Analysis Overview
SHA256
11287a97f1de649f766ceadda72c5f630c0f047ef198f6af798b137332c1243a
Threat Level: Likely benign
The file OZ_Zapisnica_2012_06_061.doc was found to be: Likely benign.
Malicious Activity Summary
Launch Agent
Resource Forking
Launchctl
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Checks processor information in registry
Modifies registry class
Suspicious behavior: AddClipboardFormatListener
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of WriteProcessMemory
Modifies data under HKEY_USERS
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-16 09:57
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-16 09:57
Reported
2024-06-16 10:00
Platform
win11-20240611-en
Max time kernel
122s
Max time network
124s
Command Line
Signatures
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133630055344592275" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-952492217-3293592999-1071733403-1000\{F8F749E5-931A-45EA-8AA8-6960987079D3} | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\OZ_Zapisnica_2012_06_061.doc" /o ""
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x10c,0x110,0x114,0xe8,0x118,0x7fff2b80ab58,0x7fff2b80ab68,0x7fff2b80ab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1596 --field-trial-handle=1756,i,9193583328562860798,1963529648254994000,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 --field-trial-handle=1756,i,9193583328562860798,1963529648254994000,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2188 --field-trial-handle=1756,i,9193583328562860798,1963529648254994000,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3036 --field-trial-handle=1756,i,9193583328562860798,1963529648254994000,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3172 --field-trial-handle=1756,i,9193583328562860798,1963529648254994000,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3912 --field-trial-handle=1756,i,9193583328562860798,1963529648254994000,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4376 --field-trial-handle=1756,i,9193583328562860798,1963529648254994000,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4556 --field-trial-handle=1756,i,9193583328562860798,1963529648254994000,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4436 --field-trial-handle=1756,i,9193583328562860798,1963529648254994000,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4452 --field-trial-handle=1756,i,9193583328562860798,1963529648254994000,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4140 --field-trial-handle=1756,i,9193583328562860798,1963529648254994000,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4856 --field-trial-handle=1756,i,9193583328562860798,1963529648254994000,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4956 --field-trial-handle=1756,i,9193583328562860798,1963529648254994000,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3312 --field-trial-handle=1756,i,9193583328562860798,1963529648254994000,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3388 --field-trial-handle=1756,i,9193583328562860798,1963529648254994000,131072 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x0000000000000494 0x00000000000004D0
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4300 --field-trial-handle=1756,i,9193583328562860798,1963529648254994000,131072 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3912 --field-trial-handle=1756,i,9193583328562860798,1963529648254994000,131072 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 20.42.65.94:443 | tcp | |
| SE | 192.229.221.95:80 | tcp | |
| GB | 2.18.66.43:443 | tcp | |
| GB | 2.18.66.43:443 | tcp | |
| NL | 23.62.61.97:443 | r.bing.com | tcp |
| NL | 23.62.61.97:443 | r.bing.com | tcp |
| NL | 23.62.61.97:443 | r.bing.com | tcp |
| NL | 23.62.61.97:443 | r.bing.com | tcp |
| NL | 23.62.61.97:443 | r.bing.com | tcp |
| NL | 23.62.61.97:443 | r.bing.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 172.217.169.46:443 | www.youtube.com | udp |
| GB | 172.217.169.46:443 | www.youtube.com | tcp |
| GB | 142.250.187.206:443 | www.youtube.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 104.21.69.70:443 | rickroll.com | tcp |
| US | 104.21.69.70:443 | rickroll.com | tcp |
| GB | 172.217.169.78:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | rr1---sn-aigl6nzk.googlevideo.com | udp |
| GB | 142.250.187.214:443 | i.ytimg.com | tcp |
| GB | 142.250.187.214:443 | i.ytimg.com | tcp |
| GB | 74.125.175.102:443 | rr1---sn-aigl6nzk.googlevideo.com | tcp |
| GB | 74.125.175.102:443 | rr1---sn-aigl6nzk.googlevideo.com | tcp |
| US | 8.8.8.8:53 | 102.175.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| GB | 74.125.175.102:443 | rr1---sn-aigl6nzk.googlevideo.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | udp |
| GB | 216.58.204.66:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.200.10:443 | jnn-pa.googleapis.com | tcp |
| GB | 216.58.204.66:443 | googleads.g.doubleclick.net | udp |
| GB | 142.250.187.214:443 | i.ytimg.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 216.58.204.66:443 | googleads.g.doubleclick.net | udp |
| GB | 216.58.213.6:443 | static.doubleclick.net | tcp |
| GB | 216.58.201.106:443 | jnn-pa.googleapis.com | udp |
| GB | 142.250.180.1:443 | yt3.ggpht.com | tcp |
| GB | 172.217.169.46:443 | www.youtube.com | udp |
| GB | 142.250.200.46:443 | youtube.com | tcp |
| GB | 172.217.16.238:443 | suggestqueries-clients6.youtube.com | tcp |
| GB | 172.217.16.238:443 | suggestqueries-clients6.youtube.com | udp |
| GB | 172.217.16.238:443 | suggestqueries-clients6.youtube.com | udp |
Files
memory/1924-0-0x00007FFEFAA90000-0x00007FFEFAAA0000-memory.dmp
memory/1924-5-0x00007FFEFAA90000-0x00007FFEFAAA0000-memory.dmp
memory/1924-3-0x00007FFEFAA90000-0x00007FFEFAAA0000-memory.dmp
memory/1924-2-0x00007FFEFAA90000-0x00007FFEFAAA0000-memory.dmp
memory/1924-1-0x00007FFF3AAA3000-0x00007FFF3AAA4000-memory.dmp
memory/1924-4-0x00007FFF3AA00000-0x00007FFF3AC09000-memory.dmp
memory/1924-6-0x00007FFF3AA00000-0x00007FFF3AC09000-memory.dmp
memory/1924-7-0x00007FFEFAA90000-0x00007FFEFAAA0000-memory.dmp
memory/1924-8-0x00007FFF3AA00000-0x00007FFF3AC09000-memory.dmp
memory/1924-9-0x00007FFF3AA00000-0x00007FFF3AC09000-memory.dmp
memory/1924-10-0x00007FFF3AA00000-0x00007FFF3AC09000-memory.dmp
memory/1924-13-0x00007FFF3AA00000-0x00007FFF3AC09000-memory.dmp
memory/1924-12-0x00007FFF3AA00000-0x00007FFF3AC09000-memory.dmp
memory/1924-11-0x00007FFF3AA00000-0x00007FFF3AC09000-memory.dmp
memory/1924-14-0x00007FFEF8730000-0x00007FFEF8740000-memory.dmp
memory/1924-15-0x00007FFEF8730000-0x00007FFEF8740000-memory.dmp
memory/1924-19-0x00007FFF3AA00000-0x00007FFF3AC09000-memory.dmp
memory/1924-20-0x00007FFF3AA00000-0x00007FFF3AC09000-memory.dmp
memory/1924-18-0x00007FFF3AA00000-0x00007FFF3AC09000-memory.dmp
memory/1924-17-0x00007FFF3AA00000-0x00007FFF3AC09000-memory.dmp
memory/1924-16-0x00007FFF3AA00000-0x00007FFF3AC09000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms
| MD5 | 646fbd00e81b500def69e13cf4cdf191 |
| SHA1 | 3cb3f9d18321a50346303f1a77de8d113af96d95 |
| SHA256 | 73dd3a215ba407c2bf6215cc476656d4fb46211a7e46ae2c573717cd53bf8759 |
| SHA512 | fe960f915b4bc86dc1e0461ca28741eeb135ab3233b8aaaa47d8942443c99f74ed53f595f04717d09bb2e0ab52c940ccc0c72fdec3abe072f07f08435dfe3fd9 |
memory/1924-44-0x00007FFEFAA90000-0x00007FFEFAAA0000-memory.dmp
memory/1924-45-0x00007FFEFAA90000-0x00007FFEFAAA0000-memory.dmp
memory/1924-47-0x00007FFEFAA90000-0x00007FFEFAAA0000-memory.dmp
memory/1924-46-0x00007FFEFAA90000-0x00007FFEFAAA0000-memory.dmp
memory/1924-48-0x00007FFF3AA00000-0x00007FFF3AC09000-memory.dmp
C:\Users\Admin\Desktop\CheckpointRepair.jpg
| MD5 | 84539266874c1a9e1881f5938d93fb28 |
| SHA1 | 83fbc8dfade968214c68404468e1aceeb04ee288 |
| SHA256 | ee087517b178c8c1c8a60e76e9af2283b0b28364b54bd785d4dc8997abb8b490 |
| SHA512 | 02c96f4c21ae1b79d8039057e7bb1e27c75be5ef2b24f7169414e323070e0673e4974770985f38134a65cb9df1a9f60832228cb58bcf5ff86080ca84f1b8f8d6 |
C:\Users\Admin\Desktop\CloseReceive.mhtml
| MD5 | 3335dc842aa7cc8d541b45037c3c9e50 |
| SHA1 | ed16e8711c97a948bacb1cbab9bf2f1bfb385708 |
| SHA256 | 837d121f08786b8a27f6325041985ea23f012b1c27571d365b0dd6caa3426e29 |
| SHA512 | 2c99a63d07f60f29717e8b9154a8cb0bb14dfe245d4ce595ac45199cd6ad4eb24538d32ca91106f59bcc60fd77e805325469b1f90afbf51351b9d2d392c9df87 |
C:\Users\Admin\Desktop\CompleteGet.ods
| MD5 | a19675d8999bf829ffa971c0398b60c2 |
| SHA1 | 0a7a0809cfdd4b0b00b37f3a426256a3e2462254 |
| SHA256 | e1a1c1ecf2e917c87f158f9b965a5fc5b008a579a91989c8cd7423ec707f9eb6 |
| SHA512 | 41a6401d8a73d5cf6fccdb7838f9666136d541ba21a51e03900d43f865807969c7a34477f3f74c4790757c8e87ff96f6bedd814f8ced3a2ac319f3d7127ea823 |
C:\Users\Admin\Desktop\CompleteUninstall.mov
| MD5 | 275c54c1c6e82cac82c4835cf070cbfd |
| SHA1 | 90505551778a81dff99115800ed7f2fd881ee504 |
| SHA256 | 77844361eaad7793bbe80dcd4f3a98acb74737f5940d5f1db326e69bc4d465c2 |
| SHA512 | dbde2aae961b03040fff36ccf84ee2c0f89089bc90e08e3d1bf3c1c5f22f688024c9a3f129e152f0f76f3127625aec55a9b47150e32be6d8fc506929775dbe83 |
C:\Users\Admin\Desktop\CompressCopy.svg
| MD5 | bf8c56eae39216d5ebd4d4580fdf9fa3 |
| SHA1 | f0b52216b306a9ee2eb5ce080409a81ed496cede |
| SHA256 | 43275a5b693925499b1d99396a3a2177736e991f3f627b529f236a43666828bf |
| SHA512 | 4886d0ed0c01798ad05541d2d092bcb110f63a124b247045e71f209418ae447089cd3a4a00e543992491717550b716a97243ccc87d477c884f6411cd145ab93c |
C:\Users\Admin\Desktop\ConvertOpen.rle
| MD5 | b3a152ed2aa81f8bb99b2518ffc41de9 |
| SHA1 | f984f08d658dfb4675f5a9ef6bd5dad06f5bd003 |
| SHA256 | 753b0df651e54a1bf82d4a43b3ec1f8cd50ad2da8aaa81f702e7750f94b881cb |
| SHA512 | efb8a138f1fc8a30a740e88d874e254b0c781082bb346b0f21e73fb0c2023ed344202a63829fd1b4f5aa121877b7abd593796a5ec4f76225ea1bce9f12a562f8 |
C:\Users\Admin\Desktop\MeasureFind.asp
| MD5 | 5b60be3da5de49f29ba77a1a0587203c |
| SHA1 | 515a8a6c8f8f08867c1134a59127c0d0d7626b4b |
| SHA256 | 563b5d1d03c27089a74e2b58300a64a384294057de181c931725bd168336f485 |
| SHA512 | b4a844c4bad9ee7602a1cc862730b10996d6d152f28568eca10ecae1beef46c93bf9ff5a315d72de9403fbf2767b2836eccbf900d0b489d36458ecfcc64e9ad0 |
C:\Users\Admin\Desktop\HideUnlock.wvx
| MD5 | f63e22243fbe5abb7949dde5bdc2b9a2 |
| SHA1 | 5294021e074fc59d86544f3c0fc5c126ea0d1fab |
| SHA256 | 3819f9cf441b385b72ae9c556357142905c134fcd38a8d9df99386522bc8d8ab |
| SHA512 | 606d32674079d026dfac1c9842bab39da582c0b9cd74aab7335201d3c1ec3c2b299b5a75ddf1a056633f7884f4d77dddd1a3ec366e01f46b9be15fbcf69758fd |
C:\Users\Admin\Desktop\FormatWait.i64
| MD5 | 42868c7591b08bdb7327f8c8d2ed69ff |
| SHA1 | 63a25b11babd0775ed5378b8554cf43180720d8c |
| SHA256 | 77e66c7b16230d4b23194479c8662c5063e1b5de8041bc16539fc29963e96ec9 |
| SHA512 | a1295b0e32fc2ea7a781c6b3d900696bc1a22bf182031bd32bd8ca80c70cd6ad1256563a89cbfdbc7a16e32ab88130a3f8e068d7d1f8d31ca189481db24790d7 |
C:\Users\Admin\Desktop\ConvertEnable.txt
| MD5 | 4a4f9bcd1ac6fe7f9e8cd69f507b37af |
| SHA1 | a8799c0aa5981df4266ccbad5f8c568338b5de43 |
| SHA256 | a84684458a461ddab7bac77d1a3d8687e983666639e25f6941f8b631a7b127c8 |
| SHA512 | 8f4421035ebe1c09137535d89881d1734dd7b009045cfac5afca92a49dfca061b63f218b46312ba14168401e129faf8aa40c93d2e91e6ce75d01fb2b2a726246 |
C:\Users\Admin\Desktop\CompressDebug.DVR-MS
| MD5 | 281f17970c01f627cb2f4f8b9ca3e227 |
| SHA1 | 42c087300df7b8a0cee832445be04a574717a536 |
| SHA256 | bf75be32ed87ead96e9dc46a5388127a687187add499016ab2212199b5809317 |
| SHA512 | e95e3a5aec1e102198432069c7837d9c3a07c1aa1773187b6b8d02813556a78502b9bda1a7261c20f33da9e7ffad242d74484fe9d1df01e47d6cdf1815ef4eda |
C:\Users\Admin\Desktop\PushComplete.rtf
| MD5 | d23c5f43db8fc2d5caf41b8c18c1e16f |
| SHA1 | 8c758e156c28ce59e70f27d11a06fb950218b918 |
| SHA256 | 4f16741193a26ea479f662273244a44e203b9c56152d320e10c641d64c8a657e |
| SHA512 | 7ca51f647403675dbb75a9d49b659ac2fb06778f01f7aaed6ae68411fdbeb45af5f683900452bb2f9fddab988da384b62632a1894c77b3785f9a49e7cdafb7bf |
C:\Users\Admin\Desktop\RedoExit.gif
| MD5 | 4978253a4a1fe418643bebc02dbdcb7b |
| SHA1 | 0685e0ee3b176dce5ab75f7aff5caca1ba64e230 |
| SHA256 | f2565671087a7563fe39eb6fcf893a7e9b0a991de4ddd580da853f3b9d4d6e33 |
| SHA512 | b341f293a4dd4023644c2a09921945140bae4129c07227d9a13b3f1f7dfe8e542dc873390f32b5544ee629a97cbecdfa1a4c8f5c6852dba0119249bf2b75148d |
C:\Users\Admin\Desktop\WaitInstall.vsw
| MD5 | a139e4c9a0058548fe4517f516bb68c2 |
| SHA1 | 9881e73f8a4ffafa1ea5162f288f94f10a03e917 |
| SHA256 | b0232fd035af746812ce104334e65dda9a2afd8cd6dc772636e49a728f77595c |
| SHA512 | 4fa6231c0d1a8c9b057bf0af5d2deaf422a2ee1d1a16af21bd8c592f985a4a497c9f72447e96a6752382a95690f2f14275aacf957be6454112b03efbf89eeb0f |
C:\Users\Admin\Desktop\TestDisconnect.xlsm
| MD5 | 3da63dd454335233ecc06916004d5335 |
| SHA1 | 213df0fd8f9025560db31ca87f30e90c264ebbcd |
| SHA256 | 6d9224f2416804dda94e1b772b740ada146b58a75997110addd435ab5742f016 |
| SHA512 | c3d96ed1c8de77d36c0163f97e2a53b14cec88fa237570483814e59ff5824ecfd3eaade07d3fd72400b4eccad8bf0f29c959cbee9d7ead43e717d52d66bf45e4 |
C:\Users\Admin\Desktop\SplitStart.jpg
| MD5 | 37a75c7d9a6475c5c78036eee4394ad7 |
| SHA1 | e6ae300feb2a0e02dab354c36f449ce20ebfb690 |
| SHA256 | 3a8f1c833c64e4eb6b16a51b09f5b5a563d606ef419fac3fb627b6c66d38fc73 |
| SHA512 | d4e2b9ba1187fcaba1bdba2dfb2fc4e8e538a94cad825cafe9912dd599462c3ffe25c9e0cd56d06c36c9d37475a703ffd08737235d084207ead40bea7896095a |
C:\Users\Admin\Desktop\SkipBackup.ppt
| MD5 | 01e7e1a48774708cab74afd8270a16a2 |
| SHA1 | d6a1ea7a6d9707754baf5c92b98801a2a60236cd |
| SHA256 | 3c3df7da1daca5731297dff88250b10c6d1c4be5a814f4fb75d50349a5dfdefa |
| SHA512 | 8f107fd3cca8c06ea3da8dc83dfc2db2fcf5527bd0675178a0afa1eaf31fbc96df97aad25921417b639d8fc1790368667f27b48bf2afa99873cc5a48984dffb2 |
C:\Users\Admin\Desktop\SetHide.MTS
| MD5 | ec39c84ab68db13d15af445ebaf00412 |
| SHA1 | b6cd5ba2c03a64badda87d4ac89b747973784cff |
| SHA256 | 646d4c88289498650095b9bc7dfb62ff706b9b9c793985345342495184e3ff6c |
| SHA512 | d949dad1f0bb49164b5ca61a991d415f0fd6d2308375ee4f6883124d5cac76559ab726b9b7d0412dce1b11aa607a226714f2f9a27c66e95eb0f6ec0a27b5d9c8 |
C:\Users\Admin\Desktop\RequestEdit.mid
| MD5 | b97842f3b9da46ae8521488951021445 |
| SHA1 | 5c46eb9a41c1dbad51bae5c99dcb45592902185a |
| SHA256 | 683f23923b3fe8507d4ac1bc8493e213496d3557ed522e21ec5fb77255e77f6a |
| SHA512 | 8dd50193f7b58d15a3a88fb7d8816af95286874cf5b7bdab7b9611d2d661816b30c2da84cfc5d61529fdb5c3e3956a5ae1f9f90679854875b9bfc0e1d47c70a9 |
C:\Users\Admin\Desktop\OpenWatch.asp
| MD5 | e43f2b8965a2db038f5e9a452a1e6200 |
| SHA1 | 60542d6a2004fa4a1c9bd7747f694491fa2d8a13 |
| SHA256 | f1e8906cafcfad83fd4e17258838596d275a0013eec20681d862746133c8461e |
| SHA512 | 252b4c7090c87193a23f2d611f3271f81f21f74bbf848d2c41d55b9913d78154f9ea9264a9cf5ca9132888df1f40e691d7b99ccfed6cec439e1bd6d3f4658ec7 |
C:\Users\Admin\Desktop\WatchImport.shtml
| MD5 | 45f7f249885762580657f3dd9a7f3f70 |
| SHA1 | 38cd81a1bc414583d7c54bb27a3055e4fbde3049 |
| SHA256 | f9d06f0a48945e5322c1511cac91a72b6294da2fb3c70120608edf49e1790111 |
| SHA512 | 6fdd987d26a1ba9ee92743994ada8165c7d582ce51ed25d26bd2c931fb6bd721d134b24b523dcf12d57adf2f3e04ddeb81df0bf20ca3cd5d693dc50048665b8e |
C:\Users\Admin\Desktop\Microsoft Edge.lnk
| MD5 | 9149360c686c35c3eaf4a347607d7073 |
| SHA1 | 2d02e9a8d224b1cfaf09cd9b9180bc81a6dc38ee |
| SHA256 | d48d1863d87f357571471246a6e0aa80a3b0ac52b5f1746572c017eb76dda27c |
| SHA512 | 6bf31761f2373574f90255c6d8290ac442c8cd280f48b979bfc4298d89b7c4fc203f5fd9d255507e05e0f3a142c0919f4fb5cdb1b4126c92f9aed89fc4532dc1 |
C:\Users\Public\Desktop\Acrobat Reader DC.lnk
| MD5 | e653a8b90b94067cc182895a668d7402 |
| SHA1 | c714c739fcb7ee66615584235eaa02dd58ec6515 |
| SHA256 | d2c67f4eb1b8f2c2f1faaee120389bedf2e5e7e9c2e3cf030e8ac05c3b3e3f6f |
| SHA512 | d77a3d48d4e8d2c96bc04179a9c4aa2e17bcc5cb1036c200c2a4bf888d993fc666b8c83e2ed1da9aa314faaedebc710ca89c64f794763610bd8166a3d352d7fe |
C:\Users\Public\Desktop\VLC media player.lnk
| MD5 | fac1dc22a0b1a77eee82e0b3f445c31b |
| SHA1 | c1ab10000748324b7d20bf915678b5c2efd048d8 |
| SHA256 | d88761d2320905dda644ac59ef37843ac24dd41b066aa2218edca0bfe4518ac4 |
| SHA512 | a1ab6021e83afb04f8b0af78dbbcfbc4c531d06e093d8d3e85d544a9759c9914341aba75b7c5e80771370789218dde587e1be4cd9f51d2d6164e6e86099661e7 |
C:\Users\Public\Desktop\Firefox.lnk
| MD5 | 403f2ffd74640c4f3d3428f867acc02b |
| SHA1 | d303106118100f8725b438f5e08ecc3f5d38075e |
| SHA256 | e6a0c852a0f5b29c090e3dbf89954a635240b24d8da4f67a40ca81ee47936d8d |
| SHA512 | 4b1a336d4aa5b00a348c3461954b2b57395211afd8bfcab036097f1293545c57c5f894c80bdaece9cf1d3f52106fc37bbd65de6511e8a77767fe20eefbcc06dc |
C:\Users\Public\Desktop\Google Chrome.lnk
| MD5 | 9931d30c159a10d53ab18eff51b05cb6 |
| SHA1 | effb41d206bdff36a4a757d9a2f3c581ed02d70a |
| SHA256 | dde51bfe6e7e874cac87f680828b6c577f6a9d0e0af9fdafc8e3b88655aaef04 |
| SHA512 | decd4f09403c7d81551c700040464a9dbc7e0cc0c533a785d904acd8b1b8cdef86f99fc2340856a7cb14418121f48623e641fcaa5bce6b61c4e83220a18de00b |
\??\PIPE\wkssvc
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 4b64f9be74d86b49665f261f6fa24b03 |
| SHA1 | 73b9757bd4bf639b2337a3f3a3f7b5ac4533d6d1 |
| SHA256 | 8662375d7b6b51deaadc62107335ea7d182344b213087ded5d222384481d8798 |
| SHA512 | af5d1d56eb45b960be396d63eb5c2e0a6014392ef549d975a452669f605fc0b619e29be6669bcd79e4f6c34947290f2b14ac78ff32c449edbca39dfbfae484d5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 27aa2a3f40d31feed6229400ed9a7aeb |
| SHA1 | 836e137dd43c8774503a69d675ac0341edfea9c0 |
| SHA256 | f3cc9fa4e7fac7209361b47fc9b1ca36299a0eed4f9474bb9bd3df8bf3c3c8dc |
| SHA512 | eb1433e6ad4c3e23c6345daab9ce3bdf2c96c62e9dcdc04222ff022f7ca2265fd28d3053ad7576a0317e2f3303621720164bb714ab805558901057868225aa97 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 79ca860dad77b28a9a1566e888e7c4d4 |
| SHA1 | 5591fe1cc23b3af9bd373d4caca23307d6c5aedb |
| SHA256 | a1e6810d184d41089d5719d90fe9c37296e2073a110d1d66cf3b28f5f1f93dee |
| SHA512 | 24c08eb300994a49449085db30e68b9bca3525dea67efa0c7060b9eb39454ad8243b08b31f786eb54cbc457d0dbe76a16a8a65f8f8344a0794469f037ace5648 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe589a37.TMP
| MD5 | 8bd4c90225d2b51376ea13899cf2536d |
| SHA1 | 5747fb2e7f339585b2bfdfa359d51408626e51f2 |
| SHA256 | 145e2f28592145e6dc9b93d220eddeba72be0265e1b6532e81888b76e2bb2bce |
| SHA512 | fd8a30e989da5b26b851279fc6603e7a351663a7d0262721afaa8059fc5c863cf1baec66d90fb96c0df20026211a3f251eb0956f70cace205ee4f3c417fb0438 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | d73ecce895a7c6a0b5737d8a4ef59f36 |
| SHA1 | 583108ff6d97e80f89195df3a00ff9c1641f5d91 |
| SHA256 | 040e4e500d7b009af89417204741f954bc475c70b13d438a4601458a3758a9d8 |
| SHA512 | df4c18c257c41d9948e299396824ab091ab1450b5b0886da915254c93545348901a33ebacceb90e87a0dd28d39391b6f0ae8ffa8d5d2d944273d7501a5b5314c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir3868_2002680002\Icons Monochrome\16.png
| MD5 | a4fd4f5953721f7f3a5b4bfd58922efe |
| SHA1 | f3abed41d764efbd26bacf84c42bd8098a14c5cb |
| SHA256 | c659d57841bb33d63f7b1334200548f207340d95e8e2ae25aac7a798a08071a3 |
| SHA512 | 7fcc1ca4d6d97335e76faa65b7cfb381fb722210041bdcd3b31b0f94e15dc226eec4639547af86ae71f311f52a956dc83294c2d23f345e63b5e45e25956b2691 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir3868_155647632\Shortcuts Menu Icons\Monochrome\0\512.png
| MD5 | 12a429f9782bcff446dc1089b68d44ee |
| SHA1 | e41e5a1a4f2950a7f2da8be77ca26a66da7093b9 |
| SHA256 | e1d7407b07c40b5436d78db1077a16fbf75d49e32f3cbd01187b5eaaa10f1e37 |
| SHA512 | 1da99c5278a589972a1d711d694890f4fd4ec4e56f83781ab9dee91ba99530a7f90d969588fa24dce24b094a28bdecbea80328cee862031a8b289f3e4f38ce7a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir3868_155647632\Shortcuts Menu Icons\Monochrome\1\512.png
| MD5 | 7f57c509f12aaae2c269646db7fde6e8 |
| SHA1 | 969d8c0e3d9140f843f36ccf2974b112ad7afc07 |
| SHA256 | 1d5c9f67fe93f9fcc1a1b61ebc35bda8f98f1261e5005ae37af71f42aab1d90f |
| SHA512 | 3503a0f4939bed9e1fd5e086b17d6de1063220dffdab2d2373aa9582a2454a9d8f18c1be74442f4e597bdba796d2d69220bd9e6be632a15367225b804187ea18 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 3b34c059d5089402e574c60ce2550a0d |
| SHA1 | 136819c5efeb7661e6f8743d5d2408fe1b30d861 |
| SHA256 | 9829a649c8318fcf4c3f9bfb3148d0d84d38d237d6b073eaf3dad154bc79050f |
| SHA512 | 48fe6196bc969bc749244578105c7ae71b2cb01c6ee32b6149a49610d086571d3aa4996ace3a149f63180f40968ca0b0091ca4661dbcc45ae6ba50deec563c0f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | 261d77470b96b89092f73282fef45de1 |
| SHA1 | 078618cb06875e2644831e698b32cab87fbe0635 |
| SHA256 | 517a1c0c721e80189e4d1f8dcd5da0936c6c887873209d002acedfb9520650b2 |
| SHA512 | 05a970bb064220017170a4b0fac63552f8fe6439ee0c2754d9f0d8f901eb1215a5aa4321ba8eefd1715a8b67551867607641d82afcec0d1c198c2335227bb220 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 44570159b60d90a2c672b198b18ce661 |
| SHA1 | 8d90e54560cd39c0fc72bcb4101789f733b9f96f |
| SHA256 | b010dccb8b04f2814950fc36f2594951cc0eee89f30163bf7fa8b276dd375d99 |
| SHA512 | c8c8f6aafb83a7c727b2c33ee695bdeb2e6fcc56c5942d248f8c78de7d35f91882c7dff689ceb9208c9a6f5bdbc82c5c411c61c45f38fc1f2bed3a6444e5d195 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | bbd50f18f60808670288ca8af4b70174 |
| SHA1 | f3cb3c69e80100e82d3b19e47f6dbe403443b4f2 |
| SHA256 | cdace35de8db66a8c7aec3532c8e0e65ea941bdc583f2694c286a5e497a73b8a |
| SHA512 | 93191d6e99a1da0339d3a4bbaddbbcea22075a5e119497319f57d98cbce78351ab74edc2fcaa3433f56d3a17a4d118e96b4b3f3b36aad198846d3a902ce87a71 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 066f4488c81376f5899b7b27fe62c718 |
| SHA1 | 02cc2fe51d5ab6ec750c25f6fda4d8f468d01a94 |
| SHA256 | 5d203dc0725ea0ff29abbe8dc288f51ba48a6e9a16c0fac95cac48c515cebc74 |
| SHA512 | 30e59904e1e00a550b0b46930df58ed4222c7d5aa816dcc19781dafe6dce7f04e83ecc3c820cbef13bc150e7e7cb2524eb05b3140abf09f71e3da71b260fc9de |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 8de068c1132c3122942f03e398ec4d2b |
| SHA1 | 05b04a056ad5275222b32d160382a4da32306fe1 |
| SHA256 | b6e2021415a5bf2aade9f4e52248edbed1d33a10e107c761ebe3334c0d977e03 |
| SHA512 | b369540662c1eab17dc8c479ea5610c4eda07b054804aab55bb5ce721536154fe299a24dc2d899ba3ab9e88cf883820c8f5136ba5d9cb6a3218aff6b65b6ac40 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | f36eff6a711b1919da63a6c9cd4c8b4f |
| SHA1 | 95787b22b42fb4b163e2c9980ebb88e9ffdad90a |
| SHA256 | f7de95fa221dd993f497edb48e1744cb932d798e9ba5e67da25680adb5fc714c |
| SHA512 | 4d11b18e3daa598cce486b0207e06d01523feaa8c95efdf1699a002e3dff78f8d35af57c7c3bbd6c38dc9cfd6bab05217d4aa0b09fa03b05f74403478d1eee31 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\9b7c8184-4928-4c76-9e45-60466d6449f4\index-dir\the-real-index
| MD5 | ccbabf1c7a285bfda59d3596c1c50bb6 |
| SHA1 | c5458ae4a868479a404e5751830ebdf516563b37 |
| SHA256 | 20cd6d4dd4b8fba1b33b31c0efd04291e0f3c8becbedc1f6de3101283231db92 |
| SHA512 | f2ebaa81a44a0fe108972a69f7790a65d44c8648671827890a8c698b72b17adc64442b6777ca03e5e0ce185b508c4626062fdf8ddcc6ca52163ba174e33395a4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\9b7c8184-4928-4c76-9e45-60466d6449f4\index-dir\the-real-index~RFe58f855.TMP
| MD5 | 1b819eb3b22fde3687c7bff64289df78 |
| SHA1 | fe814fb4bd924222ed23dcf19b47cf31fe1e94b5 |
| SHA256 | bfce4a1c34e2523810b6c48682bc2b903f2cc2059711a5c6e67fb4679798e0d0 |
| SHA512 | 8d5b9e279cad94396cb1c26cb97fceb27dee6ace5315ed633b41113f6a3cef0ff0c0991201e35908b69c8e72ce0bded707c3be3c76b42cdd62798accbeaf24cc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\6c3c0be1-194b-4ec4-9306-adae9e281688\index-dir\the-real-index
| MD5 | d990094213eb7c98098f18bc5de411ff |
| SHA1 | c06a5ea155bd8a62b080ecc1370eeadf489f619b |
| SHA256 | 262881501e29ba7bfdf1b14ebfc011bf925c5d02b90b3c4e15165db7654c0356 |
| SHA512 | 13224394cac7d5358563d5b81d6a8479eb67838b6671e4101331d7e99343bedd4a6e29b1d53baf195827625a30a2e9f09e8bbec1fa9c7c9df164e7f9bc95944c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\6c3c0be1-194b-4ec4-9306-adae9e281688\index-dir\the-real-index~RFe58fbef.TMP
| MD5 | de54fd1459e96e07052d90d284a17865 |
| SHA1 | a6aa57d961ca3598208b98a21a21ae58c2283e78 |
| SHA256 | 93cd0b4b737513ec5e0f922e2c5a80de308d81fee076c9f19f3ddf4cc4a1cfef |
| SHA512 | 61c4578d6b878c475479d8180bc98f92d6e3147f3e848a55bd63eafb3b146ee74f1542329555973c41a846dc5260e2b8216dc6bf15b8d3529ef5ef31a72829b7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | bc441e4226bee41d147978228ba0a696 |
| SHA1 | 1ebefff231fa50678a7bf69423a97a73228c89ad |
| SHA256 | 67929e3a80b0ba57f0b8d18515e6dac98a44621b369a2914b0bacb54b164865b |
| SHA512 | 0dbb0d109dd1d7ced3f840bf86235d80ccf99dce6c12ff9906d91ef0917cc46325c1fef424986a699ce8c2efc0a561fd1079b9d631deb54e558e149168ff4127 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | b347667d9063c1352385975c52e47383 |
| SHA1 | dfb589b6da476d0c27d4bcbb2ac8f042bde84745 |
| SHA256 | 7c881207261bd2abbb04ba8f89f7c7d8a1f87dd485ab6a00d004c1b407365c83 |
| SHA512 | 8fcaa0976f1497fdfbb8ac35e9ca0d6731234ad580f8f1d8dc503f439e21881646a92526525db0ca3e47d99d764d8346e3ad816d846540889ef7bf4118f45809 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | dcb777db8e9b3604acc14c6a2d96d87c |
| SHA1 | c2c80aa8a4e30b1b00e8348462ab3a3596c159e8 |
| SHA256 | 4e8ee695fc2f0c305ef32e86cc8439c60a69969443093c21e6f5639d2cc65770 |
| SHA512 | d6b30123c527bdbf77183f368868bbf1fd449e3454c9d0ffd9e4969fb32678ab0b192c50a18ecab416a6438fd11fb8b641c95aa0fcd87851383c9022bf358f30 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | ce81cf82df9732c43e4a7c9834c95c33 |
| SHA1 | 3e75db2d6b447263afd41b44191bbc39a97b920e |
| SHA256 | 6bb269283be25201f81baf4bf90e5ec65b23d7ccdb05c193dc78c53acae134ec |
| SHA512 | c0d94fe6215a5cd9e99cd2a81c2774e97633da54022f883c0c6bad7ff605444ea97e969ed93ccf9287610fcf04e42722ca075edfb2288dc3132739201a2705aa |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
| MD5 | 6c6815319a69fe7b9357965bd5be97db |
| SHA1 | d0c9c9fac4045403ef5e154af6e292d170675eb0 |
| SHA256 | 518a9b59434c3edfe630898f293b2ffa33195c4de038fb81454df0448faa7728 |
| SHA512 | e76d519ac0d1ef159b38db6be7a002b5e03460aa1d42b6a9e1d49b144935655d41dbff6148b28119226d31650236b5b4e7caf2b103331a9bc6dd16098f549a62 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-16 09:57
Reported
2024-06-16 09:59
Platform
macos-20240611-en
Max time kernel
108s
Max time network
114s
Command Line
Signatures
Launch Agent
Resource Forking
| Description | Indicator | Process | Target |
| N/A | /System/Library/PreferencePanes/ClassroomSettings.prefPane/Contents/Resources/ClassroomSettingsVisibilityCheckTool | N/A | N/A |
| N/A | /System/Library/PreferencePanes/Profiles.prefPane/Contents/Resources/CPPrefPaneEnabledTool | N/A | N/A |
| N/A | /System/Library/PreferencePanes/Sidecar.prefPane/Contents/Resources/sidecarPrefCheck | N/A | N/A |
| N/A | /System/Library/PreferencePanes/TouchID.prefPane/Contents/Resources/AllowPasswordPref | N/A | N/A |
| N/A | /System/Library/PreferencePanes/Wallet.prefPane/Contents/Resources/walletAvailabilityCheckTool | N/A | N/A |
| N/A | /System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storeuid.app/Contents/MacOS/storeuid | N/A | N/A |
| N/A | /System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storedownloadd | N/A | N/A |
| N/A | /System/Library/Frameworks/Security.framework/Versions/A/Resources/CloudKeychainProxy.bundle/Contents/MacOS/CloudKeychainProxy | N/A | N/A |
Launchctl
| Description | Indicator | Process | Target |
| N/A | /bin/launchctl load /Library/LaunchAgents/com.microsoft.update.agent.plist | N/A | N/A |
Processes
/bin/sh
[sh -c sudo /bin/zsh -c "open /Users/run/OZ_Zapisnica_2012_06_061.doc"]
/bin/bash
[sh -c sudo /bin/zsh -c "open /Users/run/OZ_Zapisnica_2012_06_061.doc"]
/usr/bin/sudo
[sudo /bin/zsh -c open /Users/run/OZ_Zapisnica_2012_06_061.doc]
/bin/zsh
[/bin/zsh -c open /Users/run/OZ_Zapisnica_2012_06_061.doc]
/usr/bin/open
[open /Users/run/OZ_Zapisnica_2012_06_061.doc]
/usr/libexec/xpcproxy
[xpcproxy com.microsoft.Word.2032]
/Applications/Microsoft Word.app/Contents/MacOS/Microsoft Word
[/Applications/Microsoft Word.app/Contents/MacOS/Microsoft Word]
/usr/libexec/xpcproxy
[xpcproxy com.apple.siri.context.service]
/System/Library/PrivateFrameworks/ContextKit.framework/Versions/A/XPCServices/ContextService.xpc/Contents/MacOS/ContextService
[/System/Library/PrivateFrameworks/ContextKit.framework/Versions/A/XPCServices/ContextService.xpc/Contents/MacOS/ContextService]
/usr/libexec/xpcproxy
[xpcproxy com.apple.metadata.mdwrite]
/usr/libexec/xpcproxy
[xpcproxy com.apple.storeuid]
/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storeuid.app/Contents/MacOS/storeuid
[/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storeuid.app/Contents/MacOS/storeuid]
/usr/libexec/xpcproxy
[xpcproxy com.apple.spindump]
/usr/sbin/spindump
[/usr/sbin/spindump]
/usr/libexec/xpcproxy
[xpcproxy com.apple.tailspind]
/usr/libexec/tailspind
[/usr/libexec/tailspind]
/usr/libexec/xpcproxy
[xpcproxy com.apple.spindump_agent]
/usr/libexec/spindump_agent
[/usr/libexec/spindump_agent]
/usr/libexec/xpcproxy
[xpcproxy com.apple.pbs]
/System/Library/CoreServices/pbs
[/System/Library/CoreServices/pbs]
/usr/libexec/xpcproxy
[xpcproxy com.apple.storedownloadd]
/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storedownloadd
[/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storedownloadd]
/usr/libexec/xpcproxy
[xpcproxy com.microsoft.autoupdate.fba.2660]
/Library/Application Support/Microsoft/MAU2.0/Microsoft AutoUpdate.app/Contents/MacOS/Microsoft Update Assistant.app/Contents/MacOS/Microsoft Update Assistant
[/Library/Application Support/Microsoft/MAU2.0/Microsoft AutoUpdate.app/Contents/MacOS/Microsoft Update Assistant.app/Contents/MacOS/Microsoft Update Assistant]
/usr/libexec/xpcproxy
[xpcproxy com.apple.sysmond]
/bin/launchctl
[/bin/launchctl list]
/usr/libexec/sysmond
[/usr/libexec/sysmond]
/usr/libexec/xpcproxy
[xpcproxy com.microsoft.autoupdate.helper]
/Library/PrivilegedHelperTools/com.microsoft.autoupdate.helper
[/Library/PrivilegedHelperTools/com.microsoft.autoupdate.helper]
/bin/launchctl
[/bin/launchctl load /Library/LaunchAgents/com.microsoft.update.agent.plist]
/usr/bin/codesign
[/usr/bin/codesign -v /Library/PrivilegedHelperTools/com.microsoft.autoupdate.helper]
/usr/libexec/xpcproxy
[xpcproxy com.apple.security.cloudkeychainproxy3]
/System/Library/Frameworks/Security.framework/Versions/A/Resources/CloudKeychainProxy.bundle/Contents/MacOS/CloudKeychainProxy
[/System/Library/Frameworks/Security.framework/Versions/A/Resources/CloudKeychainProxy.bundle/Contents/MacOS/CloudKeychainProxy]
/usr/libexec/xpcproxy
[xpcproxy com.apple.nehelper]
/usr/libexec/nehelper
[/usr/libexec/nehelper]
/usr/libexec/xpcproxy
[xpcproxy com.apple.geod]
/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]
/usr/libexec/xpcproxy
[xpcproxy com.apple.geod]
/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]
/usr/libexec/xpcproxy
[xpcproxy com.apple.secinitd]
/usr/libexec/secinitd
[/usr/libexec/secinitd]
/usr/sbin/spctl
[/usr/sbin/spctl --assess --type execute /Applications/OneDrive.app]
/usr/libexec/xpcproxy
[xpcproxy com.apple.assistantd]
/System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd
[/System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.AddressBook.ContactsAccountsService]
/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService
[/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService]
/usr/libexec/xpcproxy
[xpcproxy com.apple.routined]
/usr/libexec/routined
[/usr/libexec/routined LAUNCHED_BY_LAUNCHD]
/usr/libexec/xpcproxy
[xpcproxy com.apple.Maps.mapspushd]
/System/Library/CoreServices/mapspushd
[/System/Library/CoreServices/mapspushd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.neagent.878568F8-CCE5-4157-8315-22F20DC8FB0A]
/usr/libexec/neagent
[/usr/libexec/neagent]
/usr/libexec/xpcproxy
[xpcproxy com.apple.systempreferences.2140]
/System/Applications/System Preferences.app/Contents/MacOS/System Preferences
[/System/Applications/System Preferences.app/Contents/MacOS/System Preferences]
/usr/libexec/xpcproxy
[xpcproxy com.apple.AccountProfileRemoteViewService 607]
/System/Library/PrivateFrameworks/AOSUI.framework/Versions/A/XPCServices/AccountProfileRemoteViewService.xpc/Contents/MacOS/AccountProfileRemoteViewService
[/System/Library/PrivateFrameworks/AOSUI.framework/Versions/A/XPCServices/AccountProfileRemoteViewService.xpc/Contents/MacOS/AccountProfileRemoteViewService]
/System/Library/PreferencePanes/ClassroomSettings.prefPane/Contents/Resources/ClassroomSettingsVisibilityCheckTool
[/System/Library/PreferencePanes/ClassroomSettings.prefPane/Contents/Resources/ClassroomSettingsVisibilityCheckTool]
/System/Library/PreferencePanes/Profiles.prefPane/Contents/Resources/CPPrefPaneEnabledTool
[/System/Library/PreferencePanes/Profiles.prefPane/Contents/Resources/CPPrefPaneEnabledTool]
/System/Library/PreferencePanes/Sidecar.prefPane/Contents/Resources/sidecarPrefCheck
[/System/Library/PreferencePanes/Sidecar.prefPane/Contents/Resources/sidecarPrefCheck]
/System/Library/PreferencePanes/TouchID.prefPane/Contents/Resources/AllowPasswordPref
[/System/Library/PreferencePanes/TouchID.prefPane/Contents/Resources/AllowPasswordPref]
/System/Library/PreferencePanes/Wallet.prefPane/Contents/Resources/walletAvailabilityCheckTool
[/System/Library/PreferencePanes/Wallet.prefPane/Contents/Resources/walletAvailabilityCheckTool]
/usr/libexec/xpcproxy
[xpcproxy com.apple.CoreAuthentication.agent]
/System/Library/Frameworks/LocalAuthentication.framework/Support/coreauthd
[/System/Library/Frameworks/LocalAuthentication.framework/Support/coreauthd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.nfcd]
/usr/libexec/nfcd
[/usr/libexec/nfcd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.studentd]
/usr/libexec/studentd
[/usr/libexec/studentd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.ReportMemoryException]
/usr/libexec/ReportMemoryException
[/usr/libexec/ReportMemoryException]
/usr/libexec/xpcproxy
[xpcproxy com.apple.Safari.2028]
/Applications/Safari.app/Contents/MacOS/Safari
[/Applications/Safari.app/Contents/MacOS/Safari]
/usr/libexec/xpcproxy
[xpcproxy com.apple.Safari.History]
/System/Library/PrivateFrameworks/SafariShared.framework/Versions/A/XPCServices/com.apple.Safari.History.xpc/Contents/MacOS/com.apple.Safari.History
[/System/Library/PrivateFrameworks/SafariShared.framework/Versions/A/XPCServices/com.apple.Safari.History.xpc/Contents/MacOS/com.apple.Safari.History]
/usr/libexec/xpcproxy
[xpcproxy com.apple.WebKit.WebContent.607CD68E-31CC-4462-A606-06A5C4B046C6 623]
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
[/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent]
/usr/libexec/xpcproxy
[xpcproxy com.apple.SafariLaunchAgent]
/Library/Apple/System/Library/CoreServices/SafariSupport.bundle/Contents/MacOS/SafariLaunchAgent
[/Library/Apple/System/Library/CoreServices/SafariSupport.bundle/Contents/MacOS/SafariLaunchAgent]
/usr/libexec/xpcproxy
[xpcproxy com.apple.akd]
/System/Library/PrivateFrameworks/AuthKit.framework/Versions/A/Support/akd
[/System/Library/PrivateFrameworks/AuthKit.framework/Versions/A/Support/akd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.WebKit.WebContent.71738241-AA44-4199-8A91-D4334AE0EDC3 623]
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
[/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent]
/bin/launchctl
[/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveUpdaterDaemon]
/bin/launchctl
[/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveStandaloneUpdaterDaemon]
/usr/libexec/xpcproxy
[xpcproxy com.apple.Safari.SearchHelper 623]
/System/Library/PrivateFrameworks/SafariShared.framework/Versions/A/XPCServices/com.apple.Safari.SearchHelper.xpc/Contents/MacOS/com.apple.Safari.SearchHelper
[/System/Library/PrivateFrameworks/SafariShared.framework/Versions/A/XPCServices/com.apple.Safari.SearchHelper.xpc/Contents/MacOS/com.apple.Safari.SearchHelper]
Network
| Country | Destination | Domain | Proto |
| GB | 51.132.193.104:443 | tcp | |
| GB | 17.250.81.67:443 | tcp | |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | ecs.office.com | udp |
| US | 52.113.194.132:443 | ecs.office.com | tcp |
| US | 8.8.8.8:53 | odc.officeapps.live.com | udp |
| FR | 52.109.68.130:443 | odc.officeapps.live.com | tcp |
| US | 8.8.8.8:53 | roaming.officeapps.live.com | udp |
| GB | 52.109.28.47:443 | roaming.officeapps.live.com | tcp |
| US | 8.8.8.8:53 | messaging.engagement.office.com | udp |
| NL | 52.111.243.8:443 | messaging.engagement.office.com | tcp |
| US | 8.8.8.8:53 | h3.apis.apple.map.fastly.net | udp |
| US | 8.8.8.8:53 | gspe1-ssl.ls.apple.com.edgesuite.net | udp |
| US | 8.8.8.8:53 | e4686.dsce9.akamaiedge.net | udp |
| GB | 104.77.118.121:443 | tcp | |
| US | 8.8.8.8:53 | a479.dscg4.akamai.net | udp |
| GB | 2.16.170.49:443 | gspe1-ssl.ls.apple.com.edgesuite.net | tcp |
| US | 8.8.8.8:53 | e6858.dscx.akamaiedge.net | udp |
| US | 23.220.112.242:443 | tcp | |
| GB | 17.253.77.202:80 | valid.apple.com | tcp |
| US | 8.8.8.8:53 | e673.dsce9.akamaiedge.net | udp |
| US | 8.8.8.8:53 | gateway.fe2.apple-dns.net | udp |
| US | 8.8.8.8:53 | api-glb-aeuw3b.smoot.apple.com | udp |
| US | 8.8.8.8:53 | e10499.dsce9.akamaiedge.net | udp |
| US | 8.8.8.8:53 | clients1.google.com | udp |
| US | 8.8.8.8:53 | clients1.google.com | udp |
| GB | 142.250.187.206:443 | clients1.google.com | tcp |
| US | 8.8.8.8:53 | mobile.events.data.trafficmanager.net | udp |
| US | 20.189.173.17:443 | tcp |
Files
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.microsoft.Word//mds/mdsObject.db
| MD5 | d3a1859e6ec593505cc882e6def48fc8 |
| SHA1 | f8e6728e3e9de477a75706faa95cead9ce13cb32 |
| SHA256 | 3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c |
| SHA512 | ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818 |
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.microsoft.Word//mds/mdsDirectory.db
| MD5 | 0e4a0d1ceb2af6f0f8d0167ce77be2d3 |
| SHA1 | 414ba4c1dc5fc8bf53d550e296fd6f5ad669918c |
| SHA256 | cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030 |
| SHA512 | 1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20 |
/Users/run/Library/Group Containers/UBF8T346G9.Office/FontCache/4/PreviewFont/hier_officeFontsPreview_4_40.ttf
| MD5 | 8c638d09eea80c9b1963af8cc35870a5 |
| SHA1 | f67fc7503e05b99f232945bc1bbb7d50bc70f88d |
| SHA256 | 4bcfa32557e0bfffd5766cf6057b9e04ac9af9c101033fd305fba7190305a385 |
| SHA512 | b1cee1f2e0f2cdd2611c1af18d5cd3b481da6c7c761cc74f2fc9c99025215a8c03f117bd1f8cdd3fa01210c542ba9e1c7246954e43ce100c84b1ea4082000c07 |
/Users/run/Library/Containers/com.microsoft.Word/Data/Library/Application Support/Microsoft/Office/16.0/microsoft word_Rules.xml
| MD5 | a98417637f615e1d9ae2c2c480f85f2e |
| SHA1 | 501bd22bddeea1caded9716d69c927ed05960328 |
| SHA256 | e992d0cba50a2a01836e44a92aff3bfa7909d91c3697609a7cadb10c38cbb122 |
| SHA512 | 36ae742c2c2c4a3a61b01ad521b39fb4c0881656b1b0090081b4055fdc1ad8075296e2d3878068a4ae9d53af65660c43c1c13309a58739eeec49494962700b25 |
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/TelemetryUploadFilecom.microsoft.autoupdate.fba.txt
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/Library/Preferences/com.apple.networkextension.uuidcache.plist
| MD5 | ce7f5b3d4bfc7b4b0da6a06dccc515f2 |
| SHA1 | ce657a52a052a3aaf534ecfbf7cbdde4ee334c10 |
| SHA256 | 9261ecceda608ef174256e5fdc774c1e6e3dcf533409c1bc393d490d01c713f1 |
| SHA512 | db9de6afa0e14c347aa0988a985b8a453ef133a2413c03bae0fab48bda34d4f9a488db104837a386bb65c393e8f11b1ed4856b211c1c186423649c147d6aabfb |
/Library/Preferences/com.apple.networkextension.uuidcache.plist
| MD5 | a60a7bcfc47eacaa66e5e3d701d3ba80 |
| SHA1 | 7093ffc5beca33187c18461c7ff3259a1781ae35 |
| SHA256 | 17e96efaf7f2e45e407a3c68fb57b78f09dea6fc1edf3732b888be4a4eadd468 |
| SHA512 | 58736bd680d6c7a25b8d7db08fd4a258cf761dbaa44a5ece0c2b813ab12c20dc213ab40844dfc780687945cf2459f549f1a38bf3da16c5c332756f3b53e1c3a5 |
/Library/Preferences/com.apple.networkextension.uuidcache.plist
| MD5 | a6ed424e1135465fac072dc8c30be6a0 |
| SHA1 | 8cb5811cfe6611074f7e01b8b9a533aa7bed4432 |
| SHA256 | c6a15fb293a7994c87cb4665fa076b4804c15a7f17753d267b6e271b036457dc |
| SHA512 | d6dc5f49efacc0bea1d388e490c2e1283f6a6f42829e1ab30ec18b0ad35faf44e21d7780b84b5a2ebaff1e79da6fdc090bc547990b513cb311db82fb54cd8972 |
/Users/run/Library/Caches/GeoServices/Resources/altitude-1285.xml
| MD5 | 9a43af57707d2fb460832049d1f217d1 |
| SHA1 | 056d813f8cb5198ca82072f7e3484f38ea5267f8 |
| SHA256 | 7224f8828694ed74a8353567e4d84da188d15a993a4a75938f8409cb49218e7c |
| SHA512 | 1f33175f5d0958c79540a627552f71c6960b6ff19c9b2b0aa604c00bfeff216f6ea2ec3a22ef91ad8d7249597fdf5ad49ddbf5f4aef71b397e785152474954d7 |
/Users/run/Library/Caches/GeoServices/ActiveTileGroup.pbd
| MD5 | 42d564033a3ceb06d7f38b1ed376798a |
| SHA1 | 9de54c3042c4762212aae0d38be34e82b0bcbb79 |
| SHA256 | 600010c73f9e6288c2e80d883e51606c65e90534a28c2ad58171fb6bfddea98c |
| SHA512 | f2368ad8f9d3404763fcfbafdc3bc093b83db647fc1760ac4264275bba8aac7f9bbceed873e7b73bcbfd561ddcd4e8adbafa472366658f5b94c0fb241aeb95df |
/Library/Preferences/com.apple.networkextension.uuidcache.plist
| MD5 | 54ac2dfc3277cc71d095814696c9d295 |
| SHA1 | 8f0d1dfbdff79cd6d57bc961c6c3fd097ba48893 |
| SHA256 | c538c601d32e3052f7b1abeba70b33930f59b71d07abeb63578e4340334fc4da |
| SHA512 | 9c6feb5711798bb03f566cfdce44150d28e9ac7cf6b6668aef9e9293b367b91a00d69db06d07198a7e2e3c8ba161ef2238e143bea6b1957cc9298ce8e9e7009b |
/Library/Preferences/com.apple.networkextension.uuidcache.plist
| MD5 | 520bb9b65b89f03050030e5a985b9cd1 |
| SHA1 | 91defba6d4540d4c8ede177730d104d747e8f57b |
| SHA256 | 6bb23965fd46b9ffe67a1cdb2144943543894e063c05db3a4de54e94b84968a0 |
| SHA512 | 81eebb3eda761a9ecc94aa9564deab4d476522d94025ec19e002e91b12b7fbf2bffda23e7c393c09cb91b6ecd953ec1bf39ef5f787058b70289a5a5d777f0cf6 |