Malware Analysis Report

2024-11-16 13:06

Sample ID 240325-vlxj6sdf37
Target https://cdn.discordapp.com/attachments/1137940579985129493/1221867056689844224/butterdawg.exe?ex=6614235f&is=6601ae5f&hm=57af9546349c60f2745bfd37af4b10e792e4c6b1185ff64bb2e53b3cb8758d96&
Tags
discordrat persistence rat rootkit stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://cdn.discordapp.com/attachments/1137940579985129493/1221867056689844224/butterdawg.exe?ex=6614235f&is=6601ae5f&hm=57af9546349c60f2745bfd37af4b10e792e4c6b1185ff64bb2e53b3cb8758d96& was found to be: Known bad.

Malicious Activity Summary

discordrat persistence rat rootkit stealer

Discord RAT

Downloads MZ/PE file

Executes dropped EXE

Drops file in Windows directory

Suspicious use of WriteProcessMemory

Uses Volume Shadow Copy WMI provider

Uses Volume Shadow Copy service COM API

Uses Task Scheduler COM API

Modifies registry class

Suspicious use of AdjustPrivilegeToken

NTFS ADS

Suspicious behavior: MapViewOfSection

Suspicious use of SetWindowsHookEx

Modifies Internet Explorer settings

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-03-25 17:05

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-03-25 17:05

Reported

2024-03-25 17:10

Platform

win10-20240221-en

Max time kernel

152s

Max time network

213s

Command Line

"C:\Windows\system32\LaunchWinApp.exe" "https://cdn.discordapp.com/attachments/1137940579985129493/1221867056689844224/butterdawg.exe?ex=6614235f&is=6601ae5f&hm=57af9546349c60f2745bfd37af4b10e792e4c6b1185ff64bb2e53b3cb8758d96&"

Signatures

Discord RAT

stealer rootkit rat persistence discordrat

Downloads MZ/PE file

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File opened for modification C:\Windows\Debug\ESE.TXT C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File opened for modification C:\Windows\Debug\ESE.TXT C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\system32\browser_broker.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\system32\browser_broker.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\IETld\LowMic C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI\IsSignedIn = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\EdpDomStorage\msn.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\www.msn.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\MrtCache C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA\Certificates C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VendorId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\EnablementState = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$Telligent C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust\Certificates C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Cookies\CacheLimit = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content\CacheLimit = "256000" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OnlineHistory\NextBrowserDataLogTime = 20be8d0c097fda01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\FileNames\en-US = "en-US.1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\IETld\LowMic C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI\IsSignedIn = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListDOSTime = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\NextUpdateDate = "418199898" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\DynamicCodePolicy = 00000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$vBulletin 4 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\PersistedStorageItemTable\System\{684EABBE-EE82-4310-9199-F02C03477A3 = e11cc3add67eda01 C:\Windows\system32\browser_broker.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionLow = "395205405" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "395205405" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingDelete C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\butterdawg.exe.6c8tnww.partial:Zone.Identifier C:\Windows\system32\browser_broker.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4764 wrote to memory of 4816 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4764 wrote to memory of 4816 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4764 wrote to memory of 4816 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4764 wrote to memory of 3908 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4764 wrote to memory of 3908 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4764 wrote to memory of 3908 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2292 wrote to memory of 4232 N/A C:\Windows\system32\browser_broker.exe C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\butterdawg.exe
PID 2292 wrote to memory of 4232 N/A C:\Windows\system32\browser_broker.exe C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\butterdawg.exe
PID 2292 wrote to memory of 4232 N/A C:\Windows\system32\browser_broker.exe C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\butterdawg.exe
PID 4764 wrote to memory of 3908 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4764 wrote to memory of 3908 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4764 wrote to memory of 3908 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4764 wrote to memory of 4420 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4764 wrote to memory of 4420 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4764 wrote to memory of 4420 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

Uses Task Scheduler COM API

persistence

Uses Volume Shadow Copy WMI provider

ransomware

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Windows\system32\LaunchWinApp.exe

"C:\Windows\system32\LaunchWinApp.exe" "https://cdn.discordapp.com/attachments/1137940579985129493/1221867056689844224/butterdawg.exe?ex=6614235f&is=6601ae5f&hm=57af9546349c60f2745bfd37af4b10e792e4c6b1185ff64bb2e53b3cb8758d96&"

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\butterdawg.exe

"C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\butterdawg.exe"

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

Network

Country Destination Domain Proto
US 8.8.8.8:53 cdn.discordapp.com udp
US 162.159.135.233:443 cdn.discordapp.com tcp
US 162.159.135.233:443 cdn.discordapp.com tcp
US 8.8.8.8:53 233.135.159.162.in-addr.arpa udp
US 8.8.8.8:53 194.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
US 8.8.8.8:53 206.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 www.msn.com udp
US 8.8.8.8:53 assets.msn.com udp
GB 95.101.143.250:443 assets.msn.com tcp
GB 95.101.143.250:443 assets.msn.com tcp
GB 95.101.143.250:443 assets.msn.com tcp
GB 95.101.143.250:443 assets.msn.com tcp
US 8.8.8.8:53 250.143.101.95.in-addr.arpa udp
US 204.79.197.203:443 www.msn.com tcp
US 204.79.197.203:443 www.msn.com tcp
US 8.8.8.8:53 browser.events.data.msn.com udp
US 204.79.197.203:443 www.msn.com tcp
US 204.79.197.203:443 www.msn.com tcp
US 20.189.173.5:443 browser.events.data.msn.com tcp
US 20.189.173.5:443 browser.events.data.msn.com tcp
US 20.189.173.5:443 browser.events.data.msn.com tcp
US 8.8.8.8:53 5.173.189.20.in-addr.arpa udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 191.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 www.microsoft.com udp
GB 104.78.177.227:443 www.microsoft.com tcp
GB 104.78.177.227:443 www.microsoft.com tcp
US 8.8.8.8:53 227.177.78.104.in-addr.arpa udp
US 8.8.8.8:53 ajax.aspnetcdn.com udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 152.199.19.160:443 ajax.aspnetcdn.com tcp
US 152.199.19.160:443 ajax.aspnetcdn.com tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 204.178.17.96.in-addr.arpa udp
US 204.79.197.203:443 www.msn.com tcp
US 8.8.8.8:53 assets.msn.com udp
GB 95.101.143.105:443 assets.msn.com tcp
US 8.8.8.8:53 browser.events.data.msn.com udp
US 20.42.65.84:443 browser.events.data.msn.com tcp
US 20.42.65.84:443 browser.events.data.msn.com tcp
US 20.42.65.84:443 browser.events.data.msn.com tcp
US 8.8.8.8:53 84.65.42.20.in-addr.arpa udp
US 8.8.8.8:53 105.143.101.95.in-addr.arpa udp
US 8.8.8.8:53 91.16.208.104.in-addr.arpa udp
US 8.8.8.8:53 130.211.222.173.in-addr.arpa udp
US 8.8.8.8:53 183.178.17.96.in-addr.arpa udp

Files

memory/992-0-0x0000012C59520000-0x0000012C59530000-memory.dmp

memory/992-16-0x0000012C59D40000-0x0000012C59D50000-memory.dmp

memory/992-35-0x0000012C59690000-0x0000012C59692000-memory.dmp

memory/4816-59-0x00000189F5590000-0x00000189F5592000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\I7GRB93S\butterdawg[1].exe

MD5 3d119321b424cf39b92871de5749c72a
SHA1 48003a72ffa6a8253a83522b8eb7f69b9e859aaa
SHA256 b67f50ca3d56ceb52dff13596b7175cd30b2fc3c546177b6a620f82dbd322be5
SHA512 3cd852fa5351195184a7e990898a2b488e28e3189da4ff35d77fc9b796267b36cdcf20f301ec35141922bb4f36a99ea2cff10a44d5f23f04ec1b8b7303eddc6c

memory/4816-64-0x00000189F55C0000-0x00000189F55C2000-memory.dmp

memory/4816-66-0x00000189F55E0000-0x00000189F55E2000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\3I15A9IV.cookie

MD5 1791df0ac3ff7f54fcb4f7304528717c
SHA1 28d1c1cc55d463690c0f19a55367169257ded49d
SHA256 c581f57021030b8e89a6a4774619fa447d2c7ba42478c1ca6b32f22a90c03f99
SHA512 619946dbc08c13135046f9399156adcc3adb4df70897643cc9b6b3ac7c012fb9ae7689feb74c8bfccf3ad011d3e6b459c61a7cc40928afbb2c73703f565d1988

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\butterdawg.exe:Zone.Identifier

MD5 846cbd063b1a82f822966f83d89c8bd5
SHA1 d8f3f1eccd40d3c31f2f3e8059f4cba51032f8e1
SHA256 3a0b9a392e497d04079c80cf67c9a6b13eb4e16dc9f98923fa5e2953cf3c49b7
SHA512 a716762eae8840311ef616f0c003eb6f901adc9079744ea0de9f6851f019d20c59ec70074b8bbdf615a19b35eb62a35a1fe748ed9f2c4cfcadfa286583ccd28f

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\OJ0YCBP1\edgecompatviewlist[1].xml

MD5 d4fc49dc14f63895d997fa4940f24378
SHA1 3efb1437a7c5e46034147cbbc8db017c69d02c31
SHA256 853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1
SHA512 cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

memory/5008-143-0x000002F199CA0000-0x000002F199CC0000-memory.dmp

memory/5008-155-0x000002F199F00000-0x000002F19A000000-memory.dmp

memory/5008-161-0x000002F1AAEA0000-0x000002F1AAFA0000-memory.dmp

memory/5008-165-0x000002F1AB0A0000-0x000002F1AB0C0000-memory.dmp

memory/5008-185-0x000002F1AB660000-0x000002F1AB680000-memory.dmp

memory/992-195-0x0000012C61E60000-0x0000012C61E61000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\4C11PZ0L\favicon[1].ico

MD5 84cc977d0eb148166481b01d8418e375
SHA1 00e2461bcd67d7ba511db230415000aefbd30d2d
SHA256 bbf8da37d92138cc08ffeec8e3379c334988d5ae99f4415579999bfbbb57a66c
SHA512 f47a507077f9173fb07ec200c2677ba5f783d645be100f12efe71f701a74272a98e853c4fab63740d685853935d545730992d0004c9d2fe8e1965445cab509c3

memory/992-197-0x0000012C61E70000-0x0000012C61E71000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\WCXBU0VS\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\~DFC30D092588B2D2B4.TMP

MD5 5e0a519791bbcf6ff13f11876e30bc9d
SHA1 c63171461bed1772929f1dd63fb0f01d152c402e
SHA256 dcd3faf63310e003f0e2eb8b6a3bcb7f5a1662dcfa474e71563001e6ac847398
SHA512 96d297c15cc6c858a2d731a84f07361964d835cee9b69aaa810a7a81e99308f1c612e884f0ac51a1ed4b41fd43b9a42396403b41773139438fe909afc9e2e8c8

memory/992-319-0x0000012C59A00000-0x0000012C59A02000-memory.dmp

memory/992-322-0x0000012C596C0000-0x0000012C596C1000-memory.dmp

memory/992-326-0x0000012C59680000-0x0000012C59681000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\butterdawgstarter.exe

MD5 c2855b4970bc7461d81420ef630c2035
SHA1 b63be3b74eaf97c055ea0a39df0d5880c700748d
SHA256 cf82938b634f7c65f7401e47b4fe14456c1d4cc1a4b16a36f329bcec26714744
SHA512 8bdd194f5dc42e2f63ea79dc9076d2610862c0e825db8c8e62c7603a7db107a253a29619d952384e6219c5c033a6b05d4dd198a4b41b2c71d026359768fd4959

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\butterdawg.png

MD5 86a6fcf83d3488db02c2b6ca633af386
SHA1 40ce88cf5906f11a7f6cdf081700e9e924aba819
SHA256 95b04d8316cc66a1383b7e6a886f3128f6bc671cfd8300078ca4ac9437fbde59
SHA512 bef2e6c660744bf2df1b88f769f97cb03f6ff0069b3dad5e75a563bd91a3ee1e63f6fdbeb3d492f4af50af2c2fdea82ec438a17600e05daa7cab7d85d9b5c5da

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\edb.chk

MD5 76a3fe7f46995b0dbee944faa4fb7d7f
SHA1 d69f6347b9117a83ed7be0bf853e76066577f76c
SHA256 9efd955b11090951998ad3fc8b463799412cdd4beae4e419125036e900a88279
SHA512 790a6aba91e2d5d3b7e2c97da55ba228e9142eb812ea2410e40e3acf99914091cae57d7d23025a4ed160c23671c6c3e50b248188344fb06338cbc111de6b2ff3

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\LogFiles\edb.log

MD5 6d7d617e6081b735faa84a86c54ab6f8
SHA1 8e63f265975fa11de54f15479ddbe010d63ace2a
SHA256 2bf6e0320d645f76261429adbfca664200f97e3bbf3e8bb6d523d3b7a24d5127
SHA512 c09a74c58ebd782a5abb24c35dd999c2a0b8b90acf18a62cedcea0a7f532521372ecb6777ed4925aa8117c159a04df31082ab4dd5141e84bf8f2c23a962430ff

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\spartan.edb

MD5 9dd38d41116dabd8370409c38860de0d
SHA1 1097750550df9ad298109f6c8e33751a5066ca9e
SHA256 62211cb904d0c69b4eb70bf61de3caf0e1727a2a7099248f592fdc46a7fb0b96
SHA512 6a17102119122ba6b5714bd96e819618351af93ae86a3e69f4c20e0b1ed38f78a72661f0c6f3f0812eceb22ccf11f3e610d86ece375b18847e3365d573bbc95a

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\spartan.jfm

MD5 dcafa57a6569f39f7e348f11dd379624
SHA1 e13ed19698e22e98f1c2a1bc3e1c50daeda7ae8a
SHA256 71d29a305a66dcbba93524e8608adb347a2fec825cb789b71ed4bc0d8b75803b
SHA512 65dba742cbbefbc2fc97b2c940a7efcb6641235c7c3ab087718bc5309c33bfc55a6b04528a63caaa4ffe6347fa76b1ce1b0535cfba38c8819a55e1ba083345a7

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Recovery\Active\RecoveryStore.{27B85A37-A641-4230-8C95-C4681B5D7639}.dat

MD5 d01202e6198a872ae624ed2aca847feb
SHA1 f1b42bb34573a57547cc694ec26ecb8cf27ceb8b
SHA256 03cae9370fa8e7c7a47c968a02886f9fec7fdcd03ee1e5a6713e840119181018
SHA512 00a868c6903189e994cac33e0641f9f6d004db6ff322aa9977bd4ab62001f68f67ab33afe1605c303f32bdd77e7f4e9ec8747a748d90feab1961023fbf651336

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Recovery\Active\{BB48B7D5-F2C9-4699-9DB3-1313D8A987BB}.dat

MD5 671e77df751c5c6cc46afe007150638c
SHA1 13b520177bc5afb891e25888da1dfab8bf219e94
SHA256 4dfcdc5e5b83b5b083fd8f0108d6f30ffb7aee7af2eea24b15b2a6bb9595fe8c
SHA512 6e0df304c1f9aad7b2dd01c8d3147e8385d03d15b035053f997af2084579afc175af66e7a8b47b9ece35a76313b450a92973f9c42a047d94c4599ccbd239a204

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Recovery\Active\{B28501C3-0381-40A2-824D-45597FAB3BF8}.dat

MD5 c23ebf290e2d796573faeccb3b14e6a0
SHA1 209237cb96108ea96ccf06c7bef523f98911f2c2
SHA256 24e50e3b82d6dd512bae78acb6329cfe9b40a6edd717a020ab8bf421bfef3d01
SHA512 c0b6a7b2ecfb042236091530e438487267a3030d7598d4bf7f383f9a87ac6e9c28466c408d96ada618e953a37396c313b0c35ea140acf1ced0c922a5268e339f

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Recovery\Active\{6B908B88-A1AA-4043-A25E-80B8A13D10A1}.dat

MD5 cd7b355be74a9ee92ce930259c2aebfd
SHA1 b474c639b988e0463da7a8fa2aa972fdbd4ff98e
SHA256 36940d2cb8dab496e54f0f26f0793264b6c5d69fe0103ce28013d100622eb36b
SHA512 c44d594a1d0537e13f410adeee3f9f5cc0c7cfc972bac07eea41dbe874aeec68f8427cf6e488c19ba751c9bd7ccaef6d5754bc5cafa4810677e27a8b5b793b7a

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Recovery\Active\{79BC88D4-7E03-4F9C-95EA-1B3962076392}.dat

MD5 cdfbadeb83f870df18b9d7ea3455368b
SHA1 5138e835068672fe989bead615c251f12ebb09c9
SHA256 439447131be827b61f30bcd58d87e9ef086152ba57417a676c8c45af5bbd889f
SHA512 a1075c6a1c6154f392789cd3bbafd13a2d1e061a121121fd6260d7064041801a4d78e49223a6bccb8eb04a73a192db7a89fa64110cef1047ea1e5f96611e29b3

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Recovery\Active\{B7893C5F-EDC7-4012-B6A6-325E794EEECC}.dat

MD5 1f10d231b6ead9c88eae245bd3aa3379
SHA1 52a827896e18d9b175e5f37a8939283d1bc0ecc9
SHA256 571938a90d6291057eece896987e71472d8f25c07725fa65cc0ce7bb74bc5041
SHA512 13c745f86c9344f49a1e9bc09fb1cab196ef337fd7ac424fffed4b21793d165a58566aaf8fbee7f7fa2bf62b7aeebe397e90da8441ea8385d954bbce85d14d30

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cache\N6YYF8HN\otSDKStub[1].js

MD5 04a736599abd9d35460f225bdd4d2c6b
SHA1 f3a6c5e12a6862451d6a457230a506ce0dbd4007
SHA256 8dab3ce341beacb7483049495e317f00aad8ec7d960f98f2619536fb8f2f75f1
SHA512 a30d77969ff900e42f743bbbc44ff76a7c6abfba0641ebba1e8e93df72e8b232b774daa105252ecf52042bc6a995bbce17f9e91b2343f844776adc40967adccc

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cache\WIRBOOEE\microsoft.8aa91a5fe4f5d8517ae1[1].js

MD5 1b4bd481201681e6e6609b4e84d91900
SHA1 712b959a52f424694b3fa5b852c3d7adf27bc19d
SHA256 ce3eeed6a430adf998eac68138d70e1d064cc81a54274c00b71a22f6c1e0b2b0
SHA512 e844c8e156b94fdedc70830471a4b8cd095926c0a0e5fa3c2685b34a7efbc8d2bfdd662513f46a2021b92d46289ad25ebe7b54d3885c438ea3d4fb7cfb17e5fe

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cache\V0PH3MCR\vendors.c47bf4f4981f23895ddb[1].js

MD5 01cd3e668d1acb88b93ab929d450ae63
SHA1 f44e64fd07d828ef0b41a127faf5fc4d0ccb7515
SHA256 76d32a47254928b038acae6e59dbad89eff8d7126eae4391a3a869a3ab6a4eaf
SHA512 b8c1db0645e3aca3e5953724077fa2699216e1f8f780346fba8bbe27f1ec2d8c7bef62dba1a88d3cec8db445418bdc7c3307ac3bf84abfd400d1f1678681e368

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cache\N6YYF8HN\common.5dd7cff85de67632bfd7[1].js

MD5 cd8d2938dfcc295d8d63f9e40e79b3b4
SHA1 08a48c71162cb94c0a4737376c499de1b4666a90
SHA256 881c2664c20a836f6784a1db963fe6f69f5809912ffa0b2d54ecc1361526e922
SHA512 fc252ab5d8444efbc3072b1101c7ce89f91cca35cef475eaa3c28b33dc746aa36b6ac82d1a6d896a975a3e086d8e73882af29392d1235962883bf9e7f0feb590

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\4m37sct\imagestore.dat

MD5 c9b9a8bbdcec89d07e87657697c06bab
SHA1 2eda1eef02f672337ae1887149463fc036c31967
SHA256 e9debeb5c4deaa6be471402cf6f5c48fc794db7f36e8b902a5c9bdf71e646385
SHA512 421f9729583aa1641a22d0eded6c0dfd670f1709eada82701fe48312df6fb53f6431c7543ae5ce8bb4f3114f7934a1bac48518db11076d21f230be84d92b9dbe

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\TXWUBY5D.cookie

MD5 11da538b3b42c9494b082d331db40b06
SHA1 1ace5b556ead7ffbcdddd31dcad97da04cfda3c8
SHA256 4f774245906b35f41108b99dc0880ba624a3eeddd9e91bf2d1d179f5fb7d9b38
SHA512 68fa4c5387a8d7ed0dc58d6c0912931f6e9dcd70134ad7c2f297a3ae4eac03c72bfea8d896b71e05a85bbfed6b7b934d8baed41624a511bb72dc2edf808cff49

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\DOMStore\447GEBIM\www.msn[1].xml

MD5 43d80318a10f6fdd380160106f8ebde6
SHA1 5e95f0b7f77b6ce0a286d2a868b29cb2453664d1
SHA256 cfa155deefae51be128acdd8c0444d9ec8a4ae31dc35c7cbd44bfb06ffb7a67b
SHA512 3bb64702db41eb943165e68d148d2bdbf6054f0b240e701914d68c5084ebafcbe62081a6a4f516dbcda6db34a9de9f7c363c6b23f450fa27e88d12b1072d0abc

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cache\ETQUW8PF\55a804ab-e5c6-4b97-9319-86263d365d28[1].json

MD5 46ee78c94150df13398d0517a789cf5e
SHA1 8d827947d19e920d1b6058baf7d641c5ba0b70de
SHA256 d8b70c9603b72404d8436aa9e4528f01e1dc45aef7834046d321b1f0a543dd08
SHA512 cc499b8e50e008530e67c8d8c06cc8c9b8facf71eb851f63855d2a180a00e6773b666efced032f93e68be048563c5d0d575274254583310c89a9e7a11f46c1f4

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cache\V0PH3MCR\web-worker.440858f9fe4973b6d967[1].js

MD5 3c27e2c5547d9a2776909c6c8da8bff5
SHA1 c347bc4ea26cf2c55475b558ee9d29b739070c87
SHA256 0c1146defd2749d575ddf1f34be4c0c6fe6991de08adcf85555c255df9ede1a8
SHA512 9173de0eb213aa52d84d21bea9697c7abeffd5b8be2085e53478f4821c219f1b133dbaf10a26584405880540643bf0d1bf9e9e7718339da7fc03811c7c8231d9

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!002\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53

MD5 da26794ff771dc3d9e896bc1873b3f4a
SHA1 21f4258056030c93a9fc2ee772e3dfc0fc4f8d92
SHA256 c9990a0c6e3161572ff16108a6c32652061402a6e3385fdd68f8a729d572f742
SHA512 998d322982dc9b197b6291440c0abd14522010fda2e6b2213636ea1435d27534db630e4275dcc043ddafb6bcb3ba4db481aad12246f75c951de69f0889e26ef6

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!002\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53

MD5 215aac47e140d8e380099ab28fd3b241
SHA1 3015f1faa51efd27f3cd38ef530999fbc6a447bc
SHA256 fc6b804476191588fcb7cba86ad74dd4211296597dba1750de288ccf585f9379
SHA512 0a905d8c69e1b8f60f1187ecdfe8c4f91160fa832e23864d870e7325c5ba464a98091b415094091420fb61328bbce080e4c6ef20da23796711c59c605d1f5150

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cache\WIRBOOEE\otBannerSdk[1].js

MD5 9407efa17b9fa09288ff833eeb111cc7
SHA1 4fba1d46d43eeaeff48b8493245e5cda953285c8
SHA256 9cfaaf4e24c9a20159123c632711d2cbb98854a66ab659a5c24373633f180d4a
SHA512 f864566e20f37099463b4bb39665a52293402d293f9bdbccdac3b6cda7db41f91ce79c34786129f84c822f2c35a7a0976060fcd97271dd27685e4f6255f70b0a

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cache\ETQUW8PF\otTCF[1].js

MD5 ccc7bdfd4fec43bb4e2ee254705af6f9
SHA1 9a2a188ff810fd0f025266d2b65f448a5ca84181
SHA256 0881d43075354250e7ca66af2628b7f894bca339f73be5add8c16e166d253708
SHA512 93e7b2cf7c54dda5bacede673dee2829335642aca27eb36afc4a117ee38e00bbc2ee801d751c7af5cbd1c31d0fb92643a862ca710f243e4e9fe64027fa0e39b0

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cache\N6YYF8HN\en-gb[1].json

MD5 816d49758ab391b0e0e37e91185ed9e6
SHA1 8a0767e4fb5f4929b5976a023bbcd95dd7457d3d
SHA256 369cbbb82b32dd6294630cc2ab4037d3769061736ddb2ee9aa13884465f86b57
SHA512 00b7eb2271a728a912c2f8c463c7969b7bf13265916b6d4d8b01faae9d9446cced224f391c82fdc99b7a59cc88594f9964344758aafd71ca2a140af7d9262aa9

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cache\N6YYF8HN\iab2V2Data[1].json

MD5 bed3500127cab0b4be32181b655b9a05
SHA1 04ecda6ae72e0fdb04ae74c565f5bb3fcb105dc8
SHA256 9db97a106f0b0ef7b0f75239ffd244083dd2caa0b3c4286cb1d77583893f5e71
SHA512 87bd62e183b7f1585e721a226ec628b9c33aa0ec980bed9e1a640547be719d5194a5c339a434f87f15b9d48d102f570c5b2a57d72e5e2506b28bac29aa9feb7c

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!002\Microsoft\CryptnetUrlCache\Content\EAF8AA29A62AB29E614331747385D816_5C1009244D39FCE23AF8F277537F2613

MD5 d7df8de560dc302d1cdae96759a84b6a
SHA1 5b67b7e51e6c8aab2e56a2b0472adf6ce5a343f9
SHA256 94c621dc5c7eeda995b9fe6a845c29bb75ed3c93f671b138bce5fc9b82078d50
SHA512 91cc5e06b76810570a766355f0d37514804916786b8bc0b264c641e7d473a8ba730cf9ef88504d394310cb72923f1d622d487c712c298f39ce5648ac351d7f50

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!002\Microsoft\CryptnetUrlCache\MetaData\EAF8AA29A62AB29E614331747385D816_5C1009244D39FCE23AF8F277537F2613

MD5 f7138ed92b7ebfd2143ca81a88afa847
SHA1 824d74f202500ed1f0db81b77bbb939cd8df8d34
SHA256 dbf6656848a5f1b53b567c9ad7d0b579fac1659cf48ccaa5436fbf9f31cafdbd
SHA512 1e772396444a013b09e56e74d959c38b7acaaf01c3372f052ea7a4f52992a4574530298901b8b97467a2f318c897229dbd8e8bb7554e168bc64fae97be9c13ac

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

MD5 8487b9eda2082be69645caa59f8ed292
SHA1 aa4cec53b02dbb536257e6fddb6c8dd6b66862a2
SHA256 c88247aad0b31c8d8c1c0db146fdb75b7270f7dd2ed3131eec6335765b6859ae
SHA512 f61bd198f134996af60b8788b21727f2237fb40a6ef19ee6abb9793cb1eb81bfe6c886e18023708e6228eee64c9ab621d6a64cac40ec661e1e278cf932af66ae

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

MD5 b208521c2c31c62015c38bb85feb51b0
SHA1 008316003e88bda0ae51d666e28934a367090dd2
SHA256 c34551e0a8993957869ed2b41357128f47bcd889d141a11b4b2fab20ac678a88
SHA512 97a633887ba4208336c9c4a28edfea165c4d6a88daf119cd09d608f76933b8eef9cab5bcc820401d892d923fb11d5646d6db340ba58903ce85341a3e61070ae8

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\LogFiles\edb.log

MD5 4bf86b2e2967c5694e3c0d812507fd6f
SHA1 497ca8740b659416b73d0282415af5f905838ec5
SHA256 21d82d3e5190aa1c64dec38e73086b2874afb22caa02f5c54cc06ab068efe097
SHA512 9cb16365b33ea630ffe4005769e80f8b77746bdfb0ff0fa23ac96798f0926373c49c2eda8db14414e1ec55089cd121df2b18cddb3d9551db469084ae667d6e2b