Malware Analysis Report

2025-04-14 02:03

Sample ID 240603-mp7wbabf5s
Target butterflyondesktop.exe
SHA256 4641af6a0071e11e13ad3b1cd950e01300542c2b9efb6ae92ffecedde974a4a6
Tags
upx
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

4641af6a0071e11e13ad3b1cd950e01300542c2b9efb6ae92ffecedde974a4a6

Threat Level: Likely malicious

The file butterflyondesktop.exe was found to be: Likely malicious.

Malicious Activity Summary

upx

Downloads MZ/PE file

Drops file in Drivers directory

UPX packed file

Executes dropped EXE

Legitimate hosting services abused for malware hosting/C2

Drops file in Program Files directory

Unsigned PE

Suspicious use of SetWindowsHookEx

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies data under HKEY_USERS

Suspicious use of AdjustPrivilegeToken

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Checks processor information in registry

NTFS ADS

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: GetForegroundWindowSpam

Enumerates system info in registry

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-03 10:39

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-03 10:39

Reported

2024-06-03 10:42

Platform

win11-20240508-en

Max time kernel

149s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\butterflyondesktop.exe"

Signatures

Downloads MZ/PE file

Drops file in Drivers directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\drivers\spoclsv.exe C:\Users\Admin\Downloads\Gnil.exe N/A
File created C:\Windows\SysWOW64\drivers\spoclsv.exe C:\Users\Admin\Downloads\Gnil.exe N/A
File created C:\Windows\SysWOW64\drivers\spoclsv.exe:Zone.Identifier:$DATA C:\Users\Admin\Downloads\Gnil.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\SupplementalDictionaries\en_US\Added.txt.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\Stamps\ENU\StandardBusiness.pdf.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\en-il\ui-strings.js.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\css\main-selector.css.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account-select\css\main.css.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\DigSig.api.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\cloud_icon.png.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\compare.png.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\eu-es\ui-strings.js.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\Locales\en-US.pak.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\en-gb\ui-strings.js.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\s_shared_multi_filetype.svg.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\ro-ro\ui-strings.js.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB.txt.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_folder-down_32.svg.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\icons_ie8.gif.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\images\themes\dark\s_close.png.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\Trust Protection Lists\Sigma\Other.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\VisualElements\LogoCanary.png.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.143.57\msedgeupdateres_cy.dll.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\tools\themes\dark\x_2x.png.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Onix32.dll.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\s_shared_single_filetype.svg.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_editpdf_18.svg.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\Locales\tt.pak.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\ca-es\ui-strings.js.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\nls\fr-fr\ui-strings.js.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\css\main-selector.css.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\bg_get.svg.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\themes\dark\files_icons.png.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\fr_get.svg.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\Locales\sk.pak.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.143.57\msedgeupdateres_kk.dll.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\fi-fi\ui-strings.js.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\nl-nl\ui-strings.js.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\images\s_close_h.png.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\win\CP1257.TXT.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\CollectSignatures.aapp.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_ellipses_selected-hover.svg.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\da-dk\AppStore_icon.svg.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\ResiliencyLinks\Trust Protection Lists\Sigma\Analytics.DATA.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\ro-ro\ui-strings.js.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\css\main.css.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\da-dk\ui-strings.js.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\tr-tr\ui-strings.js.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\vstoee100.tlb.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\ResiliencyLinks\Locales\da.pak.DATA.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\Trust Protection Lists\Sigma\Analytics.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ExtendScript.dll.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_filter-default_32.svg.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\faf_icons_retina.png.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\plugins\rhp\exportpdf-rna-tool-view.js.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\root\ui-strings.js.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\fr-ma\ui-strings.js.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\theme-2x.png.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\ResiliencyLinks\Locales\lt.pak.DATA.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\zh-tw\ui-strings.js.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\images\themes\dark\digsig_icons.png.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\images\dd_arrow_small2x.png.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\Locales\da.pak.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\fr_get.svg.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.151\goopdateres_ca.dll.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\ResiliencyLinks\Locales\ca-Es-VALENCIA.pak.DATA.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.143.57\msedgeupdateres_lo.dll.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E C:\Users\Admin\Downloads\InfinityCrypt.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\Downloads\InfinityCrypt.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133618847894882140" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\InfinityCrypt.exe:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Users\Admin\Downloads\BlueScreen.exe:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Users\Admin\Downloads\Gnil.exe:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Users\Admin\Downloads\MadMan.exe:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Users\Admin\Downloads\WinNuke.98.exe:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4852 wrote to memory of 4524 N/A C:\Users\Admin\AppData\Local\Temp\butterflyondesktop.exe C:\Users\Admin\AppData\Local\Temp\is-QNTH5.tmp\butterflyondesktop.tmp
PID 4852 wrote to memory of 4524 N/A C:\Users\Admin\AppData\Local\Temp\butterflyondesktop.exe C:\Users\Admin\AppData\Local\Temp\is-QNTH5.tmp\butterflyondesktop.tmp
PID 4852 wrote to memory of 4524 N/A C:\Users\Admin\AppData\Local\Temp\butterflyondesktop.exe C:\Users\Admin\AppData\Local\Temp\is-QNTH5.tmp\butterflyondesktop.tmp
PID 2812 wrote to memory of 3512 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2812 wrote to memory of 3512 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2812 wrote to memory of 4444 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2812 wrote to memory of 4444 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2812 wrote to memory of 4444 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2812 wrote to memory of 4444 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2812 wrote to memory of 4444 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2812 wrote to memory of 4444 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2812 wrote to memory of 4444 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2812 wrote to memory of 4444 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2812 wrote to memory of 4444 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2812 wrote to memory of 4444 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2812 wrote to memory of 4444 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2812 wrote to memory of 4444 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2812 wrote to memory of 4444 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2812 wrote to memory of 4444 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2812 wrote to memory of 4444 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2812 wrote to memory of 4444 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2812 wrote to memory of 4444 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2812 wrote to memory of 4444 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2812 wrote to memory of 4444 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2812 wrote to memory of 4444 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2812 wrote to memory of 4444 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2812 wrote to memory of 4444 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2812 wrote to memory of 4444 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2812 wrote to memory of 4444 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2812 wrote to memory of 4444 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2812 wrote to memory of 4444 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2812 wrote to memory of 4444 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2812 wrote to memory of 4444 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2812 wrote to memory of 4444 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2812 wrote to memory of 4444 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2812 wrote to memory of 4444 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2812 wrote to memory of 3692 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2812 wrote to memory of 3692 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2812 wrote to memory of 3368 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2812 wrote to memory of 3368 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2812 wrote to memory of 3368 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2812 wrote to memory of 3368 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2812 wrote to memory of 3368 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2812 wrote to memory of 3368 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2812 wrote to memory of 3368 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2812 wrote to memory of 3368 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2812 wrote to memory of 3368 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2812 wrote to memory of 3368 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2812 wrote to memory of 3368 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2812 wrote to memory of 3368 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2812 wrote to memory of 3368 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2812 wrote to memory of 3368 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2812 wrote to memory of 3368 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2812 wrote to memory of 3368 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2812 wrote to memory of 3368 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2812 wrote to memory of 3368 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2812 wrote to memory of 3368 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2812 wrote to memory of 3368 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2812 wrote to memory of 3368 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2812 wrote to memory of 3368 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2812 wrote to memory of 3368 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2812 wrote to memory of 3368 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2812 wrote to memory of 3368 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2812 wrote to memory of 3368 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Users\Admin\AppData\Local\Temp\butterflyondesktop.exe

"C:\Users\Admin\AppData\Local\Temp\butterflyondesktop.exe"

C:\Users\Admin\AppData\Local\Temp\is-QNTH5.tmp\butterflyondesktop.tmp

"C:\Users\Admin\AppData\Local\Temp\is-QNTH5.tmp\butterflyondesktop.tmp" /SL5="$3017A,2719719,54272,C:\Users\Admin\AppData\Local\Temp\butterflyondesktop.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd9efaab58,0x7ffd9efaab68,0x7ffd9efaab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1660 --field-trial-handle=1816,i,420036255267941828,9166104515753665034,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 --field-trial-handle=1816,i,420036255267941828,9166104515753665034,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2204 --field-trial-handle=1816,i,420036255267941828,9166104515753665034,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3080 --field-trial-handle=1816,i,420036255267941828,9166104515753665034,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3112 --field-trial-handle=1816,i,420036255267941828,9166104515753665034,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4172 --field-trial-handle=1816,i,420036255267941828,9166104515753665034,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4332 --field-trial-handle=1816,i,420036255267941828,9166104515753665034,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4508 --field-trial-handle=1816,i,420036255267941828,9166104515753665034,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4604 --field-trial-handle=1816,i,420036255267941828,9166104515753665034,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4612 --field-trial-handle=1816,i,420036255267941828,9166104515753665034,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4764 --field-trial-handle=1816,i,420036255267941828,9166104515753665034,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --reenable-autoupdates --system-level

C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x250,0x254,0x258,0x22c,0x25c,0x7ff70aeaae48,0x7ff70aeaae58,0x7ff70aeaae68

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4012 --field-trial-handle=1816,i,420036255267941828,9166104515753665034,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4540 --field-trial-handle=1816,i,420036255267941828,9166104515753665034,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4352 --field-trial-handle=1816,i,420036255267941828,9166104515753665034,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3108 --field-trial-handle=1816,i,420036255267941828,9166104515753665034,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3348 --field-trial-handle=1816,i,420036255267941828,9166104515753665034,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5072 --field-trial-handle=1816,i,420036255267941828,9166104515753665034,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3388 --field-trial-handle=1816,i,420036255267941828,9166104515753665034,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3348 --field-trial-handle=1816,i,420036255267941828,9166104515753665034,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3108 --field-trial-handle=1816,i,420036255267941828,9166104515753665034,131072 /prefetch:8

C:\Users\Admin\Downloads\Gnil.exe

"C:\Users\Admin\Downloads\Gnil.exe"

C:\Windows\SysWOW64\drivers\spoclsv.exe

C:\Windows\system32\drivers\spoclsv.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3308 --field-trial-handle=1816,i,420036255267941828,9166104515753665034,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4756 --field-trial-handle=1816,i,420036255267941828,9166104515753665034,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5288 --field-trial-handle=1816,i,420036255267941828,9166104515753665034,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4716 --field-trial-handle=1816,i,420036255267941828,9166104515753665034,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5112 --field-trial-handle=1816,i,420036255267941828,9166104515753665034,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5076 --field-trial-handle=1816,i,420036255267941828,9166104515753665034,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2796 --field-trial-handle=1816,i,420036255267941828,9166104515753665034,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1524 --field-trial-handle=1816,i,420036255267941828,9166104515753665034,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5324 --field-trial-handle=1816,i,420036255267941828,9166104515753665034,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3296 --field-trial-handle=1816,i,420036255267941828,9166104515753665034,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3264 --field-trial-handle=1816,i,420036255267941828,9166104515753665034,131072 /prefetch:8

C:\Users\Admin\Downloads\WinNuke.98.exe

"C:\Users\Admin\Downloads\WinNuke.98.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2716 --field-trial-handle=1816,i,420036255267941828,9166104515753665034,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5504 --field-trial-handle=1816,i,420036255267941828,9166104515753665034,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5504 --field-trial-handle=1816,i,420036255267941828,9166104515753665034,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2756 --field-trial-handle=1816,i,420036255267941828,9166104515753665034,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4876 --field-trial-handle=1816,i,420036255267941828,9166104515753665034,131072 /prefetch:8

C:\Users\Admin\Downloads\InfinityCrypt.exe

"C:\Users\Admin\Downloads\InfinityCrypt.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2744 --field-trial-handle=1816,i,420036255267941828,9166104515753665034,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5424 --field-trial-handle=1816,i,420036255267941828,9166104515753665034,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5456 --field-trial-handle=1816,i,420036255267941828,9166104515753665034,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4216 --field-trial-handle=1816,i,420036255267941828,9166104515753665034,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5232 --field-trial-handle=1816,i,420036255267941828,9166104515753665034,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1280 --field-trial-handle=1816,i,420036255267941828,9166104515753665034,131072 /prefetch:8

C:\Users\Admin\Downloads\BlueScreen.exe

"C:\Users\Admin\Downloads\BlueScreen.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 91.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
GB 142.250.187.196:443 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.200.14:443 apis.google.com udp
GB 172.217.169.46:443 play.google.com udp
GB 172.217.169.46:443 play.google.com tcp
GB 142.250.187.206:443 clients2.google.com udp
GB 142.250.187.206:443 clients2.google.com tcp
N/A 224.0.0.251:5353 udp
GB 20.26.156.215:80 github.com tcp
GB 20.26.156.215:80 github.com tcp
GB 20.26.156.215:443 github.com tcp
US 185.199.109.133:443 user-images.githubusercontent.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
US 8.8.8.8:53 collector.github.com udp
GB 142.250.187.202:443 content-autofill.googleapis.com tcp
US 140.82.113.21:443 collector.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
GB 142.250.187.202:443 content-autofill.googleapis.com udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 185.199.109.133:443 raw.githubusercontent.com tcp
GB 142.250.178.14:443 google.com tcp
GB 142.250.178.14:443 google.com udp
GB 20.26.156.210:443 api.github.com tcp

Files

memory/4852-0-0x0000000000400000-0x0000000000414000-memory.dmp

memory/4852-3-0x0000000000401000-0x000000000040B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-QNTH5.tmp\butterflyondesktop.tmp

MD5 c765336f0dcf4efdcc2101eed67cd30c
SHA1 fa0279f59738c5aa3b6b20106e109ccd77f895a7
SHA256 c5177fdc6031728e10141745cd69edbc91c92d14411a2dec6e8e8caa4f74ab28
SHA512 06a67ac37c20897967e2cad453793a6ef1c7804d4c578404f845daa88c859b15b0acb51642e6ad23ca6ba6549b02d5f6c98b1fa402004bdbf9d646abab7ec891

memory/4524-7-0x0000000000400000-0x00000000004BC000-memory.dmp

memory/4524-8-0x0000000000400000-0x00000000004BC000-memory.dmp

memory/4852-9-0x0000000000400000-0x0000000000414000-memory.dmp

\??\pipe\crashpad_2812_ZUAXMEKASXXXWOMG

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 6dae3dfb5de3f9112603b4e0a31982cc
SHA1 9b556a658cbd18b83aaef7eb80be75b637723ef0
SHA256 9422b8b82577b852316ba9a2aa857f3ee3fd206275b8b92c130423977b7dcda9
SHA512 9d5421db9103ba753c3c430032adcb3189305fe2941aeb2fbbe5d23559b12a325429d010617b88f91128ec36e7d52da3d45ddbfa153810894dc8743daf0c6e78

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a8ac62d039cb9236e639fc261d319bb4
SHA1 ceaaea0d05262b8363f3dcd9deec4e5396de0ad4
SHA256 91dbe30bdd62ba56acb42f920e37106fafece97584f13da194691d32fc2ab9c8
SHA512 6e091197fe9e6408a332334780a62242d78207018b3c21bdc54e154f3d95e350b9bfa5511d475bdae6ff6f8745fd11236fca7c9748ba2650182e2bd1edceb24f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 1eebb15019cc725c870fd65a46e24638
SHA1 2ef17c58042d599ba3cbd04d73d79efeefcd36cc
SHA256 fb1ddf230bde104c1bb811b3aefcd43773633c3fb3c1cb1eb759eb3af147f0c5
SHA512 bfcaa6bbfc7d7a7edd6878fc28318b571f710a0692bc96e0d51f23e90818edcd797db969c9620a257596541f61f1b417bed562744d2af01fd9e9652493fefd05

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\34c1ebb0-a618-4f62-a995-a23528da00a0.tmp

MD5 d8de39b924243316284bc6f04f1ce9e4
SHA1 7ef8c9684d56647d9fe3e5bd50bd8c3cfe2dbe1e
SHA256 47cad4bf0692123e0e247eea295bf4bf335d10393f26284e2c638bc80a10f79a
SHA512 56119cf1beb1038e64986d7b6588bc587e900bcdf19709848873dbae2c60c137fae7de817ad882a3d0c08b05ab4124bd00e3ae5c422eed48e0f4c8985454c2fe

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 87d2b19463da3271ae0296da221c54d4
SHA1 34fb596ed5a7500d984050fdb5428c1de9f80531
SHA256 729ab7998092cea163759073dc8cf70298b7ec1e707bfb471f03391c76aae6db
SHA512 8c149e4caed2632dc769d92cf2b3d6eb0d21555d399b925c0d8cf0444329bf9aadbaff52c7c36f2733fd340a3642ce7356c65c4c88e3388ce2ecf9b01ea39e70

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 0dffb57f54c153bfc41105526a543fe4
SHA1 e9e661ee2c1c9fe2fc98758a9309b5cefffe2fba
SHA256 ab069b55967cf1641a367611d97cce6a532bea32db59f23b2360bc91897c7eec
SHA512 8f40e368d5388eba2a6454755a09fdd959144055226fd9f315179e7de0385f86ad965440bce1ae96d7e08b9ff4fe3b1b9017fbe8860b9f133b5e6b65023966e8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0b2803c2a90af5d7cddebe12544dec9c
SHA1 cc31aae07dd60b5b0cf093cea912ef112ddc6782
SHA256 8762e61743c0e6ad911102c78cb89803fe35a37e4f080c570d855786d7217a59
SHA512 c0a3c59325a765cef8c229d1aac471a9d2665ffaa4adb57b16a62b2ca03545969cf88212fa8ee23fd6896ed89e25a4ea0980f495d09ea9143b5d503bfec77822

C:\Users\Admin\Downloads\Gnil.exe

MD5 37e887b7a048ddb9013c8d2a26d5b740
SHA1 713b4678c05a76dbd22e6f8d738c9ef655e70226
SHA256 24c0638ff7571c7f4df5bcddd50bc478195823e934481fa3ee96eb1d1c4b4a1b
SHA512 99f74eb00c6f6d1cbecb4d88e1056222e236cb85cf2a421243b63cd481939d3c4693e08edde743722d3320c27573fbcc99bf749ff72b857831e4b6667374b8af

C:\Users\Admin\Downloads\Gnil.exe:Zone.Identifier

MD5 0f98a5550abe0fb880568b1480c96a1c
SHA1 d2ce9f7057b201d31f79f3aee2225d89f36be07d
SHA256 2dfb5f4b33e4cf8237b732c02b1f2b1192ffe4b83114bcf821f489bbf48c6aa1
SHA512 dbc1150d831950684ab37407defac0177b7583da0fe13ee8f8eeb65e8b05d23b357722246888189b4681b97507a4262ece96a1c458c4427a9a41d8ea8d11a2f6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 fd2e61316149baf345427239fa11de77
SHA1 5fa5a317b560ed9a18613b12facfb54db9555126
SHA256 721bee2baf953bbb2cab75f7f04a64616924ec16bb08ed331e6bd5ae10cd2c58
SHA512 b9168d62fc4122c2c6209112478eaa702e6bbcb0d211582af807bc51c0c04319f4672994c4a9ad356cfda3754163e66a27f533c213e58263808852482009e13d

memory/2436-456-0x0000000000400000-0x0000000000444000-memory.dmp

memory/2436-463-0x0000000000400000-0x0000000000444000-memory.dmp

memory/1504-462-0x0000000000400000-0x0000000000444000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a51d1648bf9bb5c700a4447c041c046d
SHA1 048c41ddd42c006cf63672acfad34d08c1b1341a
SHA256 968892e250e00fb4658417b77afc43558d5bcd68356dad602107a4b3e1802c0e
SHA512 1188aed2f6780432d850f37b3e665a1e3af936466942e303ebfe91aa2dbaafa45ea6d83c83d3b0206ccf03153ba9df699a344c6ce23170e7fde04186b69bb245

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 af21fe2003b3855f3075a4e01d0ed61e
SHA1 525bd35078d10deef86407a2097e101d0ed10926
SHA256 a5e3102f9c43d5b385d9f4a827bab76ba8e2a113d482bde53bf58595812ade22
SHA512 0e1c2b415c250277a2c79f21252803ddb81f73bb209ec13f1b9a778ad7fe8991da9170f3342ebe84223931841cbf2f0d2b747d5afb8e159266cccd81418ac00f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58433e.TMP

MD5 7deae598c146b2a5a6db80e80e7cf10d
SHA1 f62a6add46969277c9aa7055b1cd7266cbaadde6
SHA256 3bdcbe53d7ff996fb4613a05715e18afb03927b19d6e4952d529f4dc1a3e8e3c
SHA512 7f111fec02974404ee3efde424c242bafe56f90f4d67a628d773edc5886f528e5aac4caf508480b2f35733659d01598ae03812472797668d0a180f9d91b7f137

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 71a4aaea5100bae42a8b3ac2568a2ea3
SHA1 a7257a4051af7c57fc6901e8a0582b29dc04fe5b
SHA256 dc6dd1281a9820812cd7bb5dc4fe72e1cbc38732ff69447a2a1a768b4f20f71c
SHA512 4f418ffc79e853abe41c658062d4a817f084d9018fc907b0bbe17d715d3d6429436db49481b92b244d7d78aa692b8fe50631a40bea15c9e587694476cb1373cd

C:\Users\Admin\Downloads\MadMan.exe

MD5 a56d479405b23976f162f3a4a74e48aa
SHA1 f4f433b3f56315e1d469148bdfd835469526262f
SHA256 17d81134a5957fb758b9d69a90b033477a991c8b0f107d9864dc790ca37e6a23
SHA512 f5594cde50ca5235f7759c9350d4054d7a61b5e61a197dffc04eb8cdef368572e99d212dd406ad296484b5f0f880bdc5ec9e155781101d15083c1564738a900a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 6218b04c66cb085d435df3bfff89b3e5
SHA1 bc5568f61aea329c05948a9e4b55d2d193e219d3
SHA256 f95369df27f198f0028c4d52030cc83e1b4e8ceb6c920b96626b6d5de6745024
SHA512 b6398c84c399b4b93bcd62bd1e651c4c7b73f827a4eb3e7794609a2109ac78941836a743d1cca2d475bb7fc949b168d95c3915d88d417cb2770abbb6cc01a3c8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2d62388ac27ed50ceb94ddc40f031291
SHA1 a837d7dc130d249b8b91ecb62067dab9986e8c2a
SHA256 0f9a023bb404dcfa890f73efd4a1c8b7f69d5eb100e302fa33e5a76fd4d585fd
SHA512 c8134299677b5a91fdf24a94f249cf3f9f8c0dcd545579269d043539d2d0089d00ebd53b43ea56ef3c431c7e1bce0ce5ff8c0d936e2408ed8602f2377bd330bb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 eaf1117cbb04bf671cb89c05bf56b370
SHA1 edd751dcebebc7edeeff96c6cd7e6807c07c21fb
SHA256 446c15116959e140ddef1c06763c9b199e943d9c1876a7adaa5d4de975619b6a
SHA512 e8f472f99d2e5409e754f6de28812eff35fa99329da5b06a74a49bce38690361d99d1e854000a6c8939c3584148f903ee441ca49d5d237e90f455ae53abf58fa

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 a51293c0d3c2a545afda042f23ee9664
SHA1 ac1d956352672291a38a3cd4e9487a480935c4e5
SHA256 6a1e9c63641c7b7cf7887a9814536baab2aa9b532ed154b10514be086c9d44f3
SHA512 4640cf5875a8a81699b2db80978ce7a3014d8fd72d7c3d30cd0ab92800ad8533fd60d7ced6a4bc06454db4a3c4bfbc4ec9bea66b3ccb5bac08c9ede8d4f33450

C:\Users\Admin\Downloads\WinNuke.98.exe

MD5 eb9324121994e5e41f1738b5af8944b1
SHA1 aa63c521b64602fa9c3a73dadd412fdaf181b690
SHA256 2f1f93ede80502d153e301baf9b7f68e7c7a9344cfa90cfae396aac17e81ce5a
SHA512 7f7a702ddec8d94cb2177b4736d94ec53e575be3dd2d610410cb3154ba9ad2936c98e0e72ed7ab5ebbcbe0329be0d9b20a3bcd84670a6d1c8d7e0a9a3056edd2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 3ce93a546f81065245365269e18f6799
SHA1 1da547545afc7d0a3c1baa0ea4911b51fa59f8c3
SHA256 67ea2c75f86fddf70be4b1a006eca5aa21ca4d922dd9edea43fc8b129d1db354
SHA512 34275818490db6b7c8b10a8398e3157cd41f00ed146051735461a8c6c058f65c45e6078c324e2116cb26285fbea9cf008a48889fc4fad48b4a2b95d6aacfd38b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 20e2d2c62fa0d828b3356e3b6fcfd8ad
SHA1 4f2b88af858201c72d95e0bfe7c3d12bd7d9b23a
SHA256 98a568bbb183f003bf8062cf08d5355e5b78343ae1b7d0a69c8392633eb6a711
SHA512 f19cd29e1f53d35c0ba3402e2234c80f4ecfa2ddd0ad1e986d64a172da4aa4c111a07d9b9aa5d47950c8a85e3eb4c430fcec1b2138849343c9b10228520bba97

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 e593d4ee60a3510c8a14dcb45794791b
SHA1 c363669eed3d5ef38bffd44b5c8ec26299237d7d
SHA256 ac62cc38e2e86ba2859a0042eee133f0e86bbca484b621921699e75a6b93c229
SHA512 c28923dc11341f57fa6802a187dee5341c84b46fc0bd6a2fd28e6509af739788eeb80b0e0beebbca7fabed48c005b3d4eb783931bd31bebe79dd6f9f4f1fcb9d

C:\Users\Admin\Downloads\InfinityCrypt.exe

MD5 b805db8f6a84475ef76b795b0d1ed6ae
SHA1 7711cb4873e58b7adcf2a2b047b090e78d10c75b
SHA256 f5d002bfe80b48386a6c99c41528931b7f5df736cd34094463c3f85dde0180bf
SHA512 62a2c329b43d186c4c602c5f63efc8d2657aa956f21184334263e4f6d0204d7c31f86bda6e85e65e3b99b891c1630d805b70997731c174f6081ecc367ccf9416

memory/4544-617-0x0000000000170000-0x00000000001AC000-memory.dmp

memory/4544-618-0x0000000004AE0000-0x0000000004B7C000-memory.dmp

memory/4544-619-0x00000000051B0000-0x0000000005756000-memory.dmp

memory/4544-620-0x0000000004CA0000-0x0000000004D32000-memory.dmp

memory/4544-621-0x0000000004BA0000-0x0000000004BAA000-memory.dmp

memory/4544-622-0x0000000004E30000-0x0000000004E86000-memory.dmp

C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_US_POSIX.txt.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E

MD5 fc3cee1e91951166308ffe87cb92bf04
SHA1 95bbe7caa21deef892c0a6cc27c4bfd5e57ad330
SHA256 b5b1a1e5a4122be081a88c569aaa30e1f4dee5e99865c036788c43ba8544cc50
SHA512 296e1a2465f8a74b533624360bdbbe684cf40258148b04b8f5c3e8e7d966434bfcec717e333a84c863a926aa429540374d05b740fcc7060dcb9d8d74ebd48093

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\icudtl.dat.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E

MD5 1cc2b950b8d76ea8f63579f46c6f0bd8
SHA1 bb654198a440479a1c154b21aa6a63859042e278
SHA256 1f3761403e0a6ad3879b251dc99d08d1a2c42dc4f24ee82e1316ef28a753edb5
SHA512 933c4e81aa9e50973cd540e27665c63325d189448282ec41cfb545e55559c31834f970ee67ed4a5349ab13f41e9948cc4f50609a2f2d709e818c056c73e3f01b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_remove_18.svg.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E

MD5 4aa6424b3c8c0e40facc000ee6c5cd23
SHA1 61ce539414aedeb98159060eefaf270413dffa93
SHA256 9584c44681990c28e761323e9f6044f4457995147a2e5f2f7c26373ec8fb46a6
SHA512 13255baa5f170ef44fa1ebf29b8c04462fac8143885c2acffec4cf4cf33e2609d492927ad0c417e232d12257e305d65913e6d00d1c9b45ac82df3f1bd1547420

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 fc1d48c1b23d9024fe1427f75f0bab3f
SHA1 626a45543f710b1cd97444b02ac0ac0ed22c1ef9
SHA256 790bf430990af0d9f8f3f5cc921cf158967311999ee799f8471f79677405f399
SHA512 60bc4beb9f0eb1b964cb16a68c4049ca955e97ece7b0053d0fe9ef93d95ca6f240e832c26ff3c223bdcc1a8ee8a6ad5261f81b6407b09b5a5af5a80dff4296fd

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\example_icons.png.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E

MD5 1380d90b90db9e6c8763bb27853d302b
SHA1 b5ae5d977b84358b8adb8d39e72fccaf50359767
SHA256 11d9f4e4a62e3d9e9f006b4c6e27d1d55efd713bca7417263e6cf0da9df2dc4e
SHA512 555b64c4ea98aa094236136f5899f8677744f95de40cea58a36ee860beb0c031dc47747c0e547c366a5ba7d9f73b60fa18b62c608a484faa0f990527c661bef1

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\example_icons2x.png.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E

MD5 879ae635ff885e0cbe70f071ba96912c
SHA1 7bbc8dae471c4debaadf4fd43b3a73b3989d2a8a
SHA256 856debfed34eddab9a033f45b15c0603b52316100595c1afbee38c98d10ea1fb
SHA512 ea760212037c73201372584b42d84d3676f2b24ce6e17c38dd6389aa29f5656f2d6ebdc3aeeefebdcaa82fb7da94045969cfb6d3f1301082738c5dde84e09da9

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon.png.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E

MD5 60c37b4f99558b8977e91cd154b547d2
SHA1 a2f9808b789c23a3b2cbcb139a2fe61dd380f72c
SHA256 fa0af793889a5f3e432c6ea78c45d8d18dee112bdac1d46d56ad6cafd45560ab
SHA512 0b060acb4916d24a89375506c5b9513097b6f5136ab1cd9922460ee76ede99357e87d89c40ec5ed66a0edf730ecbf2f43c1f3894b05499d8306cf87ec7caa087

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_2x.png.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E

MD5 37eeaa3f99e95b0d4fbf823e786bff9c
SHA1 9426199a2f7949e84e1b729ad024f7f01d697b5f
SHA256 643374a723f67e0a6fd047ca3d2e5d3bdf2f6b24bb29e247e60e4113fb676be3
SHA512 22e7a9ca9698c1f8bf17e6f4f1f2d375cb70a30a59c2053fa5c2409a796e6b170de40fb5951d12288688b803ad69e5635626353327c12817c201b47ac2e6e774

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover.png.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E

MD5 6400b04914444713730916c0fba497b4
SHA1 0d62126c5918778ac3031691116105e40919477a
SHA256 29488068c4e9a0933eac757724d782ab30ab05208ebabd15170d7a1724e7c73d
SHA512 9c788bb75defee4ec48f9fc32ecedb0180d37538aa42a410ed617590c9c97248407d7249a41c809285f5fece8b8841e9bdc2fcadf06d1b813cc93df5007778df

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover_2x.png.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E

MD5 25c7b559e5bfc278b889e466d0db546e
SHA1 633689bd4d4941ac6a4ee889c935c4036ca1617b
SHA256 7e550ff479e1af258ee18cb1450a88b1624a58fc3210d132e1039166bd2b4678
SHA512 a0a55ecc82cb18443c4ad88e798c3666a60d58946d4c9fcb8e650a52322241fede01adbaad6683d869ecb1a2a25b040919db3de0531129df39ee4aeb5a6f8319

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E

MD5 5f5f8ef38929747d106be32e19dbab68
SHA1 5b21015f3681be78371387132f68660d0a3a1d3f
SHA256 1732671f0999042ff9ed67ae471a6914dad9c80b6fb31a1a82bd03d475d6d270
SHA512 a354c624b4e08e68b2048af3f95c261ff6ef2ef7f1408578267ade2736aff7869be59f866c14b475191e06a8671a59639ad223b43a4d215d592013d75a3410b2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E

MD5 30f5072f83ca96d405ff96fb682e9512
SHA1 2d923c7fdd14f8d4bb8fc559c90dad2eb09b3812
SHA256 09b9b216402959bcf12d9c3c6994a57e157f100f5b1e4eb807e979371938764a
SHA512 f44a32933b70833359bdef4aa34acfd4974f11292215053dfc874fd54c1c298ea2014535e958b1c42f54694218c4a998b3f788c915f59cd680c21a2b25932fe3

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E

MD5 05f53ccfcff65238e5c320ed7244749b
SHA1 0ceefc5700ebf2ccfe9032e8937c4fd9b4c80d63
SHA256 85b50d474b5a65b8f745eef6a0b3002b86c02b29541ecf1e3d850d2cc980cd75
SHA512 63758cf782c8d34ed3b0da997650a236c1a73c28c9ff35eb562414f5bb4412eeb9113f8501c58a49a96bd6d0389b92de8773948fb51f2d27821869ac2b26ccfa

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon.png.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E

MD5 616fb6774d6ec7bef9dce5ce81995967
SHA1 a5fefd23cd9c117109c12750ab6730955df93959
SHA256 1517eb55a0e464f389177d2e0dfc3026b64c9c1d48529ac8a6bae3810f649228
SHA512 64f99bc2a315507176014918e29a701ed1fefe6ab9313d41625373a012fc1082c5c6116ae6f96959dc302809187da935d49ad15435155c62df2e3a019a7818c5

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons.png.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E

MD5 36a0d5561685a7611ce93d95a7586833
SHA1 d6ed9455d16a716a8ddbeb8ababf7f55260a4cb7
SHA256 f45239ca18a16108dc21a05b7dc57728a2e6e548dac0b51e3171b072a6e52b52
SHA512 6f07ad33fd26d114449a638ecd788dee4abd08bc98b8070fa3033350e74a1be4e9ef17656443534bcc7110780d50ba9fba3098ad3ee34bd648e40191aca3289d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons_ie8.gif.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E

MD5 5551610eca004d1c62dc14493af8dc84
SHA1 40f837a1caa8edb28887f58aa7c484dc661576e3
SHA256 c396131068fdb56b2e6cb5ecebcff5890ce89043563fd0d72bd4e26555ea7e24
SHA512 cb39cfef49d15e2e8d180f08344fc8867097c581ae16cc4a62d63fd5d0cbf7f4a41357ca27f779c8c33ae821e77557debe150938ff68ffadebd52580478fe4ef

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons_retina.png.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E

MD5 6b863cf5da682a02af92d9884c903041
SHA1 da1cf37304124af536b586c88647a0a520619402
SHA256 40b9f0b5e2369c6b276a54222d37c354afbab771016e7b7cbc88f7b2ddd96c1d
SHA512 84a37cfdd9820ade4782ee31033ffadaf6226df7f5b3600f818492bcadaf61c45e9a2fb871efde692e2bd0bb86cd593fc6b3cc88e7c2d84be23c93ecc4cbf28c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\new_icons.png.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E

MD5 74c7b4634a658b8fdb11a538366074a2
SHA1 fe33839efe7a03141b39046c80a062653b12369b
SHA256 cd1f30bd44575b7ba43761246281f82307e39d68b0688d454a6ba02c5d38db91
SHA512 5a8f237b32bf71c79a8fcf575b73de461ab95097881dc08470c574491a25e30716d2f8e791da16335af114fbd1280736c58ee57a810126df0d06354603c08b10

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\new_icons_retina.png.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E

MD5 5860ef656cb1fc673244d207c8687457
SHA1 6538634140541b31dcf67de746df79919a292aa7
SHA256 92155467a1f0a037a8d22db01cb16854e4e623eef631a9943128be27e61145af
SHA512 9c0ae6915fb0976283d764e791d5a6fc61ec229ea9d67c8423e8c0704dc7fc2e5dcaaf14d330243206e3b8ffc98878e0bdb943e25c65480934dbbddf99cf42de

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\bg_patterns_header.png.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E

MD5 c906e656937681ab97b2e14f1e404f3b
SHA1 74c5f14d78366b21447e7d50f9609f51e1cd93c2
SHA256 7febfada5c3aba01c0103acc236fc798aa2773f11a68c7d39e43c43d2d014472
SHA512 27dcbc7b2d599c3bed91cd05427cb09f233f279ea1a2c90bac34b0a6449a5d00a256a370b23931a347f1ba9f98f6811c11b83ef9c126ca60923f52aa276aa5a8

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\bg_pattern_RHP.png.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E

MD5 f566eae5fedaa784f13be603b2d18855
SHA1 b3b902fd4d37bc07ab26c77e157f1fb78f55ae0c
SHA256 4dc450759d38ceb7d86a70146a11a15b367344e7497e01293e571ec74e28b302
SHA512 a4156a6a4c4a229c7fc0700f31081659ca84530dbef32bd689f21ae644caf059f795f32ef5841c89ac28e362b3d028e02d6eac1b3437afd65d9115af0ddf7465

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\illustrations.png.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E

MD5 1904bf2061f6d95c7efcde7b611b2ed5
SHA1 73fd65c4d714b30c1ef907d2ca764609e90d3b30
SHA256 15ab9545db1979ade77f2304b28404e3d110724a4131e7c3a2d312b868856242
SHA512 8913133202dc569f5d7c7d8da9a9821dad7e818c21810c7779893fed9ba6160db6155fb52e62bdb654752d54ca8857719c818fbae33736b990bb21386e3e2505

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\illustrations_retina.png.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E

MD5 55bb3fc69a0789b6fb2ffdc2288231ed
SHA1 d932e8a9c8d8682e3b65d9613837189364d6cd97
SHA256 3e980fd99dbbf3b14a40d70618e67c4caa1b7734ce91ce2f17dcc8a79430625d
SHA512 4d49d02ee60b931635a3a48e28460b34f06041924215448bd2e322d241d0fd0e467dd64a58271b971218b2a0fc99bcf55b0bb1d2aed0e81512c2ea0e3657f354

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\en-gb\ui-strings.js.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E

MD5 97c1d02169bb79692e5333e95734468d
SHA1 b54d9996659ffe6952e96d721b1597cd5dc9a67b
SHA256 7f46e8755542d14bf4b7826b21c7f112228691f1ec0ba9a31a6a071a88a8da75
SHA512 70f0a217195890c62aa27d059e383a759fc328673523fcaf1f0f7f4083c72e75e345aa777529b404164f50f87ee3cbaa33037b0cc08de2644590867b965272bc

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\ui-strings.js.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E

MD5 d1ede067687d7ff11373ed4ea1191508
SHA1 cfce6a30429f0e887b9ab261ed97186bfdd7b701
SHA256 bcc6d2942e33627ad258135fd3e7b5bfd069efd2825a76a01452607b8a71a9fb
SHA512 1ae00845509e355de15ca1b16a77aabdcac5b7c3d28e1a1c50a56e6c29225a3b5f972b78dda3429f96a0e1ffded1099e3897989b3959be2de5ecdad8520f44d0

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\ui-strings.js.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E

MD5 21260554fc8048fa3daab0bdaa1b8641
SHA1 af296df6112ba49bb5d63501a68cc7608d100867
SHA256 0426a63cd7266f1d110a66429267355e74053e15eaa01c67d943f0a0ccb3a972
SHA512 a128da6051eeb73e0930101ffc5701ee077ba5431c4c2481eca15772aab4ffbbd369991666aa62cb98fadacecec423846b409b6b2ef70c903284ccc31b56e301

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\css\main.css.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E

MD5 a5e54f391b36085a9950074a51424279
SHA1 cf481eab7025cd45e186af2388fa8d8260b39311
SHA256 7dcea4e28530f77a2af5d6731501f6af01e28a9f2c04b128decbf1549d8f0844
SHA512 fef14c51bade1350514644c91b01b98cd7daae6f27ec0924151219d7e85f74bf7963dadc4b2aae252b90fdc86098cc61685da7a9f524ea9086ea4a698505ad9e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons2x.png.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E

MD5 6164d6815a3864bad0b246e38261b993
SHA1 afa4fb0d0cb5d118a9cdb13509f28b46428bfdee
SHA256 665fb6232d552056e41b2b5a7c8de313d18898e2befd8bb22849127cd5141198
SHA512 224cdd79949ce8f0aef81f6d9ecf9cc1f7be54f44e75e2827bf6a6290656ac2f9215387c35728684099044243b8b9df3206ec7d74257196a846697b0b3ad96a5

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview.png.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E

MD5 ca890ed90309c9bca1375d7bb83fd8d0
SHA1 3c89efb3ea3fc297c43bf285eba8b162d7306138
SHA256 a167e1480bfd152f193ba7ed385f93282f87dc25371b390a72aee9f6212d07eb
SHA512 ec13c311a1196d866e3c630a5798e34bc4995208eb3fdb518f5c028aa80a159cdd88b57334c3e2562a33eaa787b0b736c9fe3c660002a59cbb835e2c8a713b9f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons.png.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E

MD5 c5b1b5f626175d2a87b27bfb9bbaeea1
SHA1 075a08279c0b2f81419014ea4f461638f7375ba8
SHA256 123fd2cdf05200a38454af9ea725511d301b754b6496b505e2f753ae91b92725
SHA512 a943a859ebdbfa24a1173c45b8e17d8718c497155b4cbea24240d352c9be59d63c44bc11079217660e70b94bc3ca445eaaa3bf9963eba7370ed415c683b89f9d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\nub.png.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E

MD5 cdb2576df1a136ff88720a2bb34b8d2a
SHA1 08d399e87caf5ce6f809805197866a47c105588b
SHA256 14986be2243bab0b47b0d31f88c3f55323ccac96af770d42648b4279882ba1e4
SHA512 8e6dfb69abae2bd856837e6a192ef3326e5cf45b35a5eb5b6dc3138d301815cd76a80b27f4a12b2a66fa22572d719845232c119d623219e33a5fb74ca698d378

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small2x.png.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E

MD5 9334063829ed553b01566258a253978e
SHA1 04b9f0ad7aa43a6b6aae1e49f656fbeb4c29372e
SHA256 bed7f4bd57fbb3b662844d6369c0e73058a57ea4a6b2002bccd94926b4a28d37
SHA512 943177617dd51ea27d9f5143575cf312ac8662aa017e695ddd4ad9975d722fc1addfc09591636e2fc2808d50cf7b6ded588566c24f45406f36380b281e680fa4

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small.png.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E

MD5 6792684554d8558bb5eff151aec20433
SHA1 4ed742af0bc2095fc9437345d3cdbc953362f607
SHA256 cc589fd655d3e9f77afe33c8b0d70a51f512edd4f92d5096a0ccd4edc34b6227
SHA512 6b79f0b49dd3d2cf9baabe351131bd1fcf47077cee9852285e7f6f8526a4ff7162cb8d00848a4078204e0d6d9a4ef31958b9c196c7223714c8b3b7e273a60d9a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview2x.png.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E

MD5 32e35c765fc4c87a07a8bae0e23a928a
SHA1 3b44f9cc9ac8079349f3ec3deb5f16c83e2593c6
SHA256 9edbe41400d350f3af2a09e6fe55cad674841732d4d24c6b34cc2bd25fd5b09b
SHA512 67be0833792a09da9342eb4fd717ea0cb13313ce62212890c2d4b1d98b2b793607937e0736823a45818c92814a74f948ef79e2f0bf4e11972ae5ebd46fcb3d04

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\bun.png.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E

MD5 e46a6a7857f51a71d1fd0dd2182c9dce
SHA1 39814807234b986e726821b89a2a93dd3bdd3c22
SHA256 9213a62eeb6f807d0cc695048273e525b952c0d33f4bdf3ea50096c89593f20e
SHA512 d367082abf5d02eadfd3b4cd22c50ec76b24af05d1be8271143e2a6facf2deaf0b42a5f9cf91c6f8df274384b5c43f59bbdc63353dfb2de2f865f0db233fcbd6

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\nl-nl\ui-strings.js.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E

MD5 29e3f55ddfacd28c84e110b012b52056
SHA1 863400c7d567c1b5e32784d54cfe73d64ac26bb2
SHA256 19075a1f01149313a3f3b121e5e179cf80a9364b5960bc8e9bbf7082de06753c
SHA512 4c59cb7542d356b1d30a217e3d048500897cc1214df663c8cb46d23170f11fb92754a41c8c08f86ac5580580012ae8e702a9acc06572931ba0954ae7bb081ab1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 c05a674eff586dee021975d17e5eece7
SHA1 32ef897e3776a3ec26ae08834363d0e54fcd5385
SHA256 80f08754813b0d1a0629143b6806837aa8fb9b45db1666e6eec9b0defbd14685
SHA512 d6e57a5a314c09510a1a9580a70b7e32d93bd73eb08b8b11b04ef30c1a1d482f9f474b697ba0f1fa7cd804305ebb671f4807f24b49ac1a8fb6d39b27c33bf13f

C:\Users\Admin\Downloads\BlueScreen.exe

MD5 b01ee228c4a61a5c06b01160790f9f7c
SHA1 e7cc238b6767401f6e3018d3f0acfe6d207450f8
SHA256 14e6ac84d824c0cf6ea8ebb5b3be10f8893449474096e59ff0fd878d49d0c160
SHA512 c849231c19590e61fbf15847af5062f817247f2bcd476700f1e1fa52dcafa5f0417cc01906b44c890be8cef9347e3c8f6b1594d750b1cebdd6a71256fed79140

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 64b8eb611bf05a5f73f5de8a53e727c0
SHA1 7eee59c61768c8604163338e399cafea9d2ca41a
SHA256 b699a89e1f9139d3ae9f0a977d582b70c230b614046476215be2582c2175aa5f
SHA512 6d91d53fb40f89caa7c91410e4aaf516e0fde933a194b249cfe3773bd4efcd7041ec29ff94d84663b112d4f214f6060154794e922bca31f0a86fdc6b5b4909ec

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\notification_helper.exe.manifest.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E

MD5 ba6c570195c2f5cb72a38aed5f44bf52
SHA1 cea635ac741031579022132f246600e3eeccb625
SHA256 bc046d49bba0461b5f3823848a937d7b231e8169f8f356a13c008d32db1fe4b5
SHA512 499fb16d56391046fe3354634767e93afd557839246642839afb343066c3df9a15aa93fa96884226a4d7da86748d2aa071f737b3c436ad8f69b399aa3836768a

memory/1508-3782-0x0000000000400000-0x0000000000409000-memory.dmp

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\identity_proxy\identity_helper.Sparse.Internal.msix.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E

MD5 cee0c141a3ff4539eda531a7b1d51897
SHA1 c632988bcf8f92a0e0740282f746c94ba9d3dcc5
SHA256 7217b69069859383e1f2e701a72f06582068dd52daec8eec191aa7e9d22b1565
SHA512 9d43bfc330935eb3d42fd51f22792a3a214b7a32bac50bef0a27c79fb945e79b1424a63df90a45c4a59dc66b6371ff47eccdc39a547925fbd85144935b718d35

memory/1508-3927-0x0000000000400000-0x0000000000409000-memory.dmp

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\ResiliencyLinks\Trust Protection Lists\Mu\Other.DATA.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E

MD5 33da0c4fab4477cca386458775587ada
SHA1 32fdd1c399854db26094a25a106a29a492196915
SHA256 480620fe67707995f735457d86877db67286cf8e56206bc2f5bfec078c302a0f
SHA512 165086ad67b7be822d2f2ccf709074ecf75997829488dfc9fa53e8aca5538273c1bf07306eed21e32480dd502fe6984bf93efbbe7969852f45ef680320764f5b

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\Edge.dat.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E

MD5 e4709299d74e6e4adb0dcc9dc29ab9ea
SHA1 68501fdfef7f830b727dd52ea411db6905b38599
SHA256 f92554af5505847e79e7a558a24c02fcd7fd4f80247c2c2ddcfc8bba8607d3e7
SHA512 458a3149109b66b8f2e098e8cb10d9827c9f8e247235f407843be084a705194f5884e33e3de12e4d47a7fa65211c819d44f0da2d77ad4e5ccd323ee4ad709d1c

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\EdgeWebView.dat.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E

MD5 c555988209b14a907f915e2792fd79a8
SHA1 43f17ced2d019030193cbc07bc0d7926e8544039
SHA256 77f6632e055fcf11bb78e79cbeaeac09aed7a6c3f1db80ac77368970f02caae4
SHA512 c97e050fc44a308ee1503768aaf23578e0cbb2ef3189b7918772efd2567dbb3d88f3f82bc20a494d049a47c9504fc957d5f6b21e9d3df921c1d395166ecd668f

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\icudtl.dat.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E

MD5 cc1baf4d12755b9c79b4c59fecb4b207
SHA1 60707c26fd5dac4b69c2293e841f6853af5bb27e
SHA256 d6ce26f49f41e5e3ca368c7d9237dc932fb297b24fc8a3a73ce2416741a270df
SHA512 2c58c9bd3568475921c4ae41a5186e7a19caf80a711f83ed58326841004aae3d1cab515a4547c8ac4b3275806d3d8a09b1b75bb355361c66fe2813dc797efbf5