Overview

overview

10

Static

static

10

Malware-1-...30.exe

windows11-21h2-x64

10

Malware-1-...40.exe

windows11-21h2-x64

10

Malware-1-...32.exe

windows11-21h2-x64

10

Malware-1-.../5.exe

windows11-21h2-x64

10

Malware-1-...91.exe

windows11-21h2-x64

10

Malware-1-...ey.exe

windows11-21h2-x64

7

Malware-1-...ad.exe

windows11-21h2-x64

3

Malware-1-...ti.exe

windows11-21h2-x64

5

Malware-1-...an.bat

windows11-21h2-x64

7

Malware-1-...an.exe

windows11-21h2-x64

5

Malware-1-...ve.bat

windows11-21h2-x64

7

Malware-1-...ve.exe

windows11-21h2-x64

6

Malware-1-...ya.exe

windows11-21h2-x64

Malware-1-...re.exe

windows11-21h2-x64

10

Malware-1-...ry.exe

windows11-21h2-x64

10

Malware-1-...ck.exe

windows11-21h2-x64

3

Malware-1-...he.exe

windows11-21h2-x64

10

Malware-1-...op.exe

windows11-21h2-x64

7

Malware-1-...rb.exe

windows11-21h2-x64

10

Malware-1-...ue.exe

windows11-21h2-x64

1

Malware-1-...ng.exe

windows11-21h2-x64

6

Malware-1-...kt.bat

windows11-21h2-x64

7

Malware-1-...o3.exe

windows11-21h2-x64

10

Malware-1-...ey.exe

windows11-21h2-x64

10

Malware-1-.../m.exe

windows11-21h2-x64

Malware-1-...o3.exe

windows11-21h2-x64

9

Malware-1-...32.exe

windows11-21h2-x64

10

Malware-1-...nf.exe

windows11-21h2-x64

10

Malware-1-.../o.exe

windows11-21h2-x64

3

Malware-1-...B8.exe

windows11-21h2-x64

10

Malware-1-...ig.exe

windows11-21h2-x64

10

Malware-1-...rv.exe

windows11-21h2-x64

10

Analysis

  • max time kernel
    895s
  • max time network
    897s
  • platform
    windows11-21h2_x64
  • resource
    win11-20241023-en
  • resource tags

    arch:x64arch:x86image:win11-20241023-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    16-01-2025 13:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Malware-1-master/butterflyondesktop.exe

  • Size

    2.8MB

  • MD5

    1535aa21451192109b86be9bcc7c4345

  • SHA1

    1af211c686c4d4bf0239ed6620358a19691cf88c

  • SHA256

    4641af6a0071e11e13ad3b1cd950e01300542c2b9efb6ae92ffecedde974a4a6

  • SHA512

    1762b29f7b26911a7e6d244454eac7268235e2e0c27cd2ca639b8acdde2528c9ddf202ed59ca3155ee1d6ad3deba559a6eaf4ed74624c68688761e3e404e54da

  • SSDEEP

    49152:5aA7f7tlVmdqK23H2bpHI4Qs5ABV9WRHZRsgI82lcHGAaKLinXBgJ:Q+VMkX224QsWBq5SfARGRgJ

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 6 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 12 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs
  • Suspicious use of FindShellTrayWindow 27 IoCs
  • Suspicious use of SendNotifyMessage 13 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Malware-1-master\butterflyondesktop.exe
    "C:\Users\Admin\AppData\Local\Temp\Malware-1-master\butterflyondesktop.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:4016
    • C:\Users\Admin\AppData\Local\Temp\is-TMC56.tmp\butterflyondesktop.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-TMC56.tmp\butterflyondesktop.tmp" /SL5="$70224,2719719,54272,C:\Users\Admin\AppData\Local\Temp\Malware-1-master\butterflyondesktop.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Drops file in Program Files directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:4824
      • C:\Program Files (x86)\Butterfly on Desktop\ButterflyOnDesktop.exe
        "C:\Program Files (x86)\Butterfly on Desktop\ButterflyOnDesktop.exe"
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        PID:1652
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://freedesktopsoft.com/butterflyondesktoplike.html
        3⤵
        • Enumerates system info in registry
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of WriteProcessMemory
        PID:3608
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ffd662e3cb8,0x7ffd662e3cc8,0x7ffd662e3cd8
          4⤵
            PID:2272
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1896,4532098942493212996,7481552273828857844,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1924 /prefetch:2
            4⤵
              PID:5032
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1896,4532098942493212996,7481552273828857844,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2360 /prefetch:3
              4⤵
              • Suspicious behavior: EnumeratesProcesses
              PID:988
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1896,4532098942493212996,7481552273828857844,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:8
              4⤵
                PID:1144
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4532098942493212996,7481552273828857844,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
                4⤵
                  PID:1176
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4532098942493212996,7481552273828857844,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
                  4⤵
                    PID:3116
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4532098942493212996,7481552273828857844,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4660 /prefetch:1
                    4⤵
                      PID:260
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4532098942493212996,7481552273828857844,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:1
                      4⤵
                        PID:4816
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4532098942493212996,7481552273828857844,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:1
                        4⤵
                          PID:3176
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4532098942493212996,7481552273828857844,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4048 /prefetch:1
                          4⤵
                            PID:1544
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4532098942493212996,7481552273828857844,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1
                            4⤵
                              PID:2092
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1896,4532098942493212996,7481552273828857844,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5724 /prefetch:8
                              4⤵
                              • Suspicious behavior: EnumeratesProcesses
                              PID:3516
                            • C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1896,4532098942493212996,7481552273828857844,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6124 /prefetch:8
                              4⤵
                              • Suspicious behavior: EnumeratesProcesses
                              PID:3596
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4532098942493212996,7481552273828857844,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4108 /prefetch:1
                              4⤵
                                PID:5088
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4532098942493212996,7481552273828857844,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6392 /prefetch:1
                                4⤵
                                  PID:3344
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4532098942493212996,7481552273828857844,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6432 /prefetch:1
                                  4⤵
                                    PID:4048
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4532098942493212996,7481552273828857844,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1
                                    4⤵
                                      PID:892
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1896,4532098942493212996,7481552273828857844,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1020 /prefetch:2
                                      4⤵
                                      • Suspicious behavior: EnumeratesProcesses
                                      PID:1400
                              • C:\Windows\System32\CompPkgSrv.exe
                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                1⤵
                                  PID:1700
                                • C:\Windows\System32\CompPkgSrv.exe
                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                  1⤵
                                    PID:3216

                                  Network

                                  MITRE ATT&CK Enterprise v15

                                  Replay Monitor

                                  Loading Replay Monitor...

                                  Downloads

                                  • C:\Program Files (x86)\Butterfly on Desktop\ButterflyOnDesktop.exe
                                    Filesize

                                    3.0MB

                                    MD5

                                    81aab57e0ef37ddff02d0106ced6b91e

                                    SHA1

                                    6e3895b350ef1545902bd23e7162dfce4c64e029

                                    SHA256

                                    a70f9e100dddb177f68ee7339b327a20cd9289fae09dcdce3dbcbc3e86756287

                                    SHA512

                                    a651d0a526d31036a302f7ef1ee2273bb7c29b5206c9b17339baa149dd13958ca63db827d09b4e12202e44d79aac2e864522aca1228118ba3dcd259fe1fcf717

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                    Filesize

                                    152B

                                    MD5

                                    7bed1eca5620a49f52232fd55246d09a

                                    SHA1

                                    e429d9d401099a1917a6fb31ab2cf65fcee22030

                                    SHA256

                                    49c484f08c5e22ee6bec6d23681b26b0426ee37b54020f823a2908ab7d0d805e

                                    SHA512

                                    afc8f0b5b95d593f863ad32186d1af4ca333710bcfba86416800e79528616e7b15f8813a20c2cfa9d13688c151bf8c85db454a9eb5c956d6e49db84b4b222ee8

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                    Filesize

                                    152B

                                    MD5

                                    5431d6602455a6db6e087223dd47f600

                                    SHA1

                                    27255756dfecd4e0afe4f1185e7708a3d07dea6e

                                    SHA256

                                    7502d9453168c86631fb40ec90567bf80404615d387afc7ec2beb7a075bcc763

                                    SHA512

                                    868f6dcf32ef80459f3ea122b0d2c79191193b5885c86934a97bfec7e64250e10c23e4d00f34c6c2387a04a15f3f266af96e571bbe37077fb374d6d30f35b829

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                    Filesize

                                    768B

                                    MD5

                                    508fa9cbf27fca3549bc5a4b23606430

                                    SHA1

                                    6ac71827797ee3f4b7ad74efb15f623ad2dac1e8

                                    SHA256

                                    7b5929162df4699bdb47107e78c5d3cc23fa86d6edee7562191ca2ecd39d63c3

                                    SHA512

                                    0c20a9355f071b103f31e14ebc89ef89960a873570f3b6981962bb495321e8854a5d37f9bcf4c2afe256289a01e59a33722562313f3bcac873d60b930b5a177f

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                    Filesize

                                    384B

                                    MD5

                                    8923d24da53a383e19957df3f168d806

                                    SHA1

                                    3a2d3b7047d5726455ba94a2fe5c15f957adbe7d

                                    SHA256

                                    bd1fd1eac43d97e544bfd3ae17ee46d4db802224830ce9cafaf3acfd4d551ac3

                                    SHA512

                                    89850ca096d136aacd41cc3fbd07f2a11512a178a2eea11a6430e25d885da7441af3ae9b17f76d2b349309b1f5cc15a02698ff64f07b8fde69185d9e1b433cc7

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                    Filesize

                                    1002B

                                    MD5

                                    724a3b0c84320607bd6a9e3f4ec99c8a

                                    SHA1

                                    ab7188fa0d89a2008d41845afe93624767854533

                                    SHA256

                                    73475e0c00b3bdfa7bab0ea33ea83039150a7c14e2d7dd09bad39463506f99d4

                                    SHA512

                                    51b2663f6a146634352d614c29cf30fe5d5958a705f0fdcb6fc3d1187ff355b1dfc666742419cf646f128a6eb1c93e863acfb460f4bfc2477ac684079be80544

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                    Filesize

                                    4KB

                                    MD5

                                    678c353996fe907f71a37259df430a84

                                    SHA1

                                    9b3eb704ec1ccb4a6aeec921701341ca0f8ebe0a

                                    SHA256

                                    5be90d5e1d5a6cf0f909e009ffd6c472afe9768a41bcdbd41b9c3bebd8aea932

                                    SHA512

                                    3a58fb7b8519ccd60a66a68f5115cd9682e6db01ae00a67b13f762f72587dce6f54dd0e9e44f59a96e1d72b3fe7994244b57868f9f17ead3c2a8a375f62fcdf1

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                    Filesize

                                    7KB

                                    MD5

                                    373be0477264c689f9a69026c41648f2

                                    SHA1

                                    c0025a10e38f0cb062b56cf872884214bf4ce3d7

                                    SHA256

                                    352c12efa6d87054b5f87a35dda88e103a4d26da82cb53fba6701fec89699c50

                                    SHA512

                                    6e0f150454421a73e2e59a130383c3a24167bf81660627ffca621e021295ea631ec57c834505a0836c9c3de73739341ba2174bdfaa83ab08354519999259d110

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                    Filesize

                                    5KB

                                    MD5

                                    98d9d7c59216e7c1cfbecc618223d44e

                                    SHA1

                                    4e987efdbf8da044a56bb6cb3a8ded9fc4cb5e33

                                    SHA256

                                    8198a189520277ff348f6ed0b1fb1df44eaafcabb0465b5e6e7a6d5a3b29f294

                                    SHA512

                                    2bc9e845157f4d78ba221baa9bda5d4e445b941f2c3b3a55df2ff0919fb0f753a32794662cf1116834a84baae0243338982fccc2f3f0f39dc2bfc4d211cbe07d

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                    Filesize

                                    6KB

                                    MD5

                                    620c94f042adfdcaa2e593147a601505

                                    SHA1

                                    94bb35a7695d0ca9a9d8a61d429910f93ac286a2

                                    SHA256

                                    1e7f1d9ece0ca3a48dbd4a923c6b574c9af775a8b0f1ba30618d9f156898abc4

                                    SHA512

                                    f4150e4038cf0b30890cf6c8ed3a85b83e22dabcf524c3dc59196ba96ae2ff7c4d92d102f96151ada3ce7f89cba8bae7cc0d25e663a57c8618f458a4f7c96afa

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                    Filesize

                                    539B

                                    MD5

                                    4698231f3d5712de746aab5986cbfce1

                                    SHA1

                                    f7d91b67593c855cd478ce2ac91bb1f8a0e0d6d5

                                    SHA256

                                    8a6f545ea005dc6cc0352497d0b5571d469e02e8be05aa7ee6a9d9bcd6ec6239

                                    SHA512

                                    0c1bd011b38d0ac29af9a5592d5f07863b7d9901aa48c888fad3d02211732741ada81998d73ca08b1274f8e70c1b63b126247109f6d8e5c8ea60356858348db3

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe599a33.TMP
                                    Filesize

                                    539B

                                    MD5

                                    12f6998f8e1c9770f057c5b003c23a67

                                    SHA1

                                    9f72198f3978c5d91e8d0cca43b2108f17b264c6

                                    SHA256

                                    2c9c7db785677feba72e353b606097ec3ea2b916d568a23161b0bc6cc56101f1

                                    SHA512

                                    2b9e67e80850490cf54f52c70c229265626b37dd778732e4e2c7c8112cbe315e6eadc63e0d8abd8315a95522c4f225ed9af15e370387cb00c4a95b5ecea6c485

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                    Filesize

                                    16B

                                    MD5

                                    46295cac801e5d4857d09837238a6394

                                    SHA1

                                    44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                    SHA256

                                    0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                    SHA512

                                    8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                    Filesize

                                    16B

                                    MD5

                                    206702161f94c5cd39fadd03f4014d98

                                    SHA1

                                    bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                                    SHA256

                                    1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                                    SHA512

                                    0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                    Filesize

                                    11KB

                                    MD5

                                    4ad9312c7558ac731381e48ad2227278

                                    SHA1

                                    639064aad3f0789763c9d288a4b3126c0306682a

                                    SHA256

                                    c2b1b9c7f081f952659310c19bbf5cc8d8642e0666ed8f21065cb1d972ca1dec

                                    SHA512

                                    b544b2e1c9a59208bbe15fda358fa5ccbe69e322f3fbc4c2d105da72358e7407e008f6b7c451341345e9a9124c6565a3a12e7301714252e3a5cfa7c38491f3da

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                    Filesize

                                    10KB

                                    MD5

                                    58a2a02a006f1f5c37a23ffd0883e291

                                    SHA1

                                    068ce967550aa41d2ad0fe82c6604010a1633108

                                    SHA256

                                    4681fea1db1ce18167d8c2ceb2e93c4ab28ed0b61dfed2a8fd05a22f71aa09cb

                                    SHA512

                                    f003faa4d99a63ad43f73fa8af644c07290e8ba8bff49ee50504de25c46397e4ffa4e6559c961c8bceccb189ad1baf21db5ee935c1e8640f7a060bed9e967b42

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                    Filesize

                                    10KB

                                    MD5

                                    36aca03e69cd84c08ca7c5a89cba6ad5

                                    SHA1

                                    fe9ca2cdc8cd3215b8a737defe211d5754fd56d9

                                    SHA256

                                    380eb417242c62bcbfb7133d9f6444c98f22397a9a16aa791c163c0ac512ead6

                                    SHA512

                                    cd60c694a82d4bd2b9f7f1e5c28a245abef610a8338c88cf072f6c7184fad32376c615503824d1a8b080017ab379b8bb4ba0ee10681fcba14c18d5626486c9bc

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Temp\is-TMC56.tmp\butterflyondesktop.tmp
                                    Filesize

                                    688KB

                                    MD5

                                    c765336f0dcf4efdcc2101eed67cd30c

                                    SHA1

                                    fa0279f59738c5aa3b6b20106e109ccd77f895a7

                                    SHA256

                                    c5177fdc6031728e10141745cd69edbc91c92d14411a2dec6e8e8caa4f74ab28

                                    SHA512

                                    06a67ac37c20897967e2cad453793a6ef1c7804d4c578404f845daa88c859b15b0acb51642e6ad23ca6ba6549b02d5f6c98b1fa402004bdbf9d646abab7ec891

                                    Download Submit

                                  • memory/1652-326-0x0000000000400000-0x000000000070B000-memory.dmp

                                    Filesize

                                    3.0MB

                                    Download

                                  • memory/1652-381-0x0000000000400000-0x000000000070B000-memory.dmp

                                    Filesize

                                    3.0MB

                                    Download

                                  • memory/1652-127-0x0000000000400000-0x000000000070B000-memory.dmp

                                    Filesize

                                    3.0MB

                                    Download

                                  • memory/1652-398-0x0000000000400000-0x000000000070B000-memory.dmp

                                    Filesize

                                    3.0MB

                                    Download

                                  • memory/1652-165-0x0000000000400000-0x000000000070B000-memory.dmp

                                    Filesize

                                    3.0MB

                                    Download

                                  • memory/1652-397-0x0000000000400000-0x000000000070B000-memory.dmp

                                    Filesize

                                    3.0MB

                                    Download

                                  • memory/1652-41-0x0000000000400000-0x000000000070B000-memory.dmp

                                    Filesize

                                    3.0MB

                                    Download

                                  • memory/1652-189-0x0000000000400000-0x000000000070B000-memory.dmp

                                    Filesize

                                    3.0MB

                                    Download

                                  • memory/1652-190-0x0000000000400000-0x000000000070B000-memory.dmp

                                    Filesize

                                    3.0MB

                                    Download

                                  • memory/1652-191-0x0000000000400000-0x000000000070B000-memory.dmp

                                    Filesize

                                    3.0MB

                                    Download

                                  • memory/1652-202-0x0000000000400000-0x000000000070B000-memory.dmp

                                    Filesize

                                    3.0MB

                                    Download

                                  • memory/1652-208-0x0000000000400000-0x000000000070B000-memory.dmp

                                    Filesize

                                    3.0MB

                                    Download

                                  • memory/1652-396-0x0000000000400000-0x000000000070B000-memory.dmp

                                    Filesize

                                    3.0MB

                                    Download

                                  • memory/1652-232-0x0000000000400000-0x000000000070B000-memory.dmp

                                    Filesize

                                    3.0MB

                                    Download

                                  • memory/1652-279-0x0000000000400000-0x000000000070B000-memory.dmp

                                    Filesize

                                    3.0MB

                                    Download

                                  • memory/1652-395-0x0000000000400000-0x000000000070B000-memory.dmp

                                    Filesize

                                    3.0MB

                                    Download

                                  • memory/1652-394-0x0000000000400000-0x000000000070B000-memory.dmp

                                    Filesize

                                    3.0MB

                                    Download

                                  • memory/1652-393-0x0000000000400000-0x000000000070B000-memory.dmp

                                    Filesize

                                    3.0MB

                                    Download

                                  • memory/1652-392-0x0000000000400000-0x000000000070B000-memory.dmp

                                    Filesize

                                    3.0MB

                                    Download

                                  • memory/1652-307-0x0000000000400000-0x000000000070B000-memory.dmp

                                    Filesize

                                    3.0MB

                                    Download

                                  • memory/1652-391-0x0000000000400000-0x000000000070B000-memory.dmp

                                    Filesize

                                    3.0MB

                                    Download

                                  • memory/1652-390-0x0000000000400000-0x000000000070B000-memory.dmp

                                    Filesize

                                    3.0MB

                                    Download

                                  • memory/1652-327-0x0000000000400000-0x000000000070B000-memory.dmp

                                    Filesize

                                    3.0MB

                                    Download

                                  • memory/1652-330-0x0000000000400000-0x000000000070B000-memory.dmp

                                    Filesize

                                    3.0MB

                                    Download

                                  • memory/1652-342-0x0000000000400000-0x000000000070B000-memory.dmp

                                    Filesize

                                    3.0MB

                                    Download

                                  • memory/1652-352-0x0000000000400000-0x000000000070B000-memory.dmp

                                    Filesize

                                    3.0MB

                                    Download

                                  • memory/1652-389-0x0000000000400000-0x000000000070B000-memory.dmp

                                    Filesize

                                    3.0MB

                                    Download

                                  • memory/1652-362-0x0000000000400000-0x000000000070B000-memory.dmp

                                    Filesize

                                    3.0MB

                                    Download

                                  • memory/1652-363-0x0000000000400000-0x000000000070B000-memory.dmp

                                    Filesize

                                    3.0MB

                                    Download

                                  • memory/1652-364-0x0000000000400000-0x000000000070B000-memory.dmp

                                    Filesize

                                    3.0MB

                                    Download

                                  • memory/1652-365-0x0000000000400000-0x000000000070B000-memory.dmp

                                    Filesize

                                    3.0MB

                                    Download

                                  • memory/1652-366-0x0000000000400000-0x000000000070B000-memory.dmp

                                    Filesize

                                    3.0MB

                                    Download

                                  • memory/1652-367-0x0000000000400000-0x000000000070B000-memory.dmp

                                    Filesize

                                    3.0MB

                                    Download

                                  • memory/1652-368-0x0000000000400000-0x000000000070B000-memory.dmp

                                    Filesize

                                    3.0MB

                                    Download

                                  • memory/1652-369-0x0000000000400000-0x000000000070B000-memory.dmp

                                    Filesize

                                    3.0MB

                                    Download

                                  • memory/1652-370-0x0000000000400000-0x000000000070B000-memory.dmp

                                    Filesize

                                    3.0MB

                                    Download

                                  • memory/1652-371-0x0000000000400000-0x000000000070B000-memory.dmp

                                    Filesize

                                    3.0MB

                                    Download

                                  • memory/1652-372-0x0000000000400000-0x000000000070B000-memory.dmp

                                    Filesize

                                    3.0MB

                                    Download

                                  • memory/1652-373-0x0000000000400000-0x000000000070B000-memory.dmp

                                    Filesize

                                    3.0MB

                                    Download

                                  • memory/1652-374-0x0000000000400000-0x000000000070B000-memory.dmp

                                    Filesize

                                    3.0MB

                                    Download

                                  • memory/1652-375-0x0000000000400000-0x000000000070B000-memory.dmp

                                    Filesize

                                    3.0MB

                                    Download

                                  • memory/1652-376-0x0000000000400000-0x000000000070B000-memory.dmp

                                    Filesize

                                    3.0MB

                                    Download

                                  • memory/1652-377-0x0000000000400000-0x000000000070B000-memory.dmp

                                    Filesize

                                    3.0MB

                                    Download

                                  • memory/1652-378-0x0000000000400000-0x000000000070B000-memory.dmp

                                    Filesize

                                    3.0MB

                                    Download

                                  • memory/1652-379-0x0000000000400000-0x000000000070B000-memory.dmp

                                    Filesize

                                    3.0MB

                                    Download

                                  • memory/1652-380-0x0000000000400000-0x000000000070B000-memory.dmp

                                    Filesize

                                    3.0MB

                                    Download

                                  • memory/1652-128-0x0000000000400000-0x000000000070B000-memory.dmp

                                    Filesize

                                    3.0MB

                                    Download

                                  • memory/1652-382-0x0000000000400000-0x000000000070B000-memory.dmp

                                    Filesize

                                    3.0MB

                                    Download

                                  • memory/1652-383-0x0000000000400000-0x000000000070B000-memory.dmp

                                    Filesize

                                    3.0MB

                                    Download

                                  • memory/1652-384-0x0000000000400000-0x000000000070B000-memory.dmp

                                    Filesize

                                    3.0MB

                                    Download

                                  • memory/1652-385-0x0000000000400000-0x000000000070B000-memory.dmp

                                    Filesize

                                    3.0MB

                                    Download

                                  • memory/1652-386-0x0000000000400000-0x000000000070B000-memory.dmp

                                    Filesize

                                    3.0MB

                                    Download

                                  • memory/1652-387-0x0000000000400000-0x000000000070B000-memory.dmp

                                    Filesize

                                    3.0MB

                                    Download

                                  • memory/1652-388-0x0000000000400000-0x000000000070B000-memory.dmp

                                    Filesize

                                    3.0MB

                                    Download

                                  • memory/4016-0-0x0000000000400000-0x0000000000414000-memory.dmp

                                    Filesize

                                    80KB

                                    Download

                                  • memory/4016-2-0x0000000000401000-0x000000000040B000-memory.dmp

                                    Filesize

                                    40KB

                                    Download

                                  • memory/4016-13-0x0000000000400000-0x0000000000414000-memory.dmp

                                    Filesize

                                    80KB

                                    Download

                                  • memory/4016-47-0x0000000000400000-0x0000000000414000-memory.dmp

                                    Filesize

                                    80KB

                                    Download

                                  • memory/4824-7-0x0000000000400000-0x00000000004BC000-memory.dmp

                                    Filesize

                                    752KB

                                    Download

                                  • memory/4824-14-0x0000000000400000-0x00000000004BC000-memory.dmp

                                    Filesize

                                    752KB

                                    Download

                                  • memory/4824-16-0x0000000000400000-0x00000000004BC000-memory.dmp

                                    Filesize

                                    752KB

                                    Download

                                  • memory/4824-18-0x0000000000400000-0x00000000004BC000-memory.dmp

                                    Filesize

                                    752KB

                                    Download

                                  • memory/4824-37-0x0000000000400000-0x00000000004BC000-memory.dmp

                                    Filesize

                                    752KB

                                    Download

                                  • memory/4824-46-0x0000000000400000-0x00000000004BC000-memory.dmp

                                    Filesize

                                    752KB

                                    Download