udp |
| GB | 104.86.110.104:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| US | 2.16.55.198:443 | aefd.nelreports.net | tcp |
| US | 2.16.55.198:443 | aefd.nelreports.net | udp |
| US | 8.8.8.8:53 | static.edge.microsoftapp.net | udp |
| US | 8.8.8.8:53 | static.edge.microsoftapp.net | udp |
| US | 13.107.246.64:443 | static.edge.microsoftapp.net | tcp |
| US | 8.8.8.8:53 | edge-mobile-static.azureedge.net | udp |
| US | 8.8.8.8:53 | edge-mobile-static.azureedge.net | udp |
| US | 8.8.8.8:53 | edge-cloud-resource-static.azureedge.net | udp |
| US | 8.8.8.8:53 | edge-cloud-resource-static.azureedge.net | udp |
| US | 13.107.246.64:443 | edge-cloud-resource-static.azureedge.net | tcp |
| US | 13.107.246.64:443 | edge-cloud-resource-static.azureedge.net | tcp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| GB | 2.18.66.48:443 | th.bing.com | tcp |
| GB | 2.18.66.48:443 | th.bing.com | tcp |
| GB | 2.18.66.170:443 | r.bing.com | tcp |
| GB | 2.18.66.170:443 | r.bing.com | tcp |
| GB | 2.18.66.170:443 | r.bing.com | udp |
| GB | 2.18.66.170:443 | r.bing.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 150.171.28.11:443 | edge.microsoft.com | tcp |
| US | 8.8.8.8:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
| US | 199.232.210.172:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | rewards.bing.com | udp |
| US | 8.8.8.8:53 | rewards.bing.com | udp |
| US | 150.171.27.10:443 | rewards.bing.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 185.199.110.133:443 | avatars.githubusercontent.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 185.199.110.133:443 | user-images.githubusercontent.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 150.171.28.11:443 | edge.microsoft.com | tcp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 140.82.114.21:443 | collector.github.com | tcp |
| US | 140.82.114.21:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| NL | 173.194.69.94:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.109.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 0722bdc07c7e0af9e20da5d491d811c1 |
| SHA1 | 17a074413aa7ce1bfdc3ba6f6bad547ae3546541 |
| SHA256 | 23623472219b27f1ed929c76d51f9d76d90ad02c4bf8d37d4da9404d61dfe2ff |
| SHA512 | 7fd5b8edcec6191f45b5ef076782154a40a0321cf47d434376ce483c622d6f3d5fa3b24288646b28b340c757e4348da7cb410ed70629b16f8f3397c0f5491dd5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 425975502d83757d0c559301f94f7d24 |
| SHA1 | 3ef89f7df1f1e28d80a08b9bc3c7cb68c4b8a0e8 |
| SHA256 | e60c4683d000c16c94b5d859de990a1074546f6fbd4962170dbdf0eaf93e1e2f |
| SHA512 | 96f70b1d4868df3e2b5246902f255ef1d5029d691f4a798316fafca427f11b48f05bd0a11f555fe22f71612cdbdb144311e46db04b97194ed133bb9029ec28b3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 16d866444174f56021f3b8a32126a79f |
| SHA1 | 487ecf8312a06dc849d90418de2cbf7e42d8dee6 |
| SHA256 | 4f6b9aa5ccb03e16a99c1bc90d963e5e105f812ece646764e00b0ee593d56c8c |
| SHA512 | 83251093985709749995d32ae849764f26352048d270e9246ffa1e1fa56eb647df327a5557a068b7e99b8a690a75e4381eea59ee2851c52d1d428d28fe9a8c4a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 9e56f9aa333b1e38a65329cdee470fd4 |
| SHA1 | 143463793edf0d1b056465dc38585fb1abfa3b2e |
| SHA256 | dc43ef7f98b1d99fea92d4a0533156939fcb4899e4054c905918d5636e18adf5 |
| SHA512 | e82684476c105f8559ca91e5272cc9b6501947fec0cea8216067fbbcaf5601993fd5dc668d448d00c4951e7d563b7f759669192957f4b73fab57e6314b74aed7 |
\??\pipe\crashpad_4848_JYOJNNRYPCWJAHAI
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico
| MD5 | 164a788f50529fc93a6077e50675c617 |
| SHA1 | c53f6cd0531fd98d6abbd2a9e5fbb4319b221f48 |
| SHA256 | b305e470fb9f8b69a8cd53b5a8ffb88538c9f6a9c7c2c194a226e8f6c9b53c17 |
| SHA512 | ec7d173b55283f3e59a468a0037921dc4e1bf3fab1c693330b9d8e5826273c917b374c4b802f3234bbb5e5e210d55e52351426867e0eb8c9f6fba1a053cb05d4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 2ce23bf43598b6bb007a1081a3eb6683 |
| SHA1 | edf7e27118942ae7c1f01b525c6d668717ee4e88 |
| SHA256 | ed07ae1ee474283123ae64f13ec0dbfd48700b83108de6fa4d2bb3ee5de36358 |
| SHA512 | 48afff5c531a5de2f1ea0e0e44316694e46d071c6f49fa3cc666268ff2a6d26bc0e9a7e981483b48c0aa7c634faf230d8edde4f9adc9e7ba2553f4630c518830 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log
| MD5 | b18e724910d325b296e2b427ec617a90 |
| SHA1 | 5b14d454f2b9b1a2a950d287d2bbfd87d94ce909 |
| SHA256 | 775a433439e560c1701ab0ee12c49de49f10b4dd0011ae8248af8c6fa013a9c0 |
| SHA512 | 1a2d2d2351ec4c5121a07bc4d0592d1bef58d7dd4bb52434a8e9a058e2ab84c33355ffac215798ede5185a1e18b20fb417a94fae0f38ba46b15bcbfc65bddb39 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps
| MD5 | 2b66d93c82a06797cdfd9df96a09e74a |
| SHA1 | 5f7eb526ee8a0c519b5d86c845fea8afd15b0c28 |
| SHA256 | d4c064db769b3c109da2ed80a53fbab00987c17421a47921e41e213781d67954 |
| SHA512 | 95e45c0aea0e704be5f512dffaae377d4abef78da99b3bca769264d69be20f2570daf2f47905645217e1b2696e42b101f26149219f148b4d6dd97a6c2868b6f5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 85b3b0ca8e641248b6b0ad924e7a5593 |
| SHA1 | aff774b4cf0760b0d8d0501df4f36c54aabd2eb7 |
| SHA256 | 2e3069b897a9d0c8beaeff6224be066a111a74900116c9f7afed3e85deefe45b |
| SHA512 | d3213ec75021b1d3d07332647edaf11533dc9fd6cded0fb5d076b05fc540567dfff07d132438ace4030ff58e4e42f31a581f7d256e17c78c9205ab66f33df249 |
C:\Users\Admin\AppData\Local\Temp\7f644442-26c1-43b3-ad73-cf9e0d25ec7b.tmp
| MD5 | 5058f1af8388633f609cadb75a75dc9d |
| SHA1 | 3a52ce780950d4d969792a2559cd519d7ee8c727 |
| SHA256 | cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8 |
| SHA512 | 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21 |
C:\Users\Admin\AppData\Local\Temp\scoped_dir4848_279977556\dba2b50e-5e89-4a60-a81c-2f2e62647a74.tmp
| MD5 | b0917d8e6c5b6be358bff67f84eb8336 |
| SHA1 | a6e221edcb19a1cc81575b4ddd927fd9a6fbdd6d |
| SHA256 | dff2c9d9755f96713c08f4932a9091080808ec34c0823feac2206fa526f91e60 |
| SHA512 | cd5822bbf91e8f7f5ab2b471a4bf8b464bde95465e2fccc6a57e5a287ca55d5062bdd6d4b3cd76f8529ee7a9081b6a7aad7dc2a7581c344ce4fd2d3256bdf451 |
C:\Users\Admin\AppData\Local\Temp\7ae283ad-307e-4625-9a3e-0f8c2c68058f.tmp
| MD5 | 78e47dda17341bed7be45dccfd89ac87 |
| SHA1 | 1afde30e46997452d11e4a2adbbf35cce7a1404f |
| SHA256 | 67d161098be68cd24febc0c7b48f515f199dda72f20ae3bbb97fcf2542bb0550 |
| SHA512 | 9574a66d3756540479dc955c4057144283e09cae11ce11ebce801053bb48e536e67dc823b91895a9e3ee8d3cb27c065d5e9030c39a26cbf3f201348385b418a5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | d9785e91e611c063a66ed926a2b4e8df |
| SHA1 | a26cc634c8e2faa4079541779b2cbccbbfbfb7c1 |
| SHA256 | 8d86adb417adc05b1a8d52677af389732a1379ae4ea5d922a935c7a9855eeba8 |
| SHA512 | 505a6a04c5b5f560fc70a91bc9d9519197209c55380c608421291ac0a241b99d48e6bae3e8d254964078ce9da085c1725fa1343171c8ede338a9de1f03fcf242 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\blocklist
| MD5 | 6e82345aefe362b4c5071e7df6c07407 |
| SHA1 | 44176a6b5c2722280699b8cc9a174d168fd4c161 |
| SHA256 | ee1ec48b6b166582c51a4141a84f48731ce18a62e4b7faeb9d60560c8f9c382a |
| SHA512 | 20c0f5862226a3eb17832e7c793f809f2333e0e0068dbe61b5865517fdd9f84bb5ca8d97bdb19a005a25b789ac75a09067350940f042fb5123cdb682ce2c98d5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\content.js
| MD5 | 3d20584f7f6c8eac79e17cca4207fb79 |
| SHA1 | 3c16dcc27ae52431c8cdd92fbaab0341524d3092 |
| SHA256 | 0d40a5153cb66b5bde64906ca3ae750494098f68ad0b4d091256939eea243643 |
| SHA512 | 315d1b4cc2e70c72d7eb7d51e0f304f6e64ac13ae301fd2e46d585243a6c936b2ad35a0964745d291ae9b317c316a29760b9b9782c88cc6a68599db531f87d59 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
| MD5 | faceb02431a1f5f71e785b9379d32813 |
| SHA1 | 5e1cdf80d357b2ac9616e2b10eceaf39d63b5afc |
| SHA256 | bfa753a996bb5ea1352e7dfc3724cdec906e7bd6c4cd62d5bad0a371da65d8d0 |
| SHA512 | e0b36080aad138386a1350fb7c07f5bf55b2dc61412cd6521ca50aba5676609b0f4ff911abd5ddbe74732da3e1bf2562095e944580d08c5784446b3f78282eff |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001
| MD5 | fc4f627ddf54943afa716e1ac1c695c3 |
| SHA1 | 5377bdb788bc19b76e5b7cb8bcb9110394bf1812 |
| SHA256 | 1c569628639cf777d2a69e37daa3c970165d1e1fc7f4518b4810b050810d0d88 |
| SHA512 | be9e9c47914d2973311e017bfd9846a7aaa88b3b90f49a45edb86aa594f32c2040aa25d1bfa927745524a7a145f2095b6f853de62d3a2118353633b990a3f2ab |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d270354ce43222c08a5b57e63e294cac |
| SHA1 | b30d688fb1b2ebf1b5393a694f3e94b3200d6388 |
| SHA256 | 4aebd827c27e1f831dc3126c58a4467d6d657f5ba6453bb2c7af21ef7f9938a7 |
| SHA512 | ff988cef52d69c09a9332eec309e209ddf6fdc466aae2dbcb1bf8396c4c0c37a55e26a1ad0a55b48be57d76f12d65f25b604d4f2f49b47ca87428774960a1f54 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | 440b05a9388247e3710060be86f29a4c |
| SHA1 | 4eb6eb37b79585296ec24a7e6780ea3498608254 |
| SHA256 | de0d9752254ca4e7dcd02260f0024f2f949986a8bdbd09695b843d8ae29c2f90 |
| SHA512 | 656fe94bafe250983a3edb75e2d6d107a825d236b348b15a53ba44cba3922e7f81a711595b157b781bbcdf48a8c62b77503025df759aa26c4ead33d9b6718b10 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\e1de9458-1749-41ce-9fe7-bffb503387aa.tmp
| MD5 | 1daeddd16a5450ef938cdaa967d1938d |
| SHA1 | 11f9f63ff0055864ac864e3b9d651011a04fde62 |
| SHA256 | 62664dfff7a29ba95c27ec890ef78787216775e2bdb5fa332eec98adbca837c8 |
| SHA512 | 4e7ae98fe95cf4c21f1b3697cc2efb00b5b98f44d1978945a099b61804ef3e0a7564c57b2f05797f2c68417760580dd707cb5a28309794b40be663ea5735e38d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\09425333-661c-4696-8221-82805b59c40b.tmp
| MD5 | c21886cf27a5ecd6157cefd41f92632f |
| SHA1 | 71cfd2c9e461d65c2154c861f6882bf018f35cd5 |
| SHA256 | d89b4069447d6ba976c402aa59d5430128579636f6d3df03495b9c168075440d |
| SHA512 | e8a0941b628e9f58b9ee25a3ab2c7c883ea134f09309542a69de296d6372a53124f5827b590755665965a951d28cac724dc098a85124dc42efe47e5b35b47bbd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | 59e82a568f101f61012733123fb9cbb5 |
| SHA1 | 820eb359299feefc1c83bdc0be1ef315cd90fda5 |
| SHA256 | 3936cdeb9eeb2b20efac0ae8b8be58ded267421a7b5e188b0fa45eddcbbeac5e |
| SHA512 | bfdb3421ce5b3a746ac9a102518a8e10dac00291881eb3e3378b014b608e85d602e16c47953a1432d927f7bf8b6e76643c6c88e94d3795bfdeffbcd6105c8be9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 38d513d828acc0c387a84d454d7b984d |
| SHA1 | 06b3de829d040b8579b8809f59ed80b630131c44 |
| SHA256 | 83881bedb713cb4a07aebb68650d09461a0129103edca6155ae4c2f69d2926b7 |
| SHA512 | 3fa39a5c07d64c7ff24c33ac6ad2fb28dc36ab0a01f17bc04100a516c414e5d036e78b0a6f5dc6be31b4cc0e106951a4a02bff5d638824c663cae9469d73d50e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe57b0c2.TMP
| MD5 | a9547e076a72c4ce6b8ed43c19193aba |
| SHA1 | 895b862e0564a0f4d2ecbedb65b7ce914139a788 |
| SHA256 | 8ab179a2ea63b5e53a9f8f0876341ab6711a5caa2eb49cd115115110cb9b6a20 |
| SHA512 | 9d0b3d40c3ce996806e8cd1e87ef416d92e325086b84544517e5390bdaf4388b4d895e4b0279454a88b6b90c415daec93dae0c50acbe4686c7b617a7fa028d00 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 052fdae5602cc1c609a759fb0888b9ab |
| SHA1 | 7e231e582ecb0b03cd13cd343979e91001208aec |
| SHA256 | cb0c794e4f4e93627481f9348a3a782ae175e082d4aeb2ecf8dfb685c1e5b05d |
| SHA512 | 9cd5428b7e9f5bf26033179c1f9da365a57495d76d93edda8c100b81d275b513ab5a094e79fe22ce2a1b4adddfd2622bc5d899fc8f9499b9a1bf625435abb410 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 2a10c5150bf87b9a37062398b08edfc1 |
| SHA1 | f340209f6ccb6ca00a36fea9987ab0f8aa3b8d97 |
| SHA256 | eeba1dac509111c6505cdc7e8cd73625681d235f1a0e32243ec14b975693d036 |
| SHA512 | 6a40e7a0b5b6a55127163e77b56edb9ea2c911b75be767aa2be63e116efdc96c33e3dbd51183aad29397ae61a10734ea3d3415e89e19d1876db6d1fe2297144c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57c7d4.TMP
| MD5 | f793103e129501decf2392e2a2c3fab5 |
| SHA1 | bd0e528eeb8b4cf79dc28fe17756359f8cc28a06 |
| SHA256 | 3c7e5a7acb4701ef3f8fa9469802d184d88ca126ba8224c22a25df6efaac2d81 |
| SHA512 | 9baacee5d9a82a417b711678ccba56fedc08ff0da216bbb8a53006109c05f74c71baee1a4a920a427dd6a0baf5d27186a3d4b9467a56837e92051464487fec3d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 926b0bd5923bbfd216b60ba8101d94c0 |
| SHA1 | 0cefae00db529c36bd451e9cb33f7efa96847b92 |
| SHA256 | 5c38a70455b36b161208cb38b5f4103ec34fa321d483ade1237e0e51b5603cdc |
| SHA512 | 5a617c587f1ea3c869a6aba4de2d1b15a48de3a1e2af97ff910e05c364d2747739978e69e96ae01d03247bbc4005bb6a3d3282fd09ecdae958f646048fec37dd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | f3e27b0a09b829922988c19b08156369 |
| SHA1 | 83a78b406f09710b0acb06e3ec9ae1402a476d5d |
| SHA256 | 1316704adbde851c593b4b6652472b6cf5f1b79aff9010c6cb77589dde96b834 |
| SHA512 | 6ef09ed115cdfa8bd689d69f0cf17ff1fca3b7ddd8a9c9ed9e27cf324e48bdd7bbf2711cc81f73b13ad41ecb886a29ea900cfe15d4fe3cc95e26216829e81ba2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 3f28e991044a0431a203cec781f75990 |
| SHA1 | 764e6f740b22c738678103c19ace4afbb0e2f647 |
| SHA256 | 0640fe2cdaa57e0ac62c4581e88b9b8662010e824415615eb50426d1f54853fd |
| SHA512 | 616945406b1af54d6d42d5d435a67285da8f25c503f3554c53c5c89e8bafed2579744900a2db1f84e22b935f8aa5f8f265b4ead39408d4a1cc211ed1e344b357 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 54626dd36cffa1be8c3a6bf26cd3a923 |
| SHA1 | e8a612f54c7ea517cc1dffc1dc4d7b4a9498f026 |
| SHA256 | e7c928f07a1ffeaad56eb4a16a00e44df27e7e10e38a9b2d8c057c8683a4168e |
| SHA512 | 3c8ad1d226702084e2e74569b00c8fac8e53eea64f3005259f8ca59cde2d77263b480722b51cba8e19506ea5d5b871ce3b4c6557d26e41e6e3fe1d686d5a969c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog
| MD5 | 3e7f3135d4fcb58c7b549ec5dbce7c7a |
| SHA1 | 8f3a2c4b5470f6cded77bbe1ebef95a55a06221c |
| SHA256 | 44b63be6b091fded362e586667df64dcf04a93712b8bec05a3a2d0e89c1a9db9 |
| SHA512 | e6fe7de1fe8dcf04738cd0b83931416d23a197b4d0673a23e53b4063e39d13e728e71517630fed211b81e46d3d50aab234985b313484a6b14829df98b38f0878 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog~RFe584b1d.TMP
| MD5 | 27c6a0db41e111e91be6f42ffae87db3 |
| SHA1 | a3d51bf2c0efd8a02236af8938bfe0b2fe1a4430 |
| SHA256 | 050dc1e294d0bc6892f29f03a4586f1b88379827543bfe299c7bab68b50b6195 |
| SHA512 | beac7a81819575a0dc22a880d2b65aead955e2c6b82de08b2e99090a7b60585dadde5c2b0af662968fee1df87a9f7fa5e8c7e5fa02cfbc6612ae0d94f2197f6a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\e4e083fa-e285-4abb-b479-d195c038f97e.tmp
| MD5 | 46cbcd98b0383629cfcacbd887a8569e |
| SHA1 | f476b4699954bde9652cdb8c7dd85601e316e857 |
| SHA256 | c3cfc4079d320d3cf4f3fd0d8b778814954f9ca4893bcd068b365858117b25d5 |
| SHA512 | 4b78fdcf64477200c96c5c8cdc7c79907e8394a2332bf808365467c5887c9493fd8ea547e7f5326b569cf375a9d9fd2d103f8aeb9dc70a4da32ff1895474dd25 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog
| MD5 | 6303480f170ca05672e9dc78eef56415 |
| SHA1 | be969a418eb00ae8f489e0b44d6598dab8df5098 |
| SHA256 | f7309e9d5884e72e889cd27dcbb738a00c6dcfe3b8547bf19352dfd886bb9078 |
| SHA512 | 55a2f3cfbb5e94e547d6857b2b9f14a96252a9696a47fbe17ead693ee88829ec3f6c99a35b72ff6cb01fd1c1a8f7175e2a830efe588c35a3935c346d8ce0fbb3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 6646af40857701f9bc046e9a524c7f2f |
| SHA1 | 4e9679d1679e19188aa79ee2ebd983c5ff695c53 |
| SHA256 | c62f2c51e5e046cb0f817c5395c8a230b1e7b0e5d53e6022e13bfe7a75537ffa |
| SHA512 | 15bd3f57d5b9ff4c126c5baeb1beacc7323cec85c6c8606771ff8fd8fe1eaa8401a60e4986b51aeb252f043ac109fddf8ee9192c6c19206602137d42b26731ca |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 582b0ed1282a79dbb75dff1c4aae9055 |
| SHA1 | df94717e7044e6dfbf1880bce318c6481db9ffef |
| SHA256 | 52ca4f8ae6ece5b846c468a96a95f1872aead3138071564cdbb9512354e7be9a |
| SHA512 | 5a998207c34314803b3c692cde33e534b757f292f02262283f2a09cb5f8aa97d93a9b3b5733f5f64671de2351bfac2644311bc14a640746a8936dcafcb1d146f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1e3abdf584f2ef4dfbe719c2fb562fec |
| SHA1 | 3490ca28ab2ad9ba3df5f77235ad71c2802084a0 |
| SHA256 | f341c1510308b7766dff3a91efa89197b40ef28bf4fccc0d954d6b24b7a124c2 |
| SHA512 | cbd26a0c6f401e2a5e834e05395bd5446b4e4c26c5446a0d225a18f9e2422b49a8f7fad47c80028180fd97acf6dec11162a4e606e1ba9bf4ddb2051a7f4e74ae |
C:\Program Files\chrome_Unpacker_BeginUnzipping4848_576059420\manifest.json
| MD5 | af3a9104ca46f35bb5f6123d89c25966 |
| SHA1 | 1ffb1b0aa9f44bdbc57bdf4b98d26d3be0207ee8 |
| SHA256 | 81bd82ac27612a58be30a72dd8956b13f883e32ffb54a58076bd6a42b8afaeea |
| SHA512 | 6a7a543fa2d1ead3574b4897d2fc714bb218c60a04a70a7e92ecfd2ea59d67028f91b6a2094313f606560087336c619093f1d38d66a3c63a1d1d235ca03d36d1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 7fe7d9428269ad5532b63679edbf3803 |
| SHA1 | e1bcf94a0df26fc3acf759fa36d42e29678b1071 |
| SHA256 | 5f56a74d71d431c828e9aa2f9c10f3ff9d2f21b078145e4bb235deb3c86b702b |
| SHA512 | 2577a0005b3341b1cfc87c6605d250f710d636b5924e30a1f628cd1f0d28c4e0f407af781f1eb5e6af48a20463fa1ad3560a5f0d457536a36951cc24cb139954 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State
| MD5 | 11e3f7dc2ade80abf0ef7943366151b5 |
| SHA1 | 5e435f829440de911e25161844250d00f4c8ab63 |
| SHA256 | 3cf35a86b0cd2a56d3ad1f7c47083de9c1d8407e8d94df769dad1a4587f3c8ca |
| SHA512 | c959fcfa982e04662c4c5a37a9d34eaaa6897a5a819022e451394086d4141b2dc1393717fb6ef25281d4a12bdec6545e6ccb1f10f161a6b6843e21c5df4ae1bc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries
| MD5 | 39052adf6789ceeee5eb551cc756ebf7 |
| SHA1 | 0eb9c299cf56a7022d321cb574e9efc9c263abf2 |
| SHA256 | 021626c2c00bb0e094ff4b83849930f6dd653dbb874e4af93d3be5b0c1cc0595 |
| SHA512 | 108c0c5f8abdf869996b445b40ca6e5f12a11ee85cc7ea093a68f75d57343203e9398315dcdb6c471f04aa27a9f7e35011de347181a6c2b212b950dc7b6a6c40 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries~RFe58949a.TMP
| MD5 | 20d4b8fa017a12a108c87f540836e250 |
| SHA1 | 1ac617fac131262b6d3ce1f52f5907e31d5f6f00 |
| SHA256 | 6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d |
| SHA512 | 507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000092
| MD5 | 1939a03c4dcc6b3b4739457a1b2661f4 |
| SHA1 | 527933aa65f3e3bd080a76164c258d74c23292bc |
| SHA256 | fb5f0d3ac5e000507a99d802c568bf70ab44e0f5153db7cfb29636cf4c8f0046 |
| SHA512 | f05f16756a813fb9d7ece9d17f9f30334210fda1315ebb2d2e116019876e5638bada96bccec1c30753026e38bd49839161aa307744244b46ab4a52417a031dfd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000091
| MD5 | c813a1b87f1651d642cdcad5fca7a7d8 |
| SHA1 | 0e6628997674a7dfbeb321b59a6e829d0c2f4478 |
| SHA256 | df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3 |
| SHA512 | af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000094
| MD5 | 1bd4ae71ef8e69ad4b5ffd8dc7d2dcb5 |
| SHA1 | 6dd8803e59949c985d6a9df2f26c833041a5178c |
| SHA256 | af18b3681e8e2a1e8dc34c2aa60530dc8d8a9258c4d562cbe20c898d5de98725 |
| SHA512 | b3ff083b669aca75549396250e05344ba2f1c021468589f2bd6f1b977b7f11df00f958bbbd22f07708b5d30d0260f39d8de57e75382b3ab8e78a2c41ef428863 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000093
| MD5 | 226541550a51911c375216f718493f65 |
| SHA1 | f6e608468401f9384cabdef45ca19e2afacc84bd |
| SHA256 | caecff4179910ce0ff470f9fa9eb4349e8fb717fa1432cf19987450a4e1ef4a5 |
| SHA512 | 2947b309f15e0e321beb9506861883fde8391c6f6140178c7e6ee7750d6418266360c335477cae0b067a6a6d86935ec5f7acdfdacc9edffa8b04ec71be210516 |
C:\Program Files\chrome_Unpacker_BeginUnzipping4848_2118089951\manifest.json
| MD5 | 049c307f30407da557545d34db8ced16 |
| SHA1 | f10b86ebfe8d30d0dc36210939ca7fa7a819d494 |
| SHA256 | c36944790c4a1fa2f2acec5f7809a4d6689ecb7fb3b2f19c831c9adb4e17fc54 |
| SHA512 | 14f04e768956bdd9634f6a172104f2b630e2eeada2f73b9a249be2ec707f4a47ff60f2f700005ca95addd838db9438ad560e5136a10ed32df1d304d65f445780 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\AutoLaunchProtocolsComponent\1.0.0.9\protocols.json
| MD5 | f9fd82b572ef4ce41a3d1075acc52d22 |
| SHA1 | fdded5eef95391be440cc15f84ded0480c0141e3 |
| SHA256 | 5f21978e992a53ebd9c138cb5391c481def7769e3525c586a8a94f276b3cd8d6 |
| SHA512 | 17084cc74462310a608355fbeafa8b51f295fb5fd067dfc641e752e69b1ee4ffba0e9eafa263aab67daab780b9b6be370dd3b54dd4ba8426ab499e50ff5c7339 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries
| MD5 | 5443ee4a9d30c2bc778d20b9cd879a58 |
| SHA1 | d0e12f36c955e84cdc5c485d2200e545a7a06754 |
| SHA256 | 6ada0989ad9db1c2e5ddd14e81d744e6b8f8847ecf93811bec3344100596712a |
| SHA512 | d28f8f9f687736c87b0d7d57ed4dde19d1579a74270da518753a655b85010ae56bd3d5c4bbaf555ee2ce773451ea9b749b621bea6b8df7086d83e03888a5f714 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | fd8a788bd496d8d4f4fbc1d41cbad8e2 |
| SHA1 | 9dbe3fb1a913f89bbbef867e4e2a8e3f2800d709 |
| SHA256 | c76b2e9ba7b520ec0d062195693fc2c1e6f83f5f71522723ea93ad29b67deb99 |
| SHA512 | 285d338542732a252f0ae247fb051ebbd1c300d649fd20caaa9644bf0866973bae13d19067245c6c10a766a1e60832a5daed41ee849ffae73d4081a99f61a4e6 |
C:\Users\Admin\Downloads\DanaBot.exe
| MD5 | 48d8f7bbb500af66baa765279ce58045 |
| SHA1 | 2cdb5fdeee4e9c7bd2e5f744150521963487eb71 |
| SHA256 | db0d72bc7d10209f7fa354ec100d57abbb9fe2e57ce72789f5f88257c5d3ebd1 |
| SHA512 | aef8aa8e0d16aab35b5cc19487e53583691e4471064bc556a2ee13e94a0546b54a33995739f0fa3c4de6ff4c6abf02014aef3efb0d93ca6847bad2220c3302bd |
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres
| MD5 | 3b9ac5961c2a4f84fa8b0174ecf5930e |
| SHA1 | c11e0bdc52124605674efd45d73b51bb35a57a1a |
| SHA256 | 82e670c01cb12d7d90bdd1014e6f7c9f4c057471595ff05e17f93f53c59f2d2e |
| SHA512 | 92d6912126318d2d0bd1480b6c18d71200a33eb8224428a0738995bbd214384765dba4528d43fb077fd0c92b79530ecce199d4a86a6030b8533c347f9db42f8a |
C:\Users\Admin\Downloads\DanaBot.dll
| MD5 | 7e76f7a5c55a5bc5f5e2d7a9e886782b |
| SHA1 | fc500153dba682e53776bef53123086f00c0e041 |
| SHA256 | abd75572f897cdda88cec22922d15b509ee8c840fa5894b0aecbef6de23908a3 |
| SHA512 | 0318e0040f4dbf954f27fb10a69bce2248e785a31d855615a1eaf303a772ad51d47906a113605d7bfd3c2b2265bf83c61538f78b071f85ee3c4948f5cde3fb24 |
memory/2996-1569-0x00000000025C0000-0x000000000282B000-memory.dmp
memory/4328-1567-0x0000000002600000-0x000000000286B000-memory.dmp
memory/5000-1572-0x0000000002620000-0x000000000288B000-memory.dmp
memory/5476-1571-0x0000000002270000-0x00000000024DB000-memory.dmp
memory/916-1573-0x0000000000400000-0x0000000000AAD000-memory.dmp
memory/5540-1574-0x0000000000400000-0x0000000000AAD000-memory.dmp