Analysis Overview
SHA256
1d89ecd4807186165c065ae31246544331519613f5bb59959f2e78a82d6be43b
Threat Level: Likely malicious
The file Recipe.docx was found to be: Likely malicious.
Malicious Activity Summary
Deletes shadow copies
Disables Task Manager via registry modification
Downloads MZ/PE file
Executes dropped EXE
Adds Run key to start application
Legitimate hosting services abused for malware hosting/C2
Launch Agent
Sets desktop wallpaper using registry
Suspicious use of SetThreadContext
Suspicious use of NtSetInformationThreadHideFromDebugger
Detected potential entity reuse from brand STEAM.
Drops file in Windows directory
Resource Forking
Subvert Trust Controls: Mark-of-the-Web Bypass
System Location Discovery: System Language Discovery
Enumerates physical storage devices
System Network Configuration Discovery
Launchctl
Office loads VBA resources, possible macro or embedded object present
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Interacts with shadow copies
Suspicious behavior: EnumeratesProcesses
NTFS ADS
Suspicious use of FindShellTrayWindow
Modifies registry class
Suspicious behavior: AddClipboardFormatListener
Checks processor information in registry
Uses Task Scheduler COM API
Modifies system certificate store
Suspicious use of SetWindowsHookEx
Suspicious behavior: GetForegroundWindowSpam
Enumerates system info in registry
Uses Volume Shadow Copy service COM API
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-06 00:50
Signatures
Analysis: behavioral10
Detonation Overview
Submitted
2024-11-06 00:50
Reported
2024-11-06 00:51
Platform
android-x86-arm-20240624-en
Max time network
5s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral11
Detonation Overview
Submitted
2024-11-06 00:50
Reported
2024-11-06 01:21
Platform
macos-20241101-en
Max time kernel
951s
Max time network
1567s
Command Line
Signatures
Launch Agent
Resource Forking
| Description | Indicator | Process | Target |
| N/A | /System/Library/CoreServices/loginwindow.app/Contents/Resources/LWWeeklyMessageTracer | N/A | N/A |
| N/A | "/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Java Updater.app/Contents/MacOS/Java Updater" -bgcheck | N/A | N/A |
| N/A | /System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storeuid.app/Contents/MacOS/storeuid | N/A | N/A |
| N/A | /System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storedownloadd | N/A | N/A |
Launchctl
| Description | Indicator | Process | Target |
| N/A | /bin/launchctl load /Library/LaunchAgents/com.microsoft.update.agent.plist | N/A | N/A |
Processes
/bin/sh
[sh -c sudo /bin/zsh -c "open /Users/run/Recipe.docx"]
/bin/bash
[sh -c sudo /bin/zsh -c "open /Users/run/Recipe.docx"]
/usr/bin/sudo
[sudo /bin/zsh -c open /Users/run/Recipe.docx]
/System/Library/CoreServices/loginwindow.app/Contents/Resources/LWWeeklyMessageTracer
[/System/Library/CoreServices/loginwindow.app/Contents/Resources/LWWeeklyMessageTracer]
/usr/libexec/pkreporter
[/usr/libexec/pkreporter]
/System/Library/PrivateFrameworks/SpeechObjects.framework/Versions/A/SpeechDataInstallerd.app/Contents/MacOS/SpeechDataInstallerd
[/System/Library/PrivateFrameworks/SpeechObjects.framework/Versions/A/SpeechDataInstallerd.app/Contents/MacOS/SpeechDataInstallerd]
/System/Library/CoreServices/Applications/Feedback Assistant.app/Contents/Library/LaunchServices/seedusaged
[/System/Library/CoreServices/Applications/Feedback Assistant.app/Contents/Library/LaunchServices/seedusaged]
/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Java Updater.app/Contents/MacOS/Java Updater
[/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Java Updater.app/Contents/MacOS/Java Updater -bgcheck]
/bin/zsh
[/bin/zsh -c open /Users/run/Recipe.docx]
/usr/bin/open
[open /Users/run/Recipe.docx]
/usr/libexec/xpcproxy
[xpcproxy com.microsoft.Word.2032]
/Applications/Microsoft Word.app/Contents/MacOS/Microsoft Word
[/Applications/Microsoft Word.app/Contents/MacOS/Microsoft Word]
/usr/libexec/xpcproxy
[xpcproxy com.apple.metadata.mdwrite]
/usr/libexec/xpcproxy
[xpcproxy com.apple.storeuid]
/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storeuid.app/Contents/MacOS/storeuid
[/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storeuid.app/Contents/MacOS/storeuid]
/usr/libexec/xpcproxy
[xpcproxy com.apple.storedownloadd]
/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storedownloadd
[/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storedownloadd]
/usr/libexec/xpcproxy
[xpcproxy com.microsoft.autoupdate.fba.2660]
/Library/Application Support/Microsoft/MAU2.0/Microsoft AutoUpdate.app/Contents/MacOS/Microsoft Update Assistant.app/Contents/MacOS/Microsoft Update Assistant
[/Library/Application Support/Microsoft/MAU2.0/Microsoft AutoUpdate.app/Contents/MacOS/Microsoft Update Assistant.app/Contents/MacOS/Microsoft Update Assistant]
/bin/launchctl
[/bin/launchctl list]
/usr/libexec/xpcproxy
[xpcproxy com.microsoft.autoupdate.helper]
/Library/PrivilegedHelperTools/com.microsoft.autoupdate.helper
[/Library/PrivilegedHelperTools/com.microsoft.autoupdate.helper]
/bin/launchctl
[/bin/launchctl load /Library/LaunchAgents/com.microsoft.update.agent.plist]
/usr/bin/codesign
[/usr/bin/codesign -v /Library/PrivilegedHelperTools/com.microsoft.autoupdate.helper]
/usr/bin/bzip2
[/usr/bin/bzip2 -f /var/log/wifi.log.0]
/usr/libexec/xpcproxy
[xpcproxy com.apple.nsurlstoraged]
/usr/libexec/nsurlstoraged
[/usr/libexec/nsurlstoraged --privileged]
/usr/libexec/xpcproxy
[xpcproxy com.apple.spindump]
/usr/sbin/spindump
[/usr/sbin/spindump]
/usr/libexec/xpcproxy
[xpcproxy com.apple.diagnosticd]
/usr/libexec/diagnosticd
[/usr/libexec/diagnosticd]
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 50.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | ecs.office.com | udp |
| GB | 52.123.242.36:443 | ecs.office.com | tcp |
| US | 8.8.8.8:53 | odc.officeapps.live.com | udp |
| NL | 52.109.89.119:443 | odc.officeapps.live.com | tcp |
| US | 8.8.8.8:53 | roaming.officeapps.live.com | udp |
| NL | 52.109.89.19:443 | roaming.officeapps.live.com | tcp |
| US | 8.8.8.8:53 | messaging.engagement.office.com | udp |
| IE | 52.111.236.7:443 | messaging.engagement.office.com | tcp |
| US | 8.8.8.8:53 | lb._dns-sd._udp.0.0.127.10.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp |
Files
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.microsoft.Word//mds/mdsObject.db
| MD5 | d3a1859e6ec593505cc882e6def48fc8 |
| SHA1 | f8e6728e3e9de477a75706faa95cead9ce13cb32 |
| SHA256 | 3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c |
| SHA512 | ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818 |
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.microsoft.Word//mds/mdsDirectory.db
| MD5 | 0e4a0d1ceb2af6f0f8d0167ce77be2d3 |
| SHA1 | 414ba4c1dc5fc8bf53d550e296fd6f5ad669918c |
| SHA256 | cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030 |
| SHA512 | 1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20 |
/Users/run/Library/Group Containers/UBF8T346G9.Office/FontCache/4/PreviewFont/hier_officeFontsPreview_4_40.ttf
| MD5 | 8c638d09eea80c9b1963af8cc35870a5 |
| SHA1 | f67fc7503e05b99f232945bc1bbb7d50bc70f88d |
| SHA256 | 4bcfa32557e0bfffd5766cf6057b9e04ac9af9c101033fd305fba7190305a385 |
| SHA512 | b1cee1f2e0f2cdd2611c1af18d5cd3b481da6c7c761cc74f2fc9c99025215a8c03f117bd1f8cdd3fa01210c542ba9e1c7246954e43ce100c84b1ea4082000c07 |
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/com.microsoft.Word/mso000482B7
| MD5 | ed3c1c40b68ba4f40db15529d5443dec |
| SHA1 | 831af99bb64a04617e0a42ea898756f9e0e0bcca |
| SHA256 | 039fe79b74e6d3d561e32d4af570e6ca70db6bb3718395be2bf278b9e601279a |
| SHA512 | c7b765b9afbb9810b6674dbc5c5064ed96a2682e78d5dffab384d81edbc77d01e0004f230d4207f2b7d89cee9008d79d5fbadc5cb486da4bc43293b7aa878041 |
/Users/run/Library/Containers/com.microsoft.Word/Data/Library/Application Support/Microsoft/Office/16.0/microsoft word_Rules.xml
| MD5 | fd300ef58e2c4676ecd38ef6087d3b6a |
| SHA1 | b8670a6bef3f1bfc084764c044087fcaf566c9c7 |
| SHA256 | cb598745eb753980f284741b4ba15dd21f225e4055173df4b83d7b45c4968d1a |
| SHA512 | 1bae225911a8f7a170ef8e5f8741dcf93f88debcb5b5e7af4da784d0eb96b391b9a28a664248127b6521d4e698a431d1e870c1c8b0a1e748e16054235acb600e |
/Users/run/Library/Group Containers/UBF8T346G9.Office/FontCache/4/CatalogCacheMetaData.xml
| MD5 | 8df143d4dd21739bbfd8243188c27716 |
| SHA1 | 0a1c18f7260e8590f8e5eaf47014958e326b0e10 |
| SHA256 | 2f4e2f7ee8f32892c732561e8b9c38102799e54c27ca14daeb716201e70e12aa |
| SHA512 | 8b5645e8368ac891d0a0a80f988151ec4eafd1f632a93fdaf183ca7239a423131eafc9d86e07aefbd6dbad6769b4807cf97e3247f285ba1e261f9bd4423ca602 |
/Users/run/Library/Group Containers/UBF8T346G9.Office/FontCache/4/CatalogCacheMetaData.xml
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/Users/run/Library/Group Containers/UBF8T346G9.Office/FontCache/4/CloudFonts/Aptos/32483553004.ttf
| MD5 | 99a4c093a8b580e3a25f22065959c439 |
| SHA1 | 07b29f731386f77e8fe8efb1ca31042069e35c01 |
| SHA256 | cf4b35ac6d81e0eb42ffa44c3829b710c058de6fa3cf2c7cdad0407e22538877 |
| SHA512 | cc7d7365d01e486f37f5f61064f1dd20b972a4866613a076420a0493b9c7e6d5c5fe24c292c65668459938fbb30d3cd855fef0a0659ad28c07a791171fb2279f |
/Users/run/Library/Group Containers/UBF8T346G9.Office/FontCache/4/CatalogCacheMetaData.xml
| MD5 | dcb0a3ed23207346be21ab22475de18e |
| SHA1 | 5a79a6862ee391e656d8f779ae3927c58d3ce3ee |
| SHA256 | 47d7a57bfb0db8208e3e0c8f92f94b21e4e77c15ddc9da5cad3e6340f57d2b50 |
| SHA512 | 938a63079c2fa93fcaaf85330996387f8f41b71bba1e92f2cf887a445a52929faecea810ab8849befda26957e408dc16ce70077a53ea3019475e8aca3b7a67ab |
/Users/run/Library/Group Containers/UBF8T346G9.Office/FontCache/4/CloudFonts/Aptos/30153066857.ttf
| MD5 | 1250b2192733fa4d140ab32d9d31fba1 |
| SHA1 | 09acb6eb6a1f48e6bb94b6270a9bd27085ad8748 |
| SHA256 | 95980114fcfd42f2f9c446dae429b70582bf2f03097d68433ea9e7d85a49da0b |
| SHA512 | c274240785a5f93bec620eea3cf93f3a3acfe86808786c83b69c71dc315633814aa161df0409e1355ff8ab0b774fadfba07c19bad804054c69a982135dde592f |
/Users/run/Library/Group Containers/UBF8T346G9.Office/FontCache/4/CatalogCacheMetaData.xml
| MD5 | ff20f3b1ebb851d4306c18a5912f057f |
| SHA1 | fe3b1b4c186d110eb7c12afb6a4ef0bb88553207 |
| SHA256 | 91e0711b900daa91c0e36924ca5ea00d491109b76160db2fe576a88127a089e4 |
| SHA512 | 4f51c7cca14ef7c95059459bcc11146deab6b6d474a6380320848f32b715cb7a934d74622b6c8e2341483aa16f77b337148cd656a6dd80e41f799015c5b5adc8 |
/Users/run/Library/Group Containers/UBF8T346G9.Office/FontCache/4/CloudFonts/Aptos/26205970649.ttf
| MD5 | e2b4a202568af87091e959afa49c89a5 |
| SHA1 | aaef7e440f476153cfb0766728c3323ec31dca39 |
| SHA256 | 7d7ba35b867c5873274466c743a9812c7bca1a0828f137f7697ae311664f41b9 |
| SHA512 | 13123405de6430613bc823a5df17ba2ff12f7d9b9e2d5d24ccc59538a6f023b028bd33544b7d53ced7afd2588b6e58fa32046104f61cb30b288e1659d6f5920a |
/Users/run/Library/Group Containers/UBF8T346G9.Office/FontCache/4/CloudFonts/Aptos Display/30169865670.ttf
| MD5 | 97b7d33d4ae42144b73e26635a71ad69 |
| SHA1 | f2770b550712f798642ed5fa6804eab8d9466f5a |
| SHA256 | af7a83e6f1d18b62535a8ee97939ab8653d5ac1fe1861cdb8fce829d3878d901 |
| SHA512 | 92279b2b8b857edd04132625af2c53c559acd523eae0823671cadb274a26c47337dda64d2b6e8dcbfc63889aec3763b06a69c09f307dd508a95dfc7a578c2d91 |
/Users/run/Library/Group Containers/UBF8T346G9.Office/FontCache/4/CatalogCacheMetaData.xml
| MD5 | 18a48d102fb18e227132130ac2659910 |
| SHA1 | de294ec37dfd99f3d6a1cee74beb2d82ad269173 |
| SHA256 | e437640ad0fcab1f6b2d5d18845bff728cf8a92c60d041e3c68f45df0cec9f58 |
| SHA512 | 5838d28d7f99c5d6d3e119ac52f97cc67bb3dc2154e54cbc7a4bfd94d008515420fad34c85b905013b3da661c53a37d8176e7c462367489aa047f4507ddb0d32 |
/Users/run/Library/Group Containers/UBF8T346G9.Office/FontCache/4/CloudFonts/Aptos/26395700251.ttf
| MD5 | 4b344bf5732e28d849e1b51a88c85a65 |
| SHA1 | 2b7d1d17f797f6ab86d7b46ff0684bf5a13c22cc |
| SHA256 | 888909eceb9acd84157078cc097c11f8a94a34ff3bd3fe08194ce7866f5998d1 |
| SHA512 | 06bd5619c2f9869cba122073c3ef96ff2f7c955524587ba328d087d331613f85be30879cbebd94860d518d69ce8d225c6c4c76205dce66eb642b18375039ae6b |
/var/db/nsurlstoraged/dafsaData.bin
| MD5 | 64f469698e53d0c828b7f90acd306082 |
| SHA1 | bcc041b3849e1b0b4104ffeb46002207eeac54f3 |
| SHA256 | d74d0e429343f5e1b3e0b9437e048917c4343a30cff068739ea898bad8e37ffd |
| SHA512 | a8334d1304f2fbd32cfd0ca35c289a45c450746cf3be57170cbbe87b723b1910c2e950a73c1fb82de9dc5ed623166d339a05fec3d78b861a9254dc2cb51fab5f |
Analysis: behavioral12
Detonation Overview
Submitted
2024-11-06 00:50
Reported
2024-11-06 01:21
Platform
macos-20241105-en
Max time kernel
936s
Max time network
1571s
Command Line
Signatures
Launch Agent
Resource Forking
| Description | Indicator | Process | Target |
| N/A | /System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storeuid.app/Contents/MacOS/storeuid | N/A | N/A |
| N/A | /System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storedownloadd | N/A | N/A |
Launchctl
| Description | Indicator | Process | Target |
| N/A | /bin/launchctl load /Library/LaunchAgents/com.microsoft.update.agent.plist | N/A | N/A |
Processes
/bin/sh
[sh -c sudo /bin/zsh -c "open /Users/run/Recipe.docx"]
/bin/bash
[sh -c sudo /bin/zsh -c "open /Users/run/Recipe.docx"]
/usr/bin/sudo
[sudo /bin/zsh -c open /Users/run/Recipe.docx]
/bin/zsh
[/bin/zsh -c open /Users/run/Recipe.docx]
/usr/bin/open
[open /Users/run/Recipe.docx]
/usr/libexec/xpcproxy
[xpcproxy com.microsoft.Word.2032]
/Applications/Microsoft Word.app/Contents/MacOS/Microsoft Word
[/Applications/Microsoft Word.app/Contents/MacOS/Microsoft Word]
/usr/libexec/xpcproxy
[xpcproxy com.apple.metadata.mdwrite]
/usr/libexec/xpcproxy
[xpcproxy com.apple.storeuid]
/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storeuid.app/Contents/MacOS/storeuid
[/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storeuid.app/Contents/MacOS/storeuid]
/usr/libexec/xpcproxy
[xpcproxy com.apple.storedownloadd]
/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storedownloadd
[/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storedownloadd]
/usr/libexec/xpcproxy
[xpcproxy com.microsoft.autoupdate.fba.2660]
/Library/Application Support/Microsoft/MAU2.0/Microsoft AutoUpdate.app/Contents/MacOS/Microsoft Update Assistant.app/Contents/MacOS/Microsoft Update Assistant
[/Library/Application Support/Microsoft/MAU2.0/Microsoft AutoUpdate.app/Contents/MacOS/Microsoft Update Assistant.app/Contents/MacOS/Microsoft Update Assistant]
/bin/launchctl
[/bin/launchctl list]
/usr/libexec/xpcproxy
[xpcproxy com.microsoft.autoupdate.helper]
/Library/PrivilegedHelperTools/com.microsoft.autoupdate.helper
[/Library/PrivilegedHelperTools/com.microsoft.autoupdate.helper]
/bin/launchctl
[/bin/launchctl load /Library/LaunchAgents/com.microsoft.update.agent.plist]
/usr/bin/codesign
[/usr/bin/codesign -v /Library/PrivilegedHelperTools/com.microsoft.autoupdate.helper]
/usr/bin/bzip2
[/usr/bin/bzip2 -f /var/log/wifi.log.0]
/usr/libexec/xpcproxy
[xpcproxy com.apple.nsurlstoraged]
/usr/libexec/nsurlstoraged
[/usr/libexec/nsurlstoraged --privileged]
/usr/libexec/xpcproxy
[xpcproxy com.apple.spindump]
/usr/sbin/spindump
[/usr/sbin/spindump]
/usr/libexec/xpcproxy
[xpcproxy com.apple.diagnosticd]
/usr/libexec/diagnosticd
[/usr/libexec/diagnosticd]
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | ecs.office.com | udp |
| US | 52.113.194.132:443 | ecs.office.com | tcp |
| US | 8.8.8.8:53 | odc.officeapps.live.com | udp |
| NL | 52.109.89.119:443 | odc.officeapps.live.com | tcp |
| US | 8.8.8.8:53 | roaming.officeapps.live.com | udp |
| IE | 52.109.76.243:443 | roaming.officeapps.live.com | tcp |
| US | 8.8.8.8:53 | messaging.engagement.office.com | udp |
| IE | 52.111.236.7:443 | messaging.engagement.office.com | tcp |
| US | 8.8.8.8:53 | lb._dns-sd._udp.0.0.127.10.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp |
Files
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.microsoft.Word//mds/mdsObject.db
| MD5 | d3a1859e6ec593505cc882e6def48fc8 |
| SHA1 | f8e6728e3e9de477a75706faa95cead9ce13cb32 |
| SHA256 | 3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c |
| SHA512 | ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818 |
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.microsoft.Word//mds/mdsDirectory.db
| MD5 | 0e4a0d1ceb2af6f0f8d0167ce77be2d3 |
| SHA1 | 414ba4c1dc5fc8bf53d550e296fd6f5ad669918c |
| SHA256 | cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030 |
| SHA512 | 1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20 |
/Users/run/Library/Group Containers/UBF8T346G9.Office/FontCache/4/PreviewFont/hier_officeFontsPreview_4_40.ttf
| MD5 | 8c638d09eea80c9b1963af8cc35870a5 |
| SHA1 | f67fc7503e05b99f232945bc1bbb7d50bc70f88d |
| SHA256 | 4bcfa32557e0bfffd5766cf6057b9e04ac9af9c101033fd305fba7190305a385 |
| SHA512 | b1cee1f2e0f2cdd2611c1af18d5cd3b481da6c7c761cc74f2fc9c99025215a8c03f117bd1f8cdd3fa01210c542ba9e1c7246954e43ce100c84b1ea4082000c07 |
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/com.microsoft.Word/mso000479CD
| MD5 | ed3c1c40b68ba4f40db15529d5443dec |
| SHA1 | 831af99bb64a04617e0a42ea898756f9e0e0bcca |
| SHA256 | 039fe79b74e6d3d561e32d4af570e6ca70db6bb3718395be2bf278b9e601279a |
| SHA512 | c7b765b9afbb9810b6674dbc5c5064ed96a2682e78d5dffab384d81edbc77d01e0004f230d4207f2b7d89cee9008d79d5fbadc5cb486da4bc43293b7aa878041 |
/Users/run/Library/Group Containers/UBF8T346G9.Office/FontCache/4/CatalogCacheMetaData.xml
| MD5 | 8df143d4dd21739bbfd8243188c27716 |
| SHA1 | 0a1c18f7260e8590f8e5eaf47014958e326b0e10 |
| SHA256 | 2f4e2f7ee8f32892c732561e8b9c38102799e54c27ca14daeb716201e70e12aa |
| SHA512 | 8b5645e8368ac891d0a0a80f988151ec4eafd1f632a93fdaf183ca7239a423131eafc9d86e07aefbd6dbad6769b4807cf97e3247f285ba1e261f9bd4423ca602 |
/Users/run/Library/Group Containers/UBF8T346G9.Office/FontCache/4/CatalogCacheMetaData.xml
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/Users/run/Library/Group Containers/UBF8T346G9.Office/FontCache/4/CloudFonts/Aptos/32483553004.ttf
| MD5 | 99a4c093a8b580e3a25f22065959c439 |
| SHA1 | 07b29f731386f77e8fe8efb1ca31042069e35c01 |
| SHA256 | cf4b35ac6d81e0eb42ffa44c3829b710c058de6fa3cf2c7cdad0407e22538877 |
| SHA512 | cc7d7365d01e486f37f5f61064f1dd20b972a4866613a076420a0493b9c7e6d5c5fe24c292c65668459938fbb30d3cd855fef0a0659ad28c07a791171fb2279f |
/Users/run/Library/Group Containers/UBF8T346G9.Office/FontCache/4/CloudFonts/Aptos/30153066857.ttf
| MD5 | 1250b2192733fa4d140ab32d9d31fba1 |
| SHA1 | 09acb6eb6a1f48e6bb94b6270a9bd27085ad8748 |
| SHA256 | 95980114fcfd42f2f9c446dae429b70582bf2f03097d68433ea9e7d85a49da0b |
| SHA512 | c274240785a5f93bec620eea3cf93f3a3acfe86808786c83b69c71dc315633814aa161df0409e1355ff8ab0b774fadfba07c19bad804054c69a982135dde592f |
/Users/run/Library/Group Containers/UBF8T346G9.Office/FontCache/4/CatalogCacheMetaData.xml
| MD5 | ff20f3b1ebb851d4306c18a5912f057f |
| SHA1 | fe3b1b4c186d110eb7c12afb6a4ef0bb88553207 |
| SHA256 | 91e0711b900daa91c0e36924ca5ea00d491109b76160db2fe576a88127a089e4 |
| SHA512 | 4f51c7cca14ef7c95059459bcc11146deab6b6d474a6380320848f32b715cb7a934d74622b6c8e2341483aa16f77b337148cd656a6dd80e41f799015c5b5adc8 |
/Users/run/Library/Group Containers/UBF8T346G9.Office/FontCache/4/CloudFonts/Aptos/26205970649.ttf
| MD5 | e2b4a202568af87091e959afa49c89a5 |
| SHA1 | aaef7e440f476153cfb0766728c3323ec31dca39 |
| SHA256 | 7d7ba35b867c5873274466c743a9812c7bca1a0828f137f7697ae311664f41b9 |
| SHA512 | 13123405de6430613bc823a5df17ba2ff12f7d9b9e2d5d24ccc59538a6f023b028bd33544b7d53ced7afd2588b6e58fa32046104f61cb30b288e1659d6f5920a |
/Users/run/Library/Containers/com.microsoft.Word/Data/Library/Application Support/Microsoft/Office/16.0/microsoft word_Rules.xml
| MD5 | fd300ef58e2c4676ecd38ef6087d3b6a |
| SHA1 | b8670a6bef3f1bfc084764c044087fcaf566c9c7 |
| SHA256 | cb598745eb753980f284741b4ba15dd21f225e4055173df4b83d7b45c4968d1a |
| SHA512 | 1bae225911a8f7a170ef8e5f8741dcf93f88debcb5b5e7af4da784d0eb96b391b9a28a664248127b6521d4e698a431d1e870c1c8b0a1e748e16054235acb600e |
/Users/run/Library/Group Containers/UBF8T346G9.Office/FontCache/4/CatalogCacheMetaData.xml
| MD5 | 4828456b45156a6050ed9a4ba52d8a34 |
| SHA1 | 08dcb41d26201b7637ce5ee8f88a0e384e10e73e |
| SHA256 | 881e95d2995d843f75f19acac6bcc9c135adfcd24f2672d5aeedadfc2a9078b2 |
| SHA512 | 364ec702be48d92ad42ea9e3e8df3ed4754a560e09165f9b9f540d79192a8f00989af3616b9d2bb5dc91fe4893f797be82954b779000f39301e8739484b7470d |
/Users/run/Library/Group Containers/UBF8T346G9.Office/FontCache/4/CloudFonts/Aptos Display/30169865670.ttf
| MD5 | 97b7d33d4ae42144b73e26635a71ad69 |
| SHA1 | f2770b550712f798642ed5fa6804eab8d9466f5a |
| SHA256 | af7a83e6f1d18b62535a8ee97939ab8653d5ac1fe1861cdb8fce829d3878d901 |
| SHA512 | 92279b2b8b857edd04132625af2c53c559acd523eae0823671cadb274a26c47337dda64d2b6e8dcbfc63889aec3763b06a69c09f307dd508a95dfc7a578c2d91 |
/Users/run/Library/Group Containers/UBF8T346G9.Office/FontCache/4/CloudFonts/Aptos/26395700251.ttf
| MD5 | 4b344bf5732e28d849e1b51a88c85a65 |
| SHA1 | 2b7d1d17f797f6ab86d7b46ff0684bf5a13c22cc |
| SHA256 | 888909eceb9acd84157078cc097c11f8a94a34ff3bd3fe08194ce7866f5998d1 |
| SHA512 | 06bd5619c2f9869cba122073c3ef96ff2f7c955524587ba328d087d331613f85be30879cbebd94860d518d69ce8d225c6c4c76205dce66eb642b18375039ae6b |
/var/db/nsurlstoraged/dafsaData.bin
| MD5 | 64f469698e53d0c828b7f90acd306082 |
| SHA1 | bcc041b3849e1b0b4104ffeb46002207eeac54f3 |
| SHA256 | d74d0e429343f5e1b3e0b9437e048917c4343a30cff068739ea898bad8e37ffd |
| SHA512 | a8334d1304f2fbd32cfd0ca35c289a45c450746cf3be57170cbbe87b723b1910c2e950a73c1fb82de9dc5ed623166d339a05fec3d78b861a9254dc2cb51fab5f |
Analysis: behavioral18
Detonation Overview
Submitted
2024-11-06 00:50
Reported
2024-11-06 00:51
Platform
debian9-mipsel-20240611-en
Max time kernel
0s
Command Line
Signatures
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /tmp/Recipe.docx | N/A |
Processes
/tmp/Recipe.docx
[/tmp/Recipe.docx]
Network
Files
Analysis: behavioral20
Detonation Overview
Submitted
2024-11-06 00:50
Reported
2024-11-06 00:51
Platform
ubuntu2004-amd64-20240508-en
Max time kernel
0s
Max time network
1s
Command Line
Signatures
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /tmp/Recipe.docx | N/A |
Processes
/tmp/Recipe.docx
[/tmp/Recipe.docx]
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-06 00:50
Reported
2024-11-06 01:21
Platform
win11-20241007-en
Max time kernel
1800s
Max time network
1799s
Command Line
Signatures
Deletes shadow copies
Disables Task Manager via registry modification
Downloads MZ/PE file
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\$uckyLocker.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\satan.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\satan.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Cyido\maof.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Cyido\maof.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000\Software\Microsoft\Windows\CurrentVersion\Run\{25B8B4F5-23D3-741B-5056-89006DF8340B} = "C:\\Users\\Admin\\AppData\\Roaming\\Cyido\\maof.exe" | C:\Users\Admin\AppData\Roaming\Cyido\maof.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | drive.google.com | N/A | N/A |
| N/A | drive.google.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | drive.google.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Detected potential entity reuse from brand STEAM.
Sets desktop wallpaper using registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000\Control Panel\Desktop\Wallpaper = "0" | C:\Users\Admin\Downloads\$uckyLocker.exe | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Cyido\maof.exe | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 1092 set thread context of 5552 | N/A | C:\Users\Admin\Downloads\satan.exe | C:\Users\Admin\Downloads\satan.exe |
| PID 5108 set thread context of 1440 | N/A | C:\Users\Admin\AppData\Roaming\Cyido\maof.exe | C:\Users\Admin\AppData\Roaming\Cyido\maof.exe |
Subvert Trust Controls: Mark-of-the-Web Bypass
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\Downloads\$uckyLocker.exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File created | C:\Users\Admin\Downloads\satan.exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\$uckyLocker.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\satan.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\satan.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
Interacts with shadow copies
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\vssadmin.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 5c0000000100000004000000001000001900000001000000100000002fe1f70bb05d7c92335bc5e05b984da60f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f63030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e814000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e20000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 | C:\Users\Admin\AppData\Roaming\Cyido\maof.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000\Software\Microsoft\SystemCertificates\CA\Certificates\00ABEFD055F9A9C784FFDEABD1DCDD8FED741436 | C:\Users\Admin\AppData\Roaming\Cyido\maof.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000\Software\Microsoft\SystemCertificates\CA\Certificates\00ABEFD055F9A9C784FFDEABD1DCDD8FED741436\Blob = 03000000010000001400000000abefd055f9a9c784ffdeabd1dcdd8fed741436140000000100000014000000bbbcc347a5e4bca9c6c3a4720c108da235e1c8e8040000000100000010000000af1c77aecc8d77e9aacb0c475840c3920f0000000100000020000000e644ba6963e335fe765cb9976b12b10eb54294b42477764ccb3a3acca3acb2fc1900000001000000100000002cd60f91d0dfd482d593b92501780d005c0000000100000004000000000800001800000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000000905000030820505308202eda00302010202104ba85293f79a2fa273064ba8048d75d0300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3234303331333030303030305a170d3237303331323233353935395a3033310b300906035504061302555331163014060355040a130d4c6574277320456e6372797074310c300a0603550403130352313030820122300d06092a864886f70d01010105000382010f003082010a0282010100cf57e5e6c45412edb447fec92758764650288c1d3e88df059dd5b51829bdddb55abffaf6cea3beaf00214b625a5a3c012fc55803f689ff8e1143ebc1b5e01407968f6f1fd7e7ba8139097565b7c2af185b372628e7a3f4072b6d1affab58bc95ae40ffe9cb57c4b55b7f780d1861bc17e754c6bb4991cd6e18d18085eea66536bc74eabc504ceafc21f338169394bab0d36b3806cd16127aca5275c8ad76b2c29c5d98455c6f617bc62dee3c13528601d957e6381cdf8db51f92919ae74a1ccc45a87255f0b0e6a307ecfda71b669e3f488b71847158c93afaef5ef25b442b3c74e78fb247c1076acd9ab70d96f712812651540aec61f6f7f5e2f28ac8950d8d0203010001a381f83081f5300e0603551d0f0101ff040403020186301d0603551d250416301406082b0601050507030206082b0601050507030130120603551d130101ff040830060101ff020100301d0603551d0e04160414bbbcc347a5e4bca9c6c3a4720c108da235e1c8e8301f0603551d2304183016801479b459e67bb6e5e40173800888c81a58f6e99b6e303206082b0601050507010104263024302206082b060105050730028616687474703a2f2f78312e692e6c656e63722e6f72672f30130603551d20040c300a3008060667810c01020130270603551d1f0420301e301ca01aa0188616687474703a2f2f78312e632e6c656e63722e6f72672f300d06092a864886f70d01010b0500038202010092b1e74137eb799d81e6cde225e13a20e9904495a3815ccfc35dfdbda070d5b19628220bd2f228cf0ce7d4e6438c24221dc14292d109af9f4bf4c8704f2016b15add01f61ff81f616b1427b0728d63aeeee2ce4bcf37ddbba3d4cde7ad50adbdbfe3ec3e6236709931a7e88dddea62e212aef59cd43d2c0caad09c79beea3d5c446e9631635a7dd67e4f24a04b057f5e6fd2d4ea5f334b13d657b6cade51b85da3098274fdc7789eb3b9ac16da4a2b96c3b68b628ff97419a29e03dee96f9bb00fd2a05af6855cc204b7c8d54e32c4bf045dbc29f6f7818f0c5d3c53c940908bfbb60865b9a421d509e51384843782ce1028fc76c206257a46524dda5372a4273f6270acbe694800fb670fdb5ba1e8d703212dd7c9f69942398343df770a1208f125d6ba9419541888a5c58ee11a9993796bec1cf93140b0cc3200df9f5ee7b492ab9082918d0de01e95ba593b2e4b5fc2b74635523906c0bdaaac52c122a0449799f70ca021a7a16c714716170168c0caa62665047cb3aec9e79455c26f9b3c1ca9f92ec5201af076e0beec18d64fd825fb7611e8bfe6210fe8e8ccb5b6a7d5b8f79f41cf6122466a83b668972e7cea4e95db23eb2ec82b2884a460e949f4442e3bf9ca625701e25d9016f9c9fc7a23488ea6d58172f128fa5dcefbed4e738f942ed241949899dba7af705ff5befb0220bf66276cb4adfa75120b2b3ece039e | C:\Users\Admin\AppData\Roaming\Cyido\maof.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8 | C:\Users\Admin\AppData\Roaming\Cyido\maof.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 | C:\Users\Admin\AppData\Roaming\Cyido\maof.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\Downloads\42.zip:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File created | C:\Users\Admin\Downloads\$uckyLocker.exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File created | C:\Users\Admin\Downloads\satan.exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Uses Volume Shadow Copy service COM API
Processes
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe" -ServerName:CortanaUI.AppXstmwaab17q5s3y22tp6apqz7a45vwv65.mca
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\Recipe.docx" /o ""
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1988 -parentBuildID 20240401114208 -prefsHandle 1904 -prefMapHandle 1896 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {73db93fb-5b7b-4511-948f-41a675fd7d2f} 276 "\\.\pipe\gecko-crash-server-pipe.276" gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2380 -parentBuildID 20240401114208 -prefsHandle 2372 -prefMapHandle 2360 -prefsLen 23714 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4820698f-3419-4606-acd8-a4f050056c68} 276 "\\.\pipe\gecko-crash-server-pipe.276" socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2944 -childID 1 -isForBrowser -prefsHandle 2936 -prefMapHandle 2932 -prefsLen 23855 -prefMapSize 244658 -jsInitHandle 1344 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {46c33969-6640-45d0-a028-59c91122ac85} 276 "\\.\pipe\gecko-crash-server-pipe.276" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3468 -childID 2 -isForBrowser -prefsHandle 3504 -prefMapHandle 3520 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 1344 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f085c53d-84c2-4165-9182-5054052c1f63} 276 "\\.\pipe\gecko-crash-server-pipe.276" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4572 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4652 -prefMapHandle 4648 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {336f886c-7383-48ff-a865-b44fd572e4d6} 276 "\\.\pipe\gecko-crash-server-pipe.276" utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2540 -childID 3 -isForBrowser -prefsHandle 2536 -prefMapHandle 5508 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 1344 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {84f1bc13-d7ad-4418-ae60-5da68051a42c} 276 "\\.\pipe\gecko-crash-server-pipe.276" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5720 -childID 4 -isForBrowser -prefsHandle 5640 -prefMapHandle 5644 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 1344 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {643cac7e-c753-4409-9ec6-587baaf4e16b} 276 "\\.\pipe\gecko-crash-server-pipe.276" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5848 -childID 5 -isForBrowser -prefsHandle 5924 -prefMapHandle 5920 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 1344 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b878c669-d485-49d0-b70e-af79cd42d78b} 276 "\\.\pipe\gecko-crash-server-pipe.276" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5640 -childID 6 -isForBrowser -prefsHandle 5952 -prefMapHandle 6084 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 1344 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9fde3581-e50b-474b-b27d-0fdc51122d19} 276 "\\.\pipe\gecko-crash-server-pipe.276" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4992 -childID 7 -isForBrowser -prefsHandle 6340 -prefMapHandle 6404 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 1344 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3d096423-7b64-48d9-9961-868d5ae2ce60} 276 "\\.\pipe\gecko-crash-server-pipe.276" tab
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5548 -childID 8 -isForBrowser -prefsHandle 6200 -prefMapHandle 5816 -prefsLen 28085 -prefMapSize 244658 -jsInitHandle 1344 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8bc764d8-44ab-4493-91bc-ae12c2c44c10} 276 "\\.\pipe\gecko-crash-server-pipe.276" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1380 -childID 9 -isForBrowser -prefsHandle 6732 -prefMapHandle 7156 -prefsLen 28085 -prefMapSize 244658 -jsInitHandle 1344 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7ab36c01-8cac-4630-adcb-5c39b1d3c4db} 276 "\\.\pipe\gecko-crash-server-pipe.276" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5940 -parentBuildID 20240401114208 -prefsHandle 5880 -prefMapHandle 5876 -prefsLen 30617 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {46cf6989-fa0b-44f5-9612-6316f2f4baeb} 276 "\\.\pipe\gecko-crash-server-pipe.276" rdd
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5572 -parentBuildID 20240401114208 -sandboxingKind 1 -prefsHandle 1596 -prefMapHandle 5688 -prefsLen 30617 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {99c946ec-eaff-478c-9e10-9db6f7de7cee} 276 "\\.\pipe\gecko-crash-server-pipe.276" utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5836 -childID 10 -isForBrowser -prefsHandle 5896 -prefMapHandle 6428 -prefsLen 28085 -prefMapSize 244658 -jsInitHandle 1344 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2d0f7008-2d5e-42d6-bce6-83eb72e2bf32} 276 "\\.\pipe\gecko-crash-server-pipe.276" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7316 -childID 11 -isForBrowser -prefsHandle 7292 -prefMapHandle 7276 -prefsLen 28085 -prefMapSize 244658 -jsInitHandle 1344 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cb81892a-e2f4-4142-9efd-5d466ee02dc2} 276 "\\.\pipe\gecko-crash-server-pipe.276" tab
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x0000000000000500 0x00000000000004E4
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6388 -childID 12 -isForBrowser -prefsHandle 6344 -prefMapHandle 4508 -prefsLen 28085 -prefMapSize 244658 -jsInitHandle 1344 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c8947723-b58c-43a3-8c3d-9a5972c3a124} 276 "\\.\pipe\gecko-crash-server-pipe.276" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7152 -childID 13 -isForBrowser -prefsHandle 7672 -prefMapHandle 5124 -prefsLen 28085 -prefMapSize 244658 -jsInitHandle 1344 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e367c6a1-5884-4d16-81b3-ba8cc7887b76} 276 "\\.\pipe\gecko-crash-server-pipe.276" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7888 -childID 14 -isForBrowser -prefsHandle 7808 -prefMapHandle 7812 -prefsLen 28085 -prefMapSize 244658 -jsInitHandle 1344 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ae870ebf-ecc4-478e-b835-eed38d1d08b1} 276 "\\.\pipe\gecko-crash-server-pipe.276" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7540 -childID 15 -isForBrowser -prefsHandle 7644 -prefMapHandle 7636 -prefsLen 28085 -prefMapSize 244658 -jsInitHandle 1344 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {064356e5-5247-4a1d-ad24-9ca437c78025} 276 "\\.\pipe\gecko-crash-server-pipe.276" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7232 -childID 16 -isForBrowser -prefsHandle 6488 -prefMapHandle 6492 -prefsLen 28141 -prefMapSize 244658 -jsInitHandle 1344 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2107ff25-bc50-4e4b-bf80-431c0628cd87} 276 "\\.\pipe\gecko-crash-server-pipe.276" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5888 -childID 17 -isForBrowser -prefsHandle 5720 -prefMapHandle 6356 -prefsLen 28141 -prefMapSize 244658 -jsInitHandle 1344 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {529b60b1-6381-4629-94e6-290ef5bbc7e1} 276 "\\.\pipe\gecko-crash-server-pipe.276" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7936 -childID 18 -isForBrowser -prefsHandle 7832 -prefMapHandle 5888 -prefsLen 28141 -prefMapSize 244658 -jsInitHandle 1344 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8206e3ab-a65a-4581-b43c-4b7fa7736bec} 276 "\\.\pipe\gecko-crash-server-pipe.276" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6356 -childID 19 -isForBrowser -prefsHandle 7720 -prefMapHandle 7704 -prefsLen 28141 -prefMapSize 244658 -jsInitHandle 1344 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a89716a0-b6c4-4f1e-b61f-7e7ed2f3aa12} 276 "\\.\pipe\gecko-crash-server-pipe.276" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7812 -childID 20 -isForBrowser -prefsHandle 8536 -prefMapHandle 5672 -prefsLen 28141 -prefMapSize 244658 -jsInitHandle 1344 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9bc84771-e8c1-485b-95c0-13b3624e0589} 276 "\\.\pipe\gecko-crash-server-pipe.276" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8076 -childID 21 -isForBrowser -prefsHandle 8584 -prefMapHandle 5132 -prefsLen 28141 -prefMapSize 244658 -jsInitHandle 1344 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5c4ad7a2-d601-4aeb-98af-769f49bfaf70} 276 "\\.\pipe\gecko-crash-server-pipe.276" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7852 -childID 22 -isForBrowser -prefsHandle 8212 -prefMapHandle 7940 -prefsLen 28141 -prefMapSize 244658 -jsInitHandle 1344 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dee66c9b-1728-4f81-838b-8ffae07aa61c} 276 "\\.\pipe\gecko-crash-server-pipe.276" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8284 -childID 23 -isForBrowser -prefsHandle 5132 -prefMapHandle 8584 -prefsLen 28141 -prefMapSize 244658 -jsInitHandle 1344 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d10d7dc5-7d95-4fac-a4d9-c9968eeb92a6} 276 "\\.\pipe\gecko-crash-server-pipe.276" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7868 -childID 24 -isForBrowser -prefsHandle 8392 -prefMapHandle 7840 -prefsLen 28141 -prefMapSize 244658 -jsInitHandle 1344 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5290adc1-9c19-4e3e-ba3a-bf6b2f58382c} 276 "\\.\pipe\gecko-crash-server-pipe.276" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7940 -childID 25 -isForBrowser -prefsHandle 7476 -prefMapHandle 7332 -prefsLen 28141 -prefMapSize 244658 -jsInitHandle 1344 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {39f50e5b-10ef-4253-94e2-e9b65f78c5fd} 276 "\\.\pipe\gecko-crash-server-pipe.276" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7544 -childID 26 -isForBrowser -prefsHandle 8108 -prefMapHandle 8316 -prefsLen 28141 -prefMapSize 244658 -jsInitHandle 1344 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f4c2dabe-6279-4887-b051-13e4766debd0} 276 "\\.\pipe\gecko-crash-server-pipe.276" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7996 -childID 27 -isForBrowser -prefsHandle 8348 -prefMapHandle 7828 -prefsLen 28141 -prefMapSize 244658 -jsInitHandle 1344 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c221d19f-0c09-4b00-a18c-532e973e509b} 276 "\\.\pipe\gecko-crash-server-pipe.276" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7212 -childID 28 -isForBrowser -prefsHandle 8316 -prefMapHandle 8008 -prefsLen 28141 -prefMapSize 244658 -jsInitHandle 1344 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a4fcce5d-0bac-4c95-a08d-17fb24e6c4d3} 276 "\\.\pipe\gecko-crash-server-pipe.276" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8848 -childID 29 -isForBrowser -prefsHandle 8788 -prefMapHandle 8784 -prefsLen 28141 -prefMapSize 244658 -jsInitHandle 1344 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {71760c14-9492-4178-967e-01b4f97ecbfa} 276 "\\.\pipe\gecko-crash-server-pipe.276" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7928 -childID 30 -isForBrowser -prefsHandle 5608 -prefMapHandle 2544 -prefsLen 28141 -prefMapSize 244658 -jsInitHandle 1344 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {190ca2de-e008-4f9f-84ba-ae12dcdeeff0} 276 "\\.\pipe\gecko-crash-server-pipe.276" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6004 -childID 31 -isForBrowser -prefsHandle 6020 -prefMapHandle 7968 -prefsLen 28141 -prefMapSize 244658 -jsInitHandle 1344 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b39e176b-2f42-4445-8403-4864196fc2bc} 276 "\\.\pipe\gecko-crash-server-pipe.276" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7620 -childID 32 -isForBrowser -prefsHandle 7932 -prefMapHandle 6460 -prefsLen 28141 -prefMapSize 244658 -jsInitHandle 1344 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {de80938f-6dad-4399-b38a-d1a3959f8749} 276 "\\.\pipe\gecko-crash-server-pipe.276" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6328 -childID 33 -isForBrowser -prefsHandle 5584 -prefMapHandle 8528 -prefsLen 28141 -prefMapSize 244658 -jsInitHandle 1344 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1cad1e6b-9adb-43bb-b9e5-5bc799dd45dc} 276 "\\.\pipe\gecko-crash-server-pipe.276" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5704 -childID 34 -isForBrowser -prefsHandle 7968 -prefMapHandle 6004 -prefsLen 28141 -prefMapSize 244658 -jsInitHandle 1344 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e3a1749b-6b51-4dc4-a793-4106d71cc042} 276 "\\.\pipe\gecko-crash-server-pipe.276" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4884 -childID 35 -isForBrowser -prefsHandle 8424 -prefMapHandle 6480 -prefsLen 28141 -prefMapSize 244658 -jsInitHandle 1344 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8db763bd-7185-42be-8e2e-6e6877f2e904} 276 "\\.\pipe\gecko-crash-server-pipe.276" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8560 -childID 36 -isForBrowser -prefsHandle 8356 -prefMapHandle 5652 -prefsLen 28141 -prefMapSize 244658 -jsInitHandle 1344 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {550e9f52-0099-4949-b474-56889ee87dd1} 276 "\\.\pipe\gecko-crash-server-pipe.276" tab
C:\Users\Admin\Downloads\$uckyLocker.exe
"C:\Users\Admin\Downloads\$uckyLocker.exe"
C:\Users\Admin\Downloads\satan.exe
"C:\Users\Admin\Downloads\satan.exe"
C:\Users\Admin\Downloads\satan.exe
"C:\Users\Admin\Downloads\satan.exe"
C:\Users\Admin\AppData\Roaming\Cyido\maof.exe
"C:\Users\Admin\AppData\Roaming\Cyido\maof.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\tmp_9709d85c.bat"
C:\Users\Admin\AppData\Roaming\Cyido\maof.exe
"C:\Users\Admin\AppData\Roaming\Cyido\maof.exe"
C:\Windows\System32\vssadmin.exe
"C:\Windows\System32\vssadmin.exe" delete shadows /all /quiet
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
Network
| Country | Destination | Domain | Proto |
| IE | 52.109.76.243:443 | roaming.officeapps.live.com | tcp |
| US | 8.8.8.8:53 | 18.89.109.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 243.76.109.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.32.126.40.in-addr.arpa | udp |
| GB | 2.18.63.31:443 | metadata.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| N/A | 127.0.0.1:50306 | tcp | |
| US | 34.149.97.1:443 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 34.149.97.1:443 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | tcp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| N/A | 127.0.0.1:50314 | tcp | |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| US | 35.190.72.216:443 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 35.190.72.216:443 | prod.classify-client.prod.webservices.mozgcp.net | tcp |
| GB | 142.250.200.14:443 | youtube-ui.l.google.com | tcp |
| DE | 23.55.161.211:80 | a19.dscg10.akamai.net | tcp |
| GB | 142.250.200.14:443 | youtube-ui.l.google.com | udp |
| NL | 74.125.100.105:443 | r4---sn-5hnekn7z.gvt1.com | tcp |
| NL | 74.125.100.105:443 | r4---sn-5hnekn7z.gvt1.com | udp |
| GB | 216.58.204.81:443 | csp.withgoogle.com | tcp |
| GB | 172.217.16.234:443 | ogads-pa.googleapis.com | tcp |
| GB | 172.217.16.234:443 | ogads-pa.googleapis.com | tcp |
| GB | 216.58.204.81:443 | csp.withgoogle.com | udp |
| GB | 172.217.16.234:443 | ogads-pa.googleapis.com | udp |
| GB | 172.217.16.238:443 | consent.google.com | tcp |
| GB | 172.217.16.238:443 | consent.google.com | udp |
| GB | 216.58.212.238:443 | youtube-ui.l.google.com | tcp |
| GB | 216.58.212.238:443 | youtube-ui.l.google.com | udp |
| GB | 216.58.201.99:443 | id.google.com | tcp |
| GB | 216.58.204.81:443 | csp.withgoogle.com | udp |
| GB | 172.217.16.234:443 | ogads-pa.googleapis.com | udp |
| GB | 216.58.201.99:443 | id.google.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 185.199.110.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 140.82.114.21:443 | collector.github.com | tcp |
| US | 140.82.114.21:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.110.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | udp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 216.58.201.99:443 | id.google.com | udp |
| GB | 216.58.204.81:443 | csp.withgoogle.com | udp |
| GB | 172.217.16.234:443 | ogads-pa.googleapis.com | udp |
| GB | 172.217.16.238:443 | consent.google.com | udp |
| AT | 91.212.136.200:443 | www.ikarussecurity.com | tcp |
| AT | 91.212.136.200:443 | www.ikarussecurity.com | tcp |
| AT | 91.212.136.27:443 | matomo.ikarus.at | tcp |
| AT | 91.212.136.27:443 | matomo.ikarus.at | tcp |
| GB | 216.58.204.81:443 | csp.withgoogle.com | udp |
| GB | 172.217.16.234:443 | ogads-pa.googleapis.com | udp |
| GB | 216.58.204.86:443 | i.ytimg.com | tcp |
| GB | 216.58.204.86:443 | i.ytimg.com | udp |
| GB | 172.217.169.46:443 | youtube-ui.l.google.com | tcp |
| GB | 172.217.169.46:443 | youtube-ui.l.google.com | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| GB | 142.250.200.2:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.180.6:443 | static.doubleclick.net | tcp |
| GB | 142.250.200.10:443 | jnn-pa.googleapis.com | tcp |
| GB | 142.250.200.10:443 | jnn-pa.googleapis.com | tcp |
| GB | 142.250.200.10:443 | jnn-pa.googleapis.com | udp |
| GB | 142.250.200.2:443 | googleads.g.doubleclick.net | udp |
| GB | 142.250.180.6:443 | static.doubleclick.net | udp |
| GB | 142.250.200.10:443 | jnn-pa.googleapis.com | udp |
| US | 207.241.224.2:443 | archive.org | tcp |
| US | 207.241.224.2:443 | archive.org | tcp |
| US | 207.241.225.195:443 | analytics2.us.archive.org | tcp |
| US | 207.241.224.2:443 | archive.org | tcp |
| GB | 142.250.179.228:443 | www.google.com | udp |
| GB | 142.250.187.206:443 | youtube-ui.l.google.com | udp |
| GB | 172.217.169.46:443 | youtube-ui.l.google.com | udp |
| GB | 216.58.204.81:443 | csp.withgoogle.com | udp |
| GB | 172.217.16.234:443 | jnn-pa.googleapis.com | udp |
| GB | 216.58.204.86:443 | i.ytimg.com | udp |
| GB | 172.217.169.46:443 | youtube-ui.l.google.com | tcp |
| GB | 142.250.200.2:443 | googleads.g.doubleclick.net | udp |
| GB | 142.250.180.6:443 | static.doubleclick.net | udp |
| GB | 142.250.200.10:443 | jnn-pa.googleapis.com | udp |
| GB | 142.250.200.19:443 | www.kinitopet.com | tcp |
| GB | 142.250.200.19:443 | www.kinitopet.com | tcp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| US | 8.8.8.8:53 | lh5.googleusercontent.com | udp |
| US | 8.8.8.8:53 | lh6.googleusercontent.com | udp |
| US | 8.8.8.8:53 | lh4.googleusercontent.com | udp |
| GB | 216.58.201.110:443 | youtube-ui.l.google.com | tcp |
| GB | 216.58.201.110:443 | youtube-ui.l.google.com | udp |
| GB | 216.58.204.65:443 | lh4.googleusercontent.com | tcp |
| GB | 216.58.204.65:443 | lh4.googleusercontent.com | tcp |
| GB | 216.58.204.65:443 | lh4.googleusercontent.com | tcp |
| GB | 216.58.204.65:443 | lh4.googleusercontent.com | tcp |
| GB | 216.58.204.65:443 | lh4.googleusercontent.com | tcp |
| GB | 216.58.204.65:443 | lh4.googleusercontent.com | tcp |
| GB | 216.58.204.65:443 | lh4.googleusercontent.com | tcp |
| GB | 216.58.204.65:443 | lh4.googleusercontent.com | tcp |
| GB | 142.250.187.193:443 | lh3.googleusercontent.com | tcp |
| GB | 142.250.187.206:443 | drive.google.com | tcp |
| GB | 142.250.187.206:443 | drive.google.com | tcp |
| GB | 216.58.204.65:443 | lh4.googleusercontent.com | udp |
| GB | 216.58.204.65:443 | lh4.googleusercontent.com | udp |
| GB | 142.250.187.193:443 | lh3.googleusercontent.com | udp |
| GB | 216.58.204.65:443 | lh4.googleusercontent.com | udp |
| GB | 142.250.187.206:443 | drive.google.com | udp |
| GB | 142.250.187.206:443 | drive.google.com | tcp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| GB | 142.250.187.206:443 | drive.google.com | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| GB | 216.58.204.65:443 | lh4.googleusercontent.com | tcp |
| GB | 216.58.204.65:443 | lh4.googleusercontent.com | udp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | udp |
| GB | 92.123.241.50:443 | store.steampowered.com | tcp |
| GB | 2.22.144.145:443 | store.akamai.steamstatic.com | tcp |
| GB | 2.22.144.145:443 | store.akamai.steamstatic.com | tcp |
| GB | 2.22.144.145:443 | store.akamai.steamstatic.com | tcp |
| GB | 2.22.144.145:443 | store.akamai.steamstatic.com | tcp |
| GB | 2.22.144.145:443 | store.akamai.steamstatic.com | tcp |
| GB | 2.22.144.145:443 | store.akamai.steamstatic.com | tcp |
| GB | 2.22.144.154:443 | shared.akamai.steamstatic.com | tcp |
| GB | 2.22.144.154:443 | shared.akamai.steamstatic.com | tcp |
| GB | 2.22.144.154:443 | shared.akamai.steamstatic.com | tcp |
| GB | 2.22.144.154:443 | shared.akamai.steamstatic.com | tcp |
| GB | 2.22.144.154:443 | shared.akamai.steamstatic.com | tcp |
| GB | 2.22.144.154:443 | shared.akamai.steamstatic.com | tcp |
| GB | 2.22.144.152:443 | cdn.akamai.steamstatic.com | tcp |
| GB | 2.22.144.152:443 | cdn.akamai.steamstatic.com | tcp |
| GB | 2.22.144.152:443 | cdn.akamai.steamstatic.com | tcp |
| GB | 2.22.144.152:443 | cdn.akamai.steamstatic.com | tcp |
| GB | 2.22.144.145:443 | store.akamai.steamstatic.com | tcp |
| GB | 2.22.144.145:443 | store.akamai.steamstatic.com | tcp |
| GB | 2.22.144.145:443 | store.akamai.steamstatic.com | tcp |
| GB | 2.22.144.145:443 | store.akamai.steamstatic.com | tcp |
| GB | 2.22.144.145:443 | store.akamai.steamstatic.com | tcp |
| GB | 2.22.144.145:443 | store.akamai.steamstatic.com | tcp |
| GB | 2.22.144.165:443 | video.akamai.steamstatic.com | tcp |
| N/A | 127.0.0.1:27060 | tcp | |
| N/A | 127.0.0.1:27060 | tcp | |
| GB | 92.123.241.50:443 | store.steampowered.com | tcp |
| GB | 2.22.144.137:443 | clan.akamai.steamstatic.com | tcp |
| GB | 2.22.144.137:443 | clan.akamai.steamstatic.com | tcp |
| US | 8.8.8.8:53 | api.steampowered.com | udp |
| US | 8.8.8.8:53 | clan.akamai.steamstatic.com | udp |
| GB | 104.82.234.109:443 | api.steampowered.com | tcp |
| GB | 2.22.144.145:443 | store.akamai.steamstatic.com | tcp |
| GB | 2.22.144.152:443 | cdn.akamai.steamstatic.com | tcp |
| GB | 2.22.144.154:443 | shared.akamai.steamstatic.com | tcp |
| US | 8.8.8.8:53 | cdn.akamai.steamstatic.com | udp |
| GB | 2.22.144.137:443 | clan.akamai.steamstatic.com | tcp |
| N/A | 127.0.0.1:27060 | tcp | |
| N/A | 127.0.0.1:27060 | tcp | |
| GB | 2.22.144.145:443 | store.akamai.steamstatic.com | tcp |
| GB | 2.22.144.152:443 | cdn.akamai.steamstatic.com | tcp |
| GB | 142.250.187.206:443 | www.youtube.com | udp |
| GB | 142.250.187.206:443 | www.youtube.com | udp |
| US | 104.21.84.94:443 | filecr.com | tcp |
| US | 104.21.84.94:443 | filecr.com | tcp |
| GB | 216.58.204.78:443 | www.youtube.com | udp |
| US | 104.21.84.94:443 | filecr.com | udp |
| US | 104.21.94.97:443 | dash.zintrack.com | tcp |
| US | 104.21.94.97:443 | dash.zintrack.com | udp |
| US | 104.21.94.97:443 | dash.zintrack.com | tcp |
| US | 104.21.94.97:443 | dash.zintrack.com | udp |
| US | 104.21.93.243:443 | anygame.net | tcp |
| US | 104.21.93.243:443 | anygame.net | udp |
| US | 104.21.94.97:443 | dash.zintrack.com | tcp |
| US | 104.21.94.97:443 | dash.zintrack.com | tcp |
| US | 104.21.94.97:443 | dash.zintrack.com | udp |
| US | 104.21.94.97:443 | dash.zintrack.com | udp |
| US | 8.8.8.8:53 | 243.93.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.201.58.216.in-addr.arpa | udp |
| US | 104.21.94.97:443 | dash.zintrack.com | udp |
| GB | 142.250.178.14:443 | play.google.com | tcp |
| GB | 142.250.178.14:443 | play.google.com | udp |
| GB | 142.250.187.193:443 | lh3.googleusercontent.com | tcp |
| GB | 142.250.187.193:443 | lh3.googleusercontent.com | udp |
| GB | 172.217.16.226:443 | ep1.adtrafficquality.google | tcp |
| GB | 172.217.16.226:443 | ep1.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | ep2.adtrafficquality.google | udp |
| GB | 142.250.179.225:443 | ep2.adtrafficquality.google | tcp |
| GB | 142.250.179.225:443 | ep2.adtrafficquality.google | udp |
| DE | 51.89.20.122:443 | filenext.org | tcp |
| DE | 51.89.20.122:443 | filenext.org | tcp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | ogads-pa.googleapis.com | udp |
| GB | 216.58.204.81:443 | csp.withgoogle.com | udp |
| GB | 216.58.204.74:443 | ogads-pa.googleapis.com | udp |
| GB | 216.58.204.74:443 | ogads-pa.googleapis.com | tcp |
| GB | 142.250.187.206:443 | www.youtube.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| GB | 216.58.204.81:443 | csp.withgoogle.com | udp |
| GB | 216.58.204.74:443 | ogads-pa.googleapis.com | udp |
| GB | 172.217.16.238:443 | play.google.com | udp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 92.123.241.50:443 | store.steampowered.com | tcp |
| US | 8.8.8.8:53 | cdn.akamai.steamstatic.com | udp |
| US | 8.8.8.8:53 | shared.akamai.steamstatic.com | udp |
| GB | 2.22.144.145:443 | store.akamai.steamstatic.com | tcp |
| GB | 2.22.144.145:443 | store.akamai.steamstatic.com | tcp |
| GB | 2.22.144.145:443 | store.akamai.steamstatic.com | tcp |
| GB | 2.22.144.145:443 | store.akamai.steamstatic.com | tcp |
| GB | 2.22.144.145:443 | store.akamai.steamstatic.com | tcp |
| GB | 2.22.144.145:443 | store.akamai.steamstatic.com | tcp |
| US | 8.8.8.8:53 | store.akamai.steamstatic.com | udp |
| US | 8.8.8.8:53 | a1949.dscb.akamai.net | udp |
| GB | 2.22.144.154:443 | a1949.dscb.akamai.net | tcp |
| GB | 2.22.144.154:443 | a1949.dscb.akamai.net | tcp |
| GB | 2.22.144.154:443 | a1949.dscb.akamai.net | tcp |
| GB | 2.22.144.154:443 | a1949.dscb.akamai.net | tcp |
| GB | 2.22.144.154:443 | a1949.dscb.akamai.net | tcp |
| GB | 2.22.144.154:443 | a1949.dscb.akamai.net | tcp |
| GB | 2.22.144.143:443 | cdn.akamai.steamstatic.com | tcp |
| GB | 2.22.144.143:443 | cdn.akamai.steamstatic.com | tcp |
| GB | 2.22.144.143:443 | cdn.akamai.steamstatic.com | tcp |
| GB | 2.22.144.143:443 | cdn.akamai.steamstatic.com | tcp |
| GB | 2.22.144.159:443 | a1949.dscb.akamai.net | tcp |
| GB | 2.22.144.165:443 | video.akamai.steamstatic.com | tcp |
| GB | 2.22.144.138:443 | clan.akamai.steamstatic.com | tcp |
| GB | 2.22.144.138:443 | clan.akamai.steamstatic.com | tcp |
| N/A | 127.0.0.1:27060 | tcp | |
| N/A | 127.0.0.1:27060 | tcp | |
| GB | 104.82.234.109:443 | api.steampowered.com | tcp |
| GB | 92.123.241.50:443 | store.steampowered.com | tcp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.109.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 144.202.70.158:80 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:443 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| GB | 92.123.128.148:80 | r10.i.lencr.org | tcp |
| US | 8.8.8.8:53 | r10.o.lencr.org | udp |
| GB | 2.23.210.82:80 | r10.o.lencr.org | tcp |
| US | 8.8.8.8:53 | 82.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 148.128.123.92.in-addr.arpa | udp |
| US | 144.202.70.158:80 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:443 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:80 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:443 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:80 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:443 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:80 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:443 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:80 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:443 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:80 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:443 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:80 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:443 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:80 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:443 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:80 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:443 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:80 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:443 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:80 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:443 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:80 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:443 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:80 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:443 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:80 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:443 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:80 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:443 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:80 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:443 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:80 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:443 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:80 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:443 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:80 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:443 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:80 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:443 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:80 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:443 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:80 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:443 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:80 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:443 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:80 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:443 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:80 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:443 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:80 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:443 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:80 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:443 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:80 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:443 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:80 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:443 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:80 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:443 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:80 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:443 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:80 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:443 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:80 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:443 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:80 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:443 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:80 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:443 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:80 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:443 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:80 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:443 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:80 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:443 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:80 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:443 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:80 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:443 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:80 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:443 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:80 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:443 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:80 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:443 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:80 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:443 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:80 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:443 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:80 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:443 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:80 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:443 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:80 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:443 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:80 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:443 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:80 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:443 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:80 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:443 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:80 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:443 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:80 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:443 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:80 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:443 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 144.202.70.158:80 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:443 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:80 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:443 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:80 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:443 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:80 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:443 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:80 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:443 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:80 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:443 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:80 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:443 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:80 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:443 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:80 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:443 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:80 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:443 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:80 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:443 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:80 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:443 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:80 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:443 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:80 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:443 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:80 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:443 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:80 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:443 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:80 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:443 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:80 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:443 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:80 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:443 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:80 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:443 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:80 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:443 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:80 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:443 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:80 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:443 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:80 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:443 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:80 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:443 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:80 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:443 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:80 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:443 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:80 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:443 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:80 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:443 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:80 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:443 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:80 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:443 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:80 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:443 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:80 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:443 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:80 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:443 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:80 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:443 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:80 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:443 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
Files
memory/1648-0-0x00007FFA0BAC3000-0x00007FFA0BAC4000-memory.dmp
memory/1648-1-0x00007FF9CBAB0000-0x00007FF9CBAC0000-memory.dmp
memory/1648-2-0x00007FF9CBAB0000-0x00007FF9CBAC0000-memory.dmp
memory/1648-3-0x00007FF9CBAB0000-0x00007FF9CBAC0000-memory.dmp
memory/1648-4-0x00007FFA0BA20000-0x00007FFA0BC29000-memory.dmp
memory/1648-5-0x00007FF9CBAB0000-0x00007FF9CBAC0000-memory.dmp
memory/1648-6-0x00007FFA0BA20000-0x00007FFA0BC29000-memory.dmp
memory/1648-7-0x00007FF9CBAB0000-0x00007FF9CBAC0000-memory.dmp
memory/1648-8-0x00007FFA0BA20000-0x00007FFA0BC29000-memory.dmp
memory/1648-9-0x00007FFA0BA20000-0x00007FFA0BC29000-memory.dmp
memory/1648-12-0x00007FFA0BA20000-0x00007FFA0BC29000-memory.dmp
memory/1648-11-0x00007FFA0BA20000-0x00007FFA0BC29000-memory.dmp
memory/1648-10-0x00007FFA0BA20000-0x00007FFA0BC29000-memory.dmp
memory/1648-14-0x00007FFA0BA20000-0x00007FFA0BC29000-memory.dmp
memory/1648-16-0x00007FFA0BA20000-0x00007FFA0BC29000-memory.dmp
memory/1648-17-0x00007FF9C9330000-0x00007FF9C9340000-memory.dmp
memory/1648-15-0x00007FFA0BA20000-0x00007FFA0BC29000-memory.dmp
memory/1648-18-0x00007FFA0BA20000-0x00007FFA0BC29000-memory.dmp
memory/1648-13-0x00007FFA0BA20000-0x00007FFA0BC29000-memory.dmp
memory/1648-19-0x00007FF9C9330000-0x00007FF9C9340000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\UProof\ExcludeDictionaryEN0c09.lex
| MD5 | f3b25701fe362ec84616a93a45ce9998 |
| SHA1 | d62636d8caec13f04e28442a0a6fa1afeb024bbb |
| SHA256 | b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 |
| SHA512 | 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84 |
C:\Users\Admin\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC
| MD5 | d29962abc88624befc0135579ae485ec |
| SHA1 | e40a6458296ec6a2427bcb280572d023a9862b31 |
| SHA256 | a91a702aab9b8dd722843d3d208a21bcfa6556dfc64e2ded63975de4511eb866 |
| SHA512 | 4311e87d8d5559248d4174908817a4ddc917bf7378114435cf12da8ccb7a1542c851812afbaf7dc106771bdb2e2d05f52e7d0c50d110fc7fffe4395592492c2f |
memory/1648-47-0x00007FFA0BAC3000-0x00007FFA0BAC4000-memory.dmp
memory/1648-48-0x00007FFA0BA20000-0x00007FFA0BC29000-memory.dmp
memory/1648-49-0x00007FFA0BA20000-0x00007FFA0BC29000-memory.dmp
memory/1648-50-0x00007FFA0BA20000-0x00007FFA0BC29000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\TCDE182.tmp\iso690.xsl
| MD5 | ff0e07eff1333cdf9fc2523d323dd654 |
| SHA1 | 77a1ae0dd8dbc3fee65dd6266f31e2a564d088a4 |
| SHA256 | 3f925e0cc1542f09de1f99060899eafb0042bb9682507c907173c392115a44b5 |
| SHA512 | b4615f995fab87661c2dbe46625aa982215d7bde27cafae221dca76087fe76da4b4a381943436fcac1577cb3d260d0050b32b7b93e3eb07912494429f126bb3d |
memory/1648-514-0x00007FF9CBAB0000-0x00007FF9CBAC0000-memory.dmp
memory/1648-515-0x00007FF9CBAB0000-0x00007FF9CBAC0000-memory.dmp
memory/1648-517-0x00007FF9CBAB0000-0x00007FF9CBAC0000-memory.dmp
memory/1648-516-0x00007FF9CBAB0000-0x00007FF9CBAC0000-memory.dmp
memory/1648-518-0x00007FFA0BA20000-0x00007FFA0BC29000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\datareporting\glean\pending_pings\c0c5b540-490b-4e4f-97b0-e4300b2da5ac
| MD5 | 789feceadbb4b3590648b4d5366281ef |
| SHA1 | c4b067897b54b6454229f39ff0e960eaf49e412f |
| SHA256 | 95665e9ba3ea57078539eeaa939f62e9a62c52b26e712de62413d5dee126f1a3 |
| SHA512 | 15a73a0a88ac5a7b1e0607e3c4cde5d28343a69a7be7526c4751674c013f13e3b83ccafd59ed942d653393002e8dda214da6832d4fd0784e866647d384a071b0 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\datareporting\glean\pending_pings\4be16379-e2f6-4aba-9239-bf4a2bbd425c
| MD5 | 173c59dd0e70e879b0da956aee99266b |
| SHA1 | 079256aa35fa8198864954232962e7bd9fc53ce9 |
| SHA256 | e79c4a5f6df43e8c29aeafaa0a66503079f81c69d686ad17d298baa0b0923840 |
| SHA512 | edeeee24541324456ace24594423b84e6513144cc464c97d27bf4b1bb1f9ec84c6a12adb3b8307e19b20113f54a3daa5225f08ec90e33f1703a19dc30ed99b26 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 37913c49429f71e65032bcc71bacfa43 |
| SHA1 | ac630ee52acc810454d16c08f8f8c0c7a1159c94 |
| SHA256 | a49a015247b0a59a3ca0fd77a51c5e381bbce4ac4e49ce243c162e5f25bbc8c5 |
| SHA512 | abadb5ed3845dc4f84388f33a05cdbdac77c85eb0563993fc85e568d4fabecb58834179e5a62083c3f899ca19cf53f22e3b9d138bedcfb0b594e575664543169 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | ff80d66f4559c57c82d19a8a92234560 |
| SHA1 | 1b2ba31a09b193f3b1747d01b365e581b651ac0b |
| SHA256 | e4e48ab93b46792063d678bf556060e3cdfe6c27659dfd47a1179405bb3274b9 |
| SHA512 | 052a2b7c902100dd1dac57f51094fa27a39f6df71e3349dd6bd8e8b8cfcbce6fc8d551a3c57a6d69d8203433c5e46623809daa60a1a5c96b415ec2b8a439be47 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\activity-stream.discovery_stream.json
| MD5 | 5d7a0347671325c113786c6abe166af3 |
| SHA1 | 2387f85ba59194f2f2d0836a459c8e63878ac49a |
| SHA256 | 998121fe470a5143e5611f040e6db02558e13619c8ab100f153a8bc66fb3ec33 |
| SHA512 | 05622860cd49fe6a00bd1db5e9699fd6ca2619c82dc8be6855a811aac6ff7a32ef056bd5d74a8ffb804b0df36ea9581b859958b0e9138fe5ac20fc3e3929198c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | b45d2b174aa30a8a64f3962b1c75842d |
| SHA1 | e549043f9db26f594feaabb7bbbcbfa935030faf |
| SHA256 | e58a4edb105142c8ff924c1b282fa0d9b26bd47f656e1b93fc708ba17c312728 |
| SHA512 | a83b2f6dba68582c96a2cf266cd3c603cb3b118bd11855f5d9d8e3f13e03aa7be960c344a2aca0300660402e9effc77c7f3dae64270e2efca0dfaa84a8044726 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\prefs.js
| MD5 | c326ef68971d3b7c4f86f56a450c492d |
| SHA1 | 927d6d6f549956c1a680b818afa0ae69a00d0782 |
| SHA256 | d57cee29ffca43c5c44ef95bd59009f74f9f8d76454894d31bfe9f186975badd |
| SHA512 | e586274220678be508181ec79d62d163569a0e56580fdb6dbb9b59aa599f390dc7cac189ba16c81243cc82b5b88aee7c45982bbf6df76be51bd394cd750da4cb |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\AlternateServices.bin
| MD5 | 37f6b8ee02a131f0d51e66416740ac82 |
| SHA1 | 0f0cd44c5b1cb2d223ffcce7224624fb25988407 |
| SHA256 | 643ba74ae5fbb04c17632f4feb60bca87f0ef99154b4c0c81ee099f5d2c002c6 |
| SHA512 | 7c1dfb5e8cf8027b90ceda4c64ec335436081370d0337c3e17c5a9ada97bad788b99da589cc8219050d9dbd353b3f52b4d314811315cd43522621fba0f18a9d5 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\prefs-1.js
| MD5 | f6dd399b6a43ac1217a905d6cdd0680e |
| SHA1 | de99bb9bc7daa49c7e2c1bbdcb8f22144013b19a |
| SHA256 | 67781dfc375e48b1b0bc1c3f3e02ad5b33ebc8662b13be8cd08c097e79091696 |
| SHA512 | 4dc7e0385a7951ec89d54173f566f90596cf52a106fa2b63142b24739a549597504defe59ca30f37d1374780e9dc9a03f4b4a9ae82e7504fc232e800b10e64e9 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
| MD5 | 2a461e9eb87fd1955cea740a3444ee7a |
| SHA1 | b10755914c713f5a4677494dbe8a686ed458c3c5 |
| SHA256 | 4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc |
| SHA512 | 34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
| MD5 | 842039753bf41fa5e11b3a1383061a87 |
| SHA1 | 3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153 |
| SHA256 | d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c |
| SHA512 | d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 09372174e83dbbf696ee732fd2e875bb |
| SHA1 | ba360186ba650a769f9303f48b7200fb5eaccee1 |
| SHA256 | c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f |
| SHA512 | b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\AlternateServices.bin
| MD5 | a142ce2440b0e53ab03dea4b76d5a692 |
| SHA1 | 756c08f5c523f40b0b64f85f13ec48cc61900f86 |
| SHA256 | 0edb7c95addd67fde65f95a7f96aa23f40e0a824c164c63a905e3a08e091c47f |
| SHA512 | 28a99bdc3483575cf3b6107ea55038fccc905605846e1cef27276791702d5b8e524b577342d103de9aa9d33274c8bb9bbacfa8926852de61f52d84a1eed8ed71 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | 0a8747a2ac9ac08ae9508f36c6d75692 |
| SHA1 | b287a96fd6cc12433adb42193dfe06111c38eaf0 |
| SHA256 | 32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03 |
| SHA512 | 59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
| MD5 | bf957ad58b55f64219ab3f793e374316 |
| SHA1 | a11adc9d7f2c28e04d9b35e23b7616d0527118a1 |
| SHA256 | bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda |
| SHA512 | 79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
| MD5 | daf7ef3acccab478aaa7d6dc1c60f865 |
| SHA1 | f8246162b97ce4a945feced27b6ea114366ff2ad |
| SHA256 | bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e |
| SHA512 | 5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 2491c2447c6293b5fcd0e5e4bbc6a860 |
| SHA1 | cbc673e4c896927f688df298b607b9ceb10cf6b2 |
| SHA256 | 2c081ea60badd7cc683f2afcf62e054be848b08318224065d6ac148d039ee01a |
| SHA512 | 68886b76188ae0e16dee755327641483e13f95658609ae6de08668cd7e7f2b0710d9f12435acad40a3a2dda6b79f716d5485345cba9584854507b509c071d412 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\sessionstore-backups\recovery.baklz4
| MD5 | d98bd71eb73637a9707169456cf1eefe |
| SHA1 | 6a06d099a4aebec498c7886b2d64256a97b17f8a |
| SHA256 | de75abebed3a45f773885dd0155514903e1dfb0d916320fa7b7ccb0a76a7c422 |
| SHA512 | 8264719cb3e28eb8e73be90e0069c8c23a297513ccc030f93bfb0ca4bd9c4ca598c37599b88bc172e5d216944e02edd26b901a4ed542d7532df06163121f3f68 |
C:\Users\Admin\Downloads\42.Sj_i8oDc.zip.part
| MD5 | 1df9a18b18332f153918030b7b516615 |
| SHA1 | 6c42c62696616b72bbfc88a4be4ead57aa7bc503 |
| SHA256 | bbd05de19aa2af1455c0494639215898a15286d9b05073b6c4817fe24b2c36fa |
| SHA512 | 6382ca9c307d66ab7566acf78b1afd44b18b24d766253e1dc1cb3a3c0be96ecf1f2042d6bd3332d49078ffee571cf98869c1284c1d3e5c1c7dc3e4c64f71af80 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 7aef713f7cca1178e122979b7f5109a0 |
| SHA1 | 5b191e306e5df3234eca1e95f739797f2e9ff815 |
| SHA256 | 98276ae360e2a6365b2301f680383eeb2eca60323b537e4acd5805396e824a1f |
| SHA512 | d1e6ab433ceaf469d19b5ca2313181781a2a988ce91f7a5d357c5ba4cd1be053040523004075eb17e91e945f6c9e3feac80d8aa602b2a828735f7dfda35695d3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 9cb93950db90bd181afbea3e1b3cf408 |
| SHA1 | 6fc3bc2677b6cd2fa7ec8c1d9f1fda02292f20bd |
| SHA256 | a57bde217743419d2d37fd5a7d98515c598c56e671894762d64e612b7165db07 |
| SHA512 | 80399a43dd9b9950e903e0e7ac41141b08146a32313d994f1395b02cb38fbf24e5949b91f25c0ed9b8d355fc6cb8e2a55c149d1c4ff02cfc80c32ad294579a9c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 93b9764235bc0c13d07f43595fd1e79c |
| SHA1 | a92ca9fbc680c6e8e640210bbc777162fddef887 |
| SHA256 | 8ee52349176c9af871b3e8f032a4729716df87d0a8a2fbd85912977b583df36b |
| SHA512 | 18013a365c6b0fd9c1e198f1f8fe5bc8f2581fa54293258e6829496e785dde29fc12ff62074b06f85884f6d877dfd03f1c947ae9331780445c7b01a54b950ae9 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\5B23235D54208C34AFF88FC6F18585FD8A8F8FAD
| MD5 | d773fa5ce700b305a342b25595f9ba2e |
| SHA1 | 69951d3593fdaa54d17b8630869cc509dc684cd4 |
| SHA256 | c1968acadbd97a84cf05a0dc04cf5fcd8273308911a48a78598e26d1edd16aa8 |
| SHA512 | 3bff466d92c2139d55da3ed223d93143965065ac968d1e60c16098261d92cb8ce8f3cfc4701e6bfcb44635716e473e4819b1a660a068c3f06652a20cf02de55c |
C:\Users\Admin\Downloads\42
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 76dfa55a9e32cbb76ff8f8aa9e169ccd |
| SHA1 | aac0ebb5dc666b33a5330c810f143b012c7ea1b6 |
| SHA256 | 66dd917e974267d6c317f0b3592de36fd8f000a0117be91a4280775d4dab311b |
| SHA512 | ceca5913d7ffc06a446bc4d14137c0a66b4ec8a98523198a99a7499fea48b5d22845d1206fe27751e2bc30b0514b06ec9fb064321414f7418d67f4b2973c152c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 041e3de51b9683c3e8835a911bc0cdae |
| SHA1 | 720a78bddc47de5686ede29a3e486644a18bb824 |
| SHA256 | 1707cefd168dd48c8cd78f092d8ff9ce9aa94e79a05517cddcde2b8bcc22286d |
| SHA512 | 6c1f5cdfd2f4bb1292edb270b3efcca19a7bcd4b37b9d128384826b9ecf867d585de8f9bd3534fdbb7e7cc2bc7a60c7ae8fd47fc2dcfa3f834b541ad34f21b12 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\7E34F395BC6F5DFD67CAB96A16319EFE1D81D4D4
| MD5 | a5763f6c89821dd5261365181d15e655 |
| SHA1 | 278cc1d807b664d39a5afd3a564946a792746be7 |
| SHA256 | 40bb09d54a88f184acbdbaddcc4ff44d6e253c7f556a21e56570a8b9fd69bd7f |
| SHA512 | a1229c6a6b89ac4762aaec6dd277d4231b6c713b6665509152c236e4e325061c9ca60be27155431be118f286026d595b8486d6c5c2c8aa92dd01910211ede1e9 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 8061a8b3b64f3b3bd2aaec2acfc1cc16 |
| SHA1 | b308aaead4d97dbe626cd1b494fe352df383756a |
| SHA256 | d5d5b708b1dcf8d6461ffc9e95b25931437df4b6142e793ea0be8f30656290c9 |
| SHA512 | f2e9ce3eabfd63e4bdd2010144abf0e29c3cf33794e31445ad56ae7bd8f503d18e7c4554b2dcd87a7f1b5521010e95b8c4f840f5e3fa488e51cc789dea64c23c |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\8AD6F5CF0FEC728921A5A08D73A7BA92616EE430
| MD5 | 8be7092688913f3a65fa0d49f30c36d3 |
| SHA1 | 3b55492e1a1367ca41c823bc284762693451ac29 |
| SHA256 | 59fed03b528e0f81373e8ab824796a4aeac603fd2e83256fb4d2292c3e142956 |
| SHA512 | d66a3f3c790a504c0b7567586c76e36f8cd160ad8673e7987080f4b10da2278c5a732c00a9473ace41137298cfa2a2fdfa8c2260d60eff19fab31d4028e01fc8 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\362A6D1D8B1264FD9146A923EB1973B34372D1FA
| MD5 | c7409e6a71df61aae0e51df57add5dd1 |
| SHA1 | 835feda6d2de8245de1a636f112af38ca4728350 |
| SHA256 | 15285bae418b1ce50b88b0d90dc94969d1a3508c526fc92e93c81c22e0d15149 |
| SHA512 | 86ffdfd165783e05b79f5e661818d9ff5498aaa7f9be05f5cd2abe5db64af2f7c76e7c5175927a09c15eacb7ad1ac6fed86dd34c6d1f0bf873ca675d79f24f01 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\69092A6B6B32E2F31F43AE4C80318F8F69B4CDDD
| MD5 | f3051431a63ac03c1eda2240f20fabb8 |
| SHA1 | 94be0982a17b0d40316359ab1512e1778a0c8d36 |
| SHA256 | 9f7f0407fa807940d508a8b24b7304fa868d852a12b2387bbc6d1fec549c89f4 |
| SHA512 | b5543120c8498fbddb2b4c0eb2dd71bd45220e60a07769e297fa63e65b9a91b818cf5b0dd1d909a0f381641a0bdfbf508edf9e55f179660145d38beb372bb199 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\sessionstore-backups\recovery.baklz4
| MD5 | a17f82d28b23bfde0c25751c4cff18bc |
| SHA1 | 9b754489353aee611485e97b51085e891275e848 |
| SHA256 | 596c26885657d98180fe588779ea5244f70de0054c21f545625a04d1d1dfecf1 |
| SHA512 | 6892aebe3e4a4f78704166305a532319d4f3488101957ca5907d6e933859d77bb2a95d67cb23875306bf144ecdb1e6f2cca530061f86eb242451822f75793435 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 8a8e6fb671e864099595cef2d9a910d9 |
| SHA1 | cfcb86f567273c0b8a91b559431f646d3c5bb637 |
| SHA256 | 553d68c689ce65ceb6a21f666f4d1026b3474db6142564d4a6593545811d6610 |
| SHA512 | 98565533382316cf18e76499ec122d9a43dba6f490dd1a0b02a9ff5c3f6f63662fdc0456c64cb03e3c1852dfaeadb55e5be356771333f51b001cb33e672cea8f |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | 1cba508a64bdbbc698859c13deaedfc3 |
| SHA1 | aecc60463fb60463ceab03113244f5504e31eb8b |
| SHA256 | b8718568b3de7b9b5a6bbe2827bfe8689dd4d1f1e6aeb3d25b42dbd33c4cd963 |
| SHA512 | 48985e3da132005500c630ae588e05dad549a53880c8e65c2189cfcbe31cdb947dbbcb0e43de0e6481608828ada463c3493880285751a34769209e4be46dcf0a |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | 4bffa76120acfabb7553c70d237de169 |
| SHA1 | cc76a3cd7f0df7bd007d257d71812a67c139de46 |
| SHA256 | 6c4a3d205d8b22503c03fc1a9e5e905f85360d0c605316052d6aa3ddd3bec4ee |
| SHA512 | d1c528abda423199ba5dcb715ff40b22d863f1ce2408164e295a8fe3d4afd027f32db7d042b5db98fe52001ceb3c23477e50d07b3c37403f442806cf1bfe33fb |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\jumpListCache\3ozoj1YRGZMgf1Lfva7Km37rbw1Zd7UO8VwvZ3RuKaQ=.ico
| MD5 | 42ed60b3ba4df36716ca7633794b1735 |
| SHA1 | c33aa40eed3608369e964e22c935d640e38aa768 |
| SHA256 | 6574e6e55f56eca704a090bf08d0d4175a93a5353ea08f8722f7c985a39a52c8 |
| SHA512 | 4247460a97a43ce20d536fdd11d534b450b075c3c28cd69fc00c48bdf7de1507edb99bef811d4c61bed10f64e4c788ee4bdc58c7c72d3bd160b9b4bd696e3013 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\datareporting\glean\events\events
| MD5 | e1010b50ebe66c577565886bd6f838de |
| SHA1 | 93911df868946c435e5eddc6f053a82332c512b1 |
| SHA256 | cb4049c17ff09509a47c6086f37801fb75759a86cb2c4e2448c3a46a8046ea7a |
| SHA512 | 2922b5f1e6be45e8370fb1faac8a00b6b464fdaf4f8d0463376a4ea693158aca879f778e8025cb2062330a586e1c4ebcef7259bfa1d8fe494d3f2ef2b5226960 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\63025FB236AA9739D5DF7B9BA05CFC38120C165C
| MD5 | cb17da89cbb63183dc7ac28e2bfb3711 |
| SHA1 | 5e04b6ff2068150b4e56d39cfeea41e646f83d69 |
| SHA256 | 40c02838b024b45432f74a7605cfab22247200735907d0057bbe133bdb892ff4 |
| SHA512 | d5b8f0ea3a4bf96fd78b9ea031b3a218d5b4cf3312d8911b060965a584ab4d4762f08d10ddabb516f627e96347d17d8b60e3c4a0118c63e13835cbaf5a3046c7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\sessionstore-backups\recovery.baklz4
| MD5 | b90a8a49a5fcdf20ff59e2073303b53c |
| SHA1 | 95c42d52366693d970045351434314685be3eb6b |
| SHA256 | f19d9d301a6caaad0a4eb429f72d5623dc10633c422e8b2d5c99a1478ffddb7f |
| SHA512 | 0e7c0e2acb51a3631c87e501ec1d62be75acaf9f43672dcff6cf8a0861981745f412496d8c613a92f0351c93c7fd066babf623ff9aa6108eb51d4b46ff0f362f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\sessionstore-backups\recovery.baklz4
| MD5 | e553da2111f3d9c9ea33ef5b98083f4e |
| SHA1 | e002a4e4cc957f0bf7dca419b9fd572955ae1245 |
| SHA256 | 3d8c0fc7f0da02e4ddca4a76eaf241f6d26c38a28661e08f002879a11d1150ad |
| SHA512 | c6cf3a3e76d465378591ad5c0bdfa45401c614365473b1eb4a6be646d7654d513f497c3f2af9b2444c500f3552666a24f24918e5b1299002fb5e6f9a7ad2949a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 55d782addb0c78c542380ce8614232cf |
| SHA1 | f991e3e45e4c60429c5e6328a68b6ef3f415606c |
| SHA256 | 3ae86cca6ddac5daa169e56b7f2b5cd908ce24266b27e249ee1bdb175f272e38 |
| SHA512 | 906671ac40d47c7dee48621366ae2d92d59136623aa09eb55f174a32727b836e14ca577e0caa707aa03c4a79e25c1ed8d555ee554282e5c8ebce2b6ac3ebcabc |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\prefs-1.js
| MD5 | a95741e0b00723617de99ec92e57e63d |
| SHA1 | 5a2179c2f1c40c4f8875fcd9d44760a7ab224909 |
| SHA256 | f1c4926536460fdf068c1d03153094b84c9e44171850be616357bd19263e4c9d |
| SHA512 | dd3805aaf2f50a0f2e5d73e8b962f2055a95c9f725202f08a82586d43751f90f55bc76539431cfe76b94524acf0ffc989ed997ecff02b7b9125770eb6cde3936 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\storage\default\https+++www.youtube.com^partitionKey=%28https%2Cgoogle.com%29\idb\2171031483YattIedMb.sqlite
| MD5 | 97138f0f4cb1bdcf491b33e51affaa91 |
| SHA1 | aded10bd854f1a14556be4e515d9f01de7a8f06a |
| SHA256 | fc81e8b96d736eec601ac5458032864b3b8022d4732ceb63e9d640f1e619db1e |
| SHA512 | 4e706bf75670b77b44dbf681905558b0599c28ac1a11999d4e4d6e076fc242986a354e4b39aee56e53b02039dd2297b8ef45305d6aa43a6178791e958a5a0554 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 982d05857049cd325438ece0d433691b |
| SHA1 | 4f352e64771f3380ecf3c65ec3e9aff54ee9d4e6 |
| SHA256 | 4505b0a75f53b3bdf3c8c68c5a773b814f9e8c34bb4dd5958a8d180dec810d75 |
| SHA512 | f6fa0e234d86477fec889288fb94067915e4bb9b219655f4bc0ede875b7668769c669e8e9bce9ee680d29c642b1baad9e25883f3cd341c8a0acbd5899b8dee92 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 3ee0118a7437f527b361f136b7a216d6 |
| SHA1 | ff407f512183867d6338086c4285575a6f94e0a7 |
| SHA256 | b5eb8bcde3d132fdf79038fc651c81da9c77ce12881fb2fdd7ea6ff98f5b9ead |
| SHA512 | ca200555ad1db25188ed2e03ce5e1db101169c3944b9ea1240a6d6e3d1185e72a3f679c52b0e8c39447e538cfe0bc2fae11b2073ff3f9b549f595090d12386d8 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\36FC4D7FED1A948BBA0FEDE175FFCDD2D5CF1124
| MD5 | ee703f7db168f6f39e85bc155adcdfd6 |
| SHA1 | db530d7f0515130b814db7aec9664608d9d05672 |
| SHA256 | fd023523c69d656016faac85fc56795f7d82923e6b9de6fc6bd0eec76de07910 |
| SHA512 | afb7eb28e7e408b9089ebf4c18fbc2e7c62ba2d3eecd60ede020987eabef901d89b6fbefc79171c2fa3fbb5a972a6d151a21dac481cdbd6a13d768315212aa11 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\BD83F2D095F0EC5EAE460890C8E5FB362FC05F38
| MD5 | 04036b7112a3406c4e7c96718c015c93 |
| SHA1 | a700bafe913465476b7ac59acd45ccfffae3a17f |
| SHA256 | 91a63ccc46aa95726121672dce8a2e40e399961df065d2942a74fa54a00d9463 |
| SHA512 | cda1f90abf2a7c039d34908d08c25920feed96dbf05c46564d1307adc8c105cec94a658fb9ee08f82b7e533e032f1567e8584fd58fdf3e8a71b91176740f42ff |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\A117C915C1B335E7751477080B0DBA2666814F0A
| MD5 | 769e89e7de4131930d8bf081ee76a0d6 |
| SHA1 | 82b44026cf5867dfc810004dae37bc1056c1feed |
| SHA256 | 9b6f352a3bd551ab48f24cc290bc8c3c0b2478cc7affaa4b265748a21580beae |
| SHA512 | 138ac271f1f4aa365638ef34040ef6e603f20a8f438fb2621207adb7d16d916b9acb13e7189888dd5c5fc7a3098d45c090fa9565a4cbf1057c8d462bd46bdf23 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\1E03E7486197627805C07080D31AAAB9722759B4
| MD5 | a5d5eb848e015120aa70be88c5116236 |
| SHA1 | a5192f947917ada513297bd838f9f19c06b2edda |
| SHA256 | 4b4b96cc865bc681af508c303086550196eef6dcb1c92fabe0d76b58cfa3f03d |
| SHA512 | 8f63dde4909ab5d0f34102d6c9cd6484b5f656749d3f8c1e14bb8644346143cb0d3fc20cbdbc13200fae8496d4491ab0925d733d9eee998ca691f44f5fc6ff0d |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\5FDE9E29A3113C98B4C952FE71C4769470C996BD
| MD5 | 183413af60431752a3b54985ab4f7e15 |
| SHA1 | 3e6228664b5a025c6fa99d8efc0f333c51e04615 |
| SHA256 | faa53580270f7c9afa8ca85284593a5cc798382ca5b80b452faea49bae629736 |
| SHA512 | 11b6feec160ba0f059f042f4975bfe75731852ae7f8b0c5b67b7cd5711a9fbb55c56659bc7b11d5f5d6ad5cfa8d1554eddf28e9c5179726bd99c7152261c5311 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\4A667BF1FFC55F097B12BDACF970EB5D831725A1
| MD5 | 53b6fd26d8d0e17381fd3f6caecfa070 |
| SHA1 | 86550e2d4adb551b945f7ba08f9e044003a8094d |
| SHA256 | aec792f0d5a0ff6963d0071585abdefa3a64b3fcf8696c3dacb23739ec1780ba |
| SHA512 | 9dbc391a4dff3f4cebbfd6e1493ab96453c49d3605f1a09c746f5e8c411360344af16c0f5d0d3fddf913e725b22ef52fd59aa5fc766c7d518e465745ca3e20d1 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\E104A3BF0EC3C6C582EB169FCE37DAF7C40A3792
| MD5 | 74c9bd4dafc781718c61fca4427620fa |
| SHA1 | 4c297b996b338c1b951bbe4edf7f656c239a2b0f |
| SHA256 | 188197e830ccf5bb2b04a11f171847e56f75934c6cf0f7a637c5f4298abd5817 |
| SHA512 | 8cb1b8338729804bcae714f182c305055fa86d6a262e205190676cf8d77387dd4265c1a60746a00774f8fd9ffe75d5567198925f2ed020266a18d5c9fe375247 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\2B51B25AA16F0CCF96AFE4AC80ADBCAD6821FFBF
| MD5 | 23bd244f12736571ded9043e74859355 |
| SHA1 | 6f9b0375496abd8a0ec36e92af644391b7045790 |
| SHA256 | 16a0cb8d9daf88c8e216475f0032acf5d98b7eddf4cf253c7e65ac140530257f |
| SHA512 | 1852304c54e103a455de96c06a0c13c6c2da70a342c9fd750bc664f3c37acb9a7dd19edbc31009950212a63b98f5f2347c042ae6dd59abcd1a6dae4e8a5db054 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\BD88651A46889AF6055031E0D68F312D15EC5878
| MD5 | 94cc9afdad721f9a006d06e6e6dd4d95 |
| SHA1 | 768c6ad03b996e9c1642a6cf005623b640be51b1 |
| SHA256 | 448f421462c7b01f596620c404a7df75188896570446415e872e17de9695c3c6 |
| SHA512 | 23b41cc38098721640b16285380a27e4f5fe7c36ebe24023fee54796bc4563c18040f856151aaefc02a60a90c80ecfeee5c5f3f0aacee36ad1bc6277de5b7d49 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\3E7B24859B7ADB6A7232999EF4720CD315B43C21
| MD5 | 07a9ecdefa7b105991f951fda38e5c6b |
| SHA1 | cc61f823a91d36ffe3248ab6b8b02b917d04f68e |
| SHA256 | 7d7f1e46a3f588be78b2f18035968d99dc837b8a0827795bd2d9a6a7ca558efb |
| SHA512 | d9a5dc915c2eb93280f6e0beb4666bc9a42852f21c884949f6e0d323e865c514caca70e4842f8ec096035732689135ff87dfbcbfd8b1c370fa523a9d0b7368f9 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\49215D30AD99A2BA2FC7AC074F6961BFEF1E86A9
| MD5 | 524cd3933bfcbaad9c46d24c9145586b |
| SHA1 | 992af39845d6a292d49c7e9f3dbdfe5903278c32 |
| SHA256 | 09e8a5632e2aa20ae56221dff8c575b3b78087d4682d75a5b95ad2e3420689c7 |
| SHA512 | 57fa881d8e188eb87ca1a950afb464d904ba8b1fb00cd6bbb883dd498be5ef752c0704c90f74e7b77df091f102bca24737e06f29e2645360bb38fa70609c681c |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\ACCF24D3CAEB44A87C1B85A9CE80ACAA0F209E5B
| MD5 | b7594878c570198387e610fcd1ab0626 |
| SHA1 | 8eb1eea85dbed0af2be315aebf6a019d58e22325 |
| SHA256 | 8cc561ae9cf10504b7a800a011f2c6d5c34e9fe91834115e7d30684997395a68 |
| SHA512 | 95b89ea9e641ea29edafe900c47b5acf5fad56a118899efa17548295c914aa8a69f8e9ce5bf7abd0e642435952702e6bf83609b3b0d89e2fd0f5de8b8fde1c97 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\6C624DD63C1DDE2936341B6ACA734EC21CE31B5D
| MD5 | 1ad08707d63129c1b2e15543b31b6052 |
| SHA1 | 6a8aadf964a96994a93da3aed8a1dfc94e74ef2f |
| SHA256 | 71b51d3f50282229589ea7f14347b08d6b394936d82b73742c9202793e4b6fc3 |
| SHA512 | 02e27e240e7a3cf505deac269614d45f66dac1d9960b15028746f6b40c8a8e9d6f69157ffe3da059c5f8236781af8dbf8f0e9fa5a41492324a4556f79cb445f2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 7126befef21926c8b6aa2a14e9132075 |
| SHA1 | e205fa47648ebc400bfcd133001d373ecc47d960 |
| SHA256 | e12d709707d3703149335cdb1bf9dc89d3fdc63166fc454573483c52c42d2679 |
| SHA512 | ebe3c3e3700eb6b2cf9663c4ec9e1c96fb109335ba7acb3c2d24704a6308b1d5d715adcbe7606f73df67f665e5f87b5b83b1ea2caa77ee115497b93c0c0e2347 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\storage\default\https+++filecr.com\cache\morgue\96\{9b9d4653-126a-4b6f-8d06-ae10de942c60}.final
| MD5 | b95e743efa82059e14f2acfd4719c740 |
| SHA1 | b74319377ff3e166edd56e440df749095412e7b9 |
| SHA256 | d58444ad85edee90bf671316a66ab9efc8ef013fdd2fcfd777c7eb5fbf4d1688 |
| SHA512 | 0460cd60e1f5e44e569e2ec44398ad865b7053682e4b617eb3d48ba22e170e45bb58b54fa667dfd792ea9ee725290d85c7303e4a50f2448430423bc889b2ebae |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\storage\default\https+++anygame.net\cache\morgue\127\{b2f7b32b-c4e3-4e20-9bd3-faac6b05547f}.final
| MD5 | 60c9bec135cf8a999d797113e187de96 |
| SHA1 | 41e5a116f14973b05c73a6af9486566118d3fceb |
| SHA256 | 89a05dec318cee2dba5c5a70fa307ffadd8a630bc3b8c4215a2c7f6b11431398 |
| SHA512 | b587394126aebe69c17ee5ed27023bbb841b8b6083acea7e9b5e71841107be7fe849e6080eec1bc495d8a0411f1f03b9bc34afd20000e88af2450ee1a38816ac |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\serviceworker-1.txt
| MD5 | 33bbdd373dfe612c0620cfcec4e5977c |
| SHA1 | 2b8e7dc7707fdc1ba0da0c64ee49c03c0dfcee7c |
| SHA256 | c8c30ba8a549ff3b6bfb4102b409a9d76337b224679e6eb5f9829d474d922b1c |
| SHA512 | 4a86aab5d99c520b4e10c6b0feaa91fd238ebaa85f9232dd9fc67b48ff49acc4ec764feb90220d8c169c109a042983a8e6f65e5caf1d48343db06d34d563f1f5 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | 9a8819f2844992d60e980d6055cbe379 |
| SHA1 | ec8a579f636074e713ff3b25cc938888c73c1c5f |
| SHA256 | 602d966044db32f28a2ee7785909d8df8c6b9330d6e088e719ee19977605a755 |
| SHA512 | 55b958987fffc68b8276a050e0357f5693f26c3c6bd5876dfda698980762dad1632648bda77550dd1cdac422163fc9698f5a68eabab6a9debd6925bb96618072 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\serviceworker.txt
| MD5 | 785ea01d0222f9fc77a7b4d1dc0081bb |
| SHA1 | 7af1be1784db12f590cc0bcd36dee0b32fc72d62 |
| SHA256 | dfe360500e96e108b8bf99f39f81b1f6301a0beccb585260116585aea228c14d |
| SHA512 | 61eefba11197c390eea5b26a1a9951400aad8958524d7b7b6e10af8afee60e00e995fcf277bd2e1e26555f575b468801f32f008125d6d8fa733e04c2c26c9e01 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 368c46bfb1eeaa09cc9ba743b375f8e1 |
| SHA1 | 83d1f1d76df3699ff395d5ea0b137ae49c05ec2d |
| SHA256 | 8283f67f4ae8dcdd3c9ff7f8d60e125dd52625c848e0d828522b56f1b73d5412 |
| SHA512 | 7687290f83346336872a8999a495c7927ed7db2bbbdbec878fc607922d8ee1dc7b2de9830aac8c4814ebd9f1b2222cf960a8ebd2870db5cc81949894e1e3f0ee |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 81cc190c2a29f9be9fb387c54c17d48b |
| SHA1 | 18073b4ae41cc4157c2e9c414c0ad7b73f82ebdf |
| SHA256 | 22ad3ecb94629b9f14c59454586c36ca0295879ce1670d0e90f58fcd11a634b0 |
| SHA512 | d15a5a4dc888d04039d2bc1ae811dd039c51d76b2b25f6f4271db8b17ea523e989f99b12c33fdab60f3815573c970b18816af6dc23acee0e358a02365f255987 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\sessionstore-backups\recovery.baklz4
| MD5 | db5c5088989d6b39f250a6d616c5fac7 |
| SHA1 | 9c1879db1962fefd9b0d7f351ed01e25afe31b63 |
| SHA256 | 775bdacad5e2b495dc9ec7e102ced4b234d46565b9f5ce960f6b20bd4ef5f8b3 |
| SHA512 | bc02da97944bb8e24829dedca6b2d45ba4dbc927e7c782acbb94bef632abdb1c7dfa407bc9360b21d12b8ddc66617a8d3fae331c8b62a2d2d3ac48bfce7371e2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\sessionstore-backups\recovery.baklz4
| MD5 | a95dcf5dd194da7604694502dcd5ad3d |
| SHA1 | 49aaf5a41a1efa550fea5b016375c77896821025 |
| SHA256 | 0e5e347cc2e844d8957171f7340d076f1c8afb88e2fd5cdd818d4ab46e104499 |
| SHA512 | 438681881d97caf9df0aefaded66f4c59214d62ed7d3974dcfb1253649d68c3cef0bf475e9c31d53db9879be2170f68bd1daf6c3a7994266c17e7bb88a3c12ef |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\sessionstore-backups\recovery.baklz4
| MD5 | cf015d1b8cd03af7ead3ea737ce55198 |
| SHA1 | 07a6759b9e89636ae948c67962ad552d1cc466d0 |
| SHA256 | cda675db94be2c80377ae963f463da9d5aeb345700fc06a7c9f3a01f18232bd4 |
| SHA512 | c31ac6d8a9ded1c936bee113cb494ba0d9821b366342314c31ce0991bc608656674128a1f05a46bea38a6226b714c3569f10875cdb369166e8aeefa64f070738 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\4871674073FF9E4FBA36C7594551C6F1EBC8748F
| MD5 | 2639ed7cd893bc6f5634387aabe67ff4 |
| SHA1 | 5ac183bf25190b9727c6b300523efcb21dc25550 |
| SHA256 | 5fcd6b77b62141018525b2bd326d1ab2202399119af1153bb05c86c0e218ced4 |
| SHA512 | 20fa1248219b66177b958cf8416cfc4f64e1c35c1caae3ba4ffb947aa2654deec85d765dd1d30ba7837003bd2f89b7f849ccb5388fd176dc5b0db2279d35bb58 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\A342D9F458D0AB1A3DA8E5DD647B9FAC2ACCAF0B
| MD5 | 9f4fda3dc41e4d7e42a96213c078d3e5 |
| SHA1 | 72a436f8ca48cd0debb6b0f9600be0e4343908a6 |
| SHA256 | 19423f47ab2210aff24ab1d7224108a9b1298bc72dc9a4c1f8cbfeab87ac6bb6 |
| SHA512 | 72bb6a55dc9243a9ad03d0a07d0b4ef7f219386a37930684dd9c098b80364bca86270ad0175fbbe7690229fcf2fd0babbeee45139b148271d5815c1d2296bd7b |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\E6C22A3DFCD18E3C6145370266896FF76AE3F7EC
| MD5 | d26521b51be8a6db93617e00794b746e |
| SHA1 | e4884772bb66b7820453326e8974a602d6ed059c |
| SHA256 | 1ad4d9d0b6fd0e56e6953740963c695103bc734d378da6f832c4d6820b87a8d3 |
| SHA512 | 0a1762d61007eb6141ff5254dced77e16c3b7cf5a205d878ccf8942582973bb80e3a18113344d6fffd24cfe0dbed93b6542480b5f0b4a8138ebeb3d3f997881a |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\C63D2277AFB9D33AF6C3CFCCB684D58B42F37D12
| MD5 | 44ab87cbc9056c8094bef5eb40623be9 |
| SHA1 | fbd17cb64e89760bbc95cd8c56abb3ef80b860d9 |
| SHA256 | b8e24621687ec6d5a7a916e3cb44229c082633e9a83dc67c9c36fb711b28de66 |
| SHA512 | c5b948eb0e75c199aae47fe1986e563f1670af0fc8a30b76c956d9469da46c59994b3c0e33365bf2054d48ec85546185f87cd5a35cbd70a6bc8fb956d701afee |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\BEA4DD767DBD7BEF2D1146F1A7C7B6DBEC858F1D
| MD5 | c6133cdbe9fe8fd07e2c35aeb089a547 |
| SHA1 | 8a37fbf7a165d698e6b0e11988568864926b9f09 |
| SHA256 | ac734276cf859ba9784db97402dbc1724888f8faa4c14bfcea737273a4b5b4e1 |
| SHA512 | 58f64a736be26e36be0efa51f5bd685cf1f9573289e4510e6cd53e13267e7cad36ad66ad2628db87f7ef6c13be3eb97594784364f352f3f1682b1adaf3d2babd |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\7FB78C9D4678D3E57F04D54F36A2847939730A90
| MD5 | 1a089c7e42b19f74bf4e5a4e5fa9db5e |
| SHA1 | c26b393b14b9b3006d11fb9c8eb63ee4c8151ff6 |
| SHA256 | 8adbfb8157b067660be0f0d9200e12d6a2681fb84711ec0484fe1f5d0bccae48 |
| SHA512 | 1d53cecf8ac952094a0c6ff0d45fe57735bfae82f8506421272fb50bdf3bec8c2635f5638d1ffa98d4ae6eb8c682a198e003c85d75e94cdefd219c2ccc304c76 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\C137593A6AC2C888ECA6F4CFDBB4AB562172A494
| MD5 | 3ab42943aee2442e89454d3d54b17ba4 |
| SHA1 | c157395fa5e23fb77db1a67693fdfd3759779001 |
| SHA256 | bf130ec4e1e9bafec83df114bd7bbb37f3d53a3046a80b6d31f6cdb22309aad4 |
| SHA512 | a869930ab9f5f56e4690a916bcdf5a397914513a35a691064719e1f1b9645493564d5e0ebf1493bc16ee081b936a1b63e8b7bb5e1ce50fcb9aea3d24e3cf60fa |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\852260C0D42C84F6CA337BACDCA61CA899E1B417
| MD5 | 5ecb4184c439a79b9bf552713708b00e |
| SHA1 | 7e7a9940090743efe462a54c91e30972e0477328 |
| SHA256 | 9656aa572dbe61ebdace35232c38c330b8e2c0cb8f3ce18db81d5b8e28962deb |
| SHA512 | 017584ac3bb8add5578f3bee9930802b6fc378fef0143511892c5deb29810d5e5ea89fb9052dbc8cdd89923e3a83310424828a201953b3c93615321c3a90c53f |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\38B5C0793DEAC364DEAF9D9DA9C001E748911687
| MD5 | 4e8378e870115b7339577b5adf2121a2 |
| SHA1 | 2024aeec6cfa2f0489d04c81eaf71179ce7fbc63 |
| SHA256 | dc192428155e7559acb9274d0d3d4a51995e64d45cf62a40cf7d68a6d0766871 |
| SHA512 | 27a4b6d29390eb6ede9071a23762241b570d45f7ea0fb3c6d37c5ba95c01cb966f236a4bd77e3969fa2abe0eaeef5a49486fe5e1720d67ae13ec463a45cd7af8 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\BCE3E181DCEADFFD3CDA326D005C7E39113B8755
| MD5 | 9300766e074ea8f47172efda3cb329e2 |
| SHA1 | 402509799e05888b2c828e8ecfb5c0852d709827 |
| SHA256 | 211ad187831c18c7a75c42be41f74fa77db3e74f00ab9d6777422536fd6ef854 |
| SHA512 | 508c47568e944ecfa42ed0bcabde443871aefe4c8b0b3e2c9b1848506c2aa157e953be6f22f9a3a73c225c077405c7ec3b21158472ddf392618bad839f7db0b7 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\doomed\1356
| MD5 | b3551b0d526f832a3093510e962aa658 |
| SHA1 | 4e00dc6835eb2efe2089064cb90faca3b81a60c7 |
| SHA256 | 9efd1bc97cc1ff405e621de91365ccf75d7e33dbf91e07a24f62314f7cdbaf4e |
| SHA512 | 45b9af40864afa2766cd9a4904775fe6beb6ce21a0bb3a14cc7e930d89add719329ca4684670c1178d9e073faf798ca91bfc5295072d2f726da713ac346ecc28 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\sessionstore-backups\recovery.baklz4
| MD5 | b26ad9280ddeaae63b224b47475dcc6e |
| SHA1 | 79e21a737f32ada7b9df2a700bab19532b442077 |
| SHA256 | 748ae168905fde9473812dec6b759d1e4641162f0ba3a209f6485817c8e5d415 |
| SHA512 | 4b9fb8129a975c7f40ab0f3e16973f73db9f197e95b217e555941630b71c40a805c2b04ecaa2c439cc16d61c31258ce2d2037b71eaad798e7713d6e6ab3c0556 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\336726D17A573FC9B8AC9911230A4E9EEC3B5F92
| MD5 | f52f7e7ddea4b72134a6ca2de065378a |
| SHA1 | fb9f418a6cbc212719905b40ede812ffeb3e416a |
| SHA256 | ccf85559209bea4dace56dcab6b0952170117d3202970bab476e632444284bf5 |
| SHA512 | 5a992008ae190d9ae1c2469bbfbcf6eba5f8142852e389da4327615098014d7696a5e74fa71c2b89a23d32978309c325823d77891cfcd454fe2751343c1eaebc |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\549C94847E35BE89DCE95DF86EA39378F22E5078
| MD5 | c6a29623b68054af18815bf048cdab99 |
| SHA1 | 278541e3aa68f807f2d85722be5f623adb609fe3 |
| SHA256 | e73cd3c4bbd547379c79e4bc4db83034cc5b69113413b1d7b2e0fd5cef6d5ed7 |
| SHA512 | 7f9ba7f6d0347180c67f8e79b90aa984179de1778f3d9b57e719240d0b8f3fca06d9bf190450ca2fae120ed5ffea6331c35e7105cce366e104f22af87011dac6 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\2492994A253B970917AF5CDF605580B1C2DC16A0
| MD5 | 24ad4b3e356991eaf1129cfab5615db4 |
| SHA1 | 55853fc136abe345308eda544e571625250e71de |
| SHA256 | b2022e10bd98cb93d842e61b97bcef34d284ed9b5b1db8837f9d6ae9edbe4cf4 |
| SHA512 | 1be6e035b96f943fcfc685c0d5f3df6db391d89329eb2ec2e995591f16eb32554f98dc014d82192f1a524b3a146f6c89cb6492e3c77cc7621a2b6c8bd4c0d5e4 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\F8CC4B942051176CA105050F589FC100C71DF2F9
| MD5 | f6c3f8db5f230993d43852e7096cba9e |
| SHA1 | e5a3686789284e73bb45e0a21509fa2fb5749d56 |
| SHA256 | fb76d911940aef4cd39a768e6207c8c0e2ceba90318e56dae990eb46ce7df3d8 |
| SHA512 | bec71546cd1927e63d9570f29cf11744f0b17d9aa926f01675261a55795630f99f06c6661878bce2668b7db86f338d82a43a6f61378fda65f6fbc9aec7d37752 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\3ED7BDB8AF45BEE9CC5969FBAA43A9E0BF86A632
| MD5 | 9e7fb49bf1bbce235aa310cc6803fe95 |
| SHA1 | 0457159ea8838eea6cb0b0b8f56c958adcec4e77 |
| SHA256 | d445e9cb84bd98695c9ef37a7b0fb971f007b5dcac8fc6ca6561ece44bcb90a4 |
| SHA512 | 4ef1fe33f21b96620bca667c82ad6b1428a7447b9dabc2bca4e2f258f97c37967d652d600d2da11b417b7482f3480e22b29b5079a0b3534b4cccf610a70c8063 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 3c523e152fc430cf8ab25f293936f60f |
| SHA1 | 040326c0c533dafead719d97ce6156563be13f45 |
| SHA256 | 5c63a1bef0f2b8912fdacdccf376c3098c011349e3c36cd1771568c9f30a4d69 |
| SHA512 | f367010b2356b1232529ffa5a60d37b2c1971bc713a776fe18d0fa70f0944f63033cf25451ff0bd1e7654abec0e3845d768db5ddfd15df548237c66dcab92a24 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | a9002f905f5f4bbdb60dc952bb7789c6 |
| SHA1 | a85a76743bcc260c0c25eb9831496328568bdcf5 |
| SHA256 | ed3623c7bd1d16dc5f1e7868167a20f35ed63662382cffbfa487fd9593b532bb |
| SHA512 | f5058a1fba14e62f09ffa99f2cdce04291e14b7aaae499dd374c5e3afdcc45f4f03ced6cd0128f8e8d378d480604fe3e94ca5393bbd559e53fea47aebd0a4f96 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\jumpListCache\zYL4gO41ss4OorKaXYX1hzlXG2aNkwhDDcXGQnT8y8A=.ico
| MD5 | 6b120367fa9e50d6f91f30601ee58bb3 |
| SHA1 | 9a32726e2496f78ef54f91954836b31b9a0faa50 |
| SHA256 | 92c62d192e956e966fd01a0c1f721d241b9b6f256b308a2be06187a7b925f9e0 |
| SHA512 | c8d55a2c10a2ef484dedded911b8f3c2f5ecb996be6f6f425c5bd4b4f53eb620a2baccd48bac1915a81da9a792971d95ff36c3f216075d93e5fd7a462ecd784f |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\19EFC4606FC526786839712EAF7F28A85AB44DBE
| MD5 | 44b00428baa4114be226f361554d735c |
| SHA1 | eec897d9548d3d82d6623b353ad1e3b952f76e37 |
| SHA256 | bbf97297585f841a26f09c768381cbbd2edf584a09fecab147857756c1936bd1 |
| SHA512 | f8227a6fc0bc9cfa11ae24045dfe1962aad2a9877e6804d694ccdc48e15759b4f18702d0f8b84d3efd1b9db22cdc64d7e38785dab62e766316af8075b55eee92 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 62dfae200beff0e92768b15c8cf9a0c0 |
| SHA1 | 3de98a381fcc4b91a8890d51af7fa6350f61ae30 |
| SHA256 | d01f084e7a2d862bfb63ddd0f29090e9c98555409c7ed529c342335c03d952db |
| SHA512 | 6d97d5b426c06c82994d416495e30e8e4d30e050a35bb8f1a43165507212224f430d5b09f90af48cd3af87219f9528bf7f0e35324f2d19b5248f3e6f48ddcb97 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\doomed\26653
| MD5 | b9e3ecb512690dcc70c282f9e3cedd1d |
| SHA1 | 7d8e62a444a147e87524468303c81d6b4ec5e9f2 |
| SHA256 | 63224ed94e4c3a10c377176b0d3ed22972a8d61ee09602572e0453e89a36b09d |
| SHA512 | 6b75499c0be9c1b890f578ba50cdafb6bd18b7a42a5affb2eb716f152c9094812d381835dff0cb1479a8e32b01cfc6424e8f2e997e09e34826a9114c3a4bf302 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 50aef534a17df85657910374f4164c2a |
| SHA1 | 8bc4a139e8080fa418636e20b84b620d25d3ccf6 |
| SHA256 | 35a5e68f3ca2a5d29c10cade3b89a6ccc4fd1d909133e0d9dd580bcb511dcbba |
| SHA512 | c3c7fcd75699a97f3feca411379a07a23164e72a84d9d4964eb2dc867f95f99d008ed9eb236fc41a131525e9dc213e5a11ab7d7488e662d93c39aedf200c05e6 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\3281DD4C79ACB61B312FD94931181EE61FD498DC
| MD5 | 94e2a7e95ce90f22f9eddff6781bfba8 |
| SHA1 | 49b9229f28525b7fdc75e22ea9e1e8ad76a64f79 |
| SHA256 | 656769d2041123aa2372818c5decd94751673932b28cc5e9e99c6fb16bb3ddf8 |
| SHA512 | 23216f22c9bea9dcf7d600a32de16881483503ba2bf3a26073cd5f99e513335ec406b6a3169e19823f3739f78d77736fa522caf32a0a02c843d9b6006ab34fe0 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\75C2EC5F3A2BF2781AEA09019FBF3B0EC062FFA0
| MD5 | 20732ebf9a42c3480e1235c070efa77b |
| SHA1 | 05e5cb3857a951003223999a5b46ed6650f1c26f |
| SHA256 | 1047a667e25b5409489881aac5e4f694670a426d201f40692ceeed151022f6db |
| SHA512 | 62b9d098818bc6316a684bceb6b9df7f1b75ac6a1ad4c5d608784dbae5fc4b584c7210255e63913d6574afd50b64a7d0af71601befac14d517e4f48f0617cf15 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\1C116AEB3026B2A5B2EC3E37D9DE961616B409A9
| MD5 | c4e1dc0da57ff869d8433f449cf48b96 |
| SHA1 | f7c5ddb60d890243d0b8e77cf072c9b1c347455b |
| SHA256 | a6ad2f313299f22af8bda4ce7f44d9ef4ef516899eca98482071a8ef1cb03758 |
| SHA512 | 489e8eb62c0913a91a61ec121135efff01098b89189a493bc12e3b2152469d8752e2a2370394c0443e209d5f35ccf88fe9a42498a8dbe23dea0d5dfd601a1317 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\storage\default\https+++github.com\ls\usage
| MD5 | d2015e88eb9f525b763b879ec005900e |
| SHA1 | 082f22e58119b3748bdd0627d66b2fb28cfe2bf3 |
| SHA256 | 605604d46633713a623a35d194400826fbf8e04167d7ca52029f3d834fe771e1 |
| SHA512 | 4979cac7ea5c4c738c2d41a65fdc54805f8548c894e53f7c4c3367fa35f57a6c12264b5fbf6eb7f7f5b61df8572e575afde1462f808b07262f4886a585d5ab94 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 303025c112552cda52deca3c998b3219 |
| SHA1 | 798da1d101072c05a2f027c099b74b9662681ef7 |
| SHA256 | 063c39c0973e2db75d224c4799e7872f42b2e56cb86779dcbb4bd761f84965bd |
| SHA512 | 97c701e6ddba37dc9e5e739708430657a866dedf757e946fccf1636f28dd735859a1723a149141ba866e050098eb5fe9915b340b94d76a8e1b04373c4890853e |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\FF4AD17FD944267062EA7AB6E55CE6458C03C369
| MD5 | 18b674308a0dd12c3ac902178cafb7a8 |
| SHA1 | 5c071b14caf987da33858c4e36e0be6cf0015cc3 |
| SHA256 | 2c2c63f7952b42b617ba542f1c89a8d42901efe7e0d01130ec7176161704d063 |
| SHA512 | 020b63d3da1c5fdf8cf2b46491008b36f5b3cc9b78592f7bceb88d9dc9cb56ebab4801a38cbeded23eeae75a5f12145e5aa440d5c0e191662fade50382cb00c5 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\012C900C8ACDD1B38FD4EE1890B2035CBA45CF20
| MD5 | 9edb83d1a7e455b85aee1077e265964d |
| SHA1 | 6a86533784af33afe8977f4eeb66d0dd3e5b3c96 |
| SHA256 | 21c9dc5a3d348e179e15dc26876198e0c9a80001bf4571405e59025934253b43 |
| SHA512 | ca27a5293268e5099e796cb3ae2f8433933f14ee4d768c79a49093c2da0bbd589974393f281c0f20bb569de76209251850814c8d69ad349455c0c6998cdb1174 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\DC7AA9398013EDB27EA609F59B57ADD4A790C27D
| MD5 | c7289ef6256e43baf4bf1b5edf354a7b |
| SHA1 | 5344fea8ac16242d1e57817543a85e3232ba0ef5 |
| SHA256 | cbdd8c6e08b1e4da93a55b01db5146ba21745fe045e9f24e9f243c83cab62fcb |
| SHA512 | eba53c5e2074e36ef1c2e7aded676587527eb22feae8642e4660d2e5fddedc4a6e9592e6e5716fe25375b2c42b933df7a36748d3766765f69cf8b430b018aeff |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\A6C74BC2260EAFF823C7AED38BBA607C962CCB55
| MD5 | a75401a442e8276a18d03d8c2f7d865b |
| SHA1 | 6f596b213233c15a1d799ba0aead8ebd3df7eafd |
| SHA256 | 40c77d0efbe460862e3a74ee442ab80a06da480206962f6e86fe3fac4baa0d39 |
| SHA512 | 886b1a0c3238438b3860d40a9413ca3909f912a0d3875daf4edb648abb036c1c964fc15ca36d9819901dbee056e5032e5e38cc2ce12e8ece30fc4d1c112a403b |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\D207CA89781848E7ECA4C658F22D4AEF1B168DD3
| MD5 | adad832e8c1d0694415792c84a656589 |
| SHA1 | 04c7a20a154240baca290355061a58818b630b02 |
| SHA256 | 5ea3c33b9675058a9ee645bb673234c5e2f4f7f3d25a4575da6facf5c752cd69 |
| SHA512 | d7979668845ece45163c5f1f12f0d4fd76d22b70362bda5237fcd02994a0361f6a79f9476e820df666170793e82aec5cc26a3fa35779aab8884d4f23d498c281 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\sessionstore-backups\recovery.baklz4
| MD5 | c0a4e9a73878d1887799ac77045c9f6a |
| SHA1 | 388851bcd8334ebc3e88ecb792f0d5dcde8d2c23 |
| SHA256 | eabbb4cabee2418e3c91a2ca2e2ea09b4266f0efad1c4c376497c00a55290276 |
| SHA512 | bbaa5165ca84e28d71f310a425d78038142aff2c006526e3314ed00b9d7405337793edd2666d4a9ac3cee22944f0f5c7f21908e354a2477543589c5e7d98cf19 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\BF6DEF458BEA0E28147D76D4853392BD33F45C9B
| MD5 | facf7a142f8cf04a4ab4df5837efdec0 |
| SHA1 | 90653ce3baf4fa0a44aa03db6c2f8c69275175f9 |
| SHA256 | 12d2f1e9122ead1288f6b18129b5eb1022e69fdfc61f36c104c8495f59313878 |
| SHA512 | eb4ce50f771fb44bff1f6f2425edfd4308c15c184d4615fe0345a09ea137e2e2754c34facbea1fcc2eef82f0cabf05abd4107e6a31c2a159fd05f335397067dc |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 7b81603774f58fd2eaa19396e0efb1b4 |
| SHA1 | 8df1dd7d39cb24013e176548d8aecf74a48e3722 |
| SHA256 | 0c9129714714644cf79af67a27024fba4223c786162dd57c7eef8a2ceecd247e |
| SHA512 | 08eb098f3f296fa268dcc172fe2676b87186b0c924f78c31bf62571c3760f29efaf646aa773f17b639c443a4886bb707d030e7d0c09294a2d87292f6947c8177 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\datareporting\glean\pending_pings\efbb9899-fefe-4f81-85de-3d927c400fcf
| MD5 | 36594be3d5debb5f088f69d293d66856 |
| SHA1 | f36089713e94d9aa39955453955db5f1c8e33ef4 |
| SHA256 | 701b075437cceab1373008cf6e417ded9e9ff189dfc47b534b8ce722cbf171f5 |
| SHA512 | fbbd2474da03fd01639a6e2d4f67ecdb08c1bbccdda1374a1ef62d2f9e63962dfe47abb9a411204e62ee8d11a1449eb087a627a521075abbee1765b1d4ab20ca |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\datareporting\glean\pending_pings\01c3463b-c44e-4f0c-8c66-a4d948db6484
| MD5 | f8790e9124e3506c22d2315185329748 |
| SHA1 | 0d873ee64ae9676ccf9a4d3900c2de237a8e2712 |
| SHA256 | 315b663b1870a2d65b62f17843a19e5a8dd52aedb9c8fd642c2c8d0ffc4e3f49 |
| SHA512 | 1f65a1248cc1105a226a7b0f739e8793dc210757352a8e2ad5fc9d9d958bfc6a924aae6e62246d23dfc7ed9ce0a89d98a34809600546658e0f99077ef5eea6d7 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\33809CDBDD69269236BB05F66DFF2693F384205C
| MD5 | cecc0b981f7b7b2d1d11778df6ca15f2 |
| SHA1 | aacebd8282d34d182d2e47c36bc336cf0328befc |
| SHA256 | ed0c7d0bae109137fbe479ff10ecb756b61762108fed732ebef166ba27e60f34 |
| SHA512 | e32a90e1d51348642e4969b559feecc378a872e544cbfa8c24a9a990681b3333b68d2b7d26bff0ef75f7b7c8a1303d54ffa7465d202dc39353fd06effda6232e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\sessionstore-backups\recovery.baklz4
| MD5 | a2d77472d4a858a74a52d9975c68db81 |
| SHA1 | a7dde97280961bcde29059a5f71141788265e748 |
| SHA256 | 58fb552a0de974959610d8d8447d5008729715f4388072947651b0d634fad940 |
| SHA512 | 8b303e99bbd03f9c9e65392e17ef396a693663c0ad1af59491599fbc09f4485fb09ad50c9b894a837f0ff012136de9067ef088a8d3f34cfd5c37e8735c2e0ffc |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\sessionstore-backups\recovery.baklz4
| MD5 | ee40ee587da0a30c380b0ff19efd8c0d |
| SHA1 | 01791f4d7e470dac769b016a21ff2fdd1484186d |
| SHA256 | 338acc2ce42738d4cd319c9dea65a099a1e29dcca595e9dcd0c5bf3ee49eb862 |
| SHA512 | c93901919f1f94983391d08942fd9cba96fc2bf36ea76dc9c61c242a3daf0ef4e6cdfa6c99ca4259fdfd0a2da26b6f73609f29e8c3d9f2195cace2202fabc30b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 6602b8de35cf6b4ff247b6713bf7beb9 |
| SHA1 | 8f167157fb778c568897a2c7f69ea3782a43d0e8 |
| SHA256 | e0806bf3937d22a1c9ec9a8ce061ff444c32c7397476bd953374452accfe6e61 |
| SHA512 | 7ce47a70338a74bab1a8a898f03385f71a2f0204e6268c0fabb56149596ec2b657c803bb1a2b8e60208454c15166d82b5c8cd2cd1a59524cf3167061b42ca332 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | c6b70cf1c9f569228080bb4f8ed44ba2 |
| SHA1 | 80587ef57b5d9f485578fab0838e2dd59a01cf9a |
| SHA256 | 821087e619e7f7ef73a2aad206a8f183dd60a88e65bcd8043271d83cc021791a |
| SHA512 | 171771e789bbc44c24999c0d23f14415acfd0899d8fa53175388e59ef3f6ecf7501af235ce9bcdebaef3f8f7831b21cc9af3429b1c3abe9e61a5937cf3cc17bc |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 9051bca8320ffb70c04f3ee77c1746ff |
| SHA1 | 00e43d03b17df7f94ef0df112be79234905ae946 |
| SHA256 | 405cd7f9f06372f5b43f0bc5f5102830c9c7ac93695c4fd50ae378ee5af39460 |
| SHA512 | 58b0b9607a6c32ad01cf901e6e46661c1fccc55d06e9ead2b0e6a7a6d648a3d550de1fe21ac7e6765d1fe4af681f2bfb4f2e5ed5f8bcf5874c4d6b12cb36bae0 |
C:\Users\Admin\Downloads\$uckyLocker.DbQlXmgm.exe.part
| MD5 | c850f942ccf6e45230169cc4bd9eb5c8 |
| SHA1 | 51c647e2b150e781bd1910cac4061a2cee1daf89 |
| SHA256 | 86e0eac8c5ce70c4b839ef18af5231b5f92e292b81e440193cdbdc7ed108049f |
| SHA512 | 2b3890241b8c8690aab0aed347daa778aba20f29f76e8b79b02953b6252324317520b91ea60d3ef73e42ad403f7a6e0e3f2a057799f21ed447dae7096b2f47d9 |
C:\Users\Admin\Downloads\$uckyLocker.exe:Zone.Identifier
| MD5 | 0a94106dade76dae718215a96c28376d |
| SHA1 | 5b5bfc14581bdd0092008d89aa03479982a2d04f |
| SHA256 | ad5a54785202391f03273b5dbdc3efcbd43a06c98c69937f59e26e48eddcbd78 |
| SHA512 | 75408906ee1b223d2dda79841cd26b73a224d45b470129083692f572de3dfcca539f3177f5ef304220d69750ae043b33011a83d158b4dab33f298b29b7dbf871 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 2a7e65e1d1f7ba304cb3d74aa6f954ea |
| SHA1 | e67675aa2b1af1a5e2eeadeb27f2e950392194ea |
| SHA256 | 7fd4804faa0bf3e42bbdbca4866d8ce4bab746e9a526aa3f96e4af57d9597ce0 |
| SHA512 | 070144849bb26594a14719c16c512fe48f5f35039bb07ea9a664de5737e690c95572f694fb0924440bcf7a8692037aa8cee25e530e7088123603e8e59a9e43cf |
memory/5892-4203-0x0000000000250000-0x00000000002BE000-memory.dmp
memory/5892-4204-0x0000000005260000-0x0000000005806000-memory.dmp
memory/5892-4205-0x0000000004D60000-0x0000000004DF2000-memory.dmp
memory/5892-4206-0x0000000004E10000-0x0000000004E1A000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 90573356da934fee4fd2024ed0677331 |
| SHA1 | c9a9d5a49d0c14eb4e6f91594853d9385cc15bef |
| SHA256 | 79326d345efd1a620800913fa9669caa15cedb3632ab2116e9dfe9c040f2505b |
| SHA512 | cfe00c7d233535e204570a70df7ad7cbce596ecd6b4b49d1bd08e9707e30778734edbf6bee5defb796daceb87ac0867755305f4d987916323f2006b45aa4cd91 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\sessionstore-backups\recovery.baklz4
| MD5 | ae479dcade90370423539f19ad12d56b |
| SHA1 | 0be9d5a506defe935a32f1975d83875976b57321 |
| SHA256 | df371d70c886467e9f0af216a9e5acbd9c1febeed4f6fa0b87e2b81adbe05a5a |
| SHA512 | 8961302d0dde4ef5c94aad3c6f3851bf52c3895ee5dcde9d03bdcc75add39c93b39c331fe46efac3a3e4b341ca0acc73db2b0a4264564f67b93e62aa0485c3fb |
C:\Users\Admin\Downloads\satan.exe
| MD5 | c9c341eaf04c89933ed28cbc2739d325 |
| SHA1 | c5b7d47aef3bd33a24293138fcba3a5ff286c2a8 |
| SHA256 | 1a0a2fd546e3c05e15b2db3b531cb8e8755641f5f1c17910ce2fb7bbce2a05b7 |
| SHA512 | 7cfa6ec0be0f5ae80404c6c709a6fd00ca10a18b6def5ca746611d0d32a9552f7961ab0ebf8a336b27f7058d700205be7fcc859a30d7d185aa9457267090f99b |
C:\Users\Admin\Downloads\satan.exe:Zone.Identifier
| MD5 | b41b5404eb2102944bf0cf4ce9591793 |
| SHA1 | d4e7624b8be6dc16f042fc9e1fc2823c21f8af0a |
| SHA256 | 37ddf585757c36256837f9343a7ff2d6d59add325989edcc7f178da766275627 |
| SHA512 | 3fcf4137437fafe8d3b158f1132fe5e38f6389bd17f6db9c5a5ddb355d0d2882be4b74f75b194b62f71199d3fbf8ba77fb26283fee35f6f96ebe62961c13f992 |
memory/5552-4264-0x0000000000400000-0x0000000000412000-memory.dmp
memory/5552-4266-0x0000000000400000-0x0000000000412000-memory.dmp
C:\Users\Admin\AppData\Roaming\Cyido\maof.exe
| MD5 | 361e64a2b933870adb15eac5cf529a25 |
| SHA1 | e59e9a4d4ff06908aaff73ba76400df349d1d153 |
| SHA256 | f00b993b326817062a59071f31590e93b4ed4a6e4605d1168e9e900415befd56 |
| SHA512 | 7db49cb887a06c78677e42c4fad8768ffb563c39fd52f0eb64c2537830a0cacb9d517e847e3423528ef53ca119c153f2dacb45cdc3391d9585c7a2789236568b |
memory/5552-4272-0x0000000000400000-0x0000000000412000-memory.dmp
memory/1440-4275-0x0000000000400000-0x0000000000417000-memory.dmp
memory/5108-4277-0x0000000000410000-0x00000000004CD000-memory.dmp
memory/1440-4279-0x0000000000400000-0x0000000000417000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\tmp_9709d85c.bat
| MD5 | 9eaae0be818da8703ca9cec1954e85f2 |
| SHA1 | 9232de37812ec846628fa51c6eb53d426fd2e2f5 |
| SHA256 | 572c521a8c2428c408db965ebb5331531ae6e05cf0d48aab67c7630f8ad7b9fe |
| SHA512 | ef761abe4d0dbe646edba668df31cff57c00969703278832890c0cd1a789f8fbfe947a80ffd11c63de4dd453bfd72bfd16e2dc97285992b6f41a38de421580cf |
memory/5108-4278-0x0000000000620000-0x0000000000994000-memory.dmp
memory/5108-4287-0x0000000000EA0000-0x0000000000EC9000-memory.dmp
memory/5108-4299-0x0000000003260000-0x00000000032DF000-memory.dmp
memory/5108-4300-0x0000000002EC0000-0x0000000002EE7000-memory.dmp
memory/5108-4298-0x0000000002EB0000-0x0000000002EBC000-memory.dmp
memory/5108-4297-0x0000000002E70000-0x0000000002EA5000-memory.dmp
memory/5108-4296-0x00000000014D0000-0x00000000014E8000-memory.dmp
memory/5108-4295-0x0000000001480000-0x00000000014C2000-memory.dmp
memory/5108-4294-0x0000000001400000-0x0000000001431000-memory.dmp
memory/5108-4293-0x0000000001520000-0x0000000001631000-memory.dmp
memory/5108-4292-0x0000000001360000-0x00000000013FD000-memory.dmp
memory/5108-4291-0x0000000001240000-0x0000000001352000-memory.dmp
memory/5108-4290-0x0000000001120000-0x0000000001240000-memory.dmp
memory/5108-4289-0x0000000001080000-0x000000000111E000-memory.dmp
memory/5108-4288-0x0000000000ED0000-0x0000000000F73000-memory.dmp
memory/5108-4284-0x0000000000CC0000-0x0000000000D6E000-memory.dmp
memory/3776-4286-0x0000029697720000-0x0000029697737000-memory.dmp
memory/5108-4285-0x0000000000E70000-0x0000000000E96000-memory.dmp
memory/5108-4281-0x0000000000B10000-0x0000000000CBC000-memory.dmp
memory/3804-4283-0x000001EEC9350000-0x000001EEC9367000-memory.dmp
memory/3776-4282-0x0000029697720000-0x0000029697737000-memory.dmp
memory/5108-4280-0x0000000000A70000-0x0000000000B01000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\sessionstore-backups\recovery.baklz4
| MD5 | b27c75eeac361d2be61b72781fbf4328 |
| SHA1 | d84f5684938572e4204b8558f4b77d197e5b3fcb |
| SHA256 | 6268a33df5da8563f948550494366e0a9eaa10481edf0943b8c17571e6f2763c |
| SHA512 | 5685280a9a8350e1f4567ca8077355001ec3da26a83bd29e3bc3ed5925d99fce95128d0c1284336d1dbb915b58c190d79464109d35b7f87f1655b4def5d6e5d2 |
memory/1440-4309-0x0000000000400000-0x0000000000417000-memory.dmp
memory/1440-4310-0x0000000000400000-0x0000000000417000-memory.dmp
memory/1440-4312-0x0000000000420000-0x00000000004DD000-memory.dmp
memory/1440-4316-0x0000000000E40000-0x0000000000EEE000-memory.dmp
memory/1440-4317-0x0000000000520000-0x000000000057D000-memory.dmp
memory/1440-4318-0x0000000000EF0000-0x000000000108A000-memory.dmp
memory/1440-4313-0x00000000006A0000-0x0000000000A14000-memory.dmp
memory/1440-4320-0x0000000001840000-0x00000000019A2000-memory.dmp
memory/1440-4330-0x0000000002560000-0x00000000028D8000-memory.dmp
memory/1440-4332-0x0000000002AE0000-0x0000000002B11000-memory.dmp
memory/1440-4331-0x0000000002440000-0x0000000002552000-memory.dmp
memory/1440-4329-0x0000000002320000-0x0000000002431000-memory.dmp
memory/1440-4328-0x0000000002280000-0x000000000231D000-memory.dmp
memory/1440-4327-0x0000000002160000-0x0000000002280000-memory.dmp
memory/1440-4326-0x00000000020C0000-0x000000000215E000-memory.dmp
memory/1440-4325-0x0000000002010000-0x00000000020B3000-memory.dmp
memory/1440-4324-0x0000000001FB0000-0x0000000001FD6000-memory.dmp
memory/1440-4323-0x0000000001FE0000-0x0000000002009000-memory.dmp
memory/1440-4322-0x0000000001AB0000-0x0000000001FAA000-memory.dmp
memory/1440-4321-0x0000000000580000-0x0000000000588000-memory.dmp
memory/1440-4315-0x0000000000C90000-0x0000000000E3C000-memory.dmp
memory/1440-4314-0x0000000000AF0000-0x0000000000B81000-memory.dmp
memory/1440-4311-0x0000000000400000-0x0000000000417000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 4ec017fd1d969f9c87f388a266a13c6a |
| SHA1 | 0cb3c5b305a166463a2defd671bbb1aaed952063 |
| SHA256 | e883e52113c15d4f29734615456a150378aa7d67c72ee0fcb0207da0ef350da3 |
| SHA512 | d1c6c31aefc3c2e470c5573d8dde38a36ee56d2341ac308ec16df8f084ca56d2b717e828586282c992539b311e8c6347a72e63845a009a9e06c42d570dbd78e2 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | 907de4f2298907348259693649c2148e |
| SHA1 | 4719406cf411fd614b7837748a840deb6cc6a755 |
| SHA256 | bc02da72bbf1ed78d11d935ad9dd0d72db6ae90a1c409f24cab26b6b4ca3220b |
| SHA512 | d73582933adb184109516f4eaebc268142652f7532c3a3d6da18344aa7c67d91545b4f7dd456daae19fc8e1cafddd858363c453f27c4ca9c976af9f8ebcc50b3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | 768fba6da0ac07eee057587b4c6976c9 |
| SHA1 | edefadf39ab91cdd118531d615d0175b60786b9e |
| SHA256 | 8b11ebff7079fb0b4da70ed1602e09b4cb1013164865f606f40df68f90374aed |
| SHA512 | 8337a06e1f1a5b31c2af4ed2b234ea05084fb4cfca83ed6c7fc232bb4287fa6c31757cb5a8e4f25fd12a8fb892145e0e58fb3ceff66613565a24d8bca149dbf0 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\2E1725875156FD77FF495074282DFC5F865F155E
| MD5 | 2e497e0dc57fcc07f88a1cb1c100fcf2 |
| SHA1 | 70541ed12f7e7b72c78b9b1316a190377af556b1 |
| SHA256 | d44bc526dbfb5d4bdb1e045b31481b229a919443097a83eb75ca31d7fac7c6df |
| SHA512 | 765cbc511eaaf4f1fe7d48ac66312e6d05713a5f66f23ed4ffabc43e7657455a4a9073f00dfc9b1e62b960d10f138a2d889898917862beace8207a2343ed85b6 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\E7CB3B95B758FE43B1F6C126090503AE5D66F672
| MD5 | 378486ee5184d5a413df2713f1c65659 |
| SHA1 | 1d19eb191217449af4cfa6899c0781649b26a1bf |
| SHA256 | cc8fdd6b4cf1bdb97bd038250ad9411fb93b272ddfa5817b94b13fc5906820a2 |
| SHA512 | 87c640bf132b4b478f3a6929a3d5c18b82275ab4604554fc466c0944f70592dd796bd2ea731486ca4c25674e6c4cc62a71aff9d607e0a88bd6c24736d764a058 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\C7A70B50913B26E1C619687A5AAB8214FB145FAE
| MD5 | ce2999b01756c90bb8b7fc32cbd8c743 |
| SHA1 | 6cfdc99650cb881099d9b319157d8527b6b5344f |
| SHA256 | d1e77cfd89b55ebdb7ab7ee62919a3b936deada199d1fa457ff68d328a46a0ef |
| SHA512 | ce845c2774f8ba3396765d655cae44b498ca61c938c9bce1da5fe4d6decb06769736d05d4c3c4abeb0e2bfc3718f4d95cbbfab1d70508dac6ce3b63ecbefba41 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\99559A4941891CD5905E3EF1D64FEC2824C6BDAA
| MD5 | 71c673af0661ad78ca199bfc4aaf69bc |
| SHA1 | e4a146c9ca3105f0e388fe0e41a10eb395c4feec |
| SHA256 | b5e032d3da4c795f2018474470f954122b11524f42c0897dd3ce7f9b1569e987 |
| SHA512 | 7c169f5c8652d1261eb308e32c193c7a4bfee3b610e97df40245f0dbebd14277d9179cbdbe9a89089f2ecacf2bcb04fd6fb4c9253f1918edee1eb202ffb5759d |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\72136A14C9AC1E6920DFA37F5DFD9E4220D34FB4
| MD5 | 92fb49dcb82e487faf29ada5a7be0d60 |
| SHA1 | c4a500f1fa0bed74a3bcd0b0438ab5a0c56581a7 |
| SHA256 | f1d2e35af1925e88a96111acf49726c1e448d28de59852deb5ae43a6d32ea0e6 |
| SHA512 | ea3980177711452d8cdb38ac71e2184b8cfb289234958ddd7666a58cd39d44a8a4d707378c4a608f441ec0b23a11bc7a596e3b0269cb1714c8aa08a925aed94d |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\3B691B1C596B50339F129C5E0199A1A4872F2416
| MD5 | 336c4125c514edbf92deffac1584892f |
| SHA1 | 8d959939f03168c0075aa8e6e58ad0878e35583c |
| SHA256 | a9c9b3b7003031c99732860edba2ced12d03e0ad8ea8244dc3f0b4ec60798c87 |
| SHA512 | 379fb5b5048a0e2ee689b1c193f49468b79cbe87dcfc526179464e7c04142b2e195c8bb5d689338eaaa12d452885310c1c6d5e7c70666323f214ad9d9c063a5b |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\C75EFDDEF9075FED7E79C19F805F1A668FCC406B
| MD5 | 5958a12f9caa84ade696fec934105590 |
| SHA1 | 49044b39168c3bb5fc6eb8bab075b50ec3518e00 |
| SHA256 | 2968f6aadc6fbbc2ff87c9294a0d9fef6b78d7aff104e347c0e3fbced571b739 |
| SHA512 | 598f4c4db8f2b698cc3ea2216dee68995e0d5e83e7f1c2c142805e5dd9af14b76dd0b8e14852ef4abe186af6f85a7c8c426f8af000f75005d768247f0115f9bf |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\0CA0863DDF7A5A0E61103E04DE3E6762893448A4
| MD5 | 42c7cadb1c7115504e4e9516e4e69f17 |
| SHA1 | cc26328e372e6edc04d2bb0ed59585a9bd5dc296 |
| SHA256 | 0278e84a980f11c71b212bff940c67ef663b9558dd53377a7207b2b05654711e |
| SHA512 | 0ec8cb4507ecf3a7791b2f213122547cd7c699171f7c7d0cc0b85cc9bb2b401e6531aeb047ef349f457cb857d1ff2f2bd0af20e809cf01e249465cc134604996 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\71FBC9B13C965501A8DB29236E9413A7655EC45F
| MD5 | 413b400c29e6b1fb6097f60a336cde23 |
| SHA1 | 83d33df96734918434169894c3c3b353c8925b38 |
| SHA256 | 9ef29c7bba1b7bdd317c9d9da38f70bacfba46d772c3e67d8c4896c840f3ee49 |
| SHA512 | 4c15255c02d95b238aea1b5224ee2afad4cd61d206cb91a9a48b8b924d84ad56c70e5b86d6f80d65f967fac8bc3ff48e0e49ac32febd06bf7507bb681034a75a |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\565063FAB4A13D38064CC8E84E8248ACD4D2D5D9
| MD5 | ab023ea858f915049d92d9efabd5ffc3 |
| SHA1 | 980ae66eb8a11ce1cfc0c93fc03ed9ee237914b8 |
| SHA256 | 05b2cfe253ef5cec5c6ede04f73e5a8d27fe645e670e107790aa92bd3fb2a451 |
| SHA512 | 293db40be8c2b9a0d9f9db8a0c57df4ccc6fcf9a069f9b2ac566eef3be6b8009b89f8f9748616dd953ef7997f117d13514f7a0a9d91c040ee69347dd43c35cc4 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\3B135D5CBEA6040CD5BF4DB113E6E8CF97363ED0
| MD5 | 8bba0dccde9fb421e971f703dff460dd |
| SHA1 | 322b8c9ba2610824cc2e4908d9195d58d637cdaf |
| SHA256 | 4cddc19fb2d23f3acc025642d4f10a181af3570fa2006a749832b6ba8e644c53 |
| SHA512 | 7c6592589726dcbaabaab8ff84c23910c03a37e75d02cc0d45374914088a51caddb1083fda129156c9cd5f347dc2a09a4c968919cf70eb3b777256d86e269a95 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\F3C5311B3E66AF77F6668E247D2006D6738BA22E
| MD5 | 7e5fdc89fe7d293b23b7dc01cf05eebf |
| SHA1 | 2e013900a2d98b458c4106362832531aeb80784e |
| SHA256 | 96842d286ff36ccab0b2185672f3022e12fe3fe31a02e67aa6697753cfd4c1ae |
| SHA512 | 37465056a6bfe0f1d4ea0ef81b4d28e6ce0619ea1a046397d4872c4aa006d915d2407f9144414fb72c52dcdb0100cfd09a625d63e7396f1a399943e063fbc68a |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\9590811C29FAC0302FE9B00345C8173D244C1FC0
| MD5 | 700c3d8f05c7672ef5f7ba482d0aa911 |
| SHA1 | 7699c545db5536ac8fd6fafbfdeb98016aaf422c |
| SHA256 | c9ae5cbc4581dff0304e81b6aac9c19a43e225ccf750e1159b3255c0b94f9b49 |
| SHA512 | c005def2b9b9a36428e3b204aaa11607c3810c97806c0964a2547e90c402ace57811c55832d6d5032bea786a79b56883fb35e19a9b591b09d79cc7cecc37cebc |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\57104CAB94B61778EE5B44E9AE76AA236C3459DF
| MD5 | 2be807b3c4ff8f31343a339816d8ae65 |
| SHA1 | 42e637c87ba5cd8c95653ecb8cf605b94958160d |
| SHA256 | 31024dcda6dc1c22c60d5f7110a22c5d9dc7e7f8e205624cff4152ccc7c45b18 |
| SHA512 | c7858c82f7680c24e991c17997dab4fd2d458084f142078d4ca390d43367cfbe3d1e31d37112d61e7011d7016881822c28c37865a2b3453b994fabc48e9d3d3e |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\590FAB0F6636962E4760D211E35128A5CF6A8178
| MD5 | 8653468ab86b965be415e2c1888b6124 |
| SHA1 | 15094a34431e7da54bd2ac6da79ca1c9b49bd2dc |
| SHA256 | af1d7e16aa62cd7f7657c2fa147fd6775dc0d3b3db0707fbaa857d8fbf8e4f09 |
| SHA512 | ce2fff4ba55a461305ade6cf7926da8f4436d02d31f5424e2d65aa278786e24fe2666071e7be0be7f90876f855af75e347df88d1ccca094f7b63517dbf9a1a38 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\BDAA73B7E97C7C2BF0A4D185B1CA405E2599DF61
| MD5 | e4897cf17dc3efd3f84b0fc7551c951f |
| SHA1 | e08905d6cb4bbbf99cef0a34e5257dca686cd0d9 |
| SHA256 | 925861ce2774077f691ac6ae44cb73c253df48a2d45e3e628043c57c74ac9a7a |
| SHA512 | 2efcec6f33af7302afefebf740d5cdeac4c3ae154a63c90c52dbd79dbd00f4ad5740fb6f904f3c2289b1711a7da04a4c6e4d99acd37d81c8743efa91f1784982 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\A9EEF4E14248C0A16427DC3373F1B37B83D2B91F
| MD5 | 6ea85caaeebaf3a29132d7e35a77fd34 |
| SHA1 | fbad48a9de1e196e135560a04201dd1ac32e4f00 |
| SHA256 | 4966820f6f3ab5cf4339342cc053750785ec983aeb34faadec5b296918a025c7 |
| SHA512 | 8b59c0cecb16bf51468a6b14187865029c32a240b785658df43fad60847ec11ba9ce44b6c874d53b5e3362f9c0dd9ec47405491e362700a8166b50175aec76cb |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\9FC8C85689D31525EACE26158B83B464F43A027B
| MD5 | f02c5ffce52634e1ead5ff7ddb26a2b2 |
| SHA1 | 8daffce621ea1cf69874c01ef66e350ceb06a650 |
| SHA256 | 089ec2629e8a80d63ee37a602f958ef749689f72624808cc6338ebf8991dcb61 |
| SHA512 | 966a342cc325ac20cf11e06ace4821ae822b87cad87c1e895e879c0f35b638e6dbbb49a632fe55fbb2b7d83295440e26460034cef5489c848cbd095fdf10f990 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\A752BE816C32A166B4212612D41570FEFDA0B4E8
| MD5 | 7f1d6a84a8567e4acc6de1aac3f3b610 |
| SHA1 | 5a4c53fae50ed71826aa7a44633980c1ced3d3c8 |
| SHA256 | e0a7dfa95da7badd838e9ecca2e6123240549e2696e725a3a71a8a2963422395 |
| SHA512 | 9e8591070f097ef7b3e0075dda113b15702e4d96e461595aa5972a096059d040257e27b94c742924b991325e8ea239a5c6d88d5d419bca7ff9a3b33969bb3f29 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\FA90AA1A6EA3C72142123CA593B032377DDE3DAB
| MD5 | 08f7ba5f1b4c264e4f5c6ed614ecb358 |
| SHA1 | 33d9e3600a2ce31ddcc0c3940188939a185a4665 |
| SHA256 | 6f7004a1e53a57750c380ecd136648690b7d8f7e13958c17e2f5c23f73347e89 |
| SHA512 | 50f7f84faeb6db21c91d2120a5f2fd0f4334c6999700511ffb50191647121d82666b9fbc1c5588cb736ef2bc5d1cd29ecc86f8e2c5e5b1a983e76a0b5d9b2e39 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\AAB56EAEEFD809E310B1CA883A19780981CFFEA9
| MD5 | 68fe40ba4865019dc18d5997b0a6f5f6 |
| SHA1 | 2300803ac189f5ef462842db569c68ac5e621bc4 |
| SHA256 | d62c0b8b10d8b329945c6a95d277dec20db94299e5f32ab094df1e8e2489ea47 |
| SHA512 | 40604481b70072d18bacc44ee8bb586f13269ccca2678d4293ab0c4f881f8172b66d6d4cd4071ba929dd9ffc5dd9fff6c9b789107c8320aaf2e6de37ed894e75 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\prefs-1.js
| MD5 | b89a109c233d8c52922e7b4814621e51 |
| SHA1 | 3c22f462419c3f64ff4b720bfc65bd44cbc997a8 |
| SHA256 | 9466a71891bcc248afbfe2450ae38ae437d05bd3f43f86f684d1ee5f7cf7a44c |
| SHA512 | 737e4b601660e582fbc7bb8c45b6e740d2bd244f469a7b7f15b542a7917d0ed0855d7474d5b524972e7a0067c2afde44dfe131ffb055a8c21be730effb83a574 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\EA87465A6B977981215042B94E7AB9FECDDEE708
| MD5 | eb69a2c3b9ee95767397357c3e8a87f2 |
| SHA1 | 6d053386a071aa58058f918e28ef7e2f60839e65 |
| SHA256 | e5a0ccc22b66df0da3ad023f0e184d407e4882c45eeade02549731c7256644d0 |
| SHA512 | fdc2aed5447298a338cdef86388a818b5710d357a81d12ea214ca426ba126c1a81c6e9b4c25e51f91088542a4aa1f40b01fda4da9fd4ba97cea2de8aeb31bc8a |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\5A61AB25519514A13188C8E66FFA30EEF6AA3FB5
| MD5 | 304955bd8fe56246cc91f140feafd0a3 |
| SHA1 | 6ca775fdbf08cbf59b41d83338056afdd30f67be |
| SHA256 | 3629a139b58d81b64c544bd0ce9f7e41dbad4c8e217ba3aee20042655db73724 |
| SHA512 | 30e97eb47ff8bbf13ab3f0ae68dea52212370b2f0b0f1969e179b1ad1f1b1b691b03c247c58712e9656f7acf52fc69a3e91748f5ce7318bc26ee5333203f0dbe |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\2B16ACC15AA680352D12943E950AB926A085A466
| MD5 | 0caaa031f42d57431453d77b3843a3fd |
| SHA1 | c207b624be3f76c64f90d1d8b2deee1f27db8010 |
| SHA256 | 632a043f42d3a9e2a67fb0a07f91163e2636e2d7e2bb589573ba435169ccd42f |
| SHA512 | 3ad0af515a250726003cbfd5254b714a6384afa2c8ebac61af8bc107356b48e1f3a343cf5b2dc7a6e610d63bd2229ce9c14d994f869bf63c18437836f64b754e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\bookmarkbackups\bookmarks-2024-11-06_11_LnTvn315zeSVRHDIha3U2g==.jsonlz4
| MD5 | 67b9443e9caa3cbcdd2cf6e8d8040923 |
| SHA1 | 55f2d281d26ed2a772b4f2cd551ab7c952182344 |
| SHA256 | af5e665eb8496fd75d72fba57a1f33bebceaf84c96409211c69e3b193b5df5ad |
| SHA512 | caaea50c661eb099317dcf3e4cd9613be9d0171132310363239e5a84608a0e5eb0e0b6ba46525762cb19ce1703b76e2dd8301aaaf198105ea02281c682e135db |
Analysis: behavioral4
Detonation Overview
Submitted
2024-11-06 00:50
Reported
2024-11-06 01:21
Platform
win10ltsc2021-20241023-en
Max time kernel
1661s
Max time network
1423s
Command Line
Signatures
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
Processes
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\Recipe.docx" /o ""
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | roaming.officeapps.live.com | udp |
| IE | 52.109.76.243:443 | roaming.officeapps.live.com | tcp |
| US | 8.8.8.8:53 | 240.76.109.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 243.76.109.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.65.42.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | metadata.templates.cdn.office.net | udp |
| GB | 2.18.63.31:443 | metadata.templates.cdn.office.net | tcp |
| US | 8.8.8.8:53 | binaries.templates.cdn.office.net | udp |
| GB | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| US | 8.8.8.8:53 | 31.63.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 143.252.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.20.149.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | fd.api.iris.microsoft.com | udp |
| NL | 20.103.156.88:443 | fd.api.iris.microsoft.com | tcp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 168.117.168.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | fd.api.iris.microsoft.com | udp |
| IE | 20.223.35.26:443 | fd.api.iris.microsoft.com | tcp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
Files
memory/4476-0-0x00007FFE6C6B0000-0x00007FFE6C6C0000-memory.dmp
memory/4476-1-0x00007FFEAC6CD000-0x00007FFEAC6CE000-memory.dmp
memory/4476-3-0x00007FFE6C6B0000-0x00007FFE6C6C0000-memory.dmp
memory/4476-2-0x00007FFE6C6B0000-0x00007FFE6C6C0000-memory.dmp
memory/4476-5-0x00007FFE6C6B0000-0x00007FFE6C6C0000-memory.dmp
memory/4476-6-0x00007FFEAC630000-0x00007FFEAC828000-memory.dmp
memory/4476-4-0x00007FFE6C6B0000-0x00007FFE6C6C0000-memory.dmp
memory/4476-9-0x00007FFEAC630000-0x00007FFEAC828000-memory.dmp
memory/4476-8-0x00007FFEAC630000-0x00007FFEAC828000-memory.dmp
memory/4476-13-0x00007FFEAC630000-0x00007FFEAC828000-memory.dmp
memory/4476-14-0x00007FFEAC630000-0x00007FFEAC828000-memory.dmp
memory/4476-15-0x00007FFEAC630000-0x00007FFEAC828000-memory.dmp
memory/4476-16-0x00007FFE69CF0000-0x00007FFE69D00000-memory.dmp
memory/4476-12-0x00007FFEAC630000-0x00007FFEAC828000-memory.dmp
memory/4476-17-0x00007FFEAC630000-0x00007FFEAC828000-memory.dmp
memory/4476-18-0x00007FFE69CF0000-0x00007FFE69D00000-memory.dmp
memory/4476-20-0x00007FFEAC630000-0x00007FFEAC828000-memory.dmp
memory/4476-19-0x00007FFEAC630000-0x00007FFEAC828000-memory.dmp
memory/4476-11-0x00007FFEAC630000-0x00007FFEAC828000-memory.dmp
memory/4476-7-0x00007FFEAC630000-0x00007FFEAC828000-memory.dmp
memory/4476-10-0x00007FFEAC630000-0x00007FFEAC828000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC
| MD5 | f3b25701fe362ec84616a93a45ce9998 |
| SHA1 | d62636d8caec13f04e28442a0a6fa1afeb024bbb |
| SHA256 | b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 |
| SHA512 | 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84 |
memory/4476-51-0x00007FFEAC630000-0x00007FFEAC828000-memory.dmp
memory/4476-52-0x00007FFEAC6CD000-0x00007FFEAC6CE000-memory.dmp
memory/4476-53-0x00007FFEAC630000-0x00007FFEAC828000-memory.dmp
memory/4476-54-0x00007FFEAC630000-0x00007FFEAC828000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\TCDD0DB.tmp\sist02.xsl
| MD5 | f883b260a8d67082ea895c14bf56dd56 |
| SHA1 | 7954565c1f243d46ad3b1e2f1baf3281451fc14b |
| SHA256 | ef4835db41a485b56c2ef0ff7094bc2350460573a686182bc45fd6613480e353 |
| SHA512 | d95924a499f32d9b4d9a7d298502181f9e9048c21dbe0496fa3c3279b263d6f7d594b859111a99b1a53bd248ee69b867d7b1768c42e1e40934e0b990f0ce051e |
Analysis: behavioral5
Detonation Overview
Submitted
2024-11-06 00:50
Reported
2024-11-06 01:21
Platform
win11-20241007-en
Max time kernel
1799s
Max time network
1486s
Command Line
Signatures
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
Processes
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\Recipe.docx" /o ""
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 97.32.109.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| IE | 52.109.76.243:443 | roaming.officeapps.live.com | tcp |
| GB | 2.18.63.31:443 | metadata.templates.cdn.office.net | tcp |
| GB | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
Files
memory/2400-0-0x00007FF933310000-0x00007FF933320000-memory.dmp
memory/2400-3-0x00007FF933310000-0x00007FF933320000-memory.dmp
memory/2400-2-0x00007FF933310000-0x00007FF933320000-memory.dmp
memory/2400-1-0x00007FF973323000-0x00007FF973324000-memory.dmp
memory/2400-5-0x00007FF973280000-0x00007FF973489000-memory.dmp
memory/2400-6-0x00007FF973280000-0x00007FF973489000-memory.dmp
memory/2400-4-0x00007FF933310000-0x00007FF933320000-memory.dmp
memory/2400-7-0x00007FF933310000-0x00007FF933320000-memory.dmp
memory/2400-8-0x00007FF973280000-0x00007FF973489000-memory.dmp
memory/2400-9-0x00007FF930AE0000-0x00007FF930AF0000-memory.dmp
memory/2400-10-0x00007FF973280000-0x00007FF973489000-memory.dmp
memory/2400-11-0x00007FF973280000-0x00007FF973489000-memory.dmp
memory/2400-12-0x00007FF973280000-0x00007FF973489000-memory.dmp
memory/2400-15-0x00007FF973280000-0x00007FF973489000-memory.dmp
memory/2400-18-0x00007FF973280000-0x00007FF973489000-memory.dmp
memory/2400-19-0x00007FF973280000-0x00007FF973489000-memory.dmp
memory/2400-17-0x00007FF973280000-0x00007FF973489000-memory.dmp
memory/2400-16-0x00007FF930AE0000-0x00007FF930AF0000-memory.dmp
memory/2400-14-0x00007FF973280000-0x00007FF973489000-memory.dmp
memory/2400-13-0x00007FF973280000-0x00007FF973489000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC
| MD5 | f3b25701fe362ec84616a93a45ce9998 |
| SHA1 | d62636d8caec13f04e28442a0a6fa1afeb024bbb |
| SHA256 | b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 |
| SHA512 | 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84 |
memory/2400-49-0x00007FF973280000-0x00007FF973489000-memory.dmp
memory/2400-50-0x00007FF973323000-0x00007FF973324000-memory.dmp
memory/2400-51-0x00007FF973280000-0x00007FF973489000-memory.dmp
memory/2400-52-0x00007FF973280000-0x00007FF973489000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms
| MD5 | 2cb39faac044eeba5b771ccaa5492ef4 |
| SHA1 | d2ab2ac59d4a063e9a1af5259aa42c0d18994b12 |
| SHA256 | 2bc03659288ac941dc8fa14b889bfea6cd4d6eb299e74f22eb709434a7465599 |
| SHA512 | 8f38076cd4c0443f16e15d53c6c35f7612af9dd7dd66aa55ea6e45b1197958056d465948b8653646d3da1fc8226babdbea5dfba05d8136da45adffe2dc8e23ff |
C:\Users\Admin\AppData\Local\Temp\TCDD1EA.tmp\gb.xsl
| MD5 | 51d32ee5bc7ab811041f799652d26e04 |
| SHA1 | 412193006aa3ef19e0a57e16acf86b830993024a |
| SHA256 | 6230814bf5b2d554397580613e20681752240ab87fd354ececf188c1eabe0e97 |
| SHA512 | 5fc5d889b0c8e5ef464b76f0c4c9e61bda59b2d1205ac9417cc74d6e9f989fb73d78b4eb3044a1a1e1f2c00ce1ca1bd6d4d07eeadc4108c7b124867711c31810 |
Analysis: behavioral21
Detonation Overview
Submitted
2024-11-06 00:50
Reported
2024-11-06 00:51
Platform
ubuntu2204-amd64-20240729-en
Max time kernel
0s
Max time network
3s
Command Line
Signatures
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /tmp/Recipe.docx | N/A |
Processes
/tmp/Recipe.docx
[/tmp/Recipe.docx]
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral16
Detonation Overview
Submitted
2024-11-06 00:50
Reported
2024-11-06 00:51
Platform
debian9-armhf-20240729-en
Max time kernel
0s
Command Line
Signatures
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /tmp/Recipe.docx | N/A |
Processes
/tmp/Recipe.docx
[/tmp/Recipe.docx]
Network
Files
Analysis: behavioral17
Detonation Overview
Submitted
2024-11-06 00:50
Reported
2024-11-06 00:51
Platform
debian9-mipsbe-20240611-en
Max time kernel
0s
Command Line
Signatures
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /tmp/Recipe.docx | N/A |
Processes
/tmp/Recipe.docx
[/tmp/Recipe.docx]
Network
Files
Analysis: behavioral9
Detonation Overview
Submitted
2024-11-06 00:50
Reported
2024-11-06 00:51
Platform
android-33-x64-arm64-20240624-en
Max time network
7s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.187.228:443 | udp | |
| GB | 142.250.187.228:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral13
Detonation Overview
Submitted
2024-11-06 00:50
Reported
2024-11-06 00:51
Platform
ubuntu2004-amd64-20240508-en
Max time kernel
0s
Max time network
1s
Command Line
Signatures
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /tmp/Recipe.docx | N/A |
Processes
/tmp/Recipe.docx
[/tmp/Recipe.docx]
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral15
Detonation Overview
Submitted
2024-11-06 00:50
Reported
2024-11-06 00:51
Platform
debian12-mipsel-20240418-en
Max time kernel
0s
Command Line
Signatures
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /tmp/Recipe.docx | N/A |
Processes
/tmp/Recipe.docx
[/tmp/Recipe.docx]
Network
Files
Analysis: behavioral19
Detonation Overview
Submitted
2024-11-06 00:50
Reported
2024-11-06 00:51
Platform
ubuntu1804-amd64-20240611-en
Max time kernel
0s
Command Line
Signatures
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /tmp/Recipe.docx | N/A |
Processes
/tmp/Recipe.docx
[/tmp/Recipe.docx]
Network
Files
Analysis: behavioral22
Detonation Overview
Submitted
2024-11-06 00:50
Reported
2024-11-06 00:51
Platform
ubuntu2404-amd64-20240523-en
Max time kernel
0s
Command Line
Signatures
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /tmp/Recipe.docx | N/A |
Processes
/tmp/Recipe.docx
[/tmp/Recipe.docx]
Network
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-06 00:50
Reported
2024-11-06 01:21
Platform
win7-20240729-en
Max time kernel
1741s
Max time network
1567s
Command Line
Signatures
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
Office loads VBA resources, possible macro or embedded object present
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeShutdownPrivilege | N/A | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2328 wrote to memory of 2780 | N/A | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | C:\Windows\splwow64.exe |
| PID 2328 wrote to memory of 2780 | N/A | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | C:\Windows\splwow64.exe |
| PID 2328 wrote to memory of 2780 | N/A | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | C:\Windows\splwow64.exe |
| PID 2328 wrote to memory of 2780 | N/A | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | C:\Windows\splwow64.exe |
Processes
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
"C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\Recipe.docx"
C:\Windows\splwow64.exe
C:\Windows\splwow64.exe 12288
Network
Files
memory/2328-0-0x000000002F161000-0x000000002F162000-memory.dmp
memory/2328-2-0x0000000070DAD000-0x0000000070DB8000-memory.dmp
memory/2328-1-0x000000005FFF0000-0x0000000060000000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\UProof\ExcludeDictionaryEN0c09.lex
| MD5 | f3b25701fe362ec84616a93a45ce9998 |
| SHA1 | d62636d8caec13f04e28442a0a6fa1afeb024bbb |
| SHA256 | b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 |
| SHA512 | 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84 |
memory/2328-14-0x0000000070DAD000-0x0000000070DB8000-memory.dmp
Analysis: behavioral6
Detonation Overview
Submitted
2024-11-06 00:50
Reported
2024-11-06 00:51
Platform
android-x64-arm64-20240624-en
Max time network
7s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.187.238:443 | tcp | |
| GB | 142.250.187.238:443 | tcp | |
| GB | 142.250.187.238:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral8
Detonation Overview
Submitted
2024-11-06 00:50
Reported
2024-11-06 00:51
Platform
android-x64-arm64-20240624-en
Max time network
7s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral14
Detonation Overview
Submitted
2024-11-06 00:50
Reported
2024-11-06 00:51
Platform
debian12-armhf-20240221-en
Max time kernel
0s
Max time network
10s
Command Line
Signatures
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /tmp/Recipe.docx | N/A |
Processes
/tmp/Recipe.docx
[/tmp/Recipe.docx]
Network
Files
Analysis: behavioral3
Detonation Overview
Submitted
2024-11-06 00:50
Reported
2024-11-06 01:21
Platform
win10v2004-20241007-en
Max time kernel
1660s
Max time network
1141s
Command Line
Signatures
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
Processes
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\Recipe.docx" /o ""
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | roaming.officeapps.live.com | udp |
| IE | 52.109.76.243:443 | roaming.officeapps.live.com | tcp |
| US | 8.8.8.8:53 | 18.89.109.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 243.76.109.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.28.10:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 26.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | metadata.templates.cdn.office.net | udp |
| GB | 2.18.63.57:443 | metadata.templates.cdn.office.net | tcp |
| US | 8.8.8.8:53 | binaries.templates.cdn.office.net | udp |
| GB | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| US | 8.8.8.8:53 | 57.63.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 143.252.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.210.109.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.12.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.27.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.65.42.20.in-addr.arpa | udp |
Files
memory/3660-0-0x00007FFDCCE10000-0x00007FFDCCE20000-memory.dmp
memory/3660-3-0x00007FFDCCE10000-0x00007FFDCCE20000-memory.dmp
memory/3660-2-0x00007FFDCCE10000-0x00007FFDCCE20000-memory.dmp
memory/3660-4-0x00007FFDCCE10000-0x00007FFDCCE20000-memory.dmp
memory/3660-1-0x00007FFE0CE2D000-0x00007FFE0CE2E000-memory.dmp
memory/3660-5-0x00007FFDCCE10000-0x00007FFDCCE20000-memory.dmp
memory/3660-10-0x00007FFE0CD90000-0x00007FFE0CF85000-memory.dmp
memory/3660-11-0x00007FFE0CD90000-0x00007FFE0CF85000-memory.dmp
memory/3660-9-0x00007FFE0CD90000-0x00007FFE0CF85000-memory.dmp
memory/3660-8-0x00007FFE0CD90000-0x00007FFE0CF85000-memory.dmp
memory/3660-7-0x00007FFE0CD90000-0x00007FFE0CF85000-memory.dmp
memory/3660-6-0x00007FFE0CD90000-0x00007FFE0CF85000-memory.dmp
memory/3660-12-0x00007FFDCA9E0000-0x00007FFDCA9F0000-memory.dmp
memory/3660-14-0x00007FFE0CD90000-0x00007FFE0CF85000-memory.dmp
memory/3660-15-0x00007FFE0CD90000-0x00007FFE0CF85000-memory.dmp
memory/3660-17-0x00007FFE0CD90000-0x00007FFE0CF85000-memory.dmp
memory/3660-18-0x00007FFE0CD90000-0x00007FFE0CF85000-memory.dmp
memory/3660-21-0x00007FFE0CD90000-0x00007FFE0CF85000-memory.dmp
memory/3660-20-0x00007FFE0CD90000-0x00007FFE0CF85000-memory.dmp
memory/3660-19-0x00007FFE0CD90000-0x00007FFE0CF85000-memory.dmp
memory/3660-16-0x00007FFDCA9E0000-0x00007FFDCA9F0000-memory.dmp
memory/3660-13-0x00007FFE0CD90000-0x00007FFE0CF85000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\UProof\ExcludeDictionaryEN0c09.lex
| MD5 | f3b25701fe362ec84616a93a45ce9998 |
| SHA1 | d62636d8caec13f04e28442a0a6fa1afeb024bbb |
| SHA256 | b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 |
| SHA512 | 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84 |
memory/3660-43-0x00007FFE0CD90000-0x00007FFE0CF85000-memory.dmp
memory/3660-44-0x00007FFE0CE2D000-0x00007FFE0CE2E000-memory.dmp
memory/3660-45-0x00007FFE0CD90000-0x00007FFE0CF85000-memory.dmp
memory/3660-46-0x00007FFE0CD90000-0x00007FFE0CF85000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms
| MD5 | 4142f6b83afb5baa2a1324b8301c6e1a |
| SHA1 | 45f2decda6945769d76bef2cfe5eff792b7d9816 |
| SHA256 | 0f622ebb7648f9e63c9ea793bdf3b9aff0ffed11512c10472948ee55fb3b842c |
| SHA512 | 9750d33dc6cf17bc61b36ea9a9d0962f23ef2b5f8c841985d60d69b41f91dd5e05a93385fb55269e4cb22ebacbcb8069e37885b61e7d73d58be26aec9912a6ac |
C:\Users\Admin\AppData\Local\Temp\TCDED99.tmp\iso690.xsl
| MD5 | ff0e07eff1333cdf9fc2523d323dd654 |
| SHA1 | 77a1ae0dd8dbc3fee65dd6266f31e2a564d088a4 |
| SHA256 | 3f925e0cc1542f09de1f99060899eafb0042bb9682507c907173c392115a44b5 |
| SHA512 | b4615f995fab87661c2dbe46625aa982215d7bde27cafae221dca76087fe76da4b4a381943436fcac1577cb3d260d0050b32b7b93e3eb07912494429f126bb3d |
Analysis: behavioral7
Detonation Overview
Submitted
2024-11-06 00:50
Reported
2024-11-06 00:51
Platform
android-x64-20240624-en
Max time network
6s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |