Analysis

  • max time kernel
    90s
  • max time network
    146s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    03-06-2024 10:23

General

  • Target

    butterflyondesktop.exe

  • Size

    2.8MB

  • MD5

    1535aa21451192109b86be9bcc7c4345

  • SHA1

    1af211c686c4d4bf0239ed6620358a19691cf88c

  • SHA256

    4641af6a0071e11e13ad3b1cd950e01300542c2b9efb6ae92ffecedde974a4a6

  • SHA512

    1762b29f7b26911a7e6d244454eac7268235e2e0c27cd2ca639b8acdde2528c9ddf202ed59ca3155ee1d6ad3deba559a6eaf4ed74624c68688761e3e404e54da

  • SSDEEP

    49152:5aA7f7tlVmdqK23H2bpHI4Qs5ABV9WRHZRsgI82lcHGAaKLinXBgJ:Q+VMkX224QsWBq5SfARGRgJ

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 7 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Drops file in Program Files directory 6 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 60 IoCs
  • Suspicious use of FindShellTrayWindow 54 IoCs
  • Suspicious use of SendNotifyMessage 50 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\butterflyondesktop.exe
    "C:\Users\Admin\AppData\Local\Temp\butterflyondesktop.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2028
    • C:\Users\Admin\AppData\Local\Temp\is-O67G1.tmp\butterflyondesktop.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-O67G1.tmp\butterflyondesktop.tmp" /SL5="$30136,2719719,54272,C:\Users\Admin\AppData\Local\Temp\butterflyondesktop.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Adds Run key to start application
      • Drops file in Program Files directory
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:2148
      • C:\Program Files (x86)\Butterfly on Desktop\ButterflyOnDesktop.exe
        "C:\Program Files (x86)\Butterfly on Desktop\ButterflyOnDesktop.exe"
        3⤵
        • Executes dropped EXE
        • Adds Run key to start application
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        PID:872
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://freedesktopsoft.com/butterflyondesktoplike.html
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1864
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1864 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2472
  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe"
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1660
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef61c9758,0x7fef61c9768,0x7fef61c9778
      2⤵
        PID:1364
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1132 --field-trial-handle=1288,i,8003699266599392115,7762097570501320826,131072 /prefetch:2
        2⤵
          PID:628
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1500 --field-trial-handle=1288,i,8003699266599392115,7762097570501320826,131072 /prefetch:8
          2⤵
            PID:1396
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1596 --field-trial-handle=1288,i,8003699266599392115,7762097570501320826,131072 /prefetch:8
            2⤵
              PID:1056
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2244 --field-trial-handle=1288,i,8003699266599392115,7762097570501320826,131072 /prefetch:1
              2⤵
                PID:2020
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2252 --field-trial-handle=1288,i,8003699266599392115,7762097570501320826,131072 /prefetch:1
                2⤵
                  PID:2356
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1296 --field-trial-handle=1288,i,8003699266599392115,7762097570501320826,131072 /prefetch:2
                  2⤵
                    PID:2684
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=2124 --field-trial-handle=1288,i,8003699266599392115,7762097570501320826,131072 /prefetch:2
                    2⤵
                      PID:2824
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3196 --field-trial-handle=1288,i,8003699266599392115,7762097570501320826,131072 /prefetch:1
                      2⤵
                        PID:2692
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3396 --field-trial-handle=1288,i,8003699266599392115,7762097570501320826,131072 /prefetch:8
                        2⤵
                          PID:1808
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3556 --field-trial-handle=1288,i,8003699266599392115,7762097570501320826,131072 /prefetch:8
                          2⤵
                            PID:3040
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3944 --field-trial-handle=1288,i,8003699266599392115,7762097570501320826,131072 /prefetch:8
                            2⤵
                              PID:804
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3800 --field-trial-handle=1288,i,8003699266599392115,7762097570501320826,131072 /prefetch:1
                              2⤵
                                PID:872
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3860 --field-trial-handle=1288,i,8003699266599392115,7762097570501320826,131072 /prefetch:1
                                2⤵
                                  PID:2828
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3320 --field-trial-handle=1288,i,8003699266599392115,7762097570501320826,131072 /prefetch:1
                                  2⤵
                                    PID:604
                                • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                                  "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                                  1⤵
                                    PID:2448

                                  Network

                                  MITRE ATT&CK Enterprise v15

                                  Replay Monitor

                                  Loading Replay Monitor...

                                  Downloads

                                  • C:\Program Files (x86)\Butterfly on Desktop\ButterflyOnDesktop.exe

                                    Filesize

                                    3.0MB

                                    MD5

                                    81aab57e0ef37ddff02d0106ced6b91e

                                    SHA1

                                    6e3895b350ef1545902bd23e7162dfce4c64e029

                                    SHA256

                                    a70f9e100dddb177f68ee7339b327a20cd9289fae09dcdce3dbcbc3e86756287

                                    SHA512

                                    a651d0a526d31036a302f7ef1ee2273bb7c29b5206c9b17339baa149dd13958ca63db827d09b4e12202e44d79aac2e864522aca1228118ba3dcd259fe1fcf717

                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

                                    Filesize

                                    1KB

                                    MD5

                                    13ed5e0369cedc64c8437eb9a493a981

                                    SHA1

                                    880053c91809fef7b2a3d688143f554d5a05c0bd

                                    SHA256

                                    3560614f2f62c19498d2ad6c3b9fa8f232883167479de05e924a5a3ab19a8454

                                    SHA512

                                    18b3c940a3b722b58c476af4141ab987ed9f7557c1e52f3f20548b2c209abd67c943761d22e20ed59c36d69f8cd911285aff7efdf2d20f51c35cad62932aefa0

                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_798B036C05F381321FD6C3F00885C62F

                                    Filesize

                                    472B

                                    MD5

                                    35f535eccc86c0980ab5fe260bead0ac

                                    SHA1

                                    d90796da7a4f43142767e4cf7e710f97d805cced

                                    SHA256

                                    563e2cbf8667dea0cc4d985721c73bf8c74111727d529720d76d9f4865e21109

                                    SHA512

                                    dc79a4756a676818974d1564005cbc645733121a26562740fc9b0a67e99c2ccbb7e6818836bb9f7d94864b38301f0ad9c4fab5505281921a5fea6f9eddbde116

                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

                                    Filesize

                                    70KB

                                    MD5

                                    49aebf8cbd62d92ac215b2923fb1b9f5

                                    SHA1

                                    1723be06719828dda65ad804298d0431f6aff976

                                    SHA256

                                    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

                                    SHA512

                                    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_D727CFA7BCFAF501CEA426110263B756

                                    Filesize

                                    472B

                                    MD5

                                    495abe1928643ed730ca074a5266a645

                                    SHA1

                                    1e29b95486a0eff557b8535c607c2240ede505db

                                    SHA256

                                    c4267593e63a51c0e3103d42bfa4667515ce34b8636011959e0aedf58e82cbba

                                    SHA512

                                    cb994c8fede0f952460368b3a53e8bcb76b45f92e53f38f93fbf57d91cdda01354b22e172c40e4057ac002a6e443a0a5beaf0fefaf2c7f08b3165a8dc45c5e1b

                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

                                    Filesize

                                    724B

                                    MD5

                                    ac89a852c2aaa3d389b2d2dd312ad367

                                    SHA1

                                    8f421dd6493c61dbda6b839e2debb7b50a20c930

                                    SHA256

                                    0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45

                                    SHA512

                                    c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_1FA458B79FBC47B1C202EDEEAB58B8A1

                                    Filesize

                                    472B

                                    MD5

                                    65c56325e2f525e5f762c711271ecb44

                                    SHA1

                                    efa222a84bb6aad15a0d2fa4e59469b6e8fa7fb9

                                    SHA256

                                    c50cc32482a3b5458b7ef9b3ea7e379f2c4513694d4540a0ae90dc5146ca2442

                                    SHA512

                                    594d9dd53c4ce40d0256b261e8f958885a8312eebaebb74e01ac308dfb660797f40a506a92c110b28029d92657eab179dc64bada254ee589b1ad03444e02a313

                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_63F40B816FCC2D8AE14321B58D77EB6D

                                    Filesize

                                    471B

                                    MD5

                                    fb98be0e2a2e62e55c0578d27a67af72

                                    SHA1

                                    9a4854164ac1a4d1ed3c40ecaa003a76ea0fd452

                                    SHA256

                                    8382a2b41dd2b2be0900ca2be9fd647a00ac2a6abbe9be988c0fd4fcaaaa4800

                                    SHA512

                                    9e6e30be2258d954539821026e4ad01f6d5d30c7591c7939b2e5e66b8e1215139b39338397e1caf3e6147d319d1e5971edf31f9d0e0d29e062464638f1cddab0

                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_DBD1FAADD656881B5EBDBC1DB3D60301

                                    Filesize

                                    472B

                                    MD5

                                    9dd79a6f651a37175d67de52b60cbb53

                                    SHA1

                                    0088a4294701ff338b889456cfca02306b5548bd

                                    SHA256

                                    bcda40ba3fb7bab5600937e5be5bb9312091b656982d564e4022a9e9a4088d6f

                                    SHA512

                                    0024cceb17665b8c0bd31632432c1a00d772ec5752c7c3c8e62b2d4c5ff2e7b0e11666c5b14cd45c14055cd3e30b0b583ddb1dfa0b1736767b7e8ba7850be830

                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

                                    Filesize

                                    1KB

                                    MD5

                                    a266bb7dcc38a562631361bbf61dd11b

                                    SHA1

                                    3b1efd3a66ea28b16697394703a72ca340a05bd5

                                    SHA256

                                    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

                                    SHA512

                                    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

                                    Filesize

                                    410B

                                    MD5

                                    e42d4ff91285c1b2fb860c697d06df93

                                    SHA1

                                    06f8f52ab910cb46c625c830721f1c92258a3fc3

                                    SHA256

                                    0cd408a89bc9456dd43dd4b81c774d6146a31ca293c88730115a26899982bad1

                                    SHA512

                                    b76d58f2abc4d628ff1c8db6a61a38c9024debf18f876d5db2bafa7201d2ceef80ac6cb6cf3f31e5ecf6ff5f88fcd11fbc58ec899d6d3560c299ae816a41c4ab

                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_798B036C05F381321FD6C3F00885C62F

                                    Filesize

                                    410B

                                    MD5

                                    abcce81594d5a1a1b6e198ae8bb12761

                                    SHA1

                                    26542f6082298f7837ee6164105aa781767963bc

                                    SHA256

                                    42aad1ab48363494365967c28d9d516bfa97e35acab3a3e8c8f513f1fcd73d85

                                    SHA512

                                    985df75f26d5ef782b92979d59f1b762af45aba4f74d0acdd04537af001b1c985bf383364d000e88acab8fb070ac6f24bcc30c45919ec2e552c837f882622f13

                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                    Filesize

                                    342B

                                    MD5

                                    3ba6ab97d4845200eb2acc60de2c3e92

                                    SHA1

                                    de46552b5e8c7c4acdd7017cac68bda53fa16a1c

                                    SHA256

                                    1064dba06de9671ce9db5c8964de50805db7cde9540e07d7e3d10128d2bcbdb0

                                    SHA512

                                    34b64404a961b9e92c299402e45b86df5390ef522bac98332994126cf78d77bfe207783d0a29947fae55e4c40e53a0720ea038755407131714c83a490aa41256

                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                    Filesize

                                    342B

                                    MD5

                                    75f992a829026a6a8b52a5a53b18ab55

                                    SHA1

                                    470f4c13694d7ab6e40a28ce3c733198cb72d480

                                    SHA256

                                    804fa73988b30adc935178c977249fb355bab34772ac3d40d66d330233909ec4

                                    SHA512

                                    fd98276ebb651062c73d64c0a81fc1729cb1df56d5920b986331bfe66c9cf022501ab955a13e1d47c6d3bd7e25c3df7fdc783d9b7e1d88ebb9b8f748ec69542d

                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                    Filesize

                                    342B

                                    MD5

                                    9f0a1e107dd89caf1cbb8719f411ed6c

                                    SHA1

                                    2a0fea9d5343762653ed6ea63b74acef83464afb

                                    SHA256

                                    25cc2df1b0ebf0c66f5dca3f3b08e5f7da2cf47f3bb640e38d4f4b98c8d6be1a

                                    SHA512

                                    b530f822997402fcf84b5696cb90e3ad4dc308c2922774925947bc8b7e6abb0e534cba635c643e2bdb6c486bf01fb33d863397d6af2d4788664502e167068563

                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                    Filesize

                                    342B

                                    MD5

                                    43c9e9c97358751f88582177153cc1e1

                                    SHA1

                                    82135105b504b75846a0bfdf8f67d495a3d67ed4

                                    SHA256

                                    018150e0c85a424db7f1d83003f1f6e9bf98a212ad3c05d41052654537e30c59

                                    SHA512

                                    7abd2514b5d672b735f6ec16009d604c57fb8e18a0d8c90b2cc1dba2c0fe647ece41b6503550e195f710d077a9629da7c6b64422d6fa06dc65c2dfff552f9980

                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                    Filesize

                                    342B

                                    MD5

                                    fb15f0d87977d2c2f1801596e671a364

                                    SHA1

                                    28a2812519b94200cceb6cd9ef591c3df2c5eaf5

                                    SHA256

                                    cecceac46ef64dc21b77c06898d319b35e5f61aa62c2528998a987ba189582f1

                                    SHA512

                                    98273841036be38daf8289bd869e6bbf8df610f1a8f1ba527568d8ce358b93b561c3255d3f2823f8a332ecbba21ae3305d68d3231f89b9c48a555186b3cbf1df

                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                    Filesize

                                    342B

                                    MD5

                                    0fb7b7efa5f9e00d9385a0dd48e25b98

                                    SHA1

                                    9279ae166b74be4e6371188f9c4affa8b9e5b9ff

                                    SHA256

                                    cb225b03532ff62c59e807fafa5df83715d89f9415c5ed8d63aed5928d1edd33

                                    SHA512

                                    6995307ec58f5a5910bbd7e72aaebeafc5ab6bf4e805291300a766ad834bf3c4fa710574334ba3a52a69a9b873cc7f3d507bb3095c2a34c946656e95e4db5c34

                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                    Filesize

                                    342B

                                    MD5

                                    49b50df2e26df7be73ebf954ca41749d

                                    SHA1

                                    d19cd3d0a932a6fcf72f11bd3079781cfde00f14

                                    SHA256

                                    ee79689b1f5a00aa1367f81b0b4ab2f7dfa1e0657ffeb46e703d0d0ab3d1c979

                                    SHA512

                                    40458918d76d67d3ab62568c510bc7e05f9d8cc7bba95a20132c1716051311b488235072e2ef72defccbd443a87b8727f050ad3dde222f08a1baf70909e8b194

                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                    Filesize

                                    342B

                                    MD5

                                    dfd8c70e4d45ff80fa50215f39b71692

                                    SHA1

                                    096d808e3a6f8f2f97ae16781d8ec220c67605bc

                                    SHA256

                                    a972a72b36cf9c145d6eafbfb6b0cf38e6c9363883671373a8c9b9a4c3325925

                                    SHA512

                                    cb1922a464eeead73e744e64fc5d860bad504734e9201018f6ad0585b80851119770820f4365a37ebae0f7673ce8cbb8785573f3790f8aac6e1808dd3685d2e7

                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                    Filesize

                                    342B

                                    MD5

                                    6dc9ada20b1c92892c7f514c22132074

                                    SHA1

                                    029398207b95f27a2cba66f45454bc92e16db046

                                    SHA256

                                    6d8864e776110337af470a2ba0ef92b3bd9a11bca986b23099a4b3b1bf88698e

                                    SHA512

                                    cc7c1b906cc5d8fb277f7b42f8737d82577b4ff3e933a598ac3d73a43c917facb410f1304063d21b86e6db7b51185cda4514e44edd4bc62374296dace1cbebae

                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                    Filesize

                                    342B

                                    MD5

                                    9fc448cb85f24e3704c7099af37c5a72

                                    SHA1

                                    aae140573fb9be7713ce3e6c8c6f087db12c57c5

                                    SHA256

                                    b4ec8aa0a0538605e3027b1df7bc11de7d6e23331faba6bed56b9e3b4e81aae6

                                    SHA512

                                    214415efeffdd91c445330c465e87cc034bc77a2030590cbce46f409658ffc3053cf26d59385362351fe3cc626b8f58213715fe4e3ba9698e9887b62af0bff4d

                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                    Filesize

                                    342B

                                    MD5

                                    6ad84989b69521d08b99ff0f038bc4c1

                                    SHA1

                                    3249cb08bc09b7b91b9cceec632115f210706ad7

                                    SHA256

                                    9ce4f83ed64ef1afd474e1932ceec9c7399498b20fbe310119e8dcdddd0ebbf1

                                    SHA512

                                    386b020208aec835786b089660db8a8a3d383a0693c432c65b39d1f1ff9b7071053caa6dd75ce7364778bc6635c85183e30f5b901323f2ab182e3829fbecaa36

                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                    Filesize

                                    342B

                                    MD5

                                    02a4cc6c8dda5b2e40cd68309e02416e

                                    SHA1

                                    77b7694c6c69d32a28fb84973b995c84a5a2a551

                                    SHA256

                                    400ab3f11323803433c4bbf8db8a4990c8fc38a8c16095a999fd0ad4afab6c2b

                                    SHA512

                                    435eafde0af4aae1ca47bd6502cbc92883d47d650694c670840e8c2f03ff7407448c724c42659f4d344feac7d3f0bb4bd03f503528e2f14794a32bcc1b5a928c

                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                    Filesize

                                    342B

                                    MD5

                                    acd08d62f2d46fe8e4eb8c8063a3832e

                                    SHA1

                                    422f06261867044018f53fb51c75102db667d452

                                    SHA256

                                    ea1ec5eb0fd765674ebf81d4b91fbf11110378b428d28d88f018ba2d7aeff734

                                    SHA512

                                    3d38ccdfb4f082a5053e93a3fc97fb351d165cab5746251847ae5aa5f5704d5528a62d1a0336cb436e2a60a4d36c98671f319c92421d9e0a8dd1153778a52427

                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                    Filesize

                                    342B

                                    MD5

                                    a58a554b38b96778d3f47010dae1f70b

                                    SHA1

                                    7927e458a125a16c2c7f29c30e074fcd78244852

                                    SHA256

                                    0424e4cc34463bdf5ff811c4bb8c40d17fc7bb4f8c4fa6f11207457f232c6089

                                    SHA512

                                    f46e719aeb9269199114fcadd425e830fb6cb6abd5c383cf16f106f37a35c4705dbda6663c67d92d02562b78e73c09d34a3ef5547db48264546aad2e79291b83

                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                    Filesize

                                    342B

                                    MD5

                                    42bda462f9627eaaed33e6e219c25838

                                    SHA1

                                    21002a94db0755c288245a5c343366df511b809d

                                    SHA256

                                    ae32749f27bd9f4ba9f5990ea1eddf84f57efdbd370ad5ffa08e075ffc5add83

                                    SHA512

                                    05c7f2df1dcb74969b58c941ad05e073209a1a06d8668bd33455d4c208daec2b9d0bd13e0cd20fdaa37d5932f3101e8db8575ace0b6851b5ec91bb7264cf579d

                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                    Filesize

                                    342B

                                    MD5

                                    53a2ee11c963f912ce978e539c1498e8

                                    SHA1

                                    cbf7dd9432897ec9062d2b105c7ccadd5768c3e1

                                    SHA256

                                    bcbcdcee82a3b46f6141ec1a68cfaae6e8bb1763d993ec0df824631f9324f30e

                                    SHA512

                                    2c8fc0fd08c1a694bd5c3d18c39287740d2ff2293fb35bc39420a56e06f26f2b8874a27c0a5495110bcf88fc7604270c50cdd3ea7c38d7df994a7bafc2f97ec7

                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                    Filesize

                                    342B

                                    MD5

                                    2309a738a9b154736adf5d736c32f1c4

                                    SHA1

                                    e64ebba89e1152e220beb655bcdea033023bb601

                                    SHA256

                                    02e6633a44ce6a3c41661cec0e3f9cd883ac04528a7002a5f2d31d36f94dd9f7

                                    SHA512

                                    58b722a4ad8b872c53fcdf03182b2ece711aa88e4871deebde57b3b94f0a4c89e3f5879e50b94da877f75aa8fef2b883924bf19bf6bb9156b97a61453c852ed4

                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                    Filesize

                                    342B

                                    MD5

                                    f28bdfa761eb60abf34e37149274875b

                                    SHA1

                                    cc3c791985b4c9ab74f05c1cf8104f1f2a4c2780

                                    SHA256

                                    6265fc201f4d268352acdf97c2de6aeb30374e0acfb83947d96215cc6bd07114

                                    SHA512

                                    fbcd6df12489bae7d5b9df21ced3879179970799adb0101f3868d3527551e8f733cecd4db92f5d04f6be27c1bae1727f573fd6c56480feed7c01df02a7dc2b56

                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_D727CFA7BCFAF501CEA426110263B756

                                    Filesize

                                    406B

                                    MD5

                                    4a2bd4cc952be2083eb3ae7006bb307e

                                    SHA1

                                    6229e504d906807139a9d85ea02d2ce928712094

                                    SHA256

                                    a16fba46baa94df99169b704f1f093250cce15351529dafc0a7b9de88355e8e6

                                    SHA512

                                    7ce1a55c78c93dcd983792b97940087530c52dc2b13e2238e688e07ab7f4deec7b9673d612f85283395185c1b8f8b2eaa5d0c2525d4555b716a274974d036ff6

                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

                                    Filesize

                                    392B

                                    MD5

                                    6700afe139daf3ff46d811ca530c4887

                                    SHA1

                                    0ccb30033373112b5bb1752fda8213faca2dff00

                                    SHA256

                                    71353aaff1888474ad1f299a788e5cda79e0d616ff045e2d9d7eb1db8d2f2c31

                                    SHA512

                                    38238a8331923f15aa606303ba5a8e9529bc16a371feab78a7a435c2cc89e0d0960dd196d69be1abf6691673747d92353cf4d754f220b86352bcc3bc388cad4b

                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_1FA458B79FBC47B1C202EDEEAB58B8A1

                                    Filesize

                                    406B

                                    MD5

                                    ff653ec50a1ac8e62bce7b28a3381b3c

                                    SHA1

                                    4eed9736f1d7b3407731dc6d6f70b31f43da0005

                                    SHA256

                                    c18fccca7ac046df509c2aef063638e99c4702434ec1f8ebe421626bc18e8337

                                    SHA512

                                    bfb7063392ac1541965a02160a49e57c9b274c9346e88a2bad34633720e0b790d41fcaf6cce8fe987c9b24b537e813dadeb4f7728414438792309e8363d61e4d

                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_63F40B816FCC2D8AE14321B58D77EB6D

                                    Filesize

                                    406B

                                    MD5

                                    f548fcbcfe5c28034a7aa4db8c13b1a9

                                    SHA1

                                    4109b4bd6e2a0e337456dfc58375dd7b0bc8e9a8

                                    SHA256

                                    0fafa13c25686601d16b82bae8a09f28218be13a41dfc557b2a00be2a1c538bd

                                    SHA512

                                    505125b0ad4a2ffa7bd53f9352d0d1e6750db0ef251f81d6fbefa3c78fdc685b9559d3ec1f82f46d8a1ea7d946b760c217d2a9bc7855a950b1766d36fbff8c64

                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_DBD1FAADD656881B5EBDBC1DB3D60301

                                    Filesize

                                    402B

                                    MD5

                                    104c6d50185d46018f5eccdd5d18ff4d

                                    SHA1

                                    c1728289294b5e4d235f985227a1cce5291a0c29

                                    SHA256

                                    a3cb6e3cdf2fe43be85c06e2c5da3377bf302589127dba8ac66a9a233170faac

                                    SHA512

                                    292019236ae46bc5cd041a896d7e39951c198d30db358d0c7e2a0c0f8a70257fa5259dac63d84db345a9b2b40ce7421fbcabb134d0bb31730faa65648430cec4

                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

                                    Filesize

                                    242B

                                    MD5

                                    de70869833423a50b6125bae5387a87d

                                    SHA1

                                    f8fd52bf51434709aa57910102dc11e364de8c7d

                                    SHA256

                                    55fe72d72f0e7363b53edf43b048e76d56825ce79e09e83d2c00da134a298859

                                    SHA512

                                    1f2d31b29052baaedfafed7a9a4e491c7152a9453122a26debf5a30e1658ecfc59b0cf1b7fe0168a4f678f5a6b98cef4f60b0e3a99387b89de0b997995a2a9aa

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\16434067-e238-4706-9cac-d9a33081728d.tmp

                                    Filesize

                                    6KB

                                    MD5

                                    9b9cb93cfd1f8d9cb35a175add0f1020

                                    SHA1

                                    30f7d22a96bc94a19ee2963a7c472f91beecea84

                                    SHA256

                                    ffae8560c4cd347de081405b8eeb1b53aec2a6293fb4decf6d0b092d1b5113c1

                                    SHA512

                                    c9fae0c484552fa050ca5efe8414a440b3fb336403a302748b250b282bd783bb559c7bee1c2c2e9f1fe074d71072f04b64662ccef98e05bcd36e3c86f5a036ed

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019

                                    Filesize

                                    102KB

                                    MD5

                                    c20dfe363f6c8c073cd6b1af689c770c

                                    SHA1

                                    4365003e50b7047922d60af0f6758f43892303a7

                                    SHA256

                                    1fefbb0ed5266f9aa0efd559d60e2f7c2ec68aa151f82c70bd358e5e64a4b8bb

                                    SHA512

                                    472c0741a1270957e541c9ffffe29afaa189a84b6fcb497fc88a4575dbd73c7ab6f627aa78239ddc055fc58657089d376ae15250b2a86c1346412d250008fb3d

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

                                    Filesize

                                    16B

                                    MD5

                                    aefd77f47fb84fae5ea194496b44c67a

                                    SHA1

                                    dcfbb6a5b8d05662c4858664f81693bb7f803b82

                                    SHA256

                                    4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

                                    SHA512

                                    b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

                                    Filesize

                                    264KB

                                    MD5

                                    f50f89a0a91564d0b8a211f8921aa7de

                                    SHA1

                                    112403a17dd69d5b9018b8cede023cb3b54eab7d

                                    SHA256

                                    b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

                                    SHA512

                                    bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                    Filesize

                                    1KB

                                    MD5

                                    668cf8a240b19f6803ee41e0ddaf3da7

                                    SHA1

                                    181e9cb335fc9f2e214b6dd28060516bb1dd2b03

                                    SHA256

                                    26d9a543a79c7885f3a1534a1bfb94065c7d02dce9a518c9bb62024af8843e45

                                    SHA512

                                    154e16db169e57ce0fc592952ffc8e24dc3634894a043dfbb2d48fa6f98c7eccea1814de46f1a5a4ef4ba5396d20759aaa8d40e85c7f17f14837309719f7ec84

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                    Filesize

                                    2KB

                                    MD5

                                    f8c3233ce5bd36b50c0ad4d45c91059d

                                    SHA1

                                    b6a562be171ab26e9f562b9b99451d98bc2d23b9

                                    SHA256

                                    fd9a5e9e46cdccb1f1c1429a8e7d25ad7db8bae979cfecba2bda25540c11b486

                                    SHA512

                                    72650d1e1dfa84e7bf0cae749292771af129e64fe3c9a9a373b74ac16f364225acc59f88ed23fd18423e3d895c52addf788256ab675a66ca0850071c4bd7e0d2

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                    Filesize

                                    363B

                                    MD5

                                    d38f661772a8f39166d372489f0fc9c6

                                    SHA1

                                    7e94c25bcd98d07879a205f3eee85f0d8f689e59

                                    SHA256

                                    a01c4ff4716f23451461d30f733349480c40ac43b8875d734cb741aaaf5652b6

                                    SHA512

                                    a7ef93d714c6224c5044ba96014c9417da5aa049de28bb6c218f73c2e087c21b938ff73667c1b6e04b75415e89c77d0d0d9aa9cbb88dc3e35c6e950a4f5c3614

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                    Filesize

                                    1KB

                                    MD5

                                    f1c201e0592a3a326ca5e90d9138d068

                                    SHA1

                                    ae55dd133a130b260934a6428dc01b729cbb15a6

                                    SHA256

                                    bd152f7e32ba9b7379f87ca8dd525236e7da3506c28cf83128f5076db2335ea1

                                    SHA512

                                    a5b1fe463dacb205a8d1dabe386cfc76d84ae79f96a25238a7ba50f882cb2a27316815c1f0b024e04845960804b5011e7c9b5adcbd1de942148a4b951fa14fab

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                    Filesize

                                    5KB

                                    MD5

                                    8b8ed4a983b5a1a38a5e659f6ee18266

                                    SHA1

                                    4edb9029d3f1b05c067633238efb55a123fa21fa

                                    SHA256

                                    48709e8a62140e06c6bf5af6bb0e5eaea1d598561cdad2c3ec94ed8555612676

                                    SHA512

                                    45831a4452e343627c8d0140422b22394f48d7c5e8e2cbd591bc4a43033aa7afbe3ce1020934171af76b4765ed21c711789243f2b643a022d5512d249a1485c4

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                    Filesize

                                    5KB

                                    MD5

                                    266dedd472130931a69e5f4d40e90d50

                                    SHA1

                                    0caadaa9cf1f456fa78c169d781ed77c0001d92a

                                    SHA256

                                    37709719f4557d6d0aca9dad93b00a1785731b1da417d88e520f69e88412f408

                                    SHA512

                                    fce8bcca9ac9686a56b0b86622109ba549844303e36cbc10adf8f6e4a650c435143945a403bcb88180b143556f4a77f0d8ab23066f7f58f093f04479b817d805

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT~RFf77adad.TMP

                                    Filesize

                                    16B

                                    MD5

                                    46295cac801e5d4857d09837238a6394

                                    SHA1

                                    44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                    SHA256

                                    0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                    SHA512

                                    8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

                                    Filesize

                                    16B

                                    MD5

                                    18e723571b00fb1694a3bad6c78e4054

                                    SHA1

                                    afcc0ef32d46fe59e0483f9a3c891d3034d12f32

                                    SHA256

                                    8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

                                    SHA512

                                    43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                    Filesize

                                    270KB

                                    MD5

                                    0795cbc7283823d31e1c5a486d5fc7e4

                                    SHA1

                                    f89afe8599b4f24a4c9027c158d8eafa14160af8

                                    SHA256

                                    7070f6c4e5c204bd89e40734fa5582896440a834a443670dd6b67b181759c269

                                    SHA512

                                    51c54717a9ea6dd1e9c635b646a8376702aa03d56c5a8a99a5c5013695343931b0e22ed48287c1a51730d79dd8e9d455ae0db064712c835d4d32294dc5a215c4

                                  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\SL6R9XF2\www.google[1].xml

                                    Filesize

                                    91B

                                    MD5

                                    1a59ae65154d85c5e1e211adf18fee35

                                    SHA1

                                    cf05a895e4be759fe232204a40938f5b9760d2bb

                                    SHA256

                                    c8b37b9bf2a10c428d5a119fa477ec7286f99ddef655d1b4598557ff479aff75

                                    SHA512

                                    641b42bb549025f533583d513d3ff22a1af9e35f4cac11325ffe4ac2e7a2ddd0b7572c959e03056c9b365051e24d5edbce8368b95de912b1e9d6b7143d0ae6a2

                                  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\WOXNQ61F\freedesktopsoft[1].xml

                                    Filesize

                                    13B

                                    MD5

                                    c1ddea3ef6bbef3e7060a1a9ad89e4c5

                                    SHA1

                                    35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

                                    SHA256

                                    b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

                                    SHA512

                                    6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

                                  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\WOXNQ61F\freedesktopsoft[1].xml

                                    Filesize

                                    5KB

                                    MD5

                                    002f5ab6d198b04dc4cb13f4f50d9c36

                                    SHA1

                                    35850743fd20a1c0cefc688aadb6eab90cd74a87

                                    SHA256

                                    7e19417cc421b97f5c4443245065ff833e276b6f7d01474fca3fb2ae153084dd

                                    SHA512

                                    975be3ac279f3b65358f27424c8d080df73508bc4bcc01b485098639615c8211d9d267a97b98b21a979db866229246b92ff32922e6b1dee1bf232f8236f68b51

                                  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\92bocja\imagestore.dat

                                    Filesize

                                    1KB

                                    MD5

                                    5ad2f71eb8c75ff5c920cef16773af0b

                                    SHA1

                                    1c5dc598c5ad0295f293edcc9917b3cf803fee5c

                                    SHA256

                                    700d77f74d04437f299dea7da5b51d13ebbe0836bcf340a2a6e500f7bf8059ad

                                    SHA512

                                    4c12d8c733e9aa4779d59a3c64c3f5c09c254433b51fd24e25cb04eaa2ca964048d24c3a038c10622e3916c24e38134e910ff88d75077f88d29179cf90e68613

                                  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\673IEUYT\f[1].txt

                                    Filesize

                                    2KB

                                    MD5

                                    43df87d5c0a3c601607609202103773a

                                    SHA1

                                    8273930ea19d679255e8f82a8c136f7d70b4aef2

                                    SHA256

                                    88a577b7767cbe34315ff67366be5530949df573931dd9c762c2c2e0434c5b8a

                                    SHA512

                                    2162ab9334deebd5579ae218e2a454dd7a3eef165ecdacc7c671e5aae51876f449de4ac290563ecc046657167671d4a9973c50d51f7faefc93499b8515992137

                                  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\902LKC6A\BzUccsIfTkwPuPZ8dcMtoDvUPNEJjYgaRD1-U7LR4xA[1].js

                                    Filesize

                                    53KB

                                    MD5

                                    f169fb56d2583000a55c26b60eb1df81

                                    SHA1

                                    1ed145f6e36a4244d638802e5595fff62ec08058

                                    SHA256

                                    07351c72c21f4e4c0fb8f67c75c32da03bd43cd1098d881a443d7e53b2d1e310

                                    SHA512

                                    1f13653f4542078ef91ec0824458f9274630a90ec897534761fcab3aae4d4cd8500227033a1d4a79533b99ea43b631828d94f24196af30ea56e79b956964fca0

                                  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\902LKC6A\f[2].txt

                                    Filesize

                                    29KB

                                    MD5

                                    72f1d82ab1b36d1da2b122d65f29be84

                                    SHA1

                                    c3be2d086cb71ef954e58b0580d4404b73e82fd4

                                    SHA256

                                    aa57df99ed622ff58e91c5bc6ac6b041c560ddef8dabbcef8935a473fd5971d7

                                    SHA512

                                    099d8fb9fe2d0c93afcfbffab6e31a5eb72de49b9eb63aa85d00abde90c0b227e9d7d0afac9a721284f10abbfeaf2afab0c6f499c8a8f1196884e88e394aec7b

                                  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IFGNZ1XG\f[2].txt

                                    Filesize

                                    214KB

                                    MD5

                                    0e29e11137c1b1d3809f86daa018ca83

                                    SHA1

                                    a525be6d27bbddbd1678eea0e6caae8deee912e4

                                    SHA256

                                    0b608b88a8ac18849a5e5a6d5e3590956cae4c28ff7e2760791d681197b90ef3

                                    SHA512

                                    25d6808f0c39b1492126de2db9365fee7e4a56e9596559cbcc9d3538a637c1d440a17c28518d2e6d03c6c4bbcdd60f23cfb04749d5c9098d8edac9b0ceba09a3

                                  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IFGNZ1XG\f[3].txt

                                    Filesize

                                    30KB

                                    MD5

                                    08042986e41b6758a5fce670ee36a9c7

                                    SHA1

                                    3f1c3cb39b52222f715a9a58e2d9e454cde655fd

                                    SHA256

                                    dfa4feb05444c78b51aa2b2153442bb838538e6915695f60e1a46f2b48abb1b0

                                    SHA512

                                    21816d8be80b057876e5a0374f5a77085ed5672d855e9bfe489754ccfb2e63d9f406998c40c748f2480b70cd0e34573f7529dd48c906c6f0948ad82888cb6670

                                  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IFGNZ1XG\f[4].txt

                                    Filesize

                                    2KB

                                    MD5

                                    4c38d208d9d973925492b711fcbbf71e

                                    SHA1

                                    ca9aecef92acf22b2234e16dbb52133e45a80cbf

                                    SHA256

                                    cdbe9b84c30a00229826b0b1e354c94d36dd6bf16e6580bbef43877689c8f5bb

                                    SHA512

                                    24ed59d2de3c055a0a64ffe7a37eee094a8b7512489a04be0fc53de80bf21d16f2fff68be1cac49f2e7b4f75cb7ad32793501494982c5723fe135a6d7d88e2fe

                                  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IFGNZ1XG\favicon[2].ico

                                    Filesize

                                    1KB

                                    MD5

                                    972196f80fc453debb271c6bfdf1d1be

                                    SHA1

                                    01965ba3f3c61a9a23d261bc69f7ef5abe0b2dc3

                                    SHA256

                                    769684bc8078079c7c13898e1cccce6bc8ddec801bafde8a6aec2331c532f778

                                    SHA512

                                    cb74de07067d43477bd62ab7875e83da00fad5ac1f9f08b8b30f5ebb14b1da720e0af5867b6e4ab2a02acd93f4134e26d9f1a56c896da071fc23a4241dc767f1

                                  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OOWQLMJV\cd4a99796a94d0c9d381e4cfe43efd64[1].js

                                    Filesize

                                    53KB

                                    MD5

                                    cd4a99796a94d0c9d381e4cfe43efd64

                                    SHA1

                                    25fd00b983a8f40b5414acc4f0497aed2383de35

                                    SHA256

                                    c87b08fd8e1344c2a94fba9779a1c824e402d4cba486033929df72cd87a49ea9

                                    SHA512

                                    60ac66ec1428b7b8791417a8433bf776f9e30aafcaf046658079e9ffa03ea78e7d37de3ec1fae02fbd8338b4b46dadfb935036cdfc1533f99be1505de9e7103a

                                  • C:\Users\Admin\AppData\Local\Temp\Cab8049.tmp

                                    Filesize

                                    65KB

                                    MD5

                                    ac05d27423a85adc1622c714f2cb6184

                                    SHA1

                                    b0fe2b1abddb97837ea0195be70ab2ff14d43198

                                    SHA256

                                    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

                                    SHA512

                                    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

                                  • C:\Users\Admin\AppData\Local\Temp\Tar8178.tmp

                                    Filesize

                                    181KB

                                    MD5

                                    4ea6026cf93ec6338144661bf1202cd1

                                    SHA1

                                    a1dec9044f750ad887935a01430bf49322fbdcb7

                                    SHA256

                                    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

                                    SHA512

                                    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

                                  • \??\pipe\crashpad_1660_SMJEPFVDYQVWWILE

                                    MD5

                                    d41d8cd98f00b204e9800998ecf8427e

                                    SHA1

                                    da39a3ee5e6b4b0d3255bfef95601890afd80709

                                    SHA256

                                    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                    SHA512

                                    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                  • \Program Files (x86)\Butterfly on Desktop\unins000.exe

                                    Filesize

                                    698KB

                                    MD5

                                    1fee4db19d9f5af7834ec556311e69dd

                                    SHA1

                                    ff779b9a3515b5a85ab27198939c58c0ad08da70

                                    SHA256

                                    3d550c908d5a8de143c5cd5f4fe431528cd5fa20b77f4605a9b8ca063e83fc36

                                    SHA512

                                    306652c0c4739fce284e9740397e4c8924cd31b6e294c18dd42536d6e00ad8d4c93d9642fe2408f54273d046f04f154f25948936930dd9c81255f3726f31ee65

                                  • \Users\Admin\AppData\Local\Temp\is-DLPLE.tmp\_isetup\_shfoldr.dll

                                    Filesize

                                    22KB

                                    MD5

                                    92dc6ef532fbb4a5c3201469a5b5eb63

                                    SHA1

                                    3e89ff837147c16b4e41c30d6c796374e0b8e62c

                                    SHA256

                                    9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

                                    SHA512

                                    9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

                                  • \Users\Admin\AppData\Local\Temp\is-O67G1.tmp\butterflyondesktop.tmp

                                    Filesize

                                    688KB

                                    MD5

                                    c765336f0dcf4efdcc2101eed67cd30c

                                    SHA1

                                    fa0279f59738c5aa3b6b20106e109ccd77f895a7

                                    SHA256

                                    c5177fdc6031728e10141745cd69edbc91c92d14411a2dec6e8e8caa4f74ab28

                                    SHA512

                                    06a67ac37c20897967e2cad453793a6ef1c7804d4c578404f845daa88c859b15b0acb51642e6ad23ca6ba6549b02d5f6c98b1fa402004bdbf9d646abab7ec891

                                  • memory/872-837-0x0000000000400000-0x000000000070B000-memory.dmp

                                    Filesize

                                    3.0MB

                                  • memory/872-728-0x0000000000400000-0x000000000070B000-memory.dmp

                                    Filesize

                                    3.0MB

                                  • memory/2028-51-0x0000000000400000-0x0000000000414000-memory.dmp

                                    Filesize

                                    80KB

                                  • memory/2028-9-0x0000000000400000-0x0000000000414000-memory.dmp

                                    Filesize

                                    80KB

                                  • memory/2028-0-0x0000000000400000-0x0000000000414000-memory.dmp

                                    Filesize

                                    80KB

                                  • memory/2028-3-0x0000000000401000-0x000000000040B000-memory.dmp

                                    Filesize

                                    40KB

                                  • memory/2148-50-0x0000000000400000-0x00000000004BC000-memory.dmp

                                    Filesize

                                    752KB

                                  • memory/2148-10-0x0000000000400000-0x00000000004BC000-memory.dmp

                                    Filesize

                                    752KB

                                  • memory/2148-8-0x0000000000400000-0x00000000004BC000-memory.dmp

                                    Filesize

                                    752KB