Analysis Overview
Threat Level: Known bad
The file https://cdn.discordapp.com/attachments/1137940579985129493/1221867056689844224/butterdawg.exe?ex=6614235f&is=6601ae5f&hm=57af9546349c60f2745bfd37af4b10e792e4c6b1185ff64bb2e53b3cb8758d96& was found to be: Known bad.
Malicious Activity Summary
Discord RAT
Downloads MZ/PE file
Executes dropped EXE
Drops file in Windows directory
Suspicious use of WriteProcessMemory
Uses Volume Shadow Copy WMI provider
Uses Volume Shadow Copy service COM API
Uses Task Scheduler COM API
Modifies registry class
Suspicious use of AdjustPrivilegeToken
NTFS ADS
Suspicious behavior: MapViewOfSection
Suspicious use of SetWindowsHookEx
Modifies Internet Explorer settings
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-03-25 17:05
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-03-25 17:05
Reported
2024-03-25 17:10
Platform
win10-20240221-en
Max time kernel
152s
Max time network
213s
Command Line
Signatures
Discord RAT
Downloads MZ/PE file
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\butterdawg.exe | N/A |
Drops file in Windows directory
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000\Software\Microsoft\Internet Explorer\Main | C:\Windows\system32\browser_broker.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000\Software\Microsoft\Internet Explorer\Main | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000\Software\Microsoft\Internet Explorer\Main | C:\Windows\system32\browser_broker.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\IETld\LowMic | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI\IsSignedIn = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\EdpDomStorage\msn.com | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\CIStatus\CIPolicyState = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\www.msn.com | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\CIPolicyState = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\MrtCache | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\CIStatus\CIPolicyState = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VendorId = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\EnablementState = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\CIStatus\SignaturePolicy = 06000000 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$Telligent | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust\Certificates | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Cookies\CacheLimit = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content\CacheLimit = "256000" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OnlineHistory\NextBrowserDataLogTime = 20be8d0c097fda01 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\FileNames\en-US = "en-US.1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\IETld\LowMic | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI\IsSignedIn = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListDOSTime = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\NextUpdateDate = "418199898" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\DynamicCodePolicy = 00000000 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus\DynamicCodePolicy = 05000000 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\"" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$vBulletin 4 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History\CachePrefix = "Visited:" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\ACGPolicyState = "8" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\PersistedStorageItemTable\System\{684EABBE-EE82-4310-9199-F02C03477A3 = e11cc3add67eda01 | C:\Windows\system32\browser_broker.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionLow = "395205405" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "395205405" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingDelete | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus\ACGPolicyState = "8" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3360119756-166634443-3920521668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\butterdawg.exe.6c8tnww.partial:Zone.Identifier | C:\Windows\system32\browser_broker.exe | N/A |
Suspicious behavior: MapViewOfSection
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Uses Volume Shadow Copy WMI provider
Uses Volume Shadow Copy service COM API
Processes
C:\Windows\system32\LaunchWinApp.exe
"C:\Windows\system32\LaunchWinApp.exe" "https://cdn.discordapp.com/attachments/1137940579985129493/1221867056689844224/butterdawg.exe?ex=6614235f&is=6601ae5f&hm=57af9546349c60f2745bfd37af4b10e792e4c6b1185ff64bb2e53b3cb8758d96&"
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\butterdawg.exe
"C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\butterdawg.exe"
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | cdn.discordapp.com | udp |
| US | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| US | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| US | 8.8.8.8:53 | 233.135.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.19.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.msn.com | udp |
| US | 8.8.8.8:53 | assets.msn.com | udp |
| GB | 95.101.143.250:443 | assets.msn.com | tcp |
| GB | 95.101.143.250:443 | assets.msn.com | tcp |
| GB | 95.101.143.250:443 | assets.msn.com | tcp |
| GB | 95.101.143.250:443 | assets.msn.com | tcp |
| US | 8.8.8.8:53 | 250.143.101.95.in-addr.arpa | udp |
| US | 204.79.197.203:443 | www.msn.com | tcp |
| US | 204.79.197.203:443 | www.msn.com | tcp |
| US | 8.8.8.8:53 | browser.events.data.msn.com | udp |
| US | 204.79.197.203:443 | www.msn.com | tcp |
| US | 204.79.197.203:443 | www.msn.com | tcp |
| US | 20.189.173.5:443 | browser.events.data.msn.com | tcp |
| US | 20.189.173.5:443 | browser.events.data.msn.com | tcp |
| US | 20.189.173.5:443 | browser.events.data.msn.com | tcp |
| US | 8.8.8.8:53 | 5.173.189.20.in-addr.arpa | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 191.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| GB | 104.78.177.227:443 | www.microsoft.com | tcp |
| GB | 104.78.177.227:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | 227.177.78.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ajax.aspnetcdn.com | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 152.199.19.160:443 | ajax.aspnetcdn.com | tcp |
| US | 152.199.19.160:443 | ajax.aspnetcdn.com | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 204.178.17.96.in-addr.arpa | udp |
| US | 204.79.197.203:443 | www.msn.com | tcp |
| US | 8.8.8.8:53 | assets.msn.com | udp |
| GB | 95.101.143.105:443 | assets.msn.com | tcp |
| US | 8.8.8.8:53 | browser.events.data.msn.com | udp |
| US | 20.42.65.84:443 | browser.events.data.msn.com | tcp |
| US | 20.42.65.84:443 | browser.events.data.msn.com | tcp |
| US | 20.42.65.84:443 | browser.events.data.msn.com | tcp |
| US | 8.8.8.8:53 | 84.65.42.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.143.101.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.16.208.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.211.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.178.17.96.in-addr.arpa | udp |
Files
memory/992-0-0x0000012C59520000-0x0000012C59530000-memory.dmp
memory/992-16-0x0000012C59D40000-0x0000012C59D50000-memory.dmp
memory/992-35-0x0000012C59690000-0x0000012C59692000-memory.dmp
memory/4816-59-0x00000189F5590000-0x00000189F5592000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\I7GRB93S\butterdawg[1].exe
| MD5 | 3d119321b424cf39b92871de5749c72a |
| SHA1 | 48003a72ffa6a8253a83522b8eb7f69b9e859aaa |
| SHA256 | b67f50ca3d56ceb52dff13596b7175cd30b2fc3c546177b6a620f82dbd322be5 |
| SHA512 | 3cd852fa5351195184a7e990898a2b488e28e3189da4ff35d77fc9b796267b36cdcf20f301ec35141922bb4f36a99ea2cff10a44d5f23f04ec1b8b7303eddc6c |
memory/4816-64-0x00000189F55C0000-0x00000189F55C2000-memory.dmp
memory/4816-66-0x00000189F55E0000-0x00000189F55E2000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\3I15A9IV.cookie
| MD5 | 1791df0ac3ff7f54fcb4f7304528717c |
| SHA1 | 28d1c1cc55d463690c0f19a55367169257ded49d |
| SHA256 | c581f57021030b8e89a6a4774619fa447d2c7ba42478c1ca6b32f22a90c03f99 |
| SHA512 | 619946dbc08c13135046f9399156adcc3adb4df70897643cc9b6b3ac7c012fb9ae7689feb74c8bfccf3ad011d3e6b459c61a7cc40928afbb2c73703f565d1988 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\butterdawg.exe:Zone.Identifier
| MD5 | 846cbd063b1a82f822966f83d89c8bd5 |
| SHA1 | d8f3f1eccd40d3c31f2f3e8059f4cba51032f8e1 |
| SHA256 | 3a0b9a392e497d04079c80cf67c9a6b13eb4e16dc9f98923fa5e2953cf3c49b7 |
| SHA512 | a716762eae8840311ef616f0c003eb6f901adc9079744ea0de9f6851f019d20c59ec70074b8bbdf615a19b35eb62a35a1fe748ed9f2c4cfcadfa286583ccd28f |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\OJ0YCBP1\edgecompatviewlist[1].xml
| MD5 | d4fc49dc14f63895d997fa4940f24378 |
| SHA1 | 3efb1437a7c5e46034147cbbc8db017c69d02c31 |
| SHA256 | 853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1 |
| SHA512 | cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a |
memory/5008-143-0x000002F199CA0000-0x000002F199CC0000-memory.dmp
memory/5008-155-0x000002F199F00000-0x000002F19A000000-memory.dmp
memory/5008-161-0x000002F1AAEA0000-0x000002F1AAFA0000-memory.dmp
memory/5008-165-0x000002F1AB0A0000-0x000002F1AB0C0000-memory.dmp
memory/5008-185-0x000002F1AB660000-0x000002F1AB680000-memory.dmp
memory/992-195-0x0000012C61E60000-0x0000012C61E61000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\4C11PZ0L\favicon[1].ico
| MD5 | 84cc977d0eb148166481b01d8418e375 |
| SHA1 | 00e2461bcd67d7ba511db230415000aefbd30d2d |
| SHA256 | bbf8da37d92138cc08ffeec8e3379c334988d5ae99f4415579999bfbbb57a66c |
| SHA512 | f47a507077f9173fb07ec200c2677ba5f783d645be100f12efe71f701a74272a98e853c4fab63740d685853935d545730992d0004c9d2fe8e1965445cab509c3 |
memory/992-197-0x0000012C61E70000-0x0000012C61E71000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\WCXBU0VS\suggestions[1].en-US
| MD5 | 5a34cb996293fde2cb7a4ac89587393a |
| SHA1 | 3c96c993500690d1a77873cd62bc639b3a10653f |
| SHA256 | c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad |
| SHA512 | e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\~DFC30D092588B2D2B4.TMP
| MD5 | 5e0a519791bbcf6ff13f11876e30bc9d |
| SHA1 | c63171461bed1772929f1dd63fb0f01d152c402e |
| SHA256 | dcd3faf63310e003f0e2eb8b6a3bcb7f5a1662dcfa474e71563001e6ac847398 |
| SHA512 | 96d297c15cc6c858a2d731a84f07361964d835cee9b69aaa810a7a81e99308f1c612e884f0ac51a1ed4b41fd43b9a42396403b41773139438fe909afc9e2e8c8 |
memory/992-319-0x0000012C59A00000-0x0000012C59A02000-memory.dmp
memory/992-322-0x0000012C596C0000-0x0000012C596C1000-memory.dmp
memory/992-326-0x0000012C59680000-0x0000012C59681000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\butterdawgstarter.exe
| MD5 | c2855b4970bc7461d81420ef630c2035 |
| SHA1 | b63be3b74eaf97c055ea0a39df0d5880c700748d |
| SHA256 | cf82938b634f7c65f7401e47b4fe14456c1d4cc1a4b16a36f329bcec26714744 |
| SHA512 | 8bdd194f5dc42e2f63ea79dc9076d2610862c0e825db8c8e62c7603a7db107a253a29619d952384e6219c5c033a6b05d4dd198a4b41b2c71d026359768fd4959 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\butterdawg.png
| MD5 | 86a6fcf83d3488db02c2b6ca633af386 |
| SHA1 | 40ce88cf5906f11a7f6cdf081700e9e924aba819 |
| SHA256 | 95b04d8316cc66a1383b7e6a886f3128f6bc671cfd8300078ca4ac9437fbde59 |
| SHA512 | bef2e6c660744bf2df1b88f769f97cb03f6ff0069b3dad5e75a563bd91a3ee1e63f6fdbeb3d492f4af50af2c2fdea82ec438a17600e05daa7cab7d85d9b5c5da |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\edb.chk
| MD5 | 76a3fe7f46995b0dbee944faa4fb7d7f |
| SHA1 | d69f6347b9117a83ed7be0bf853e76066577f76c |
| SHA256 | 9efd955b11090951998ad3fc8b463799412cdd4beae4e419125036e900a88279 |
| SHA512 | 790a6aba91e2d5d3b7e2c97da55ba228e9142eb812ea2410e40e3acf99914091cae57d7d23025a4ed160c23671c6c3e50b248188344fb06338cbc111de6b2ff3 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\LogFiles\edb.log
| MD5 | 6d7d617e6081b735faa84a86c54ab6f8 |
| SHA1 | 8e63f265975fa11de54f15479ddbe010d63ace2a |
| SHA256 | 2bf6e0320d645f76261429adbfca664200f97e3bbf3e8bb6d523d3b7a24d5127 |
| SHA512 | c09a74c58ebd782a5abb24c35dd999c2a0b8b90acf18a62cedcea0a7f532521372ecb6777ed4925aa8117c159a04df31082ab4dd5141e84bf8f2c23a962430ff |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\spartan.edb
| MD5 | 9dd38d41116dabd8370409c38860de0d |
| SHA1 | 1097750550df9ad298109f6c8e33751a5066ca9e |
| SHA256 | 62211cb904d0c69b4eb70bf61de3caf0e1727a2a7099248f592fdc46a7fb0b96 |
| SHA512 | 6a17102119122ba6b5714bd96e819618351af93ae86a3e69f4c20e0b1ed38f78a72661f0c6f3f0812eceb22ccf11f3e610d86ece375b18847e3365d573bbc95a |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\spartan.jfm
| MD5 | dcafa57a6569f39f7e348f11dd379624 |
| SHA1 | e13ed19698e22e98f1c2a1bc3e1c50daeda7ae8a |
| SHA256 | 71d29a305a66dcbba93524e8608adb347a2fec825cb789b71ed4bc0d8b75803b |
| SHA512 | 65dba742cbbefbc2fc97b2c940a7efcb6641235c7c3ab087718bc5309c33bfc55a6b04528a63caaa4ffe6347fa76b1ce1b0535cfba38c8819a55e1ba083345a7 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Recovery\Active\RecoveryStore.{27B85A37-A641-4230-8C95-C4681B5D7639}.dat
| MD5 | d01202e6198a872ae624ed2aca847feb |
| SHA1 | f1b42bb34573a57547cc694ec26ecb8cf27ceb8b |
| SHA256 | 03cae9370fa8e7c7a47c968a02886f9fec7fdcd03ee1e5a6713e840119181018 |
| SHA512 | 00a868c6903189e994cac33e0641f9f6d004db6ff322aa9977bd4ab62001f68f67ab33afe1605c303f32bdd77e7f4e9ec8747a748d90feab1961023fbf651336 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Recovery\Active\{BB48B7D5-F2C9-4699-9DB3-1313D8A987BB}.dat
| MD5 | 671e77df751c5c6cc46afe007150638c |
| SHA1 | 13b520177bc5afb891e25888da1dfab8bf219e94 |
| SHA256 | 4dfcdc5e5b83b5b083fd8f0108d6f30ffb7aee7af2eea24b15b2a6bb9595fe8c |
| SHA512 | 6e0df304c1f9aad7b2dd01c8d3147e8385d03d15b035053f997af2084579afc175af66e7a8b47b9ece35a76313b450a92973f9c42a047d94c4599ccbd239a204 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Recovery\Active\{B28501C3-0381-40A2-824D-45597FAB3BF8}.dat
| MD5 | c23ebf290e2d796573faeccb3b14e6a0 |
| SHA1 | 209237cb96108ea96ccf06c7bef523f98911f2c2 |
| SHA256 | 24e50e3b82d6dd512bae78acb6329cfe9b40a6edd717a020ab8bf421bfef3d01 |
| SHA512 | c0b6a7b2ecfb042236091530e438487267a3030d7598d4bf7f383f9a87ac6e9c28466c408d96ada618e953a37396c313b0c35ea140acf1ced0c922a5268e339f |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Recovery\Active\{6B908B88-A1AA-4043-A25E-80B8A13D10A1}.dat
| MD5 | cd7b355be74a9ee92ce930259c2aebfd |
| SHA1 | b474c639b988e0463da7a8fa2aa972fdbd4ff98e |
| SHA256 | 36940d2cb8dab496e54f0f26f0793264b6c5d69fe0103ce28013d100622eb36b |
| SHA512 | c44d594a1d0537e13f410adeee3f9f5cc0c7cfc972bac07eea41dbe874aeec68f8427cf6e488c19ba751c9bd7ccaef6d5754bc5cafa4810677e27a8b5b793b7a |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Recovery\Active\{79BC88D4-7E03-4F9C-95EA-1B3962076392}.dat
| MD5 | cdfbadeb83f870df18b9d7ea3455368b |
| SHA1 | 5138e835068672fe989bead615c251f12ebb09c9 |
| SHA256 | 439447131be827b61f30bcd58d87e9ef086152ba57417a676c8c45af5bbd889f |
| SHA512 | a1075c6a1c6154f392789cd3bbafd13a2d1e061a121121fd6260d7064041801a4d78e49223a6bccb8eb04a73a192db7a89fa64110cef1047ea1e5f96611e29b3 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Recovery\Active\{B7893C5F-EDC7-4012-B6A6-325E794EEECC}.dat
| MD5 | 1f10d231b6ead9c88eae245bd3aa3379 |
| SHA1 | 52a827896e18d9b175e5f37a8939283d1bc0ecc9 |
| SHA256 | 571938a90d6291057eece896987e71472d8f25c07725fa65cc0ce7bb74bc5041 |
| SHA512 | 13c745f86c9344f49a1e9bc09fb1cab196ef337fd7ac424fffed4b21793d165a58566aaf8fbee7f7fa2bf62b7aeebe397e90da8441ea8385d954bbce85d14d30 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cache\N6YYF8HN\otSDKStub[1].js
| MD5 | 04a736599abd9d35460f225bdd4d2c6b |
| SHA1 | f3a6c5e12a6862451d6a457230a506ce0dbd4007 |
| SHA256 | 8dab3ce341beacb7483049495e317f00aad8ec7d960f98f2619536fb8f2f75f1 |
| SHA512 | a30d77969ff900e42f743bbbc44ff76a7c6abfba0641ebba1e8e93df72e8b232b774daa105252ecf52042bc6a995bbce17f9e91b2343f844776adc40967adccc |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cache\WIRBOOEE\microsoft.8aa91a5fe4f5d8517ae1[1].js
| MD5 | 1b4bd481201681e6e6609b4e84d91900 |
| SHA1 | 712b959a52f424694b3fa5b852c3d7adf27bc19d |
| SHA256 | ce3eeed6a430adf998eac68138d70e1d064cc81a54274c00b71a22f6c1e0b2b0 |
| SHA512 | e844c8e156b94fdedc70830471a4b8cd095926c0a0e5fa3c2685b34a7efbc8d2bfdd662513f46a2021b92d46289ad25ebe7b54d3885c438ea3d4fb7cfb17e5fe |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cache\V0PH3MCR\vendors.c47bf4f4981f23895ddb[1].js
| MD5 | 01cd3e668d1acb88b93ab929d450ae63 |
| SHA1 | f44e64fd07d828ef0b41a127faf5fc4d0ccb7515 |
| SHA256 | 76d32a47254928b038acae6e59dbad89eff8d7126eae4391a3a869a3ab6a4eaf |
| SHA512 | b8c1db0645e3aca3e5953724077fa2699216e1f8f780346fba8bbe27f1ec2d8c7bef62dba1a88d3cec8db445418bdc7c3307ac3bf84abfd400d1f1678681e368 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cache\N6YYF8HN\common.5dd7cff85de67632bfd7[1].js
| MD5 | cd8d2938dfcc295d8d63f9e40e79b3b4 |
| SHA1 | 08a48c71162cb94c0a4737376c499de1b4666a90 |
| SHA256 | 881c2664c20a836f6784a1db963fe6f69f5809912ffa0b2d54ecc1361526e922 |
| SHA512 | fc252ab5d8444efbc3072b1101c7ce89f91cca35cef475eaa3c28b33dc746aa36b6ac82d1a6d896a975a3e086d8e73882af29392d1235962883bf9e7f0feb590 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\4m37sct\imagestore.dat
| MD5 | c9b9a8bbdcec89d07e87657697c06bab |
| SHA1 | 2eda1eef02f672337ae1887149463fc036c31967 |
| SHA256 | e9debeb5c4deaa6be471402cf6f5c48fc794db7f36e8b902a5c9bdf71e646385 |
| SHA512 | 421f9729583aa1641a22d0eded6c0dfd670f1709eada82701fe48312df6fb53f6431c7543ae5ce8bb4f3114f7934a1bac48518db11076d21f230be84d92b9dbe |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\TXWUBY5D.cookie
| MD5 | 11da538b3b42c9494b082d331db40b06 |
| SHA1 | 1ace5b556ead7ffbcdddd31dcad97da04cfda3c8 |
| SHA256 | 4f774245906b35f41108b99dc0880ba624a3eeddd9e91bf2d1d179f5fb7d9b38 |
| SHA512 | 68fa4c5387a8d7ed0dc58d6c0912931f6e9dcd70134ad7c2f297a3ae4eac03c72bfea8d896b71e05a85bbfed6b7b934d8baed41624a511bb72dc2edf808cff49 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\DOMStore\447GEBIM\www.msn[1].xml
| MD5 | 43d80318a10f6fdd380160106f8ebde6 |
| SHA1 | 5e95f0b7f77b6ce0a286d2a868b29cb2453664d1 |
| SHA256 | cfa155deefae51be128acdd8c0444d9ec8a4ae31dc35c7cbd44bfb06ffb7a67b |
| SHA512 | 3bb64702db41eb943165e68d148d2bdbf6054f0b240e701914d68c5084ebafcbe62081a6a4f516dbcda6db34a9de9f7c363c6b23f450fa27e88d12b1072d0abc |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cache\ETQUW8PF\55a804ab-e5c6-4b97-9319-86263d365d28[1].json
| MD5 | 46ee78c94150df13398d0517a789cf5e |
| SHA1 | 8d827947d19e920d1b6058baf7d641c5ba0b70de |
| SHA256 | d8b70c9603b72404d8436aa9e4528f01e1dc45aef7834046d321b1f0a543dd08 |
| SHA512 | cc499b8e50e008530e67c8d8c06cc8c9b8facf71eb851f63855d2a180a00e6773b666efced032f93e68be048563c5d0d575274254583310c89a9e7a11f46c1f4 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cache\V0PH3MCR\web-worker.440858f9fe4973b6d967[1].js
| MD5 | 3c27e2c5547d9a2776909c6c8da8bff5 |
| SHA1 | c347bc4ea26cf2c55475b558ee9d29b739070c87 |
| SHA256 | 0c1146defd2749d575ddf1f34be4c0c6fe6991de08adcf85555c255df9ede1a8 |
| SHA512 | 9173de0eb213aa52d84d21bea9697c7abeffd5b8be2085e53478f4821c219f1b133dbaf10a26584405880540643bf0d1bf9e9e7718339da7fc03811c7c8231d9 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!002\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53
| MD5 | da26794ff771dc3d9e896bc1873b3f4a |
| SHA1 | 21f4258056030c93a9fc2ee772e3dfc0fc4f8d92 |
| SHA256 | c9990a0c6e3161572ff16108a6c32652061402a6e3385fdd68f8a729d572f742 |
| SHA512 | 998d322982dc9b197b6291440c0abd14522010fda2e6b2213636ea1435d27534db630e4275dcc043ddafb6bcb3ba4db481aad12246f75c951de69f0889e26ef6 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!002\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53
| MD5 | 215aac47e140d8e380099ab28fd3b241 |
| SHA1 | 3015f1faa51efd27f3cd38ef530999fbc6a447bc |
| SHA256 | fc6b804476191588fcb7cba86ad74dd4211296597dba1750de288ccf585f9379 |
| SHA512 | 0a905d8c69e1b8f60f1187ecdfe8c4f91160fa832e23864d870e7325c5ba464a98091b415094091420fb61328bbce080e4c6ef20da23796711c59c605d1f5150 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cache\WIRBOOEE\otBannerSdk[1].js
| MD5 | 9407efa17b9fa09288ff833eeb111cc7 |
| SHA1 | 4fba1d46d43eeaeff48b8493245e5cda953285c8 |
| SHA256 | 9cfaaf4e24c9a20159123c632711d2cbb98854a66ab659a5c24373633f180d4a |
| SHA512 | f864566e20f37099463b4bb39665a52293402d293f9bdbccdac3b6cda7db41f91ce79c34786129f84c822f2c35a7a0976060fcd97271dd27685e4f6255f70b0a |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cache\ETQUW8PF\otTCF[1].js
| MD5 | ccc7bdfd4fec43bb4e2ee254705af6f9 |
| SHA1 | 9a2a188ff810fd0f025266d2b65f448a5ca84181 |
| SHA256 | 0881d43075354250e7ca66af2628b7f894bca339f73be5add8c16e166d253708 |
| SHA512 | 93e7b2cf7c54dda5bacede673dee2829335642aca27eb36afc4a117ee38e00bbc2ee801d751c7af5cbd1c31d0fb92643a862ca710f243e4e9fe64027fa0e39b0 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cache\N6YYF8HN\en-gb[1].json
| MD5 | 816d49758ab391b0e0e37e91185ed9e6 |
| SHA1 | 8a0767e4fb5f4929b5976a023bbcd95dd7457d3d |
| SHA256 | 369cbbb82b32dd6294630cc2ab4037d3769061736ddb2ee9aa13884465f86b57 |
| SHA512 | 00b7eb2271a728a912c2f8c463c7969b7bf13265916b6d4d8b01faae9d9446cced224f391c82fdc99b7a59cc88594f9964344758aafd71ca2a140af7d9262aa9 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cache\N6YYF8HN\iab2V2Data[1].json
| MD5 | bed3500127cab0b4be32181b655b9a05 |
| SHA1 | 04ecda6ae72e0fdb04ae74c565f5bb3fcb105dc8 |
| SHA256 | 9db97a106f0b0ef7b0f75239ffd244083dd2caa0b3c4286cb1d77583893f5e71 |
| SHA512 | 87bd62e183b7f1585e721a226ec628b9c33aa0ec980bed9e1a640547be719d5194a5c339a434f87f15b9d48d102f570c5b2a57d72e5e2506b28bac29aa9feb7c |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!002\Microsoft\CryptnetUrlCache\Content\EAF8AA29A62AB29E614331747385D816_5C1009244D39FCE23AF8F277537F2613
| MD5 | d7df8de560dc302d1cdae96759a84b6a |
| SHA1 | 5b67b7e51e6c8aab2e56a2b0472adf6ce5a343f9 |
| SHA256 | 94c621dc5c7eeda995b9fe6a845c29bb75ed3c93f671b138bce5fc9b82078d50 |
| SHA512 | 91cc5e06b76810570a766355f0d37514804916786b8bc0b264c641e7d473a8ba730cf9ef88504d394310cb72923f1d622d487c712c298f39ce5648ac351d7f50 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!002\Microsoft\CryptnetUrlCache\MetaData\EAF8AA29A62AB29E614331747385D816_5C1009244D39FCE23AF8F277537F2613
| MD5 | f7138ed92b7ebfd2143ca81a88afa847 |
| SHA1 | 824d74f202500ed1f0db81b77bbb939cd8df8d34 |
| SHA256 | dbf6656848a5f1b53b567c9ad7d0b579fac1659cf48ccaa5436fbf9f31cafdbd |
| SHA512 | 1e772396444a013b09e56e74d959c38b7acaaf01c3372f052ea7a4f52992a4574530298901b8b97467a2f318c897229dbd8e8bb7554e168bc64fae97be9c13ac |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
| MD5 | 8487b9eda2082be69645caa59f8ed292 |
| SHA1 | aa4cec53b02dbb536257e6fddb6c8dd6b66862a2 |
| SHA256 | c88247aad0b31c8d8c1c0db146fdb75b7270f7dd2ed3131eec6335765b6859ae |
| SHA512 | f61bd198f134996af60b8788b21727f2237fb40a6ef19ee6abb9793cb1eb81bfe6c886e18023708e6228eee64c9ab621d6a64cac40ec661e1e278cf932af66ae |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
| MD5 | b208521c2c31c62015c38bb85feb51b0 |
| SHA1 | 008316003e88bda0ae51d666e28934a367090dd2 |
| SHA256 | c34551e0a8993957869ed2b41357128f47bcd889d141a11b4b2fab20ac678a88 |
| SHA512 | 97a633887ba4208336c9c4a28edfea165c4d6a88daf119cd09d608f76933b8eef9cab5bcc820401d892d923fb11d5646d6db340ba58903ce85341a3e61070ae8 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\LogFiles\edb.log
| MD5 | 4bf86b2e2967c5694e3c0d812507fd6f |
| SHA1 | 497ca8740b659416b73d0282415af5f905838ec5 |
| SHA256 | 21d82d3e5190aa1c64dec38e73086b2874afb22caa02f5c54cc06ab068efe097 |
| SHA512 | 9cb16365b33ea630ffe4005769e80f8b77746bdfb0ff0fa23ac96798f0926373c49c2eda8db14414e1ec55089cd121df2b18cddb3d9551db469084ae667d6e2b |