Malware Analysis Report

2024-11-15 05:36

Sample ID 240603-mexmlacd76
Target butterflyondesktop.exe
SHA256 4641af6a0071e11e13ad3b1cd950e01300542c2b9efb6ae92ffecedde974a4a6
Tags
discovery persistence
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

4641af6a0071e11e13ad3b1cd950e01300542c2b9efb6ae92ffecedde974a4a6

Threat Level: Shows suspicious behavior

The file butterflyondesktop.exe was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery persistence

Loads dropped DLL

Executes dropped EXE

Checks installed software on the system

Adds Run key to start application

Drops file in Program Files directory

Enumerates physical storage devices

Unsigned PE

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Modifies Internet Explorer settings

Suspicious use of SendNotifyMessage

Suspicious use of SetWindowsHookEx

Suspicious use of AdjustPrivilegeToken

Enumerates system info in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-03 10:23

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-03 10:23

Reported

2024-06-03 10:25

Platform

win7-20240215-en

Max time kernel

90s

Max time network

146s

Command Line

"C:\Users\Admin\AppData\Local\Temp\butterflyondesktop.exe"

Signatures

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Run\ButterflyOnDesktop C:\Users\Admin\AppData\Local\Temp\is-O67G1.tmp\butterflyondesktop.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Run\ButterflyOnDesktop = "C:\\Program Files (x86)\\Butterfly on Desktop\\ButterflyOnDesktop.exe" C:\Program Files (x86)\Butterfly on Desktop\ButterflyOnDesktop.exe N/A

Checks installed software on the system

discovery

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Butterfly on Desktop\is-AA40G.tmp C:\Users\Admin\AppData\Local\Temp\is-O67G1.tmp\butterflyondesktop.tmp N/A
File created C:\Program Files (x86)\Butterfly on Desktop\is-UUNI7.tmp C:\Users\Admin\AppData\Local\Temp\is-O67G1.tmp\butterflyondesktop.tmp N/A
File opened for modification C:\Program Files (x86)\Butterfly on Desktop\unins000.dat C:\Users\Admin\AppData\Local\Temp\is-O67G1.tmp\butterflyondesktop.tmp N/A
File created C:\Program Files (x86)\Butterfly on Desktop\unins000.dat C:\Users\Admin\AppData\Local\Temp\is-O67G1.tmp\butterflyondesktop.tmp N/A
File created C:\Program Files (x86)\Butterfly on Desktop\is-A7TR4.tmp C:\Users\Admin\AppData\Local\Temp\is-O67G1.tmp\butterflyondesktop.tmp N/A
File created C:\Program Files (x86)\Butterfly on Desktop\is-UUCVQ.tmp C:\Users\Admin\AppData\Local\Temp\is-O67G1.tmp\butterflyondesktop.tmp N/A

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DOMStorage\doubleclick.net C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\Total = "18" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\MINIE C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Cache = b104000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000001cb062ec31f5a48afebb253211091a6000000000200000000001066000000010000200000003dfd21afb79ad445ed542c34cf78a849e56acabc5dffdcef077dcae311e838e5000000000e8000000002000020000000634522ae064c4cec39cba8a6aa97a5bf0ffd6d9b63459d1f7f7dbe3dd488fd9e9000000021cd998a1765cefccd61460318fb1de133548423ff8a321d6217209cdffbb51938e6bb21d776beb45a0b10be0d63c8dba162e5279a67e9bd299354f99da6840d0b18c4c7ab3c56c0491c6b0c3a0cb090060807a706738c4feba65fc3a9cb26ad10b26617052595b03c252d0c19f25f24d787396236e749bf361b834471f36514a3763323d6838f9a51d2289b8c98c1ba40000000053d71a4943e3566210a8409d3175cfe8e44c1da7ec68d8fc66e035280db954c3db63e9d445897e6495a1fca8f6057fc6ceb358755c42231863c293e867e4aeb C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DOMStorage\freedesktopsoft.com\ = "32" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DOMStorage\freedesktopsoft.com\Total = "3981" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "4017" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DOMStorage\doubleclick.net\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com\ = "18" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "4113" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 908cb938a0b5da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000000000001000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DOMStorage\freedesktopsoft.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DOMStorage\freedesktopsoft.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "4095" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{62025D71-2193-11EF-ACEB-F6A72C301AFE} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "32" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DOMStorage\freedesktopsoft.com\ = "4017" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000001cb062ec31f5a48afebb253211091a6000000000200000000001066000000010000200000004306b61a53db7ee96f78db6264caee8a9859a38bd3a14fcc7114eab2baad77ae000000000e80000000020000200000006f1ead158627e5f25026731a6d7a3c974fc7fbefa549fea2083d263205ef0af520000000ce582bf7a2d1e5796d600a2244ebd066384dc59f321b0ac848920b18e8b88f5a40000000b0290613c635d95c9a7d19c37a7b5e409f77c37a9e529cda1f87d9f0aeedc920b40cd7446c89af6024bb0a1bbfd551b583796ac97f42cb6f4ca34956078b666c C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "3981" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DOMStorage\freedesktopsoft.com\ = "4095" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DOMStorage\freedesktopsoft.com\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DOMStorage\freedesktopsoft.com\Total = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DOMStorage\freedesktopsoft.com\ = "3981" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DOMStorage\freedesktopsoft.com\Total = "4095" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-O67G1.tmp\butterflyondesktop.tmp N/A
N/A N/A C:\Program Files (x86)\Butterfly on Desktop\ButterflyOnDesktop.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files (x86)\Butterfly on Desktop\ButterflyOnDesktop.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Butterfly on Desktop\ButterflyOnDesktop.exe N/A
N/A N/A C:\Program Files (x86)\Butterfly on Desktop\ButterflyOnDesktop.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2028 wrote to memory of 2148 N/A C:\Users\Admin\AppData\Local\Temp\butterflyondesktop.exe C:\Users\Admin\AppData\Local\Temp\is-O67G1.tmp\butterflyondesktop.tmp
PID 2028 wrote to memory of 2148 N/A C:\Users\Admin\AppData\Local\Temp\butterflyondesktop.exe C:\Users\Admin\AppData\Local\Temp\is-O67G1.tmp\butterflyondesktop.tmp
PID 2028 wrote to memory of 2148 N/A C:\Users\Admin\AppData\Local\Temp\butterflyondesktop.exe C:\Users\Admin\AppData\Local\Temp\is-O67G1.tmp\butterflyondesktop.tmp
PID 2028 wrote to memory of 2148 N/A C:\Users\Admin\AppData\Local\Temp\butterflyondesktop.exe C:\Users\Admin\AppData\Local\Temp\is-O67G1.tmp\butterflyondesktop.tmp
PID 2028 wrote to memory of 2148 N/A C:\Users\Admin\AppData\Local\Temp\butterflyondesktop.exe C:\Users\Admin\AppData\Local\Temp\is-O67G1.tmp\butterflyondesktop.tmp
PID 2028 wrote to memory of 2148 N/A C:\Users\Admin\AppData\Local\Temp\butterflyondesktop.exe C:\Users\Admin\AppData\Local\Temp\is-O67G1.tmp\butterflyondesktop.tmp
PID 2028 wrote to memory of 2148 N/A C:\Users\Admin\AppData\Local\Temp\butterflyondesktop.exe C:\Users\Admin\AppData\Local\Temp\is-O67G1.tmp\butterflyondesktop.tmp
PID 2148 wrote to memory of 872 N/A C:\Users\Admin\AppData\Local\Temp\is-O67G1.tmp\butterflyondesktop.tmp C:\Program Files (x86)\Butterfly on Desktop\ButterflyOnDesktop.exe
PID 2148 wrote to memory of 872 N/A C:\Users\Admin\AppData\Local\Temp\is-O67G1.tmp\butterflyondesktop.tmp C:\Program Files (x86)\Butterfly on Desktop\ButterflyOnDesktop.exe
PID 2148 wrote to memory of 872 N/A C:\Users\Admin\AppData\Local\Temp\is-O67G1.tmp\butterflyondesktop.tmp C:\Program Files (x86)\Butterfly on Desktop\ButterflyOnDesktop.exe
PID 2148 wrote to memory of 872 N/A C:\Users\Admin\AppData\Local\Temp\is-O67G1.tmp\butterflyondesktop.tmp C:\Program Files (x86)\Butterfly on Desktop\ButterflyOnDesktop.exe
PID 2148 wrote to memory of 1864 N/A C:\Users\Admin\AppData\Local\Temp\is-O67G1.tmp\butterflyondesktop.tmp C:\Program Files\Internet Explorer\iexplore.exe
PID 2148 wrote to memory of 1864 N/A C:\Users\Admin\AppData\Local\Temp\is-O67G1.tmp\butterflyondesktop.tmp C:\Program Files\Internet Explorer\iexplore.exe
PID 2148 wrote to memory of 1864 N/A C:\Users\Admin\AppData\Local\Temp\is-O67G1.tmp\butterflyondesktop.tmp C:\Program Files\Internet Explorer\iexplore.exe
PID 2148 wrote to memory of 1864 N/A C:\Users\Admin\AppData\Local\Temp\is-O67G1.tmp\butterflyondesktop.tmp C:\Program Files\Internet Explorer\iexplore.exe
PID 1864 wrote to memory of 2472 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1864 wrote to memory of 2472 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1864 wrote to memory of 2472 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1864 wrote to memory of 2472 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1660 wrote to memory of 1364 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1660 wrote to memory of 1364 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1660 wrote to memory of 1364 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1660 wrote to memory of 628 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1660 wrote to memory of 628 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1660 wrote to memory of 628 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1660 wrote to memory of 628 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1660 wrote to memory of 628 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1660 wrote to memory of 628 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1660 wrote to memory of 628 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1660 wrote to memory of 628 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1660 wrote to memory of 628 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1660 wrote to memory of 628 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1660 wrote to memory of 628 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1660 wrote to memory of 628 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1660 wrote to memory of 628 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1660 wrote to memory of 628 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1660 wrote to memory of 628 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1660 wrote to memory of 628 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1660 wrote to memory of 628 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1660 wrote to memory of 628 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1660 wrote to memory of 628 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1660 wrote to memory of 628 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1660 wrote to memory of 628 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1660 wrote to memory of 628 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1660 wrote to memory of 628 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1660 wrote to memory of 628 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1660 wrote to memory of 628 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1660 wrote to memory of 628 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1660 wrote to memory of 628 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1660 wrote to memory of 628 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1660 wrote to memory of 628 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1660 wrote to memory of 628 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1660 wrote to memory of 628 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1660 wrote to memory of 628 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1660 wrote to memory of 628 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1660 wrote to memory of 628 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1660 wrote to memory of 628 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1660 wrote to memory of 628 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1660 wrote to memory of 628 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1660 wrote to memory of 628 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1660 wrote to memory of 628 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1660 wrote to memory of 1396 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1660 wrote to memory of 1396 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1660 wrote to memory of 1396 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Users\Admin\AppData\Local\Temp\butterflyondesktop.exe

"C:\Users\Admin\AppData\Local\Temp\butterflyondesktop.exe"

C:\Users\Admin\AppData\Local\Temp\is-O67G1.tmp\butterflyondesktop.tmp

"C:\Users\Admin\AppData\Local\Temp\is-O67G1.tmp\butterflyondesktop.tmp" /SL5="$30136,2719719,54272,C:\Users\Admin\AppData\Local\Temp\butterflyondesktop.exe"

C:\Program Files (x86)\Butterfly on Desktop\ButterflyOnDesktop.exe

"C:\Program Files (x86)\Butterfly on Desktop\ButterflyOnDesktop.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" http://freedesktopsoft.com/butterflyondesktoplike.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1864 CREDAT:275457 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef61c9758,0x7fef61c9768,0x7fef61c9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1132 --field-trial-handle=1288,i,8003699266599392115,7762097570501320826,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1500 --field-trial-handle=1288,i,8003699266599392115,7762097570501320826,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1596 --field-trial-handle=1288,i,8003699266599392115,7762097570501320826,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2244 --field-trial-handle=1288,i,8003699266599392115,7762097570501320826,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2252 --field-trial-handle=1288,i,8003699266599392115,7762097570501320826,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1296 --field-trial-handle=1288,i,8003699266599392115,7762097570501320826,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=2124 --field-trial-handle=1288,i,8003699266599392115,7762097570501320826,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3196 --field-trial-handle=1288,i,8003699266599392115,7762097570501320826,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3396 --field-trial-handle=1288,i,8003699266599392115,7762097570501320826,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3556 --field-trial-handle=1288,i,8003699266599392115,7762097570501320826,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3944 --field-trial-handle=1288,i,8003699266599392115,7762097570501320826,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3800 --field-trial-handle=1288,i,8003699266599392115,7762097570501320826,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3860 --field-trial-handle=1288,i,8003699266599392115,7762097570501320826,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3320 --field-trial-handle=1288,i,8003699266599392115,7762097570501320826,131072 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 freedesktopsoft.com udp
DE 78.46.117.95:80 freedesktopsoft.com tcp
DE 78.46.117.95:80 freedesktopsoft.com tcp
DE 78.46.117.95:80 freedesktopsoft.com tcp
DE 78.46.117.95:80 freedesktopsoft.com tcp
DE 78.46.117.95:80 freedesktopsoft.com tcp
US 216.239.34.178:80 www.google-analytics.com tcp
US 216.239.34.178:80 www.google-analytics.com tcp
US 8.8.8.8:53 connect.facebook.net udp
GB 163.70.151.21:80 connect.facebook.net tcp
GB 163.70.151.21:80 connect.facebook.net tcp
GB 163.70.151.21:443 connect.facebook.net tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 172.217.169.66:443 googleads.g.doubleclick.net tcp
GB 172.217.169.66:443 googleads.g.doubleclick.net tcp
GB 172.217.169.66:443 googleads.g.doubleclick.net tcp
GB 172.217.169.66:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 172.217.16.225:443 tpc.googlesyndication.com tcp
GB 172.217.16.225:443 tpc.googlesyndication.com tcp
GB 172.217.16.225:443 tpc.googlesyndication.com tcp
GB 172.217.16.225:443 tpc.googlesyndication.com tcp
GB 172.217.16.225:443 tpc.googlesyndication.com tcp
GB 172.217.16.225:443 tpc.googlesyndication.com tcp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
GB 142.250.187.238:443 fundingchoicesmessages.google.com tcp
GB 142.250.187.238:443 fundingchoicesmessages.google.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.151.35:443 www.facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 fe0.google.com udp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 apis.google.com udp
GB 142.250.200.14:443 apis.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 172.217.169.46:443 play.google.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 magister.nl udp
BE 188.208.36.128:443 magister.nl tcp
BE 188.208.36.128:443 magister.nl tcp
US 8.8.8.8:53 kit.fontawesome.com udp
US 8.8.8.8:53 use.typekit.net udp
US 172.64.147.188:443 kit.fontawesome.com tcp
SE 184.31.15.40:443 use.typekit.net tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 code.jquery.com udp
US 8.8.8.8:53 js-eu1.hs-scripts.com udp
US 151.101.2.137:443 code.jquery.com tcp
US 172.65.208.22:443 js-eu1.hs-scripts.com tcp
US 8.8.8.8:53 apps.identrust.com udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
NL 23.63.101.152:80 apps.identrust.com tcp
GB 142.250.179.234:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 js-eu1.hs-banner.com udp
US 8.8.8.8:53 js-eu1.hs-analytics.net udp
US 8.8.8.8:53 js-eu1.hscollectedforms.net udp
US 8.8.8.8:53 js-eu1.hubspot.com udp
US 172.65.238.60:443 js-eu1.hs-analytics.net tcp
US 172.65.202.201:443 js-eu1.hs-banner.com tcp
US 172.65.202.201:443 js-eu1.hs-banner.com tcp
US 172.65.192.122:443 js-eu1.hscollectedforms.net tcp
US 172.65.236.181:443 js-eu1.hubspot.com tcp
US 8.8.8.8:53 forms-eu1.hscollectedforms.net udp
US 8.8.8.8:53 forms-eu1.hsforms.com udp
US 172.65.232.43:443 forms-eu1.hsforms.com tcp
US 8.8.8.8:53 cta-eu1.hubspot.com udp
US 172.65.198.159:443 cta-eu1.hubspot.com tcp
US 8.8.8.8:53 track-eu1.hubspot.com udp
US 172.65.240.166:443 track-eu1.hubspot.com tcp
US 8.8.8.8:53 perf-eu1.hsforms.com udp
US 172.65.232.43:443 perf-eu1.hsforms.com tcp
US 8.8.8.8:53 accounts.magister.net udp
NL 23.62.61.152:443 accounts.magister.net tcp
NL 23.62.61.152:443 accounts.magister.net tcp
SE 184.31.15.40:443 use.typekit.net tcp
US 8.8.8.8:53 p.typekit.net udp
SE 184.31.15.48:443 p.typekit.net tcp
SE 184.31.15.40:443 use.typekit.net tcp
SE 184.31.15.40:443 use.typekit.net tcp
SE 184.31.15.40:443 use.typekit.net tcp
GB 142.250.179.234:443 content-autofill.googleapis.com udp
SE 184.31.15.40:443 use.typekit.net tcp
SE 184.31.15.40:443 use.typekit.net tcp
SE 184.31.15.48:443 p.typekit.net tcp
US 8.8.8.8:53 magister.net udp
SE 184.31.15.40:443 use.typekit.net tcp
NL 20.105.232.10:443 magister.net tcp
SE 184.31.15.40:443 use.typekit.net tcp
SE 184.31.15.40:443 use.typekit.net tcp
SE 184.31.15.40:443 use.typekit.net tcp
SE 184.31.15.40:443 use.typekit.net tcp
SE 184.31.15.40:443 use.typekit.net tcp
SE 184.31.15.40:443 use.typekit.net tcp
SE 184.31.15.40:443 use.typekit.net tcp
SE 184.31.15.40:443 use.typekit.net tcp
SE 184.31.15.40:443 use.typekit.net tcp
SE 184.31.15.40:443 use.typekit.net tcp
SE 184.31.15.40:443 use.typekit.net tcp
US 8.8.8.8:53 trompmeesters.magister.net udp
NL 23.62.61.152:443 trompmeesters.magister.net tcp
SE 184.31.15.48:443 p.typekit.net tcp
SE 184.31.15.40:443 use.typekit.net tcp
US 8.8.8.8:53 iddinkgroup.containers.piwik.pro udp
NL 20.93.211.47:443 iddinkgroup.containers.piwik.pro tcp
US 8.8.8.8:53 iddinkgroup.piwik.pro udp
NL 20.93.211.47:443 iddinkgroup.piwik.pro tcp
US 8.8.8.8:53 calendar.magister.net udp
US 8.8.8.8:53 attendance.magister.net udp
NL 20.76.233.188:443 attendance.magister.net tcp
US 8.8.8.8:53 ssonot.entree.kennisnet.nl udp
US 8.8.8.8:53 opp.magister.net udp
NL 145.97.35.103:443 ssonot.entree.kennisnet.nl tcp

Files

memory/2028-0-0x0000000000400000-0x0000000000414000-memory.dmp

memory/2028-3-0x0000000000401000-0x000000000040B000-memory.dmp

\Users\Admin\AppData\Local\Temp\is-O67G1.tmp\butterflyondesktop.tmp

MD5 c765336f0dcf4efdcc2101eed67cd30c
SHA1 fa0279f59738c5aa3b6b20106e109ccd77f895a7
SHA256 c5177fdc6031728e10141745cd69edbc91c92d14411a2dec6e8e8caa4f74ab28
SHA512 06a67ac37c20897967e2cad453793a6ef1c7804d4c578404f845daa88c859b15b0acb51642e6ad23ca6ba6549b02d5f6c98b1fa402004bdbf9d646abab7ec891

memory/2148-8-0x0000000000400000-0x00000000004BC000-memory.dmp

memory/2028-9-0x0000000000400000-0x0000000000414000-memory.dmp

memory/2148-10-0x0000000000400000-0x00000000004BC000-memory.dmp

\Users\Admin\AppData\Local\Temp\is-DLPLE.tmp\_isetup\_shfoldr.dll

MD5 92dc6ef532fbb4a5c3201469a5b5eb63
SHA1 3e89ff837147c16b4e41c30d6c796374e0b8e62c
SHA256 9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87
SHA512 9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

C:\Program Files (x86)\Butterfly on Desktop\ButterflyOnDesktop.exe

MD5 81aab57e0ef37ddff02d0106ced6b91e
SHA1 6e3895b350ef1545902bd23e7162dfce4c64e029
SHA256 a70f9e100dddb177f68ee7339b327a20cd9289fae09dcdce3dbcbc3e86756287
SHA512 a651d0a526d31036a302f7ef1ee2273bb7c29b5206c9b17339baa149dd13958ca63db827d09b4e12202e44d79aac2e864522aca1228118ba3dcd259fe1fcf717

\Program Files (x86)\Butterfly on Desktop\unins000.exe

MD5 1fee4db19d9f5af7834ec556311e69dd
SHA1 ff779b9a3515b5a85ab27198939c58c0ad08da70
SHA256 3d550c908d5a8de143c5cd5f4fe431528cd5fa20b77f4605a9b8ca063e83fc36
SHA512 306652c0c4739fce284e9740397e4c8924cd31b6e294c18dd42536d6e00ad8d4c93d9642fe2408f54273d046f04f154f25948936930dd9c81255f3726f31ee65

memory/2028-51-0x0000000000400000-0x0000000000414000-memory.dmp

memory/2148-50-0x0000000000400000-0x00000000004BC000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Cab8049.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar8178.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\WOXNQ61F\freedesktopsoft[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_1FA458B79FBC47B1C202EDEEAB58B8A1

MD5 ff653ec50a1ac8e62bce7b28a3381b3c
SHA1 4eed9736f1d7b3407731dc6d6f70b31f43da0005
SHA256 c18fccca7ac046df509c2aef063638e99c4702434ec1f8ebe421626bc18e8337
SHA512 bfb7063392ac1541965a02160a49e57c9b274c9346e88a2bad34633720e0b790d41fcaf6cce8fe987c9b24b537e813dadeb4f7728414438792309e8363d61e4d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_1FA458B79FBC47B1C202EDEEAB58B8A1

MD5 65c56325e2f525e5f762c711271ecb44
SHA1 efa222a84bb6aad15a0d2fa4e59469b6e8fa7fb9
SHA256 c50cc32482a3b5458b7ef9b3ea7e379f2c4513694d4540a0ae90dc5146ca2442
SHA512 594d9dd53c4ce40d0256b261e8f958885a8312eebaebb74e01ac308dfb660797f40a506a92c110b28029d92657eab179dc64bada254ee589b1ad03444e02a313

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\WOXNQ61F\freedesktopsoft[1].xml

MD5 002f5ab6d198b04dc4cb13f4f50d9c36
SHA1 35850743fd20a1c0cefc688aadb6eab90cd74a87
SHA256 7e19417cc421b97f5c4443245065ff833e276b6f7d01474fca3fb2ae153084dd
SHA512 975be3ac279f3b65358f27424c8d080df73508bc4bcc01b485098639615c8211d9d267a97b98b21a979db866229246b92ff32922e6b1dee1bf232f8236f68b51

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IFGNZ1XG\f[4].txt

MD5 4c38d208d9d973925492b711fcbbf71e
SHA1 ca9aecef92acf22b2234e16dbb52133e45a80cbf
SHA256 cdbe9b84c30a00229826b0b1e354c94d36dd6bf16e6580bbef43877689c8f5bb
SHA512 24ed59d2de3c055a0a64ffe7a37eee094a8b7512489a04be0fc53de80bf21d16f2fff68be1cac49f2e7b4f75cb7ad32793501494982c5723fe135a6d7d88e2fe

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\902LKC6A\f[2].txt

MD5 72f1d82ab1b36d1da2b122d65f29be84
SHA1 c3be2d086cb71ef954e58b0580d4404b73e82fd4
SHA256 aa57df99ed622ff58e91c5bc6ac6b041c560ddef8dabbcef8935a473fd5971d7
SHA512 099d8fb9fe2d0c93afcfbffab6e31a5eb72de49b9eb63aa85d00abde90c0b227e9d7d0afac9a721284f10abbfeaf2afab0c6f499c8a8f1196884e88e394aec7b

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\673IEUYT\f[1].txt

MD5 43df87d5c0a3c601607609202103773a
SHA1 8273930ea19d679255e8f82a8c136f7d70b4aef2
SHA256 88a577b7767cbe34315ff67366be5530949df573931dd9c762c2c2e0434c5b8a
SHA512 2162ab9334deebd5579ae218e2a454dd7a3eef165ecdacc7c671e5aae51876f449de4ac290563ecc046657167671d4a9973c50d51f7faefc93499b8515992137

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IFGNZ1XG\f[3].txt

MD5 08042986e41b6758a5fce670ee36a9c7
SHA1 3f1c3cb39b52222f715a9a58e2d9e454cde655fd
SHA256 dfa4feb05444c78b51aa2b2153442bb838538e6915695f60e1a46f2b48abb1b0
SHA512 21816d8be80b057876e5a0374f5a77085ed5672d855e9bfe489754ccfb2e63d9f406998c40c748f2480b70cd0e34573f7529dd48c906c6f0948ad82888cb6670

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IFGNZ1XG\f[2].txt

MD5 0e29e11137c1b1d3809f86daa018ca83
SHA1 a525be6d27bbddbd1678eea0e6caae8deee912e4
SHA256 0b608b88a8ac18849a5e5a6d5e3590956cae4c28ff7e2760791d681197b90ef3
SHA512 25d6808f0c39b1492126de2db9365fee7e4a56e9596559cbcc9d3538a637c1d440a17c28518d2e6d03c6c4bbcdd60f23cfb04749d5c9098d8edac9b0ceba09a3

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OOWQLMJV\cd4a99796a94d0c9d381e4cfe43efd64[1].js

MD5 cd4a99796a94d0c9d381e4cfe43efd64
SHA1 25fd00b983a8f40b5414acc4f0497aed2383de35
SHA256 c87b08fd8e1344c2a94fba9779a1c824e402d4cba486033929df72cd87a49ea9
SHA512 60ac66ec1428b7b8791417a8433bf776f9e30aafcaf046658079e9ffa03ea78e7d37de3ec1fae02fbd8338b4b46dadfb935036cdfc1533f99be1505de9e7103a

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\902LKC6A\BzUccsIfTkwPuPZ8dcMtoDvUPNEJjYgaRD1-U7LR4xA[1].js

MD5 f169fb56d2583000a55c26b60eb1df81
SHA1 1ed145f6e36a4244d638802e5595fff62ec08058
SHA256 07351c72c21f4e4c0fb8f67c75c32da03bd43cd1098d881a443d7e53b2d1e310
SHA512 1f13653f4542078ef91ec0824458f9274630a90ec897534761fcab3aae4d4cd8500227033a1d4a79533b99ea43b631828d94f24196af30ea56e79b956964fca0

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\92bocja\imagestore.dat

MD5 5ad2f71eb8c75ff5c920cef16773af0b
SHA1 1c5dc598c5ad0295f293edcc9917b3cf803fee5c
SHA256 700d77f74d04437f299dea7da5b51d13ebbe0836bcf340a2a6e500f7bf8059ad
SHA512 4c12d8c733e9aa4779d59a3c64c3f5c09c254433b51fd24e25cb04eaa2ca964048d24c3a038c10622e3916c24e38134e910ff88d75077f88d29179cf90e68613

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IFGNZ1XG\favicon[2].ico

MD5 972196f80fc453debb271c6bfdf1d1be
SHA1 01965ba3f3c61a9a23d261bc69f7ef5abe0b2dc3
SHA256 769684bc8078079c7c13898e1cccce6bc8ddec801bafde8a6aec2331c532f778
SHA512 cb74de07067d43477bd62ab7875e83da00fad5ac1f9f08b8b30f5ebb14b1da720e0af5867b6e4ab2a02acd93f4134e26d9f1a56c896da071fc23a4241dc767f1

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\SL6R9XF2\www.google[1].xml

MD5 1a59ae65154d85c5e1e211adf18fee35
SHA1 cf05a895e4be759fe232204a40938f5b9760d2bb
SHA256 c8b37b9bf2a10c428d5a119fa477ec7286f99ddef655d1b4598557ff479aff75
SHA512 641b42bb549025f533583d513d3ff22a1af9e35f4cac11325ffe4ac2e7a2ddd0b7572c959e03056c9b365051e24d5edbce8368b95de912b1e9d6b7143d0ae6a2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 49b50df2e26df7be73ebf954ca41749d
SHA1 d19cd3d0a932a6fcf72f11bd3079781cfde00f14
SHA256 ee79689b1f5a00aa1367f81b0b4ab2f7dfa1e0657ffeb46e703d0d0ab3d1c979
SHA512 40458918d76d67d3ab62568c510bc7e05f9d8cc7bba95a20132c1716051311b488235072e2ef72defccbd443a87b8727f050ad3dde222f08a1baf70909e8b194

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dfd8c70e4d45ff80fa50215f39b71692
SHA1 096d808e3a6f8f2f97ae16781d8ec220c67605bc
SHA256 a972a72b36cf9c145d6eafbfb6b0cf38e6c9363883671373a8c9b9a4c3325925
SHA512 cb1922a464eeead73e744e64fc5d860bad504734e9201018f6ad0585b80851119770820f4365a37ebae0f7673ce8cbb8785573f3790f8aac6e1808dd3685d2e7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6dc9ada20b1c92892c7f514c22132074
SHA1 029398207b95f27a2cba66f45454bc92e16db046
SHA256 6d8864e776110337af470a2ba0ef92b3bd9a11bca986b23099a4b3b1bf88698e
SHA512 cc7c1b906cc5d8fb277f7b42f8737d82577b4ff3e933a598ac3d73a43c917facb410f1304063d21b86e6db7b51185cda4514e44edd4bc62374296dace1cbebae

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9fc448cb85f24e3704c7099af37c5a72
SHA1 aae140573fb9be7713ce3e6c8c6f087db12c57c5
SHA256 b4ec8aa0a0538605e3027b1df7bc11de7d6e23331faba6bed56b9e3b4e81aae6
SHA512 214415efeffdd91c445330c465e87cc034bc77a2030590cbce46f409658ffc3053cf26d59385362351fe3cc626b8f58213715fe4e3ba9698e9887b62af0bff4d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6ad84989b69521d08b99ff0f038bc4c1
SHA1 3249cb08bc09b7b91b9cceec632115f210706ad7
SHA256 9ce4f83ed64ef1afd474e1932ceec9c7399498b20fbe310119e8dcdddd0ebbf1
SHA512 386b020208aec835786b089660db8a8a3d383a0693c432c65b39d1f1ff9b7071053caa6dd75ce7364778bc6635c85183e30f5b901323f2ab182e3829fbecaa36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 02a4cc6c8dda5b2e40cd68309e02416e
SHA1 77b7694c6c69d32a28fb84973b995c84a5a2a551
SHA256 400ab3f11323803433c4bbf8db8a4990c8fc38a8c16095a999fd0ad4afab6c2b
SHA512 435eafde0af4aae1ca47bd6502cbc92883d47d650694c670840e8c2f03ff7407448c724c42659f4d344feac7d3f0bb4bd03f503528e2f14794a32bcc1b5a928c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 acd08d62f2d46fe8e4eb8c8063a3832e
SHA1 422f06261867044018f53fb51c75102db667d452
SHA256 ea1ec5eb0fd765674ebf81d4b91fbf11110378b428d28d88f018ba2d7aeff734
SHA512 3d38ccdfb4f082a5053e93a3fc97fb351d165cab5746251847ae5aa5f5704d5528a62d1a0336cb436e2a60a4d36c98671f319c92421d9e0a8dd1153778a52427

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a58a554b38b96778d3f47010dae1f70b
SHA1 7927e458a125a16c2c7f29c30e074fcd78244852
SHA256 0424e4cc34463bdf5ff811c4bb8c40d17fc7bb4f8c4fa6f11207457f232c6089
SHA512 f46e719aeb9269199114fcadd425e830fb6cb6abd5c383cf16f106f37a35c4705dbda6663c67d92d02562b78e73c09d34a3ef5547db48264546aad2e79291b83

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 42bda462f9627eaaed33e6e219c25838
SHA1 21002a94db0755c288245a5c343366df511b809d
SHA256 ae32749f27bd9f4ba9f5990ea1eddf84f57efdbd370ad5ffa08e075ffc5add83
SHA512 05c7f2df1dcb74969b58c941ad05e073209a1a06d8668bd33455d4c208daec2b9d0bd13e0cd20fdaa37d5932f3101e8db8575ace0b6851b5ec91bb7264cf579d

memory/872-728-0x0000000000400000-0x000000000070B000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 53a2ee11c963f912ce978e539c1498e8
SHA1 cbf7dd9432897ec9062d2b105c7ccadd5768c3e1
SHA256 bcbcdcee82a3b46f6141ec1a68cfaae6e8bb1763d993ec0df824631f9324f30e
SHA512 2c8fc0fd08c1a694bd5c3d18c39287740d2ff2293fb35bc39420a56e06f26f2b8874a27c0a5495110bcf88fc7604270c50cdd3ea7c38d7df994a7bafc2f97ec7

memory/872-837-0x0000000000400000-0x000000000070B000-memory.dmp

\??\pipe\crashpad_1660_SMJEPFVDYQVWWILE

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_798B036C05F381321FD6C3F00885C62F

MD5 35f535eccc86c0980ab5fe260bead0ac
SHA1 d90796da7a4f43142767e4cf7e710f97d805cced
SHA256 563e2cbf8667dea0cc4d985721c73bf8c74111727d529720d76d9f4865e21109
SHA512 dc79a4756a676818974d1564005cbc645733121a26562740fc9b0a67e99c2ccbb7e6818836bb9f7d94864b38301f0ad9c4fab5505281921a5fea6f9eddbde116

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_798B036C05F381321FD6C3F00885C62F

MD5 abcce81594d5a1a1b6e198ae8bb12761
SHA1 26542f6082298f7837ee6164105aa781767963bc
SHA256 42aad1ab48363494365967c28d9d516bfa97e35acab3a3e8c8f513f1fcd73d85
SHA512 985df75f26d5ef782b92979d59f1b762af45aba4f74d0acdd04537af001b1c985bf383364d000e88acab8fb070ac6f24bcc30c45919ec2e552c837f882622f13

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 6700afe139daf3ff46d811ca530c4887
SHA1 0ccb30033373112b5bb1752fda8213faca2dff00
SHA256 71353aaff1888474ad1f299a788e5cda79e0d616ff045e2d9d7eb1db8d2f2c31
SHA512 38238a8331923f15aa606303ba5a8e9529bc16a371feab78a7a435c2cc89e0d0960dd196d69be1abf6691673747d92353cf4d754f220b86352bcc3bc388cad4b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 13ed5e0369cedc64c8437eb9a493a981
SHA1 880053c91809fef7b2a3d688143f554d5a05c0bd
SHA256 3560614f2f62c19498d2ad6c3b9fa8f232883167479de05e924a5a3ab19a8454
SHA512 18b3c940a3b722b58c476af4141ab987ed9f7557c1e52f3f20548b2c209abd67c943761d22e20ed59c36d69f8cd911285aff7efdf2d20f51c35cad62932aefa0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 e42d4ff91285c1b2fb860c697d06df93
SHA1 06f8f52ab910cb46c625c830721f1c92258a3fc3
SHA256 0cd408a89bc9456dd43dd4b81c774d6146a31ca293c88730115a26899982bad1
SHA512 b76d58f2abc4d628ff1c8db6a61a38c9024debf18f876d5db2bafa7201d2ceef80ac6cb6cf3f31e5ecf6ff5f88fcd11fbc58ec899d6d3560c299ae816a41c4ab

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_63F40B816FCC2D8AE14321B58D77EB6D

MD5 f548fcbcfe5c28034a7aa4db8c13b1a9
SHA1 4109b4bd6e2a0e337456dfc58375dd7b0bc8e9a8
SHA256 0fafa13c25686601d16b82bae8a09f28218be13a41dfc557b2a00be2a1c538bd
SHA512 505125b0ad4a2ffa7bd53f9352d0d1e6750db0ef251f81d6fbefa3c78fdc685b9559d3ec1f82f46d8a1ea7d946b760c217d2a9bc7855a950b1766d36fbff8c64

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_63F40B816FCC2D8AE14321B58D77EB6D

MD5 fb98be0e2a2e62e55c0578d27a67af72
SHA1 9a4854164ac1a4d1ed3c40ecaa003a76ea0fd452
SHA256 8382a2b41dd2b2be0900ca2be9fd647a00ac2a6abbe9be988c0fd4fcaaaa4800
SHA512 9e6e30be2258d954539821026e4ad01f6d5d30c7591c7939b2e5e66b8e1215139b39338397e1caf3e6147d319d1e5971edf31f9d0e0d29e062464638f1cddab0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_D727CFA7BCFAF501CEA426110263B756

MD5 495abe1928643ed730ca074a5266a645
SHA1 1e29b95486a0eff557b8535c607c2240ede505db
SHA256 c4267593e63a51c0e3103d42bfa4667515ce34b8636011959e0aedf58e82cbba
SHA512 cb994c8fede0f952460368b3a53e8bcb76b45f92e53f38f93fbf57d91cdda01354b22e172c40e4057ac002a6e443a0a5beaf0fefaf2c7f08b3165a8dc45c5e1b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_D727CFA7BCFAF501CEA426110263B756

MD5 4a2bd4cc952be2083eb3ae7006bb307e
SHA1 6229e504d906807139a9d85ea02d2ce928712094
SHA256 a16fba46baa94df99169b704f1f093250cce15351529dafc0a7b9de88355e8e6
SHA512 7ce1a55c78c93dcd983792b97940087530c52dc2b13e2238e688e07ab7f4deec7b9673d612f85283395185c1b8f8b2eaa5d0c2525d4555b716a274974d036ff6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_DBD1FAADD656881B5EBDBC1DB3D60301

MD5 9dd79a6f651a37175d67de52b60cbb53
SHA1 0088a4294701ff338b889456cfca02306b5548bd
SHA256 bcda40ba3fb7bab5600937e5be5bb9312091b656982d564e4022a9e9a4088d6f
SHA512 0024cceb17665b8c0bd31632432c1a00d772ec5752c7c3c8e62b2d4c5ff2e7b0e11666c5b14cd45c14055cd3e30b0b583ddb1dfa0b1736767b7e8ba7850be830

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_DBD1FAADD656881B5EBDBC1DB3D60301

MD5 104c6d50185d46018f5eccdd5d18ff4d
SHA1 c1728289294b5e4d235f985227a1cce5291a0c29
SHA256 a3cb6e3cdf2fe43be85c06e2c5da3377bf302589127dba8ac66a9a233170faac
SHA512 292019236ae46bc5cd041a896d7e39951c198d30db358d0c7e2a0c0f8a70257fa5259dac63d84db345a9b2b40ce7421fbcabb134d0bb31730faa65648430cec4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

MD5 aefd77f47fb84fae5ea194496b44c67a
SHA1 dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA256 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512 b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2309a738a9b154736adf5d736c32f1c4
SHA1 e64ebba89e1152e220beb655bcdea033023bb601
SHA256 02e6633a44ce6a3c41661cec0e3f9cd883ac04528a7002a5f2d31d36f94dd9f7
SHA512 58b722a4ad8b872c53fcdf03182b2ece711aa88e4871deebde57b3b94f0a4c89e3f5879e50b94da877f75aa8fef2b883924bf19bf6bb9156b97a61453c852ed4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f28bdfa761eb60abf34e37149274875b
SHA1 cc3c791985b4c9ab74f05c1cf8104f1f2a4c2780
SHA256 6265fc201f4d268352acdf97c2de6aeb30374e0acfb83947d96215cc6bd07114
SHA512 fbcd6df12489bae7d5b9df21ced3879179970799adb0101f3868d3527551e8f733cecd4db92f5d04f6be27c1bae1727f573fd6c56480feed7c01df02a7dc2b56

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 de70869833423a50b6125bae5387a87d
SHA1 f8fd52bf51434709aa57910102dc11e364de8c7d
SHA256 55fe72d72f0e7363b53edf43b048e76d56825ce79e09e83d2c00da134a298859
SHA512 1f2d31b29052baaedfafed7a9a4e491c7152a9453122a26debf5a30e1658ecfc59b0cf1b7fe0168a4f678f5a6b98cef4f60b0e3a99387b89de0b997995a2a9aa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3ba6ab97d4845200eb2acc60de2c3e92
SHA1 de46552b5e8c7c4acdd7017cac68bda53fa16a1c
SHA256 1064dba06de9671ce9db5c8964de50805db7cde9540e07d7e3d10128d2bcbdb0
SHA512 34b64404a961b9e92c299402e45b86df5390ef522bac98332994126cf78d77bfe207783d0a29947fae55e4c40e53a0720ea038755407131714c83a490aa41256

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 75f992a829026a6a8b52a5a53b18ab55
SHA1 470f4c13694d7ab6e40a28ce3c733198cb72d480
SHA256 804fa73988b30adc935178c977249fb355bab34772ac3d40d66d330233909ec4
SHA512 fd98276ebb651062c73d64c0a81fc1729cb1df56d5920b986331bfe66c9cf022501ab955a13e1d47c6d3bd7e25c3df7fdc783d9b7e1d88ebb9b8f748ec69542d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9f0a1e107dd89caf1cbb8719f411ed6c
SHA1 2a0fea9d5343762653ed6ea63b74acef83464afb
SHA256 25cc2df1b0ebf0c66f5dca3f3b08e5f7da2cf47f3bb640e38d4f4b98c8d6be1a
SHA512 b530f822997402fcf84b5696cb90e3ad4dc308c2922774925947bc8b7e6abb0e534cba635c643e2bdb6c486bf01fb33d863397d6af2d4788664502e167068563

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 43c9e9c97358751f88582177153cc1e1
SHA1 82135105b504b75846a0bfdf8f67d495a3d67ed4
SHA256 018150e0c85a424db7f1d83003f1f6e9bf98a212ad3c05d41052654537e30c59
SHA512 7abd2514b5d672b735f6ec16009d604c57fb8e18a0d8c90b2cc1dba2c0fe647ece41b6503550e195f710d077a9629da7c6b64422d6fa06dc65c2dfff552f9980

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fb15f0d87977d2c2f1801596e671a364
SHA1 28a2812519b94200cceb6cd9ef591c3df2c5eaf5
SHA256 cecceac46ef64dc21b77c06898d319b35e5f61aa62c2528998a987ba189582f1
SHA512 98273841036be38daf8289bd869e6bbf8df610f1a8f1ba527568d8ce358b93b561c3255d3f2823f8a332ecbba21ae3305d68d3231f89b9c48a555186b3cbf1df

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0fb7b7efa5f9e00d9385a0dd48e25b98
SHA1 9279ae166b74be4e6371188f9c4affa8b9e5b9ff
SHA256 cb225b03532ff62c59e807fafa5df83715d89f9415c5ed8d63aed5928d1edd33
SHA512 6995307ec58f5a5910bbd7e72aaebeafc5ab6bf4e805291300a766ad834bf3c4fa710574334ba3a52a69a9b873cc7f3d507bb3095c2a34c946656e95e4db5c34

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8b8ed4a983b5a1a38a5e659f6ee18266
SHA1 4edb9029d3f1b05c067633238efb55a123fa21fa
SHA256 48709e8a62140e06c6bf5af6bb0e5eaea1d598561cdad2c3ec94ed8555612676
SHA512 45831a4452e343627c8d0140422b22394f48d7c5e8e2cbd591bc4a43033aa7afbe3ce1020934171af76b4765ed21c711789243f2b643a022d5512d249a1485c4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 d38f661772a8f39166d372489f0fc9c6
SHA1 7e94c25bcd98d07879a205f3eee85f0d8f689e59
SHA256 a01c4ff4716f23451461d30f733349480c40ac43b8875d734cb741aaaf5652b6
SHA512 a7ef93d714c6224c5044ba96014c9417da5aa049de28bb6c218f73c2e087c21b938ff73667c1b6e04b75415e89c77d0d0d9aa9cbb88dc3e35c6e950a4f5c3614

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 f1c201e0592a3a326ca5e90d9138d068
SHA1 ae55dd133a130b260934a6428dc01b729cbb15a6
SHA256 bd152f7e32ba9b7379f87ca8dd525236e7da3506c28cf83128f5076db2335ea1
SHA512 a5b1fe463dacb205a8d1dabe386cfc76d84ae79f96a25238a7ba50f882cb2a27316815c1f0b024e04845960804b5011e7c9b5adcbd1de942148a4b951fa14fab

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 266dedd472130931a69e5f4d40e90d50
SHA1 0caadaa9cf1f456fa78c169d781ed77c0001d92a
SHA256 37709719f4557d6d0aca9dad93b00a1785731b1da417d88e520f69e88412f408
SHA512 fce8bcca9ac9686a56b0b86622109ba549844303e36cbc10adf8f6e4a650c435143945a403bcb88180b143556f4a77f0d8ab23066f7f58f093f04479b817d805

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019

MD5 c20dfe363f6c8c073cd6b1af689c770c
SHA1 4365003e50b7047922d60af0f6758f43892303a7
SHA256 1fefbb0ed5266f9aa0efd559d60e2f7c2ec68aa151f82c70bd358e5e64a4b8bb
SHA512 472c0741a1270957e541c9ffffe29afaa189a84b6fcb497fc88a4575dbd73c7ab6f627aa78239ddc055fc58657089d376ae15250b2a86c1346412d250008fb3d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT~RFf77adad.TMP

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 668cf8a240b19f6803ee41e0ddaf3da7
SHA1 181e9cb335fc9f2e214b6dd28060516bb1dd2b03
SHA256 26d9a543a79c7885f3a1534a1bfb94065c7d02dce9a518c9bb62024af8843e45
SHA512 154e16db169e57ce0fc592952ffc8e24dc3634894a043dfbb2d48fa6f98c7eccea1814de46f1a5a4ef4ba5396d20759aaa8d40e85c7f17f14837309719f7ec84

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\16434067-e238-4706-9cac-d9a33081728d.tmp

MD5 9b9cb93cfd1f8d9cb35a175add0f1020
SHA1 30f7d22a96bc94a19ee2963a7c472f91beecea84
SHA256 ffae8560c4cd347de081405b8eeb1b53aec2a6293fb4decf6d0b092d1b5113c1
SHA512 c9fae0c484552fa050ca5efe8414a440b3fb336403a302748b250b282bd783bb559c7bee1c2c2e9f1fe074d71072f04b64662ccef98e05bcd36e3c86f5a036ed

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 0795cbc7283823d31e1c5a486d5fc7e4
SHA1 f89afe8599b4f24a4c9027c158d8eafa14160af8
SHA256 7070f6c4e5c204bd89e40734fa5582896440a834a443670dd6b67b181759c269
SHA512 51c54717a9ea6dd1e9c635b646a8376702aa03d56c5a8a99a5c5013695343931b0e22ed48287c1a51730d79dd8e9d455ae0db064712c835d4d32294dc5a215c4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 f8c3233ce5bd36b50c0ad4d45c91059d
SHA1 b6a562be171ab26e9f562b9b99451d98bc2d23b9
SHA256 fd9a5e9e46cdccb1f1c1429a8e7d25ad7db8bae979cfecba2bda25540c11b486
SHA512 72650d1e1dfa84e7bf0cae749292771af129e64fe3c9a9a373b74ac16f364225acc59f88ed23fd18423e3d895c52addf788256ab675a66ca0850071c4bd7e0d2

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-03 10:23

Reported

2024-06-03 10:26

Platform

win10v2004-20240508-en

Max time kernel

149s

Max time network

157s

Command Line

"C:\Users\Admin\AppData\Local\Temp\butterflyondesktop.exe"

Signatures

Processes

C:\Users\Admin\AppData\Local\Temp\butterflyondesktop.exe

"C:\Users\Admin\AppData\Local\Temp\butterflyondesktop.exe"

C:\Users\Admin\AppData\Local\Temp\is-VKHJ6.tmp\butterflyondesktop.tmp

"C:\Users\Admin\AppData\Local\Temp\is-VKHJ6.tmp\butterflyondesktop.tmp" /SL5="$7020A,2719719,54272,C:\Users\Admin\AppData\Local\Temp\butterflyondesktop.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
NL 23.62.61.72:443 www.bing.com tcp
US 8.8.8.8:53 72.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 97.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 82.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 15.173.189.20.in-addr.arpa udp

Files

memory/632-0-0x0000000000400000-0x0000000000414000-memory.dmp

memory/632-3-0x0000000000401000-0x000000000040B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-VKHJ6.tmp\butterflyondesktop.tmp

MD5 c765336f0dcf4efdcc2101eed67cd30c
SHA1 fa0279f59738c5aa3b6b20106e109ccd77f895a7
SHA256 c5177fdc6031728e10141745cd69edbc91c92d14411a2dec6e8e8caa4f74ab28
SHA512 06a67ac37c20897967e2cad453793a6ef1c7804d4c578404f845daa88c859b15b0acb51642e6ad23ca6ba6549b02d5f6c98b1fa402004bdbf9d646abab7ec891

memory/4372-7-0x0000000000400000-0x00000000004BC000-memory.dmp

memory/632-13-0x0000000000400000-0x0000000000414000-memory.dmp

memory/4372-14-0x0000000000400000-0x00000000004BC000-memory.dmp