9766f49c9656992e17f1ee591d34c269553ff568e2ead89ef8923fd646cee10e

Analysis

max time kernel
291s
max time network
236s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241211-es
resource tags

arch:x64arch:x86image:win10ltsc2021-20241211-eslocale:es-esos:windows10-ltsc 2021-x64systemwindows
submitted
18/12/2024, 23:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

butterfly_viewer_v1.1_win64_setup.exe
Size

28.2MB
MD5

ce1f0ef76887d0493d306180719e12e1
SHA1

63f7ea4f10b4bf2f15f571b178a4ad158e6ad80b
SHA256

9766f49c9656992e17f1ee591d34c269553ff568e2ead89ef8923fd646cee10e
SHA512

899f6bb0b2c706595b37bb4ba7d6ff85770d2422f38d1346dfe90db62362994b68004e423d53fbcba1038cbe1d52f3a911179059d8205fa7dc702afedafd63f7
SSDEEP

786432:MtWFg+rUGljmDc0oGqXr6HchlPykqZCNkY6CL5f:Meg+Y6jmDgO8hl7fl6sf

Score

7^/10

microsoft discovery phishing pyinstaller

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
524	butterfly_viewer_v1.1_win64_setup.tmp
5408	butterfly_viewer.exe

Loads dropped DLL 31 IoCs

pid	Process
5408	butterfly_viewer.exe
5408	butterfly_viewer.exe
5408	butterfly_viewer.exe
5408	butterfly_viewer.exe
5408	butterfly_viewer.exe
5408	butterfly_viewer.exe
5408	butterfly_viewer.exe
5408	butterfly_viewer.exe
5408	butterfly_viewer.exe
5408	butterfly_viewer.exe
5408	butterfly_viewer.exe
5408	butterfly_viewer.exe
5408	butterfly_viewer.exe
5408	butterfly_viewer.exe
5408	butterfly_viewer.exe
5408	butterfly_viewer.exe
5408	butterfly_viewer.exe
5408	butterfly_viewer.exe
5408	butterfly_viewer.exe
5408	butterfly_viewer.exe
5408	butterfly_viewer.exe
5408	butterfly_viewer.exe
5408	butterfly_viewer.exe
5408	butterfly_viewer.exe
5408	butterfly_viewer.exe
5408	butterfly_viewer.exe
5408	butterfly_viewer.exe
5408	butterfly_viewer.exe
5408	butterfly_viewer.exe
5408	butterfly_viewer.exe
5408	butterfly_viewer.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Detected potential entity reuse from brand MICROSOFT.
phishing microsoft

Detects Pyinstaller 1 IoCs

pyinstaller

resource	yara_rule
behavioral1/files/0x002c000000046257-1042.dat	pyinstaller

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	butterfly_viewer_v1.1_win64_setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	butterfly_viewer_v1.1_win64_setup.tmp

Checks processor information in registry 2 TTPs 14 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	butterfly_viewer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\SniffedFolderType = "Pictures"	butterfly_viewer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000050000001800000030f125b7ef471a10a5f102608c9eebac0a000000a0000000b474dbf787420341afbaf1b13dcd75cf64000000a000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000e0859ff2f94f6810ab9108002b27b3d90500000058000000	butterfly_viewer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\LogicalViewMode = "3"	butterfly_viewer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\FFlags = "1092616257"	butterfly_viewer.exe
Key created	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	butterfly_viewer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	butterfly_viewer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	butterfly_viewer.exe
Key created	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg	butterfly_viewer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\LogicalViewMode = "1"	butterfly_viewer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	butterfly_viewer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\MRUListEx = 00000000ffffffff	butterfly_viewer.exe
Key created	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell	butterfly_viewer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Generic"	butterfly_viewer.exe
Key created	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg	butterfly_viewer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\IconSize = "16"	butterfly_viewer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByDirection = "1"	butterfly_viewer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\IconSize = "96"	butterfly_viewer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\0 = 6a00310000000000925969b910004255545445527e310000520009000400efbe925968b9925969b92e000000f54e040000000c0000000000000000000000000000008945e50042007500740074006500720066006c0079002000560069006500770065007200000018000000	butterfly_viewer.exe
Key created	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	butterfly_viewer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	butterfly_viewer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	butterfly_viewer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Documents"	butterfly_viewer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202	butterfly_viewer.exe
Key created	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	butterfly_viewer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\0\MRUListEx = ffffffff	butterfly_viewer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	butterfly_viewer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0 = 5000310000000000925919b910004c6f63616c003c0009000400efbe8b596977925919b92e00000018090400000002000000000000000000000000000000fe4523014c006f00630061006c00000014000000	butterfly_viewer.exe
Key created	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2	butterfly_viewer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Mode = "4"	butterfly_viewer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1092616257"	butterfly_viewer.exe
Key created	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\1	butterfly_viewer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\MRUListEx = 0100000000000000ffffffff	butterfly_viewer.exe
Key created	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell	butterfly_viewer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:PID = "0"	butterfly_viewer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\GroupByKey:PID = "0"	butterfly_viewer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\MRUListEx = 00000000ffffffff	butterfly_viewer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	butterfly_viewer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	butterfly_viewer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1"	butterfly_viewer.exe
Key created	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}	butterfly_viewer.exe
Key created	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	butterfly_viewer.exe
Key created	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0	butterfly_viewer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	butterfly_viewer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	butterfly_viewer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	butterfly_viewer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\FFlags = "1"	butterfly_viewer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\GroupView = "0"	butterfly_viewer.exe
Key created	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\0	butterfly_viewer.exe
Key created	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	butterfly_viewer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	butterfly_viewer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	butterfly_viewer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	butterfly_viewer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupView = "0"	butterfly_viewer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	butterfly_viewer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0 = 820074001c004346534616003100000000008b596977120041707044617461000000741a595e96dfd3488d671733bcee28bac5cdfadf9f6756418947c5c76bc0b67f400009000400efbe8b596977925918b92e000000050904000000020000000000000000000000000000006a1fcf004100700070004400610074006100000042000000	butterfly_viewer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	butterfly_viewer.exe
Key created	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell	butterfly_viewer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	butterfly_viewer.exe
Key created	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings	butterfly_viewer.exe
Key created	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0	butterfly_viewer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\1\NodeSlot = "4"	butterfly_viewer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0 = 5a00310000000000925968b9100050726f6772616d730000420009000400efbe925919b9925969b92e000000f2600400000028000000000000000000000000000000151fde00500072006f006700720061006d007300000018000000	butterfly_viewer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\0\NodeSlot = "2"	butterfly_viewer.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
5408	butterfly_viewer.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
524	butterfly_viewer_v1.1_win64_setup.tmp
524	butterfly_viewer_v1.1_win64_setup.tmp

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
5408	butterfly_viewer.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	4120	firefox.exe
Token: SeDebugPrivilege	4120	firefox.exe
Token: 33	6096	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	6096	AUDIODG.EXE
Token: 35	5408	butterfly_viewer.exe

Suspicious use of FindShellTrayWindow 22 IoCs

pid	Process
4120	firefox.exe
4120	firefox.exe
4120	firefox.exe
4120	firefox.exe
4120	firefox.exe
4120	firefox.exe
4120	firefox.exe
4120	firefox.exe
4120	firefox.exe
4120	firefox.exe
4120	firefox.exe
4120	firefox.exe
4120	firefox.exe
4120	firefox.exe
4120	firefox.exe
4120	firefox.exe
4120	firefox.exe
4120	firefox.exe
4120	firefox.exe
4120	firefox.exe
4120	firefox.exe
524	butterfly_viewer_v1.1_win64_setup.tmp

Suspicious use of SendNotifyMessage 20 IoCs

pid	Process
4120	firefox.exe
4120	firefox.exe
4120	firefox.exe
4120	firefox.exe
4120	firefox.exe
4120	firefox.exe
4120	firefox.exe
4120	firefox.exe
4120	firefox.exe
4120	firefox.exe
4120	firefox.exe
4120	firefox.exe
4120	firefox.exe
4120	firefox.exe
4120	firefox.exe
4120	firefox.exe
4120	firefox.exe
4120	firefox.exe
4120	firefox.exe
4120	firefox.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
4120	firefox.exe
4120	firefox.exe
4120	firefox.exe
4120	firefox.exe
5408	butterfly_viewer.exe
5408	butterfly_viewer.exe
5408	butterfly_viewer.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5028 wrote to memory of 524	5028	butterfly_viewer_v1.1_win64_setup.exe	85
PID 5028 wrote to memory of 524	5028	butterfly_viewer_v1.1_win64_setup.exe	85
PID 5028 wrote to memory of 524	5028	butterfly_viewer_v1.1_win64_setup.exe	85
PID 4228 wrote to memory of 4120	4228	firefox.exe	97
PID 4228 wrote to memory of 4120	4228	firefox.exe	97
PID 4228 wrote to memory of 4120	4228	firefox.exe	97
PID 4228 wrote to memory of 4120	4228	firefox.exe	97
PID 4228 wrote to memory of 4120	4228	firefox.exe	97
PID 4228 wrote to memory of 4120	4228	firefox.exe	97
PID 4228 wrote to memory of 4120	4228	firefox.exe	97
PID 4228 wrote to memory of 4120	4228	firefox.exe	97
PID 4228 wrote to memory of 4120	4228	firefox.exe	97
PID 4228 wrote to memory of 4120	4228	firefox.exe	97
PID 4228 wrote to memory of 4120	4228	firefox.exe	97
PID 4120 wrote to memory of 3636	4120	firefox.exe	98
PID 4120 wrote to memory of 3636	4120	firefox.exe	98
PID 4120 wrote to memory of 3636	4120	firefox.exe	98
PID 4120 wrote to memory of 3636	4120	firefox.exe	98
PID 4120 wrote to memory of 3636	4120	firefox.exe	98
PID 4120 wrote to memory of 3636	4120	firefox.exe	98
PID 4120 wrote to memory of 3636	4120	firefox.exe	98
PID 4120 wrote to memory of 3636	4120	firefox.exe	98
PID 4120 wrote to memory of 3636	4120	firefox.exe	98
PID 4120 wrote to memory of 3636	4120	firefox.exe	98
PID 4120 wrote to memory of 3636	4120	firefox.exe	98
PID 4120 wrote to memory of 3636	4120	firefox.exe	98
PID 4120 wrote to memory of 3636	4120	firefox.exe	98
PID 4120 wrote to memory of 3636	4120	firefox.exe	98
PID 4120 wrote to memory of 3636	4120	firefox.exe	98
PID 4120 wrote to memory of 3636	4120	firefox.exe	98
PID 4120 wrote to memory of 3636	4120	firefox.exe	98
PID 4120 wrote to memory of 3636	4120	firefox.exe	98
PID 4120 wrote to memory of 3636	4120	firefox.exe	98
PID 4120 wrote to memory of 3636	4120	firefox.exe	98
PID 4120 wrote to memory of 3636	4120	firefox.exe	98
PID 4120 wrote to memory of 3636	4120	firefox.exe	98
PID 4120 wrote to memory of 3636	4120	firefox.exe	98
PID 4120 wrote to memory of 3636	4120	firefox.exe	98
PID 4120 wrote to memory of 3636	4120	firefox.exe	98
PID 4120 wrote to memory of 3636	4120	firefox.exe	98
PID 4120 wrote to memory of 3636	4120	firefox.exe	98
PID 4120 wrote to memory of 3636	4120	firefox.exe	98
PID 4120 wrote to memory of 3636	4120	firefox.exe	98
PID 4120 wrote to memory of 3636	4120	firefox.exe	98
PID 4120 wrote to memory of 3636	4120	firefox.exe	98
PID 4120 wrote to memory of 3636	4120	firefox.exe	98
PID 4120 wrote to memory of 3636	4120	firefox.exe	98
PID 4120 wrote to memory of 3636	4120	firefox.exe	98
PID 4120 wrote to memory of 3636	4120	firefox.exe	98
PID 4120 wrote to memory of 3636	4120	firefox.exe	98
PID 4120 wrote to memory of 3636	4120	firefox.exe	98
PID 4120 wrote to memory of 3636	4120	firefox.exe	98
PID 4120 wrote to memory of 3636	4120	firefox.exe	98
PID 4120 wrote to memory of 3636	4120	firefox.exe	98
PID 4120 wrote to memory of 3636	4120	firefox.exe	98
PID 4120 wrote to memory of 3636	4120	firefox.exe	98
PID 4120 wrote to memory of 3636	4120	firefox.exe	98
PID 4120 wrote to memory of 3636	4120	firefox.exe	98
PID 4120 wrote to memory of 3636	4120	firefox.exe	98
PID 4120 wrote to memory of 552	4120	firefox.exe	99
PID 4120 wrote to memory of 552	4120	firefox.exe	99
PID 4120 wrote to memory of 552	4120	firefox.exe	99
PID 4120 wrote to memory of 552	4120	firefox.exe	99
PID 4120 wrote to memory of 552	4120	firefox.exe	99

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\butterfly_viewer_v1.1_win64_setup.exe
"C:\Users\Admin\AppData\Local\Temp\butterfly_viewer_v1.1_win64_setup.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:5028
- C:\Users\Admin\AppData\Local\Temp\is-1DI0V.tmp\butterfly_viewer_v1.1_win64_setup.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-1DI0V.tmp\butterfly_viewer_v1.1_win64_setup.tmp" /SL5="$501C2,28707643,880640,C:\Users\Admin\AppData\Local\Temp\butterfly_viewer_v1.1_win64_setup.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  PID:524

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4228
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4120
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2004 -parentBuildID 20240401114208 -prefsHandle 1920 -prefMapHandle 1912 -prefsLen 23839 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a16aeee1-adf5-4fd5-baa6-22f37976ea7d} 4120 "\\.\pipe\gecko-crash-server-pipe.4120" gpu
    3⤵
    PID:3636
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2428 -parentBuildID 20240401114208 -prefsHandle 2420 -prefMapHandle 2408 -prefsLen 23717 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {25849693-2067-442e-bf88-3c0b5011fbce} 4120 "\\.\pipe\gecko-crash-server-pipe.4120" socket
    3⤵
    - Checks processor information in registry
    PID:552
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2980 -childID 1 -isForBrowser -prefsHandle 2936 -prefMapHandle 3052 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1136 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2bc449e6-b77a-4ced-8cac-dd3fabe2189d} 4120 "\\.\pipe\gecko-crash-server-pipe.4120" tab
    3⤵
    PID:988
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1280 -childID 2 -isForBrowser -prefsHandle 2568 -prefMapHandle 2564 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 1136 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ffadd4d1-b70e-4f51-b4ad-42e99ecb0e2e} 4120 "\\.\pipe\gecko-crash-server-pipe.4120" tab
    3⤵
    PID:2508
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4940 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4948 -prefMapHandle 4944 -prefsLen 29091 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3c9df571-1398-4d67-ac4f-fa018f540609} 4120 "\\.\pipe\gecko-crash-server-pipe.4120" utility
    3⤵
    - Checks processor information in registry
    PID:2056
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5324 -childID 3 -isForBrowser -prefsHandle 5424 -prefMapHandle 5420 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1136 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {feb45857-7bb3-4c62-ad13-fa45ea27476e} 4120 "\\.\pipe\gecko-crash-server-pipe.4120" tab
    3⤵
    PID:5896
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5324 -childID 4 -isForBrowser -prefsHandle 5632 -prefMapHandle 5536 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1136 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a717372f-4ffc-4ada-9020-bffcdd7e9a41} 4120 "\\.\pipe\gecko-crash-server-pipe.4120" tab
    3⤵
    PID:5948
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5792 -childID 5 -isForBrowser -prefsHandle 5712 -prefMapHandle 5716 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1136 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e2c9d32e-c7f2-4445-a1fa-8b14e6440413} 4120 "\\.\pipe\gecko-crash-server-pipe.4120" tab
    3⤵
    PID:5960
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5884 -childID 6 -isForBrowser -prefsHandle 5784 -prefMapHandle 1428 -prefsLen 27257 -prefMapSize 244658 -jsInitHandle 1136 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3c00577a-36f5-452e-be1e-7ba0ad14aa7b} 4120 "\\.\pipe\gecko-crash-server-pipe.4120" tab
    3⤵
    PID:4164
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5604 -childID 7 -isForBrowser -prefsHandle 6220 -prefMapHandle 6216 -prefsLen 27257 -prefMapSize 244658 -jsInitHandle 1136 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bf9ec421-a82d-4706-b484-88c0c7937a42} 4120 "\\.\pipe\gecko-crash-server-pipe.4120" tab
    3⤵
    PID:5344
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6344 -parentBuildID 20240401114208 -prefsHandle 6360 -prefMapHandle 6364 -prefsLen 33466 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {91c64dc9-b09e-4e50-a16a-ebdf571db710} 4120 "\\.\pipe\gecko-crash-server-pipe.4120" rdd
    3⤵
    PID:5828
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6336 -parentBuildID 20240401114208 -sandboxingKind 1 -prefsHandle 6396 -prefMapHandle 6400 -prefsLen 33466 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9699b272-5607-401d-b19d-0e40913257ef} 4120 "\\.\pipe\gecko-crash-server-pipe.4120" utility
    3⤵
    - Checks processor information in registry
    PID:5836

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3f0 0x4f0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:6096

C:\Users\Admin\AppData\Local\Programs\Butterfly Viewer\butterfly_viewer.exe
"C:\Users\Admin\AppData\Local\Programs\Butterfly Viewer\butterfly_viewer.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:5408

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xne5uxr5.default-release\activity-stream.discovery_stream.json

Filesize
19KB

MD5
1df935acab0918234d1f4f493cba6950

SHA1
97d9faa77c8d107b3453415f6f87cc879c80a6ae

SHA256
14e65d486951aa1d7f00c94babb7325e0c4e3a53a11b6607db2e0c0625beb4f5

SHA512
0c3b7d96386c23efa115ce0c28b7bdfeb0b397ed0507f467dd36e8068c1707bfa344710065ba192808964c9e222d8a14c990411685be2341ab5c084ebd23b03c

Download Submit
C:\Users\Admin\AppData\Local\Programs\Butterfly Viewer\MSVCP140.dll

Filesize
576KB

MD5
e74caf5d94aa08d046a44ed6ed84a3c5

SHA1
ed9f696fa0902a7c16b257da9b22fb605b72b12e

SHA256
3dedef76c87db736c005d06a8e0d084204b836af361a6bd2ee4651d9c45675e8

SHA512
d3128587bc8d62e4d53f8b5f95eb687bc117a6d5678c08dc6b59b72ea9178a7fd6ae8faa9094d21977c406739d6c38a440134c1c1f6f9a44809e80d162723254

Download Submit
C:\Users\Admin\AppData\Local\Programs\Butterfly Viewer\PyQt5\QtCore.pyd

Filesize
2.1MB

MD5
afd96516fb8084fad751f7b61f98a7ed

SHA1
20b1fb8a3a5e86318b0499592315c2767beb0cca

SHA256
84ea3fcf33bed9548066d6a7bfebb16927fcc74d3d47658203988cccc3c84b5b

SHA512
680d6c6352c23c486959d5785ff726acb0b9003c84c7b7f776d1c211ebaf05ade82a89e79a314cfba9f49f0e349806c4fc96e481b71d404ffd45acbb5cf93f80

Download Submit
C:\Users\Admin\AppData\Local\Programs\Butterfly Viewer\PyQt5\QtGui.pyd

Filesize
2.2MB

MD5
f0011b2527be004ca3e8999e3e4ec55f

SHA1
26b84d776db027e47ab4624803be7fe10856a623

SHA256
f7ec01ef370434bbee4751ea4b214804754aea730e46212a3e7a55533ecde1b5

SHA512
8153bbbf7b70e3d28109389fdfc705a2090ca984a5652548b0a0dda7c671333d1b232f15e67bbf1b175c11e651ca725e7ae7b57f7c54ff6cfe8da2f657d8b889

Download Submit
C:\Users\Admin\AppData\Local\Programs\Butterfly Viewer\PyQt5\QtWidgets.pyd

Filesize
4.7MB

MD5
c6ae6a686a9d3efae35d82b5475bd807

SHA1
c5d600318b5d7e3a9311dbf449014287637d387e

SHA256
44fd7b5468febd3049f3a97877f3b331d1017d1d5b52db1f0e42df264622f921

SHA512
146ebf4ebc8e975c9566e2a6577a2aa915a3c5c5c453c6ae467acf5135f3104a2c9fb385e942eace0d37549115bf99d2e1375770149d7963baf7e171190ccdab

Download Submit
C:\Users\Admin\AppData\Local\Programs\Butterfly Viewer\PyQt5\Qt\plugins\iconengines\qsvgicon.dll

Filesize
34KB

MD5
cecb7bc0845686333a293df8654dfff7

SHA1
0a32b97f1a98d1d591faacf84b3316d2e34f0769

SHA256
3f1259f48b6ecda2db14a6bb3047e780e556d11b8dc760ca503e1bf9411223c5

SHA512
06cdd30a0fe4e8a4b2b7f86ea22e3720e45943b528b00a900742b9775abbe774be378fa2749afcfaccc70f2a7392fcf9c5840a347a76bbc42697a014a04738f3

Download Submit
C:\Users\Admin\AppData\Local\Programs\Butterfly Viewer\PyQt5\Qt\plugins\imageformats\qgif.dll

Filesize
31KB

MD5
878af4c45f993d248ee2a4729a9dcd73

SHA1
5851eb979dedb860c1ca113ccb6168d971113e27

SHA256
29b2c8c3cb85d649cfea059890e61f87ce02be8aa6ff47b7e7b99180aa51ea86

SHA512
f3384d445f3517b193b71f3e3e5bef0a27298f542aa71ba74a3a52bec3307a29d2ef57377faade98441ce05fcb9ec8971cd9c0ef9445a9a150a64a7134b9deea

Download Submit
C:\Users\Admin\AppData\Local\Programs\Butterfly Viewer\PyQt5\Qt\plugins\imageformats\qicns.dll

Filesize
40KB

MD5
50a0f998cdc6ba61c72533f96d3f5c6b

SHA1
9381af059a44131016e55529e7e6333bce42bc0f

SHA256
20e853779a2cad9e00f0cf03142468aa864d09ab45864f74b87d974bac65671b

SHA512
af0ee2d4b55b58169a52c6fb4ecfa1e793ed90a583f11362e6f1f1cbde63da62e17d92c8a6317886452b22139f7841eab60eee981c2365658d7b352df56d2c4b

Download Submit
C:\Users\Admin\AppData\Local\Programs\Butterfly Viewer\PyQt5\Qt\plugins\imageformats\qico.dll

Filesize
31KB

MD5
5ad446ba93aa9f9e9ce751179fd27c2b

SHA1
4ed710605290320916a8467816ffb85558953a7f

SHA256
a9bed0f69e6b63f298f0e1efcc0a6b68ee9bc6b56346d3670fa0eb8b7d8cd8b6

SHA512
b919ee3e2823be285f3acb8716f89b39f58042a0a891a5f70095b22493a0fc6336838cb4eb643e54619bc05b93f96ef0acb3c1a0976e15d241619560169d73da

Download Submit
C:\Users\Admin\AppData\Local\Programs\Butterfly Viewer\PyQt5\Qt\plugins\imageformats\qjpeg.dll

Filesize
37KB

MD5
4b0236f1409d28036bdd18093e4580a0

SHA1
8001a5ad46f60ae491375be8a7f07ceee3d5c856

SHA256
dba7c18c2863a5953c2c703b1421f2b79c8c7ad953d8833b97669de2e784a256

SHA512
ed17f323c7b75f7dd8ed34fc00f9d957285fe96a6919e4c725adeb3207c74302d591c0d9b09f6c286854db50ed49e7d0ab37b65ea86fb914ceef4ddf564097ad

Download Submit
C:\Users\Admin\AppData\Local\Programs\Butterfly Viewer\PyQt5\Qt\plugins\imageformats\qsvg.dll

Filesize
24KB

MD5
5ee613089d338b1a59c54d10a369931c

SHA1
01e17e3e0960b6360c04ec9f631e60f17bb51520

SHA256
25c4baeeefe4096b68509e2467a57a37a02677e914a0b762c5da1b40e616b89f

SHA512
f4db2e8cfcf5a85b16d1b4456745186ab92bbd8050d356311a237615a5b4c43962ca1b0ab9616fe0c24900e14c210152b9c2c67280b6892884ab39b53b38c349

Download Submit
C:\Users\Admin\AppData\Local\Programs\Butterfly Viewer\PyQt5\Qt\plugins\imageformats\qtga.dll

Filesize
24KB

MD5
b0aa3369255041be41d9358297a79ebd

SHA1
c39fb25c0da9db88592c8c842596817a1930d0af

SHA256
97ac58b4e3dda6d8726481ab5a38e7d65bdfdc0b5a7ed1a63835142ac8497f4a

SHA512
da434e7e7e3768876059ead29383299e8f8344f09a8fa7266bcc40af52e2bed858f5c48cf0861e452ba83a0d86335134950ccc7ed53c4120c6e80ab1a3f1035c

Download Submit
C:\Users\Admin\AppData\Local\Programs\Butterfly Viewer\PyQt5\Qt\plugins\imageformats\qtiff.dll

Filesize
362KB

MD5
e5b11ecac4eaf7d4dfa7e344524a6fb4

SHA1
e892153a0e38743b804e116ada47dc3c8beaac91

SHA256
85fae95d8bcafab689703543a5d0024f7e7d30a6672f2762847925ecedda2f21

SHA512
24d169cdae0821133fc2e12677595b537deb84c4f00b7c80f23a3fec8ab8729e0b4ac0118555a90f14906273e073763ca6c30a7650f0037a5833990d0eb915b3

Download Submit
C:\Users\Admin\AppData\Local\Programs\Butterfly Viewer\PyQt5\Qt\plugins\imageformats\qwbmp.dll

Filesize
23KB

MD5
977d260e71ce622a1f637a996113c48d

SHA1
23e0ebf187e9494a42f8b2c9061630b882758051

SHA256
c6c8e61093afd115ea1593b567344d56c23bbbf3035375fe405ef171eb4f6cae

SHA512
cfb29ed7af8d88af43a705a428dadb4bf352d0c1b28b814cc3a3f2773629ecd67026ad952ff8d03cf2bca78c76780d22c12f96fcd65a685d1df1e1ec5fe53f7f

Download Submit
C:\Users\Admin\AppData\Local\Programs\Butterfly Viewer\PyQt5\Qt\plugins\imageformats\qwebp.dll

Filesize
494KB

MD5
4ecffb3d3537e78029aaa23450cc91f2

SHA1
1c99567c345c99c3dbd4681f47ca7e9b8600a6b3

SHA256
dcf6614c2261fed37bc0341c1b6fb6090cdb76a1a44fb18d1abb75edd4731bcb

SHA512
3645a2d674ede45d9d58a9cc107bc1104e596c7e0652e1fe441e74ff25ed8fd18ad8fb79a7218bbe39a72919654cdb1b64a25290b6b8d8aab8902da94558727c

Download Submit
C:\Users\Admin\AppData\Local\Programs\Butterfly Viewer\PyQt5\Qt\plugins\platforms\qminimal.dll

Filesize
729KB

MD5
b50d3a08e24df79ff574392321d496eb

SHA1
dce53584ccd4f4b760f43be54fc3bb912e26b2f2

SHA256
b81ecb2db5b76a6bb991f414956d8b3957d4c28124eec20276e6d0fb334571ac

SHA512
6556a6e8e5a7dd5e400d3f37966c720371156797758ea215aa6c195a7157f467bb053addd2d0f788e6bc7d0150910fbf94a18a5e95d2a7a6fcd6838eb451c691

Download Submit
C:\Users\Admin\AppData\Local\Programs\Butterfly Viewer\PyQt5\Qt\plugins\platforms\qoffscreen.dll

Filesize
631KB

MD5
576b9dd754786a4e5f5cd540d4c7c254

SHA1
2c51aefb8ea89c025d16167dcba099a69c0ffab5

SHA256
94c6e420773ce54e5e951e769ea1a036fa39e844422b2d2ca698d9742caebcf0

SHA512
60dbb23f21e4099e02b73fcd247fdb24f3ee7b226502c95c81295d91f8fc4faef13c67910b4bd039103c0f8164864cb6d6d9786098f8ef99e9432b7400b43062

Download Submit
C:\Users\Admin\AppData\Local\Programs\Butterfly Viewer\PyQt5\Qt\plugins\platforms\qwindows.dll

Filesize
1.2MB

MD5
89d8bf8decf390ee3df6ef6d68bf8634

SHA1
02d87bef069991658e9bcfa77c4ee95c8836c999

SHA256
93dc4b5383b91bf65d04f26b70ff0b2aa4977122a47a1de05ecfb6ad069bbade

SHA512
399702c1a8170b51ef4136bc075bcf3af19ad26b20859ec5a104cc81705655e4acdc4f073e5a82ea77f1e896ea34c474f5f7a0737ff56ef7d77771c1bc93a863

Download Submit
C:\Users\Admin\AppData\Local\Programs\Butterfly Viewer\Qt5Core.dll

Filesize
4.9MB

MD5
4c18637f3cd3c0adb3b1a61c424feedf

SHA1
823cecbd9a9a86aecff6fab765c03cca5e3ae98a

SHA256
b7d2e744b8d6a67145a16f1a47d2b0e8276478918df3b4c8963a7de7ae772d0b

SHA512
28508ea9c0de9847c2b49edf19fe9283edd2e2a541aac4a56562ccc9b4f8ee58e1bdbb26f1d657d1e06997c6c0b971354bc414356b6875d68ac571813177e702

Download Submit
C:\Users\Admin\AppData\Local\Programs\Butterfly Viewer\Qt5Gui.dll

Filesize
5.6MB

MD5
cd8ae6d00d280c1c2d372806db011a76

SHA1
549b3e27bba161eb9365c9e8b4cbf0f38aa224a7

SHA256
44e61f00e48d6bbc74c5cd262a2ba7351e7407d775bcff372e0c873fa124ea67

SHA512
df49747252c7223cde518af4cab09284baf441e1c910a53a75fbbef4ec20470d826bf72d67714c2d08353f925063b4fc14abb59d20e4a7ecda6c81e4ef41dccb

Download Submit
C:\Users\Admin\AppData\Local\Programs\Butterfly Viewer\Qt5Svg.dll

Filesize
322KB

MD5
5105d82c2a9d5cfbd2ac68eb06d9b720

SHA1
117d4475f9c0a19e1944aa9a6d0db3c1fe5607d6

SHA256
45197a70ace4594bc645c0dd7f38509b12a4820a7ee890c4de1f0884f03f6fe5

SHA512
8f63f83f9d15ba2199eb1f30a1d61ccf8358f2dd2d991a78abd169d792cc853f7e2524b9dfe7f10b3e684a103aed40e0bb2df797b297676183eac88a4e01deae

Download Submit
C:\Users\Admin\AppData\Local\Programs\Butterfly Viewer\Qt5Widgets.dll

Filesize
5.3MB

MD5
e660cf7dbee9866639e1dfd526ab94fc

SHA1
51d3277268406aadb17d1eeb22a214d40eafd47f

SHA256
51c291a08c82d3c104bf93affe4c1eda1136b5d26c885dce56378db01a28ce35

SHA512
eb1270c0cf40c4177d3da05b24535fa230363fa76b025c8b7519280e04a00820fd077fb90792cf9832b0786cb9c60fce4c80d0039b9948299b44bbdd3c26b5cf

Download Submit
C:\Users\Admin\AppData\Local\Programs\Butterfly Viewer\VCRUNTIME140.dll

Filesize
99KB

MD5
8697c106593e93c11adc34faa483c4a0

SHA1
cd080c51a97aa288ce6394d6c029c06ccb783790

SHA256
ff43e813785ee948a937b642b03050bb4b1c6a5e23049646b891a66f65d4c833

SHA512
724bbed7ce6f7506e5d0b43399fb3861dda6457a2ad2fafe734f8921c9a4393b480cdd8a435dbdbd188b90236cb98583d5d005e24fa80b5a0622a6322e6f3987

Download Submit
C:\Users\Admin\AppData\Local\Programs\Butterfly Viewer\VCRUNTIME140_1.dll

Filesize
43KB

MD5
21ae0d0cfe9ab13f266ad7cd683296be

SHA1
f13878738f2932c56e07aa3c6325e4e19d64ae9f

SHA256
7b8f70dd3bdae110e61823d1ca6fd8955a5617119f5405cdd6b14cad3656dfc7

SHA512
6b2c7ce0fe32faffb68510bf8ae1b61af79b2d8a2d1b633ceba3a8e6a668a4f5179bb836c550ecac495b0fc413df5fe706cd6f42e93eb082a6c68e770339a77c

Download Submit
C:\Users\Admin\AppData\Local\Programs\Butterfly Viewer\base_library.zip

Filesize
756KB

MD5
abe1861ed14b787c925125ac20311d68

SHA1
04c84fbd35921c716be22767a798b75166bf1feb

SHA256
ecfd34cd3168380aa0e22bfb858aaa7e94bff7f5f33970258a50e11e21f46c31

SHA512
5bd51c6f32efd366dcab5429d1acb97707648003f8603c89bb82f0d04b139eb204d2659e17b6a7ad15f1c6c827f3821e14ff8daccec27ff9947f063882450f63

Download Submit
C:\Users\Admin\AppData\Local\Programs\Butterfly Viewer\butterfly_viewer.exe

Filesize
1.5MB

MD5
25bdac7162f5c69b205fb9b70a4f2727

SHA1
8e56321c621628927160fd79b9b0f9b9b6676250

SHA256
6f762272cb109b95af6fe417c74bcab10b5bc0e989fa4d2b35efc17b62ea8aa8

SHA512
e2cbeae0172418aa92553be6f515a8ca1e0f38e075d124c104d4008929c36bd6b2713208bd48f157ebbcae5bce1d8216a5d4869747df50c4a51c2d9ff300d037

Download Submit
C:\Users\Admin\AppData\Local\Programs\Butterfly Viewer\icudt58.dll

Filesize
25.0MB

MD5
865065ef2d7b97ba457166e91e848ffb

SHA1
6e5f14e7135a4bf21098d4c21853d1c59640102a

SHA256
294b9f929dfc685f9f51e704d3e08d142373db0e121d32241394399fcbafbe80

SHA512
450f21a11418d1a6b1de99e9bc41d1e3b69208ad4b435a4c08f5d145f7503928f75d8268b654a474592ebd989e7960c26bc16882ebc73a6b463a0bef87cdd8e8

Download Submit
C:\Users\Admin\AppData\Local\Programs\Butterfly Viewer\icuin58.dll

Filesize
2.5MB

MD5
651d3e20c0c75e086ce65b612089a658

SHA1
f10ab027ae99ce0c57c158a8b1faf873c4b240e6

SHA256
a9dc7bbfedc1ada6241ca75bad6ab2b4b4ec4f47576bcbc8624ccdab9b8d1f52

SHA512
32652408e018851a066a67d03357e7d7d4d4ae3756b0ee3caac71d8fe540f8e097756c12e8694c4dc999e5a7b0ea54a7ccb978df0f7ac2e6f6644234aeb3ff90

Download Submit
C:\Users\Admin\AppData\Local\Programs\Butterfly Viewer\icuuc58.dll

Filesize
1.8MB

MD5
8d99430014fb205cf4ac49644f6aebe8

SHA1
c5b06c69aaabee4319e04aca821faf47eaf3dac7

SHA256
a547ac9ec241bd5142ba0b12fc046212bba62edc22e5b7a9a7ba9009166c37fb

SHA512
0d3b7867f5238fc52234aaad2e68dd3d40d2e08fa256bc3fce91f207af3693dec46348078e110529225a404db741eea866d276b70f073179f1714d1c29f31a0e

Download Submit
C:\Users\Admin\AppData\Local\Programs\Butterfly Viewer\libjpeg.dll

Filesize
265KB

MD5
ff184d55f832eba1b97ca9b10d7dfac8

SHA1
30c6a67ba542f7b82833de27d574c88ac46e11d3

SHA256
82bcfc9d05547f99674b0c02a5a68caddd5b344e5f16cfb5403ef2e6c1ca06b7

SHA512
0e68fd0f43ae8046823ee35f0660d2a9d07ca945b0b21f29149a1c5dc3e7702148e72cee8a6276d79276cfaeecc8a5ed54ad3acba2085809513d00c232289041

Download Submit
C:\Users\Admin\AppData\Local\Programs\Butterfly Viewer\libpng16.dll

Filesize
188KB

MD5
887bc1b296b8b99f94e836f2f9776b6c

SHA1
6f2b399dfb20d616bca38e6e961429729527cfd8

SHA256
9cfc6eeee22b3b182911708b5328cfeeb4010a084154fb0bfa1f0ec5e02bbdcd

SHA512
649c9f88996b4393d0d0feee5a1c4957765d7a1ac42ce486cab2dcb3ac927bfbe31b8c4a0232af6ab8aabd4bc8dc4091d0b3096eac3c97a66891dec6e793f407

Download Submit
C:\Users\Admin\AppData\Local\Programs\Butterfly Viewer\python3.DLL

Filesize
50KB

MD5
5657ece898ad01395d5519d6b9d4f702

SHA1
3c4b3953d9f7f1cf22e072f8e3ddb1dd4a1d5571

SHA256
f4d1883753957ec8d42de688c378362acb05ae50d4e68fabf40cd6b79216864f

SHA512
24ca5283e5809500e3eaed66e31664274ba77c96792665d1f18ad6e3819e0429d8dc9acc3319f3b31f8f405b68cb95cb7ef4eaa1283e29dfb33d889beb3f45da

Download Submit
C:\Users\Admin\AppData\Local\Programs\Butterfly Viewer\python36.dll

Filesize
3.5MB

MD5
2bbdb70668938de17195f64ecae2333d

SHA1
b39ed65a6e9567d8f2bc90abb6efab48b0c78309

SHA256
4a9a3a79dd6c578eb0df5639ceadd62d5aac77c5d44549b579a2e454f459d3fe

SHA512
3868187bc0ff355fb657fd27576066d35a82832eaba291b5fdda4f6e304def4ba3c54d4964049c0605dcd3c4464ec260ddac6c9f09afdeabcd6ac9914524dd2e

Download Submit
C:\Users\Admin\AppData\Local\Programs\Butterfly Viewer\sip.pyd

Filesize
106KB

MD5
cd24d539fa250adbe89b5d6b1f309b68

SHA1
6bebb1cf897bbce1957047092e85eeb6f68b5dc3

SHA256
d1ad833e4e9dfb8c85dd2bbbc12542cf3fedac2f44cd024505e69737126afe8f

SHA512
bd0d46dfd5237ce7306b0b8c07de5c580c32bc22d3c5ca2478a088baf6a0469f97ff7ad89dfe5f4456bac28affa5373cfaecc7c4844d36fc1520c322c7ffd53b

Download Submit
C:\Users\Admin\AppData\Local\Programs\Butterfly Viewer\zlib.dll

Filesize
85KB

MD5
d00d9d7b9e0215553c30bb974009356b

SHA1
4608882531ad0c106732682cbe746d911c38fc9a

SHA256
54c755e6b90499a5ef49a65ce9472535286fe4db3565a06c4a53f8a4833532dc

SHA512
8795959cdd8525b449193b90cebe81e8ae7876858a6cc706a255c6d2af5696be92e1dc93ef34551b4888b51c1f5dce920d834ef6ff8f8f4693cd4433e488dc56

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-1DI0V.tmp\butterfly_viewer_v1.1_win64_setup.tmp

Filesize
3.1MB

MD5
8753852c12dcc1b97f1aeb4ba47ef945

SHA1
22e36adc17e40a7f70223a0efdaf758e40f666ea

SHA256
329af3e38f66dc06ae3427ef7c5122ab9631bc832da5aaa88f5e1755f5a20d94

SHA512
792af81538f1e7ddc4a742aa04f4cfd348459cb38ad74160d2814bc5525d3386f4efd1df986b999999011fdf6ed523ff6547f192ec56806556f2451cf6ac60a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Butterfly Apps\Butterfly Viewer.ini.Uh5408

Filesize
217B

MD5
546c8c6d17dd9f1bc19937e97e3d3979

SHA1
02a82544953a673cb2809bc884b45cac9c71fec4

SHA256
a1d5040292589f362dd384908f15a455dd0bbc3f4406a796dd1e9c76ae10fb13

SHA512
58d15328d69ec3458932cbed52c22c0b77d51eb73e3895c197608c788899ad2580fb643c608f0387582ec6b58b108a26dcf177ca6d38e59934795c5fdb1cc323

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xne5uxr5.default-release\AlternateServices.bin

Filesize
6KB

MD5
7dab72040b4d4b87849d23f0182b46a5

SHA1
2525659e94430b6a853a66e84a944c107240e5c1

SHA256
520d91778e2bc4f2bb5c1953ebef3b2440628303fe44eb84f4897df7c87ff1a8

SHA512
16e17f88c98b5d4cfe601fd8c010bcd800fb5188dfa67ff360c73a92f5e2675363b9f15c543f4c49a79b1f22936dfc3b61dc32c9f2474e9f9333be2ab82ea561

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xne5uxr5.default-release\AlternateServices.bin

Filesize
10KB

MD5
c48b88cb7ff41d0159d03bb1c10dc349

SHA1
7699dc31017ab370b22c9960bd7768d004795bd8

SHA256
10824411eca34ef99b007030313f4039a3a2c77b83e6928bfe98fd1fec394f41

SHA512
645e37079668fd7085e5188e49ec6433cf8fa20bb93bda8c1f312d9ef65d3447dae31b692d99a052c4ea717d04cd1b7e14f35577c74375031218d60cd5a281a5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xne5uxr5.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
acc9f14859b2bec6c5cb51905c4455b5

SHA1
3b96904e079e9cef4830e18b49d3b57dc54dea0d

SHA256
cba285c118477303593dde8725d346cc50d9f817b89ef0a0a77989bf8ab9458d

SHA512
b92e78ba233408c09b1e46804984ab939d42a8bf006f6ae9b1abd24867b00da8a5280ee95ccf6c21942d1112a6f87fcc55ee10707393338b8629d063134acfe1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xne5uxr5.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
413c15981e3b903347cefaf8194c2fae

SHA1
5a9dcf7ea9eb30eabd3d99d5625b2b42fc7403f2

SHA256
21db47901d0b80c6bcaa0df7289c2380930a8d06f158fe76e5423f4977c10f4c

SHA512
182176693afc561d166e2341c43a0005e526a20d0d5df1b1e9079bdd8274a101e1bfc460c7cb7f2eb5e017f6bf51ca84d73e5e0cf34abc3563fcf5ef4cebc146

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xne5uxr5.default-release\datareporting\glean\db\data.safe.tmp

Filesize
7KB

MD5
9b72db4b45f59055dbefa54de314ee6d

SHA1
ce4b33061513b71cce12b5d69e935abc10f326a6

SHA256
24f5fc8647ece3c03de8deee2348adf81cd72536f7296813ddb38dd8d38734d8

SHA512
d9a64085b76893a0468ebd3c9e20290f4a0b463ffb108d14ea214fd2d58f518aa92dbacee0eabb4a99d8fe64c3c0ef12efd61d09694e519f16a8f454ebc00a1c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xne5uxr5.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
04002fd2062c7423ae8bf4f6fc58f11d

SHA1
c4eff90b80bc28887b1fde98342bb0c86fbc2dc1

SHA256
aae23810666043d4b26428d7108d7817b80d51ab2f86ae35a3e375f6d32baa88

SHA512
ede734f6781caab2aae99a5314de3d48f30c2828ec2cb50958bec4f350876aea18d447c6f9b09f6d00a8a292e2bbe683bf5fb1350e13ff392692472dd084ab61

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xne5uxr5.default-release\datareporting\glean\pending_pings\43abb72f-281d-4efe-a4fa-fd39565c80fd

Filesize
24KB

MD5
07b249c4f3782272992c114048e5cd9d

SHA1
37b0ef3d92322193446490e9abdc3ef408d0f4f9

SHA256
ba07cc01930a722b1fe99d9979e4be90d6db1d66959e96fda44e262109fbc78e

SHA512
6631cc521b9d4893c7ae66dc79ac675b0019625954b904b7aca435002f6197ef2a79f34f6d5bba538c1f5c12071d3a3ddc8a64a9f7f311a5a9888228efad9a7c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xne5uxr5.default-release\datareporting\glean\pending_pings\7339a7d6-4a01-45de-ab05-06bbafc110e5

Filesize
671B

MD5
375aeab03fc9375c1c2ae579fd53cde5

SHA1
545f20d1a5f59c31bb7b97afdd3986d4df742b5f

SHA256
a66777a23382fc719451865a81028b2acc774254584060699af65720912b5f52

SHA512
c675793845140c438cd1595bfbb7a7630a9e1d66a5980cf5abbe7af13cf1935f9700ff8f32cf0bdc6817200fb03a3ed6cb787be8c96176509014d445969dda33

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xne5uxr5.default-release\datareporting\glean\pending_pings\903e0f19-6db2-4276-a884-c9463e9542c6

Filesize
982B

MD5
e1474318b242c0a1af6c54c3e125cfeb

SHA1
e0a83f7e381344cb3944552ee07af1e73c9b769f

SHA256
1bbd292f7bd01751eba5472104f07e13ef2ca9c8bbce4fa9647e2f58e38d73dd

SHA512
f3bbd0c6782a734e96ace12e769014bb2f02cdb174768f1bfa17e03bddecd7bc7b18c32683d4183a20f8486cc9dc8c65f29fad26a59534449a6dea67e67f6d91

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xne5uxr5.default-release\datareporting\glean\pending_pings\f51e3e2c-d500-464f-b4c7-aa4fb858c2d8

Filesize
23KB

MD5
5164bf5195f6fbdc9af3f4a74968d13d

SHA1
9abff6b68519e2b7ad9e9f86514cb9753d1ff418

SHA256
cd4155e819a4f1841864f3d13b2b18a99177a9a2c8be6c7c357ef57b0c8f7407

SHA512
f8a82797da8cbea7a083ed7d38bae8e553defbfeca9e0ace1aa4e2a1204220056eb8ddc1368cd1675ca0f591a6ebbaea3dbacce435538b99d2d6f1a6aea855e0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xne5uxr5.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xne5uxr5.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xne5uxr5.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xne5uxr5.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xne5uxr5.default-release\prefs-1.js

Filesize
10KB

MD5
a9ddab34dae8effacfc76a12e575704d

SHA1
07ef0c05261e8c2c92a6357a79b18a0007968416

SHA256
31799106b173ef31d992edfb0b88d55c001904fc8f3a0c0044755df389e496df

SHA512
dc85fbbfbacc66a77d8b4e73927fde84413b4fd254a4eb3f94acd6daadce72e43a6a7888c5558f9dc7cc82ff6231b84c1b0158b0f9266c621b4559e9db949ef3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xne5uxr5.default-release\prefs.js

Filesize
10KB

MD5
d4a1ea62c50c257e394660694debd10a

SHA1
f40facc4085dad19d79faf6c241ea1b299b74967

SHA256
02af638c73d1d029b9c488acc6edd3e901acd7bf2f24feda211e93da715c149d

SHA512
6bf9bbcfec3ebd99a2ace5145267a3ba51f67fde1bbcff0d4d5ef41200e0be59bb77bc2f0214e4d909ac594f306125c8c23d2ff814917cf8052c969ae2d675c1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xne5uxr5.default-release\prefs.js

Filesize
11KB

MD5
f39fbdac4b47cbe1c3d6176ecfaebdb9

SHA1
b0a79493acce67023539c50e2365c5e157c4e508

SHA256
78d866a9831a123103a88a94b718f30ad9608f1d425dfaa33ba6d4a05a37b9cd

SHA512
8946d018f7e33a2a55851dcd91c538a0b8765f78b8e82d79da31bae363d910d635bce42b0bb5d02812d6b1160b876740ab200b51540782d0ce9c0cdc521f24b0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xne5uxr5.default-release\sessionstore-backups\recovery.baklz4

Filesize
1KB

MD5
61438939e803b73a203f4f1d5bec003d

SHA1
e2e72f7e2371f74669b8a0e96869ee9c46bb8ab9

SHA256
64ca68bdec8fe684cbcd7f3f775d09244bb69be0aae27efdba75e8bb5f9381b7

SHA512
046af2f7dafd01f40fba7920dbf63cf3ec3981ebb7bfd331339f6ac5d4fca0f754ff04e20b72f4b29db48be0d57c70d8faf0627dfb168ac96caf2372c560d376

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xne5uxr5.default-release\sessionstore-backups\recovery.baklz4

Filesize
22KB

MD5
ad82bb3ad55ad3c0c9c83972b9e7ec10

SHA1
0352bc9106c037babc73562ab08ac5abaffcd8c6

SHA256
614c390abb1694ba058ab61989d96f2a3194ab17823beaa57277a80344fe1ed3

SHA512
58050efc09e2df527f1b9030a793321a2e9fff8a191c549ffa8387bef3c592abfb3a5aa5f95a8e319cef9ee338a943dc55be3c1c7f11681a6d1db3c1ce3883ee

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xne5uxr5.default-release\sessionstore-backups\recovery.baklz4

Filesize
42KB

MD5
d7a893bcebd3ab0e19f0b719d32cd08f

SHA1
b4dd4641bdff42477cf860496521f6b335597346

SHA256
0b0cf0ed564ca871ad8c510dc04faf714a8cec6333824896a425a23ec925f43c

SHA512
0c82952f07976dd4b5775a183f2df25829c82bb43d77426af54079d95cd00b2ca6208f73e404cb9df44dcacb12a6ac5e79b752733e58a5f256787e672ed139e2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xne5uxr5.default-release\sessionstore-backups\recovery.baklz4

Filesize
19KB

MD5
a0f454ccc84df3a3120a234909f038e8

SHA1
f0742bb0a10969b3c5769edc5e2dbcab32ab717d

SHA256
f75a1d4f39f4a524312ddccda7d2efb0e4a9e321ad3e4f93b9b350ca6a334004

SHA512
d806778615b70dc8ac5433b32e7e80404cb187f8fcbff61fce0df0d29f8112899c77515dc8ccf3cb47e38b6970c185f75a81ba9f6a905bc849daa43e9306784f

Download Submit
memory/524-9-0x0000000000400000-0x0000000000720000-memory.dmp

Filesize
3.1MB

Download
memory/524-814-0x0000000000400000-0x0000000000720000-memory.dmp

Filesize
3.1MB

Download
memory/524-1047-0x0000000000400000-0x0000000000720000-memory.dmp

Filesize
3.1MB

Download
memory/524-1049-0x0000000000400000-0x0000000000720000-memory.dmp

Filesize
3.1MB

Download
memory/524-6-0x0000000000400000-0x0000000000720000-memory.dmp

Filesize
3.1MB

Download
memory/524-17-0x0000000000400000-0x0000000000720000-memory.dmp

Filesize
3.1MB

Download
memory/524-15-0x0000000000400000-0x0000000000720000-memory.dmp

Filesize
3.1MB

Download
memory/524-11-0x0000000000400000-0x0000000000720000-memory.dmp

Filesize
3.1MB

Download
memory/5028-1050-0x0000000000400000-0x00000000004E4000-memory.dmp

Filesize
912KB

Download
memory/5028-8-0x0000000000400000-0x00000000004E4000-memory.dmp

Filesize
912KB

Download
memory/5028-0-0x0000000000400000-0x00000000004E4000-memory.dmp

Filesize
912KB

Download
memory/5028-2-0x0000000000401000-0x00000000004B7000-memory.dmp

Filesize
728KB

Download
memory/5408-1084-0x00007FFE23540000-0x00007FFE23783000-memory.dmp

Filesize
2.3MB

Download
memory/5408-1091-0x00007FFE22870000-0x00007FFE22D2E000-memory.dmp

Filesize
4.7MB

Download
memory/5408-1092-0x00000000640E0000-0x0000000064637000-memory.dmp

Filesize
5.3MB

Download
memory/5408-1093-0x00000000640E0000-0x0000000064637000-memory.dmp

Filesize
5.3MB

Download
memory/5408-1066-0x00007FFE23790000-0x00007FFE239B3000-memory.dmp

Filesize
2.1MB

Download