What is fzad.exe?
fzad.exe is usually located in the 'c:\downloads\' folder.
Some of the anti-virus scanners at VirusTotal detected fzad.exe.
If you have additional information about the file, please share it with the FreeFixer users by posting a comment at the bottom of this page.
Digital signatures [?]
fzad.exe is not signed.
VirusTotal report
47 of the 64 anti-virus programs at VirusTotal detected the fzad.exe file. That's a 73% detection rate.
| Scanner | Detection Name |
|---|---|
| Acronis | suspicious |
| Ad-Aware | Trojan.GenericKD.40597479 |
| AegisLab | Trojan.Win32.Generic.4!c |
| AhnLab-V3 | Trojan/Win32.Generic.C2754284 |
| ALYac | Trojan.GenericKD.40597479 |
| Antiy-AVL | Trojan/Win32.Delf |
| Arcabit | Trojan.Generic.D26B77E7 |
| Avast | Win32:Malware-gen |
| AVG | Win32:Malware-gen |
| Avira | HEUR/AGEN.1009436 |
| BitDefender | Trojan.GenericKD.40597479 |
| Bkav | HW32.Packed. |
| CAT-QuickHeal | Trojan.IGENERIC |
| Comodo | Malware@#b6y8aqs74rgf |
| Cybereason | malicious.7a56ca |
| Cyren | W32/Trojan.WEPR-9295 |
| DrWeb | Trojan.DownLoader26.56346 |
| Emsisoft | Trojan.GenericKD.40597479 (B) |
| Endgame | malicious (moderate confidence) |
| ESET-NOD32 | a variant of Win32/Delf.TJJ |
| F-Secure | Heuristic.HEUR/AGEN.1009436 |
| Fortinet | W32/Delf.TJJ!tr |
| GData | Trojan.GenericKD.40597479 |
| Ikarus | Trojan.Win32.Regrun |
| Invincea | heuristic |
| Jiangmin | Trojan.Generic.cqrpc |
| K7AntiVirus | Trojan ( 004f34121 ) |
| K7GW | Trojan ( 004f34121 ) |
| Kaspersky | HEUR:Trojan.Win32.Generic |
| MAX | malware (ai score=100) |
| McAfee | Artemis!BF224547A56C |
| McAfee-GW-Edition | BehavesLike.Win32.Backdoor.vc |
| Microsoft | Trojan:Win32/Tiggre!rfn |
| MicroWorld-eScan | Trojan.GenericKD.40597479 |
| NANO-Antivirus | Trojan.Win32.Delf.fixook |
| Paloalto | generic.ml |
| Panda | Trj/CI.A |
| Qihoo-360 | Win32/Trojan.5a2 |
| Rising | Trojan.Delf!8.67 (CLOUD) |
| Sophos | Mal/Generic-S |
| Tencent | Win32.Trojan.Generic.Pgwg |
| Trapmine | malicious.high.ml.score |
| TrendMicro-HouseCall | TROJ_GEN.R004C0DJB18 |
| VBA32 | BScope.Trojan.Downloader |
| Yandex | Trojan.Agent!FuqPdIjw1f0 |
| Zillya | Trojan.Generic.Win32.38529 |
| ZoneAlarm | HEUR:Trojan.Win32.Generic |
Sandbox Report
The following information was gathered by executing the file inside Cuckoo Sandbox.
Summary
Successfully executed process in sandbox.
Summary
{
"file_created": [
"C:\\Windows\\gaABPi\\nLAuwsOD.tmp",
"C:\\xfpl\\crazy.exe",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\FwFQmYtW\\ojPwIJFk.dll",
"C:\\Windows\\ACxtDalw.dll",
"C:\\ouJrEbQO.txt",
"C:\\Windows\\gaABPi\\XQENWVVw.dll",
"C:\\Windows\\SysWOW64\\I6vMf7Hi8Py.sys",
"C:\\Windows\\YRFEtcu.dll",
"C:\\Windows\\gaABPi\\MAWeccbS.dll",
"C:\\Windows\\System32\\GroupPolicy\\gpt.ini",
"C:\\Windows\\GLDmfsVFY\\wilogon.exe",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\desktop.ini",
"C:\\Windows\\System32\\GroupPolicy\\Machine\\Registry.pol",
"C:\\Windows\\gaABPi\\MYAPRNiT.dll",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\FwFQmYtW\\EiYsuQ.dll",
"C:\\Program Files (x86)\\oFLcWER\\pptxDO.dll",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\desktop.ini",
"C:\\Program Files (x86)\\oFLcWER\\PpSTkvuT.dll",
"C:\\xfpl\\__tmp_rar_sfx_access_check_31297000",
"C:\\Windows\\gaABPi\\pguxrPnk.exe"
],
"file_recreated": [
"C:\\Windows\\gaABPi\\XQENWVVw.dll",
"\\??\\I6vMf7Hi8P",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Firefox.lnk",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Launch Internet Explorer Browser.lnk",
"\\??\\{EF381EA0-4D07-418D-A490-68AF67CE948B}",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Internet Explorer.lnk",
"C:\\Windows\\gaABPi\\MAWeccbS.dll",
"C:\\Windows\\gaABPi\\pguxrPnk.exe"
],
"regkey_written": [
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\I6vMf7Hi8P\\Devname",
"HKEY_CURRENT_USER\\Local Settings\\MuiCache\\2\\52C64B7E\\LanguageList",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\Start Page",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Toolbar\\ShellBrowser\\ITBar7Layout",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartPage2\\ProgramsCache",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Group Policy Objects\\{CFF62D5F-1329-40E2-BFDF-2CCA7911EF1A}Machine\\Software\\Policies\\Google\\Chrome\\EnableCommonNameFallbackForLocalAnchors",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\Local Page"
],
"dll_loaded": [
"C:\\Windows\\system32\\ntshrui.dll",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\FwFQmYtW\\ojPwIJFk.dll",
"ext-ms-win-kernel32-package-current-l1-1-0",
"C:\\Windows\\System32\\mswsock.dll",
"kernel32",
"API-MS-Win-Security-LSALookup-L1-1-0.dll",
"api-ms-win-appmodel-runtime-l1-1-1",
"C:\\Windows\\system32\\sfc_os.dll",
"apphelp.dll",
"LINKINFO.dll",
"DNSAPI.dll",
"Dropped
[
{
"yara": [],
"sha1": "826497146e54ac57481d6b2e84493e2ef567e630",
"name": "de8bba8033b81754_4966EE335F8967FC706E89E6D02E8524E946F1B9",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4966EE335F8967FC706E89E6D02E8524E946F1B9",
"type": "PEM certificate",
"sha256": "de8bba8033b817543741f802bc85f3d0723e7a72f8119b63f341473d196d188d",
"urls": [
"https:\/\/content-signature.cdn.mozilla.net\/chains\/normandy.content-signature.mozilla.org-20180812.prod.chain?cachebust=2017-06-13-21-06"
],
"crc32": "11452584",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/de8bba8033b81754_4966EE335F8967FC706E89E6D02E8524E946F1B9",
"ssdeep": null,
"size": 14087,
"sha512": "9352ba873f3ebaa847a075d9f37527ec58af6366911f28f70c0b037d025d507e6b695e1999fd6294bb1e2ad4f731a176f1763171e46e88ae17031ac53a7de995",
"pids": [],
"md5": "56700a868af7ed3c19530cc8dade1c0e"
},
{
"yara": [],
"sha1": "de286a13db739384c192283db7398aaec66e8c5f",
"name": "9b885fd1f2d6529d_BBwDaSh[1].png",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\BBwDaSh[1].png",
"type": "PNG image data, 16 x 16, 8-bit\/color RGBA, non-interlaced",
"sha256": "9b885fd1f2d6529d25aa24d236963239fb40528571eb08de54d91c22986849b5",
"urls": [],
"crc32": "200E8B15",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/9b885fd1f2d6529d_BBwDaSh[1].png",
"ssdeep": null,
"size": 566,
"sha512": "61bbd07d6efbbc78a3de021865ec4d7070a0692df452fe4d357535a1a7b8c03efa5d4fdb71f5d1e52ddf19c7c45ea6feda33d6291e2d7df3abdee6dc93fefd84",
"pids": [],
"md5": "520aef596056b8455697176297d84760"
},
{
"yara": [],
"sha1": "ddee8ffc26e18188204b63496bdb2d3281ca1e7b",
"name": "f689004ac4f375dc_BB03D28C0A5842A9006EBFBFCDEC58959BE6B505",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\BB03D28C0A5842A9006EBFBFCDEC58959BE6B505",
"type": "PNG image data, 192 x 192, 8-bit\/color RGBA, non-interlaced",
"sha256": "f689004ac4f375dc9134bee6bac516e88c5f30356638e7ed3576c9ddade8cda3",
"urls": [
"https:\/\/www.google.com\/images\/hpp\/shield_privacy_checkup_green_2x_web_96dp.png"
],
"crc32": "BBE43997",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/f689004ac4f375dc_BB03D28C0A5842A9006EBFBFCDEC58959BE6B505",
"ssdeep": null,
"size": 11429,
"sha512": "3e48cbd35ecfb95be6860324c5932b579a2710d912814f4c15c0eb260178bfb65877380d30403212b616bd95e71dda5ef3f83def3fafc9e35b19e57bff501838",
"pids": [],
"md5": "f9337873c07718a2b8413a210eccdbe0"
},
{
"yara": [],
"sha1": "6c6210bc9fc17d562dc534cc86a887b23e562736",
"name": "dcc418a7770384bd_goog-phish-proto.metadata",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-phish-proto.metadata",
"type": "data",
"sha256": "dcc418a7770384bd334020641728a0b3de630b541063318221c9777c408069d2",
"urls": [],
"crc32": "89C3F02D",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/dcc418a7770384bd_goog-phish-proto.metadata",
"ssdeep": null,
"size": 67,
"sha512": "917e795a38debf84a25306122b779ea42429b8db2d8e53cfa0428f368a1ed53b8b0341dd73f2ecb4364efc52418146d53c6be1d9f6d3e7f19fd7eb7b986fa651",
"pids": [],
"md5": "c4665c7a6d597a501392274a599af139"
},
{
"yara": [],
"sha1": "b560eeba4ae76c30fe219d6b2e11925dc0b771fd",
"name": "3dd91ab91f97c64d_f8f5d529d35334f2fb264d19f656224e.png",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\thumbnails\\f8f5d529d35334f2fb264d19f656224e.png",
"type": "PNG image data, 200 x 200, 8-bit\/color RGBA, non-interlaced",
"sha256": "3dd91ab91f97c64d94b9b7876e69372e50e5521ba0b51d62e1fdc5c353f3f8ca",
"urls": [],
"crc32": "A7AC7312",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/3dd91ab91f97c64d_f8f5d529d35334f2fb264d19f656224e.png",
"ssdeep": null,
"size": 7888,
"sha512": "c44097fce41bf8fe7fffac03aee1708b6a74ba18277268832fbea52f6e935bb3623dacfe3f013909035fe6e13f39a55cd5df78a7c903306a62a037d68eee4e4f",
"pids": [],
"md5": "10c538fde10fc86a565ac68e2b5842a1"
},
{
"yara": [],
"sha1": "5c54ad3ff47c6b925e7ac17d361fe0fa60b9181e",
"name": "5525cbf8f8dc41d1_mozplugin-block-digest256.sbstore",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\mozplugin-block-digest256.sbstore",
"type": "data",
"sha256": "5525cbf8f8dc41d19ac632ed324e55293a510ae0eeba16d0e3f33c707aa58a0c",
"urls": [],
"crc32": "96B20E1D",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/5525cbf8f8dc41d1_mozplugin-block-digest256.sbstore",
"ssdeep": null,
"size": 3580,
"sha512": "1f72c01aa332a6e3fc5f966ed2b12534653bcacf2dc242850877961cc4c16ac3bd1846939d56ea6e230a71f336f4b37f67e0070dddb66d57bb51526de52819ca",
"pids": [],
"md5": "d6acf2573e12afdd7939568804d3fcc1"
},
{
"yara": [],
"sha1": "e295398bc917673a58027130791c7cd25b7ee578",
"name": "a8b8b51a6de9745c_ABA24AAB8A9EA0E34C3E86EFD7EE2992CE614003",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\ABA24AAB8A9EA0E34C3E86EFD7EE2992CE614003",
"type": "gzip compressed data, from Unix",
"sha256": "a8b8b51a6de9745c03d483ac32e5f412b1598fa22a9eed482e6746fb0867d8e4",
"urls": [
"https:\/\/report-uri.cloudflare.com\/cdn-cgi\/beacon\/expect-ct",
"https:\/\/www.mozilla.org\/media\/img\/pebbles\/moz-wordmark-light-reverse.cb1bdf6d1de6.svg"
],
"crc32": "3CA78C0E",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/a8b8b51a6de9745c_ABA24AAB8A9EA0E34C3E86EFD7EE2992CE614003",
"ssdeep": null,
"size": 10769,
"sha512": "2b614c467b0892abe89b4696b16815ab8c7448e4ed3d87ee7dea247031f270e9993857cb011b0ac70a5494bd870b8ca812b6b1094755eef0a4c3d9088175ddaf",
"pids": [],
"md5": "b9ced864801eef833cf6904a103cea34"
},
{
"yara": [],
"sha1": "6e8ce5f577447b4cee32cf84b9ad85a2d55c54f8",
"name": "bed3ba3a9966772e_D1A8E6A06938A84BEC26B6A4F8D583FB4A3E4875",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D1A8E6A06938A84BEC26B6A4F8D583FB4A3E4875",
"type": "JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 144x144, frames 3",
"sha256": "bed3ba3a9966772ea920a8d8a58aa1eb36d08fbafb0640d5c636b9edb5e362d9",
"urls": [
"https:\/\/pbs.twimg.com\/card_img\/1007624321815187456\/vCQlSrBV?format=jpg"
],
"crc32": "65BBD78F",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/bed3ba3a9966772e_D1A8E6A06938A84BEC26B6A4F8D583FB4A3E4875",
"ssdeep": null,
"size": 17048,
"sha512": "a89516736a26e55797b8339c99377570c0b3f6b11a4deb94fed624aa46a164e2bf3aedfce10ef5d6da63f7d29c957f7ed302e9e8689c308ca9a74318c914648c",
"pids": [],
"md5": "134b830cedce2ce49f183aa078fa53c8"
},
{
"yara": [],
"sha1": "17a63aedefaaa4721d79da80996fdcf713acca52",
"name": "90c3f004d596aa3c_search[1].htm",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\search[1].htm",
"type": "HTML document, UTF-8 Unicode text, with very long lines, with CRLF, LF line terminators",
"sha256": "90c3f004d596aa3cb62da4f2fe599704099981720239c1b2688f38fcc30fb485",
"urls": [
"http:\/\/www.microsofttranslator.com\/bv.aspx?ref=SERP",
"https:\/\/addons.mozilla.org\/sv-SE\/firefox\/addon\/video-downloadhelper\/",
"http:\/\/cc.bingj.com\/cache.aspx?q=download",
"https:\/\/mozilla-firefox.sv.softonic.com\/download",
"https:\/\/login.live.com\/login.srf?wa=wsignin1.0",
"https:\/\/sv.softonic.com\/t\/webbl",
"https:\/\/play.google.com\/store\/apps\/details?id=org.mozilla.",
"https:\/\/download.cnet.com\/browsers-web\/windows\/",
"https:\/\/download.cnet.com\/apps\/windows\/",
"https:\/\/www.mozilla.org\/sv-SE\/firefox\/",
"https:\/\/addons.mozilla.org\/sv-SE\/",
"http:\/\/schemas.live.com\/Web\/",
"https:\/\/storage.live.com\/users\/0x",
"https:\/\/business.bing.com\/api\/v2\/search\/download?DocumentType=ContactPhoto",
"https:\/\/www.mozilla.org\/sv-SE\/",
"http:\/\/firefox.se\/",
"https:\/\/play.google.com\/store\/apps\/details?id=org.mozilla.firefox",
"https:\/\/www.mozilla.org\/en-US\/firefox\/new\/",
"https:\/\/en.softonic.com\/windows\/web-browsers",
"https:\/\/mozilla-firefox.en.softonic.com\/",
"https:\/\/en.softonic.com\/windows\/browsers",
"http:\/\/help.bing.microsoft.com\/",
"https:\/\/www.mozilla.org\/sv-SE\/firefox\/new\/",
"https:\/\/download.cnet.com\/mozilla-firefox\/",
"https:\/\/download.cnet.com\/browsers\/windows\/",
"https:\/\/www.mozilla.org\/sv-SE\/firefox\/download\/thanks\/?scene=2",
"https:\/\/mozilla-firefox.en.softonic.com\/download"
],
"crc32": "B2B45409",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/90c3f004d596aa3c_search[1].htm",
"ssdeep": null,
"size": 89658,
"sha512": "d5f8d016655717eef4467e6038b8d3d00481bf1799feb691c1bb10c6ff85bc38ffdc5d3aa745b0910d5717302e06bfc97dca870c6b2c0dd342a64be31292e70f",
"pids": [],
"md5": "4acefc5db7f880e85e9147db02ba70bc"
},
{
"yara": [],
"sha1": "f82829d072becc7d19c3160d7d9d939cd31a28f9",
"name": "4d1e6810a3f99743_BBCEEBf[1].png",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\BBCEEBf[1].png",
"type": "PNG image data, 16 x 16, 8-bit\/color RGBA, non-interlaced",
"sha256": "4d1e6810a3f997437997c520fb5d8ce2b37b9e0c1c8923f211624731f43a9611",
"urls": [],
"crc32": "F71E7933",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/4d1e6810a3f99743_BBCEEBf[1].png",
"ssdeep": null,
"size": 672,
"sha512": "237b82f15f1254bed84283ac19b6615273a9f7c01650f2b5a18aae2703a9b86559f5c203d68323839765ceab6d6998bc268940f9d4955f78795cb2797b19b244",
"pids": [],
"md5": "3b1a1f7cfc4f62d990413a73d3fbf9f4"
},
{
"yara": [],
"sha1": "949a811ebaf335260b2e40870bd76fd81442dc60",
"name": "25b5e88730c43acd_AAxeUzm[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\AAxeUzm[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 100x75, frames 3",
"sha256": "25b5e88730c43acde09c1913201713fa9c032b9530e50239deebd6ba6f175744",
"urls": [],
"crc32": "A5B86AA0",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/25b5e88730c43acd_AAxeUzm[1].jpg",
"ssdeep": null,
"size": 1772,
"sha512": "57e472b0473a661ffbd8c3caef2ddb9a6f8b588c4ae7bffba6a589fa98d52292267e93d59bb706304721ce1042cb4bd07da24ea0431feaa0a0c51896a1da5f40",
"pids": [],
"md5": "e1cb2e39352f85ad9ee02268e46ac29b"
},
{
"yara": [],
"sha1": "65c1d7ecd2eabfa9aecc344dbe2c580883eb3d3a",
"name": "c0b7c465250e3055_F85DD1E57E8C61DF501ABFFCE74943A8035E83A6",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F85DD1E57E8C61DF501ABFFCE74943A8035E83A6",
"type": "JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 144x144, frames 3",
"sha256": "c0b7c465250e3055dc9674b4cb7308d1e694aea5f2bad038c93474604c0eb5dd",
"urls": [
"https:\/\/pbs.twimg.com\/card_img\/1004813282052624384\/tMFxMV2U?format=jpg"
],
"crc32": "8600EBA9",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/c0b7c465250e3055_F85DD1E57E8C61DF501ABFFCE74943A8035E83A6",
"ssdeep": null,
"size": 13061,
"sha512": "fa7d4e5863d3832017863c798231178a61b83a3b2c90100d0bc3f62ba10bb1be7e0d0cb4d20b2f08fbd0ce724e14aaaca3269a8dc538c330e7867ff20bba863b",
"pids": [],
"md5": "f229a5163d83b3403e27670bf73598dd"
},
{
"yara": [],
"sha1": "4288e8ee149f61ec4962f4471665e8ddea5a90c3",
"name": "b713c4c0657d1667_B25B8C1B43CF7FBFAE6666322FAC0E83376388E2",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B25B8C1B43CF7FBFAE6666322FAC0E83376388E2",
"type": "data",
"sha256": "b713c4c0657d1667aaf29383e0383d5d10deece4779d0e03f05c0c0fd72f46bf",
"urls": [
"https:\/\/www.google.com\/complete\/search?client=firefox"
],
"crc32": "C13FC2C4",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/b713c4c0657d1667_B25B8C1B43CF7FBFAE6666322FAC0E83376388E2",
"ssdeep": null,
"size": 7036,
"sha512": "f1d56af4374595a9b34d0178a4932a4acc460161c59003d955f3e9463798450f68bb2531e2bbe0ae9a157a743334e5e0b82e2785657a4be9b790fd1a37307eb5",
"pids": [],
"md5": "59641362501f7a6e5abe8b30f12e5e7c"
},
{
"yara": [],
"sha1": "bb7448c3b086032c1068d09ab4d528ba829fcb3d",
"name": "a1104424e8a7127e_4EC268BEC38CFB516EF780E0EBE4E401AF241132",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4EC268BEC38CFB516EF780E0EBE4E401AF241132",
"type": "data",
"sha256": "a1104424e8a7127e80c04df891b5ac2bffa9dd21465142abd860e6aa9fa78dc0",
"urls": [
"https:\/\/www.google.com\/url?sa=t"
],
"crc32": "D227BC9C",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/a1104424e8a7127e_4EC268BEC38CFB516EF780E0EBE4E401AF241132",
"ssdeep": null,
"size": 7246,
"sha512": "6b369b498b6b3655532943eb828efb6112f7898edbd3095acefcb32c6a3f75f1b91959f42036e3d7e22b45850913e0439813aad2e299f23c7cde4254a0832db3",
"pids": [],
"md5": "71f579288ef0a58f3ae501d94a3db265"
},
{
"yara": [],
"sha1": "ea62ba4e23a0e50ee75fcd2080d5a20a353aa1ea",
"name": "38857b9dd94ae01e_AAyHPKF[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\AAyHPKF[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames 3",
"sha256": "38857b9dd94ae01e1069ef698e680483968520e914355e28d2511f9add5988e1",
"urls": [],
"crc32": "FD913E8A",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/38857b9dd94ae01e_AAyHPKF[1].jpg",
"ssdeep": null,
"size": 14428,
"sha512": "b656bf2b5942aaf7524f449452db99cf417fad64069953f5b370ac6d803acdb7953b54f358fab3671258cbf81b6a15c4dc9a0cf92c1cf0658bbcdeb7a34cac11",
"pids": [],
"md5": "7ae0be475699d2f35ff84eec92690fe0"
},
{
"yara": [],
"sha1": "72b065c375c5aabf080b246cbd688c353c3aef37",
"name": "f24a90531875a365_AAmVof7[1].png",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\AAmVof7[1].png",
"type": "PNG image data, 16 x 16, 8-bit\/color RGBA, non-interlaced",
"sha256": "f24a90531875a3658bed4c23cc9b57125c7305348c4007e31eaa10d06de900f5",
"urls": [],
"crc32": "06003C77",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/f24a90531875a365_AAmVof7[1].png",
"ssdeep": null,
"size": 546,
"sha512": "e799e7fccfd1dfb35f869d42b7e65df052b4b27702449bd351707365c21d0542fb4cc0601cca6cfb41c36f6b7fedca18a4c927d37fd595e4c6137c5da39aa98c",
"pids": [],
"md5": "2d6061a536f550123d028166b386f2e8"
},
{
"yara": [],
"sha1": "c6e2ea314bc488fddf2cbc154184776813609064",
"name": "0b804efbb74f86f0_AAyGfyg[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\AAyGfyg[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 311x333, frames 3",
"sha256": "0b804efbb74f86f0d8b38b2ae4a08575a1d8ccb336e1fb1d9d076b9d68a193ef",
"urls": [],
"crc32": "E5C33E86",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/0b804efbb74f86f0_AAyGfyg[1].jpg",
"ssdeep": null,
"size": 14176,
"sha512": "11e95c539791cdbbccb30dc3fde24522a78f5b7a6a7f57bb692c02d01acdeaaadc92e081649fa25a465f90cf9b5206eb75afa230199105d363a8a6ba69f74572",
"pids": [],
"md5": "6b2de43994d23b0073f4bc06a63ad2b9"
},
{
"yara": [],
"sha1": "a2be372deb2dcf5212fbb5bf5cc636973365fc68",
"name": "9b1cb63eaa8ebbbc_AAyGa2y[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\AAyGa2y[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 311x333, frames 3",
"sha256": "9b1cb63eaa8ebbbc8924f8baa6bdb9d3e5c055a4a9def593e8c6097c47ab90e6",
"urls": [],
"crc32": "D6A6BCD6",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/9b1cb63eaa8ebbbc_AAyGa2y[1].jpg",
"ssdeep": null,
"size": 27577,
"sha512": "7d76ef83bd66b4f681441f4d1b91b14a32082d483ae5eb60cafd209c097a429a1aa57cd377dffd051037e730a5d6f276771d7f4d7e2389a15071ac21f2be3d54",
"pids": [],
"md5": "73edbfb0d9b2327b3239db67e76cb6b9"
},
{
"yara": [],
"sha1": "a76e9f9c71cd122fb5eac11c5cfc3da04ac8d55d",
"name": "826ab0c3a1e71d7b_cuck@bing[1].txt",
"filepath": "C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\cuck@bing[1].txt",
"type": "ASCII text",
"sha256": "826ab0c3a1e71d7b1eafb232315e47ef904d1a367987ddcebd59a2eaf86072b0",
"urls": [],
"crc32": "AAC68FA8",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/826ab0c3a1e71d7b_cuck@bing[1].txt",
"ssdeep": null,
"size": 664,
"sha512": "d8bf6c32ba5210826873681986812567e4e8d49120f05160b1f41524fe5e9f4a10875137d5ddad348b2cee94353c3b519e3b2630f0cc723144ee807953017c38",
"pids": [],
"md5": "8cf7edf39d0588428133067b8e447a0e"
},
{
"yara": [],
"sha1": "554e2133a1417d94ce97b3bf0f615ce8fe2af189",
"name": "92e53b43607f7497_AAywSGf[1].png",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\AAywSGf[1].png",
"type": "PNG image data, 16 x 16, 8-bit\/color RGBA, non-interlaced",
"sha256": "92e53b43607f7497edbfd64da1d290fb3339375b6e3685ee97add98f641e83b3",
"urls": [],
"crc32": "AE40C017",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/92e53b43607f7497_AAywSGf[1].png",
"ssdeep": null,
"size": 740,
"sha512": "5c6b3e98e3e96f21d9ad16cbb1bf2bfd73601e38c02235bc5301025dc2b8aff95a25981dc0b1aecc452a57e548b7fc33dbefb18df3d5ff5d27233df25e33086c",
"pids": [],
"md5": "89bda12584ba98beeffab320d820ef2d"
},
{
"yara": [],
"sha1": "ff154f9e661e4e4fdd4e9cb5232b5c576b7b7b9d",
"name": "039ef9bd3c777521_C7BCCD2D2CA294B38AE834D818CF5D5C0C7A65BE",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\C7BCCD2D2CA294B38AE834D818CF5D5C0C7A65BE",
"type": "gzip compressed data, from Unix",
"sha256": "039ef9bd3c77752186792ae710098c97f328002b040e40b37751b02d09b2c9b8",
"urls": [
"https:\/\/www.mozilla.org\/media\/img\/favicon.d4f1f46b91f4.ico",
"https:\/\/report-uri.cloudflare.com\/cdn-cgi\/beacon\/expect-ct"
],
"crc32": "46EE65C1",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/039ef9bd3c777521_C7BCCD2D2CA294B38AE834D818CF5D5C0C7A65BE",
"ssdeep": null,
"size": 11017,
"sha512": "7746e41ca29fa43758b45134dafb29fa8039496d1bfe31ca4849ba5d7d2af75fdd74f33d10528f712ed2f69ca9e7f3a3394e18df915de28520c1ae82bb13a74b",
"pids": [],
"md5": "2d8798750a20c73628ffd3ca3274dba2"
},
{
"yara": [],
"sha1": "c93a6e6d6f5cb799700a0c3afbf1966a0426afb1",
"name": "5ff0c822ce892bae_gtm-snippet.9f9cf2026c5f[1].js",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\gtm-snippet.9f9cf2026c5f[1].js",
"type": "ASCII text, with very long lines, with no line terminators",
"sha256": "5ff0c822ce892bae85ca52c2616f7603787fffd8c072a886a2607e0f630ce730",
"urls": [],
"crc32": "C7EACCBE",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/5ff0c822ce892bae_gtm-snippet.9f9cf2026c5f[1].js",
"ssdeep": null,
"size": 514,
"sha512": "305c776b1898ee46d7f249b316d8f601a3203af610f362c9585c9913a08d3695ce79b4e78934390c6d25f051c86d6a0db6f1574329f74835cacacc1d048c9633",
"pids": [],
"md5": "9f9cf2026c5fcad6af9f12a2e861ffda"
},
{
"yara": [],
"sha1": "f814d1ff5fe7d088d430979bf3ed0912c9e94ad5",
"name": "fc75896f678b8679_a7-b05f22[1].txt",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\a7-b05f22[1].txt",
"type": "UTF-8 Unicode text, with very long lines",
"sha256": "fc75896f678b867958e2ae5e125ab0960deffef9055b29c66bbeb91343a64201",
"urls": [
"https:\/\/www.microsoft.com\/mwf\/_h\/v2.77\/mwf.app\/fonts\/mwfmdl2-v2.77.ttf",
"https:\/\/www.microsoft.com\/mwf\/_h\/v2.77\/mwf.app\/fonts\/mwfmdl2-v2.77.woff",
"http:\/\/img-prod-cms-rt-microsoft-com.akamaized.net\/cms\/api\/am\/imageFileData\/RE1LLAb",
"https:\/\/www.microsoft.com\/mwf\/_h\/v2.77\/mwf.app\/fonts\/mwfmdl2-v2.77.svg"
],
"crc32": "FC4A15B6",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/fc75896f678b8679_a7-b05f22[1].txt",
"ssdeep": null,
"size": 149133,
"sha512": "90b11673a015511b1e9b8fa3e6c0ea928244f3cee32af7cf4dd79b7210014255353235934841b85b803174a845af1c019da406a08b0ee674643ab1a747ab8a94",
"pids": [],
"md5": "c425709794e096b6d585bcdeea519df1"
},
{
"yara": [],
"sha1": "f0666504659b4b2d82f0b9e751db49f3b4a3e440",
"name": "74421e995f9c5bdd_EA9C51236A8D1BE9B123FE65F49772A97F2EAAEC",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\EA9C51236A8D1BE9B123FE65F49772A97F2EAAEC",
"type": "gzip compressed data, from Unix",
"sha256": "74421e995f9c5bddd5b198a33f6a8c9bf03ed64736e2998f9032eab4f2296baf",
"urls": [
"https:\/\/accounts.firefox.com",
"https:\/\/accounts-static.cdn.mozilla.net\/bundle-7ca432f78deff0314215bd9383f78d6bf4618498\/head.bundle.js"
],
"crc32": "97B35362",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/74421e995f9c5bdd_EA9C51236A8D1BE9B123FE65F49772A97F2EAAEC",
"ssdeep": null,
"size": 9717,
"sha512": "ee9b77b5e496a33b23d29313d980708d505b7a838162aa2a8af9b8289d72bc93070e3376d32cc8b81a9ea8c8e0c83c0b1e379371ca600a6e4dfd91fe23297831",
"pids": [],
"md5": "a048951dc0e94880fa3774def3a919b1"
},
{
"yara": [],
"sha1": "8711844a41a4ace77ba0a01a4d3af2b2e59e6a75",
"name": "23d108134bed6099_test-malware-simple.sbstore",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-malware-simple.sbstore",
"type": "data",
"sha256": "23d108134bed6099793f7dd6b8b6e62081ec3b945efdbc7c5e0e779fd9b82f98",
"urls": [],
"crc32": "CAE3DB42",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/23d108134bed6099_test-malware-simple.sbstore",
"ssdeep": null,
"size": 232,
"sha512": "9344ca1456e1e74a4dac833e0af55db9730f8ab2954a855b4a775a938b2055c86eff367f25bae80f2ffea45acebade10a8347add18222e715620dd864f2d8e4f",
"pids": [],
"md5": "3675254e341df799d4307c1f59109185"
},
{
"yara": [],
"sha1": "bb626f1aeb7b38cfa78536871a239bd9a5de6b26",
"name": "c188196542d5829a_D7152E928865BCA4A03E2E2EA4F70459D0A65CA9",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D7152E928865BCA4A03E2E2EA4F70459D0A65CA9",
"type": "data",
"sha256": "c188196542d5829a97eebedb99ee83c622b249137ad90420f5bb6429f78ceedc",
"urls": [
"https:\/\/www.google.com\/gen_204?atyp=i"
],
"crc32": "BE8B3242",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/c188196542d5829a_D7152E928865BCA4A03E2E2EA4F70459D0A65CA9",
"ssdeep": null,
"size": 6894,
"sha512": "2e3e9b4f93051bf2f1f99579e2fd3d560dd8e9d324fa78103c2f1a1fcd27a969059f3231523422250cf22754e553d05bd54b48ad10682be0969b3e9688f7d61e",
"pids": [],
"md5": "7bb3b1f1aee1bf5c927ae40e85d9dc3f"
},
{
"yara": [],
"sha1": "b53bba4a41a11998a94a98138a4fb17bf76796d4",
"name": "ed21305beaade99b_gpt.ini",
"filepath": "C:\\Windows\\System32\\GroupPolicy\\gpt.ini",
"type": "ASCII text, with CRLF line terminators",
"sha256": "ed21305beaade99ba1f97ba2dfddcd6701c70e9fe08415aafeb759b53694571c",
"urls": [],
"crc32": "4282BA9D",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/ed21305beaade99b_gpt.ini",
"ssdeep": null,
"size": 127,
"sha512": "a9c634e4995b39ecbbb161c189cd7cfd5333413e81ad326ade39bde78edc658be98c7938f7300076516ce21917e98f14e329edfec61fe4b6361b60b3e89ce371",
"pids": [
2628
],
"md5": "e12324acf507ace937b7fec19e97d9ae"
},
{
"yara": [],
"sha1": "9e9b61af1ab363f0e426073901afd86fbe42983a",
"name": "ff02de9a3c6901b8_46045091[1].js",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\46045091[1].js",
"type": "ASCII text, with very long lines, with no line terminators",
"sha256": "ff02de9a3c6901b8d3725cf4bda13b0d0696f8c18bae4ca79697b1d824f4541a",
"urls": [],
"crc32": "51646AD3",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/ff02de9a3c6901b8_46045091[1].js",
"ssdeep": null,
"size": 6770,
"sha512": "78b2f9bfd1211111d658a0de3a3f0800cac6d60637e36f6cfce4f5a8ba337e6e02804c85d4304f2082030500f9b1a8bea7a66a41f454f5f0bd553abecf69311e",
"pids": [],
"md5": "bf75022b4d92e10bdb415f6c5b33d72c"
},
{
"yara": [],
"sha1": "f1c391ffc76b25f0073fa7dcee0190293651c7d9",
"name": "d73f7d01a95b7ecc_icon-check.c3513ac1f0bf[1].svg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\icon-check.c3513ac1f0bf[1].svg",
"type": "ASCII text, with very long lines",
"sha256": "d73f7d01a95b7ecc5deba1fbc913e7ad40a4a0c324629721004dfda129b5edd8",
"urls": [],
"crc32": "A4134264",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/d73f7d01a95b7ecc_icon-check.c3513ac1f0bf[1].svg",
"ssdeep": null,
"size": 365,
"sha512": "0e5da7132c93edd061d3a0ffcef7c57ffdce7c77d8beddac383aa4dcf46ce4e09b0ac06b3144e263da71d3be6f0db3a1405d5abf9a73a9f699726e23a40c7669",
"pids": [],
"md5": "c3513ac1f0bfc133ab9e91779c03020e"
},
{
"yara": [],
"sha1": "9a0d9252829b5202d72e4f5798e008d35ac1a373",
"name": "6a45ae581fe0ed39_361B548BA913570AB336F9E5FA9152F01E567AB9",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\361B548BA913570AB336F9E5FA9152F01E567AB9",
"type": "gzip compressed data, from FAT filesystem (MS-DOS, OS\/2, NT)",
"sha256": "6a45ae581fe0ed393fb26f1027a721b8a326bcfd22fc26646cd72a4895027482",
"urls": [
"https:\/\/apis.google.com\/_\/scs\/abc-static\/_\/js\/k=gapi.gapi.en.mi8SElW72Gs.O\/m=gapi_iframes"
],
"crc32": "5EE0B619",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/6a45ae581fe0ed39_361B548BA913570AB336F9E5FA9152F01E567AB9",
"ssdeep": null,
"size": 57974,
"sha512": "d49ab89a18ec2d58a1974338af67a51e4aa3c84d75f2e92c537b0e3cfd8935c186e396bf22789b0601b1e5d80274cac0df96719e9f0e8dd1816b1c7402581340",
"pids": [],
"md5": "35744ec62e7f67b09b15fe5f05a47cf8"
},
{
"yara": [],
"sha1": "8a40cff98f8ec719256310f2518ff3b4adba2bb9",
"name": "21731409ac151552_AAyHdgG[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\AAyHdgG[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x194, frames 3",
"sha256": "21731409ac151552ace3287f7167e66a320400445c0b9a02fe1cfbf0a6ad04cc",
"urls": [],
"crc32": "20776A2C",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/21731409ac151552_AAyHdgG[1].jpg",
"ssdeep": null,
"size": 6797,
"sha512": "3d02e2e4c59be0d9186d2b6417b374fa63fb143c08dfa1eaef79b4a9da08dfccdd8216560b87b67b8d0057d9387607b1dc45099b5e59d4fb3a4f9a24b9d1d173",
"pids": [],
"md5": "c234941d636a77ed754cbf67e937c635"
},
{
"yara": [],
"sha1": "317bb49614353dc55da4ace0e89a5c1458ea6ec5",
"name": "593f2d9272540e98_AAyG5Kq[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\AAyG5Kq[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 100x75, frames 3",
"sha256": "593f2d9272540e98e4e4d0ea0577d5ca92501a213010c3e872a41b5c5ace770b",
"urls": [],
"crc32": "76EEC09B",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/593f2d9272540e98_AAyG5Kq[1].jpg",
"ssdeep": null,
"size": 2775,
"sha512": "895f452a9de06947cbef9d11bbd414c2121eee6dac0c6bbd460c33224e9ddf77b07a7c064b12d3c2119fa74af26ff3df020514a1d162c0e0b67fb586276167ff",
"pids": [],
"md5": "56860d5dadbdf4dbaf4624d7ddb1e7fc"
},
{
"yara": [],
"sha1": "6f1d8b137265f8e25382a8eb5486d32b11532d9f",
"name": "5395e92f85135ea1_billboard-healthy-internet.4c6fc8ad55a2[1].png",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\billboard-healthy-internet.4c6fc8ad55a2[1].png",
"type": "PNG image data, 346 x 346, 8-bit colormap, non-interlaced",
"sha256": "5395e92f85135ea10609cd1ca30e3827a2be87030eee364637e6641b8a073bdf",
"urls": [],
"crc32": "9D0A0CED",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/5395e92f85135ea1_billboard-healthy-internet.4c6fc8ad55a2[1].png",
"ssdeep": null,
"size": 25851,
"sha512": "59b4e48871ea8e786f3505715b76d73454052e8b8de949ad5bf97b0a25c8a653f150aacde4a44c06480f8a53526911c5a673f77d44355839fa534e6545a7e380",
"pids": [],
"md5": "4c6fc8ad55a2516dfb01d5ac8dc51ad3"
},
{
"yara": [],
"sha1": "b2285f713d862c52abcf83a5f5ad19fcadac5c6a",
"name": "00026f50b09ca0c9_+y9kS89rNtiGKjMEHYfd8A==.ico",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\jumpListCache\\+y9kS89rNtiGKjMEHYfd8A==.ico",
"type": "MS Windows icon resource - 1 icon, 32x32",
"sha256": "00026f50b09ca0c9b4d293a089ad2d9ee60527ed142b1345ab17dd38564335a8",
"urls": [],
"crc32": "AC8BFFCC",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/00026f50b09ca0c9_+y9kS89rNtiGKjMEHYfd8A==.ico",
"ssdeep": null,
"size": 1156,
"sha512": "7fe3f3a212c131a7b7e416d211c547869e56baeb5807d5968361efab06471f2bef8c75411964288ef3cca17b238efd8461690639361ab230c81085d95a8a78dd",
"pids": [],
"md5": "52f35e46aeac70b21076088cb0d457dd"
},
{
"yara": [],
"sha1": "2ed8c14bbe1bb11c9f34a6b3c95fd7873e403609",
"name": "4189cd29dd1588d8_wordmark-dark.731d4dab7347[1].svg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\wordmark-dark.731d4dab7347[1].svg",
"type": "HTML document, ASCII text, with very long lines",
"sha256": "4189cd29dd1588d85a7429070c0f1dbde4731b74b224646e6f6d23dde46a817d",
"urls": [],
"crc32": "B98211EB",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/4189cd29dd1588d8_wordmark-dark.731d4dab7347[1].svg",
"ssdeep": null,
"size": 1342,
"sha512": "a96a826f3da7c1cc6ab7f0d7bd0d61b6315882245cf8741e4d3606fba1ae1325afa5a51506d5d814d9c7a61807c395aff5c107058dbcb0d2e5ec4005559f7fde",
"pids": [],
"md5": "731d4dab7347faecee08d25443f2fc97"
},
{
"yara": [],
"sha1": "163f7f065c32060bf4e9edd14c06a3ac916f38fd",
"name": "51737b2978791a07_aYQRqY9_c25EZAuNdfxxAA==.ico",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\jumpListCache\\aYQRqY9_c25EZAuNdfxxAA==.ico",
"type": "MS Windows icon resource - 1 icon, 144x144",
"sha256": "51737b2978791a07263a7005926e54e2d760d65562778db1d2ccc7b2a2211fae",
"urls": [],
"crc32": "282AA222",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/51737b2978791a07_aYQRqY9_c25EZAuNdfxxAA==.ico",
"ssdeep": null,
"size": 6829,
"sha512": "3a793a9f057c908cd3bd0be5150d44c508da993192ab3283691b55ea0c3bb2e1b719ca69e35108e50e31cb0031eac8058f1747c24542c04f2595425810530db7",
"pids": [],
"md5": "d2a6c2aba87322a8ab17ce444f0f4c99"
},
{
"yara": [],
"sha1": "3a79fd87fd55c08b50c1b69c4e1bdd0e1aa478d3",
"name": "e71607ad48e623dd_9BA38CD17924C08AD334BFB3903E3E7CD5627B1B",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\9BA38CD17924C08AD334BFB3903E3E7CD5627B1B",
"type": "data",
"sha256": "e71607ad48e623dd193f971b17295a74ae6d4183345c06bed2b74358b7c12f32",
"urls": [
"https:\/\/www.google.com\/complete\/search?client=firefox"
],
"crc32": "69BB478E",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/e71607ad48e623dd_9BA38CD17924C08AD334BFB3903E3E7CD5627B1B",
"ssdeep": null,
"size": 7020,
"sha512": "854cd19b381f2a94236322388cb5aee8e1e3fd4480443c3616def30e5968d057c33fd1fda6058f25720cd3ab8336785d7bd3da29b50bdb7c115b3c4a179d80af",
"pids": [],
"md5": "90ec65cf2ee4b08179ccdff9317a3205"
},
{
"yara": [],
"sha1": "305e998d444d49b8af24471cc91ddcfc21237f24",
"name": "40870490f95f538d_AAyvDNg[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\AAyvDNg[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 100x75, frames 3",
"sha256": "40870490f95f538d75fcfe6f9e842806b5c026d9c744157fe23150310f534f68",
"urls": [],
"crc32": "0CA36073",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/40870490f95f538d_AAyvDNg[1].jpg",
"ssdeep": null,
"size": 2434,
"sha512": "45c95f927feb42fa1d9d6aefac15803138abe53ac7d58ed27e945fa5d93fde71dc3d7832b7727e002b98b193414434043f18b612e27fe8ca97957600ae503992",
"pids": [],
"md5": "cf3372ebafe1c3c707a12a0d622a08aa"
},
{
"yara": [],
"sha1": "ba085b2a76eeb0496b49987c29463806100b41d3",
"name": "442548244b42042f_911B0C61350C012E383F7D0845A33B4D64F1AD2A",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\911B0C61350C012E383F7D0845A33B4D64F1AD2A",
"type": "data",
"sha256": "442548244b42042ff8694cb2bfb5c85a7afe6ac92efac094bea24b04b45b19fe",
"urls": [
"http:\/\/ocsp.digicert.com\/"
],
"crc32": "E4F43D07",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/442548244b42042f_911B0C61350C012E383F7D0845A33B4D64F1AD2A",
"ssdeep": null,
"size": 1304,
"sha512": "32e49006f3e20fbe73e9047376be48c19c3cf0bde4ba26dddfafa7f3fe1594b1557596e8f05b2058bf19c5583715b267a92f5653d4e77ebd6ca0518a462ae27a",
"pids": [],
"md5": "3bc442e19cc8985a8ebeec056e880d6a"
},
{
"yara": [],
"sha1": "2454e1c4d24c46738286d47a19f3ffa6465a5a9c",
"name": "405effb59622c9f6_B871BCA40A90227E35C39797525C79C94A1D99BE",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B871BCA40A90227E35C39797525C79C94A1D99BE",
"type": "data",
"sha256": "405effb59622c9f6740b4f9504527f1505b8a1e6a539f94c5cf6023a8e3e9456",
"urls": [
"http:\/\/ocsp.digicert.com\/"
],
"crc32": "D52F5A88",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/405effb59622c9f6_B871BCA40A90227E35C39797525C79C94A1D99BE",
"ssdeep": null,
"size": 1304,
"sha512": "e30adcb0a674b610332bf63150fe470b363873963bf711707e923f0b15967108e8b9e8d5bce7a36f823853b58f8c4d4b1cb98d2b38711e39664843dab1e47902",
"pids": [],
"md5": "aafce432d8db88fc7bfa2ad0b1d5fb57"
},
{
"yara": [],
"sha1": "f3c83ad46805a2c9bea74e84d892ff6b14109da5",
"name": "ea195e97861d6d7c_5910B209536948818F465D83D2569E7CE0895207",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\5910B209536948818F465D83D2569E7CE0895207",
"type": "data",
"sha256": "ea195e97861d6d7c7d5875c557eca645c2f7b0a4fd7cb5e180d30db2ab05bfc0",
"urls": [
"https:\/\/www.google.com\/complete\/search?client=firefox"
],
"crc32": "3067C47F",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/ea195e97861d6d7c_5910B209536948818F465D83D2569E7CE0895207",
"ssdeep": null,
"size": 7020,
"sha512": "279c5902e8af91c5188e04c0399bfd631605361ef412b3bd206ffae04202c8fa88611d5795fadb25e641bf4413111efb7713c8f7cd68624e307ef3d66611ee70",
"pids": [],
"md5": "24a31955c9fb2662ee0ecf36312bdb19"
},
{
"yara": [],
"sha1": "f06c898f69a8cd3b6f5d4eeebe04b518fdbc26e5",
"name": "bf57bfe0885a55f9_63FFF734326AB3EF836515DFE9353A5E12B66B71",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\63FFF734326AB3EF836515DFE9353A5E12B66B71",
"type": "data",
"sha256": "bf57bfe0885a55f9a949ee4bb756f613c3d75b4af30acd78bde564aa69c1d5af",
"urls": [
"http:\/\/ocsp.pki.goog\/GTSGIAG3"
],
"crc32": "B281E183",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/bf57bfe0885a55f9_63FFF734326AB3EF836515DFE9353A5E12B66B71",
"ssdeep": null,
"size": 1150,
"sha512": "29ffd3378a4cac3c9fe6151e598cd440923069822b304d1e1540c97157701730017fd50a43a002c5b4d49cc8cac832a81d016f3e5fcc41337424f4e27f086231",
"pids": [],
"md5": "383cbb317f69acb03b640a708a4a79cd"
},
{
"yara": [
{
"meta": {
"description": "(no description)"
},
"name": "LnkHeader",
"offsets": {
"guid": [
[
4,
0
]
],
"signature": [
[
0,
1
]
]
},
"strings": [
"ARQCAAAAAADAAAAAAAAARg==",
"TAAAAA=="
]
}
],
"sha1": "87a12ca6aa15db2ceb274e0d6ef5b10d16e6ddee",
"name": "a44b2adac06bbe7b_internet explorer.lnk",
"filepath": "C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Internet Explorer.lnk",
"type": "MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Has command line arguments, Archive, ctime=Sun Nov 21 02:25:08 2010, mtime=Sun Nov 21 02:25:08 2010, atime=Sun Nov 21 02:25:08 2010, length=673040, window=hide",
"sha256": "a44b2adac06bbe7b31d6be768484c5360032d81807ba792d72763a41ae8c447f",
"urls": [],
"crc32": "0EC6CC90",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/a44b2adac06bbe7b_internet explorer.lnk",
"ssdeep": null,
"size": 1549,
"sha512": "205ee51b17b228a2ce8fc74337c1c0a8f3254f22c660000eddfb3a71429239143707ec5c95e07f1e5fb111c58a1120533fa904ff1f4665e8582dceb153bf4238",
"pids": [
2628
],
"md5": "927e817d86ca28ed12455531727cdcbc"
},
{
"yara": [],
"sha1": "d4a7e24202d9afc71e67f0a9bb276b2d5516eb44",
"name": "f12737dad390e1c6_FDC043D6190638980733E805CC7517F27A931511",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\FDC043D6190638980733E805CC7517F27A931511",
"type": "data",
"sha256": "f12737dad390e1c64f93a1a94de7121d6bce478d8e232baa5c809c9c241400af",
"urls": [
"http:\/\/ocsp.pki.goog\/GTSGIAG3"
],
"crc32": "4D3133C9",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/f12737dad390e1c6_FDC043D6190638980733E805CC7517F27A931511",
"ssdeep": null,
"size": 1150,
"sha512": "8621a97de15a6444b3ef15e7008286226732c6b03c0012b434679855c763ab10a40b3743b956713f0c2504f9610a5226fd9e55b89962ce1117adfe4fb15896b5",
"pids": [],
"md5": "c36eb4f283d4eb9660564d79c95267bc"
},
{
"yara": [],
"sha1": "cc16ab1387546f27a4cf1d9ce5315dde1ec4bce0",
"name": "71c79e952ec006ab_E7EAFD1748127CEAA48DCDD05E7998E3CAA95B8C",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\E7EAFD1748127CEAA48DCDD05E7998E3CAA95B8C",
"type": "gzip compressed data, from Unix",
"sha256": "71c79e952ec006ab5b2f94e3942506c2ec35123de7bc37edf2afea1f015b57e8",
"urls": [
"https:\/\/report-uri.cloudflare.com\/cdn-cgi\/beacon\/expect-ct",
"https:\/\/www.mozilla.org\/media\/img\/firefox\/firstrun\/sync\/sync-devices-icons-anim.b1539dd40ed3.svg"
],
"crc32": "DD0DC21A",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/71c79e952ec006ab_E7EAFD1748127CEAA48DCDD05E7998E3CAA95B8C",
"ssdeep": null,
"size": 16653,
"sha512": "3ff8b63bf5cd686f7b29a81c459f2d4cc1f48865d5a132a3f14f5fd96086df2a91ce1d343f1011c5c94912147412e3a8373bc8785f286d3ad19290032e2c8977",
"pids": [],
"md5": "257784c238f03237cf10655b1b5c84fd"
},
{
"yara": [],
"sha1": "4840ba0fe898fb6b0fdacdb104e992f4f3b09d7d",
"name": "0bf92eb0cf7715f1_AAyDgPJ[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\AAyDgPJ[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 100x75, frames 3",
"sha256": "0bf92eb0cf7715f10ca0acb682b06fa1f078c8be453a7450f668353cda2066b8",
"urls": [],
"crc32": "F102E83D",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/0bf92eb0cf7715f1_AAyDgPJ[1].jpg",
"ssdeep": null,
"size": 3017,
"sha512": "11d623a96545a6c7771b2d1679527ab4f2ca94407fffd0a61aee8c3877d3032524689d14fb2db2d0ec92aea494c176e29c13e345c9c44624e3bda1266f7923a5",
"pids": [],
"md5": "13d63f23366b80f6802979aea49e480d"
},
{
"yara": [],
"sha1": "30a4f7a0d5d02d8419501f389d06d31f55a032d7",
"name": "877f6f24b7c90b61_AAyGk1E[1].png",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\AAyGk1E[1].png",
"type": "PNG image data, 100 x 75, 8-bit\/color RGBA, non-interlaced",
"sha256": "877f6f24b7c90b61531cf650059ee93d5f40a90fef747d50e7f34808c012fe7f",
"urls": [],
"crc32": "0B4B769A",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/877f6f24b7c90b61_AAyGk1E[1].png",
"ssdeep": null,
"size": 21875,
"sha512": "d4a9fc4f8bfa1b94f42f20172242dc56a54ed210aa63993b9d39be3d49eed9609f313681462327ce5010a557e5ab923e1f1a840be8ed98782fa7451d390b6368",
"pids": [],
"md5": "544c6a400df7aa63a6e915334bed20d1"
},
{
"yara": [],
"sha1": "a942b7d5fc3521a9d246d3477ed5c9dfec4cfb94",
"name": "f47d1bf004ada3c6_jslibraries[1]",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\jslibraries[1]",
"type": "ASCII text, with very long lines",
"sha256": "f47d1bf004ada3c697a06999c22582a4d30bd04c334e406542245730c242c836",
"urls": [
"http:\/\/sizzlejs.com\/",
"http:\/\/docs.angularjs.org\/api\/ng.",
"https:\/\/web.vortex.data.microsoft.com\/collect\/v1",
"http:\/\/errors.angularjs.org\/1.5.5\/",
"http:\/\/jquery.org\/license",
"http:\/\/mths.be\/endswith",
"https:\/\/login.microsoftonline.com\/",
"http:\/\/docs.angularjs.org\/api\/angular.element",
"https:\/\/login.microsoftonline.com",
"http:\/\/getbootstrap.com",
"https:\/\/ad.doubleclick.net\/ddm\/activity\/src=6952136",
"https:\/\/cdn.support.services.microsoft.com\/partnerconfig",
"http:\/\/angularjs.org",
"http:\/\/jquery.com\/",
"https:\/\/survey.support.services.microsoft.com\/viewsurvey.html",
"https:\/\/dpm.demdex.net\/id?d_orgid=A5FF776A5245AF830A490D44",
"https:\/\/web.vortex.data.microsoft.com",
"http:\/\/mths.be\/startswith"
],
"crc32": "E1934F5C",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/f47d1bf004ada3c6_jslibraries[1]",
"ssdeep": null,
"size": 499635,
"sha512": "62ca828795636d192793fe04ad6e587418cb45760a2dc044ddc36132392d05710e06d5767c22d89d6fb7008ae876829417729bcfadae5f831ab50df6e1d329e0",
"pids": [],
"md5": "467492458f25bf18f63541e71cd76c69"
},
{
"yara": [],
"sha1": "78467464534adc085bb5556398a4c21cd531a13b",
"name": "7fe622f04ce1a402_urlCache-current.bin",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\urlCache-current.bin",
"type": "data",
"sha256": "7fe622f04ce1a4028240cfe455bb6f3f23cae5a698c86a5b9403b4719118d629",
"urls": [],
"crc32": "23179547",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/7fe622f04ce1a402_urlCache-current.bin",
"ssdeep": null,
"size": 2671,
"sha512": "3c250716c0b0c61bf8de4c07e16e5d6e5842ddafb42a65356d9982b1e38fab3a2e4109b32f983307d55eb4ca90c8a9c3c5e8c9b51086f82a9a977c4baee4c337",
"pids": [],
"md5": "c3a14dfb237fa112d2bfcded0ccb2bd0"
},
{
"yara": [],
"sha1": "3e3ac32e745986eba8aa5e922608602cc06f44eb",
"name": "e5de66f2a5d317da_4E7F371E5CFBFD3AFD85C29D7EEFFFE842B3C777",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4E7F371E5CFBFD3AFD85C29D7EEFFFE842B3C777",
"type": "Web Open Font Format, flavor 65536, length 26256, version 1.0",
"sha256": "e5de66f2a5d317dadf7c2ada0b690fb9c3667d0ba19406ba76158bfd9e67f81f",
"urls": [
"https:\/\/www.python.org\/static\/fonts\/SourceSansPro-Bold-webfont.woff"
],
"crc32": "2DA0F7B4",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/e5de66f2a5d317da_4E7F371E5CFBFD3AFD85C29D7EEFFFE842B3C777",
"ssdeep": null,
"size": 36430,
"sha512": "91b3e8dfe64a49f1beb6d12214e64a8f6141e3640d7a52cb55974871fdaaee82d28f92dd3eedefb4e8ffc4885ae17ac15678a8fdc064f38322b1b954967f73a5",
"pids": [],
"md5": "316e4c9fc16adfb39233dfede5e06a3d"
},
{
"yara": [],
"sha1": "f5554c8bd6342742aa5619b42fc14662897a56c6",
"name": "bdbd9584592bc2fb_AAyGU9t[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\AAyGU9t[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 310x166, frames 3",
"sha256": "bdbd9584592bc2fbf35972c1fadd8c6285057182866795ca4a66e271b49b69e4",
"urls": [],
"crc32": "D0F705DF",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/bdbd9584592bc2fb_AAyGU9t[1].jpg",
"ssdeep": null,
"size": 6235,
"sha512": "94248923e88d96db95734d11b78ebc1b720b2273301d70c82cde1213a2f3c0b596411511bf858bb10330c8af7c785f47a9aba7e7db52dbdb3df70ace6771f883",
"pids": [],
"md5": "ce4777057a499e9bb7c18e45e42ee1e6"
},
{
"yara": [],
"sha1": "777d4b31d86a87bd39937482fc409b0c4b7bc7f4",
"name": "2f73b870bcfd4c2f_698411a98f7f736e44640b8d75fc7100.png",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\thumbnails\\698411a98f7f736e44640b8d75fc7100.png",
"type": "PNG image data, 280 x 190, 8-bit\/color RGBA, non-interlaced",
"sha256": "2f73b870bcfd4c2f2ab7d315cd44431c357fd339238956b4867a0f638f563122",
"urls": [],
"crc32": "8B5E0425",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/2f73b870bcfd4c2f_698411a98f7f736e44640b8d75fc7100.png",
"ssdeep": null,
"size": 15972,
"sha512": "8fd4e9938191dd087ca185566831c226d1c30d64ac6fa5b349ce3e04e9b28fca24deb161a4cf5383eafa42cd025726e956ef74aa35cf4c23ea07de4cdb77d880",
"pids": [],
"md5": "1452d23a79fbd868191d9658b311e0bc"
},
{
"yara": [],
"sha1": "075d3c935e333c1069a395142e6d66c3a8bd8f25",
"name": "91bfd06ad8ced9f8_80C4BD9CF4D3178043F25467076DC8E0EDCA7FA2",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\80C4BD9CF4D3178043F25467076DC8E0EDCA7FA2",
"type": "data",
"sha256": "91bfd06ad8ced9f8731e840ce18cf0b47c78f9ccc234647a557d2745d9d41d8f",
"urls": [
"https:\/\/id.google.com\/verify\/ALh393PUwveXfE5MszrdSsavOX6rcdJobfoa0uyTM-rnzKW1BXSVlUwUdHN6-nLcLEW-fS9a9yokwp5M3nh6uAh_oOvqUfzAy3f_1MxkDC_cAX1yyVFdSw",
"https:\/\/www.google.com\/xjs\/_\/js\/k=xjs.s.sv.3oxjWSK98FA.O\/m=RMhBfe\/am=wCIyGUMA5P8pGEgUsIIRFphAYUA\/rt=j\/d=1\/exm=sx",
"https:\/\/ssl.gstatic.com\/gb\/images\/i1_1967ca6a.png",
"https:\/\/www.google.com\/xjs\/_\/js\/k=xjs.s.sv.3oxjWSK98FA.O\/m=sx",
"https:\/\/www.google.com\/images\/nav_logo242.png",
"https:\/\/www.google.com\/images\/hpp\/shield_privacy_checkup_green_2x_web_96dp.png",
"https:\/\/www.google.com\/images\/branding\/googlelogo\/2x\/googlelogo_color_120x44dp.png",
"https:\/\/www.google.com\/gen_204?atyp=i",
"https:\/\/apis.google.com\/_\/scs\/abc-static\/_\/js\/k=gapi.gapi.en.mi8SElW72Gs.O\/m=gapi_iframes",
"https:\/\/www.google.com\/search?q=download",
"https:\/\/www.gstatic.com\/inputtools\/images\/tia.png",
"https:\/\/www.google.com\/velog\/onb?atyp=i",
"https:\/\/adservice.google.com\/adsid\/google\/ui",
"https:\/\/consent.google.com\/status?continue=https:\/\/www.google.com",
"https:\/\/www.gstatic.com\/og\/_\/js\/k=og.og2.en_US.hAkhwdR_wSU.O\/rt=j\/m=def\/exm=in",
"https:\/\/www.google.com\/xjs\/_\/js\/k=xjs.s.sv.3oxjWSK98FA.O\/m=aa"
],
"crc32": "65156C52",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/91bfd06ad8ced9f8_80C4BD9CF4D3178043F25467076DC8E0EDCA7FA2",
"ssdeep": null,
"size": 91394,
"sha512": "0c23ac9230e959fa418cc2591cd6c34a7a9b39bc854afdac84814509ec12a066fc0f206abc98557c022a45e0e5ab1b03113e6026325b18bf372927d43ed9e9a7",
"pids": [],
"md5": "e57420db16af01114be27bed0d50d5dd"
},
{
"yara": [],
"sha1": "5b5a920e8d09b73bbf8e7b94ba2c7b9169c42cfa",
"name": "11c95d5506a19bb7_application[1]",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\application[1]",
"type": "ASCII text, with very long lines, with no line terminators",
"sha256": "11c95d5506a19bb797d4318026e1e2fb60966579b4aa2bb10572ae27f3daa3cc",
"urls": [
"http:\/\/schema.org\/Thing",
"http:\/\/schema.org\/Organization",
"http:\/\/support.microsoft.com\/library\/images\/support\/",
"http:\/\/schema.org\/ItemList",
"https:\/\/assets.onestore.ms\/cdnfiles\/external\/webcore\/4.19.0\/stylesheets\/WebCore.4.19.0.",
"http:\/\/support.microsoft.com\/library\/images\/support\/en-US\/fixit_launchbanner.png",
"https:\/\/support.microsoft.com\/products\/windows?os=windows-10",
"https:\/\/cdnssl.clicktale.net\/",
"http:\/\/cdn.clicktale.net\/",
"https:\/\/graph.microsoft.com",
"http:\/\/schema.org\/ListItem",
"http:\/\/schema.org\/TechArticle",
"https:\/\/msegceporticoprodassets.blob.core.windows.net\/asset-blobs\/4095088_en_1",
"https:\/\/login.microsoftonline.com\/",
"http:\/\/schema.org\/WPHeader",
"http:\/\/schema.org\/ImageObject",
"https:\/\/support.microsoft.com",
"https:\/\/secure.logmeinrescue-enterprise.com\/Customer\/Code.aspx",
"https:\/\/portal.office.com\/account\/"
],
"crc32": "662E0C26",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/11c95d5506a19bb7_application[1]",
"ssdeep": null,
"size": 355217,
"sha512": "d1784b29aeebda5052eb4ef80e88ba951df5c0ea3d5b04ddfb47372b704802594b6ebf6ceb04350b7ace13562a68a9b9378fbeee2f5c4fae4c60455f8210989a",
"pids": [],
"md5": "6061a8fc3d3eeea13891c987650f5b14"
},
{
"yara": [],
"sha1": "c300a0d06eea5b86ae8005eaf569fbab37ffd1b8",
"name": "119659bf55282557_favicon.e6bb0e59df3d[1].ico",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\favicon.e6bb0e59df3d[1].ico",
"type": "MS Windows icon resource - 2 icons, 16x16",
"sha256": "119659bf552825576de22752033e3ec917dd5301cf7ae6ff56dc247000fe78e5",
"urls": [],
"crc32": "D1E3917B",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/119659bf55282557_favicon.e6bb0e59df3d[1].ico",
"ssdeep": null,
"size": 5430,
"sha512": "10969b226ff85a77bdcbcf5125a203562b37ef0ffcb9eff25ed3f155dddcc226850d0933efe0b4c4b8c0c705728bcc69e4900a5d26a920b21bdbaec619e18c44",
"pids": [],
"md5": "e6bb0e59df3d522c08e799c97ccefbe6"
},
{
"yara": [],
"sha1": "0d0b51737347d236d83f4ec8f694cd7434657ff2",
"name": "997371579a7547de_179F6D8969C48967D77229126C8892C5E40DBC29",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\179F6D8969C48967D77229126C8892C5E40DBC29",
"type": "data",
"sha256": "997371579a7547de36c9ff84087746bf82be735b30d151a4d73b4ea92663e1d4",
"urls": [
"https:\/\/www.google.com\/complete\/search?client=firefox"
],
"crc32": "4D8511F6",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/997371579a7547de_179F6D8969C48967D77229126C8892C5E40DBC29",
"ssdeep": null,
"size": 7030,
"sha512": "fc7a51d0a8981515077ca4f4fe95d3cd631745b89ec9a7eaed7ada380a8bf5a1f93c163221ba920ea0aeca35d297a58f9b3385084c33ad42c39f243bf598fa25",
"pids": [],
"md5": "6427c1653dee1abee01057f87c449954"
},
{
"yara": [],
"sha1": "8c60560b5c2b4fb32c990b6bd6556a8597e56fb3",
"name": "f0f4fb7c822ca340_pguxrPnk.exe",
"filepath": "C:\\Windows\\gaABPi\\pguxrPnk.exe",
"type": "ASCII text, with no line terminators",
"sha256": "f0f4fb7c822ca3405e241d66c355d1e17b950438c5068937abf8fbb740794f16",
"urls": [],
"crc32": "D658FAB1",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/f0f4fb7c822ca340_pguxrPnk.exe",
"ssdeep": null,
"size": 12,
"sha512": "61e47bedbe3e434e732e4f19bd3ff3aebf4dedf02b28a8d014cb48f3c0cd3cc2fef9623cbef326b45cf8024b66e9da601091070f2b57e07c255c0d4ec170f575",
"pids": [
2628
],
"md5": "9dd5388e4a880740f70abffb6a8161e3"
},
{
"yara": [],
"sha1": "9522a0f747c3c4959b68a39f90a954cb11e5ce02",
"name": "b702980889c5cd95_64E75C732D9C3F23724ACEF48E9B6C566BC6D9BE",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\64E75C732D9C3F23724ACEF48E9B6C566BC6D9BE",
"type": "data",
"sha256": "b702980889c5cd95e29f0496e7997ce25dec5ef881ed3d1549ef06f6d565b960",
"urls": [
"https:\/\/ajax.googleapis.com\/ajax\/libs\/jquery\/1.8.2\/jquery.min.js",
"http:\/\/legacy.python.org\/download\/releases\/binaries-1.5\/",
"https:\/\/www.python.org\/dev\/peps\/peps.rss\/",
"http:\/\/www.google.com\/chromeframe\/?redirect=true",
"http:\/\/browsehappy.com\/",
"https:\/\/twitter.com\/ThePSF",
"https:\/\/www.python.org\/static\/js\/libs\/modernizr.js",
"https:\/\/www.python.org\/psf\/codeofconduct\/",
"http:\/\/legacy.python.org\/download\/releases\/binaries-1.3\/",
"https:\/\/ssl",
"https:\/\/cdn.syndication.twimg.com\/widgets\/timelines\/434113224703610882?callback=__twttr.callbacks.tl_i0_434113224703610882_old",
"https:\/\/www.python.org\/static\/opengraph-icon-200x200.png",
"https:\/\/feeds.feedburner.com\/PythonSoftwareFoundationNews",
"http:\/\/legacy.python.org\/download\/releases\/binaries-1.1\/",
"https:\/\/github.com\/python\/pythondotorg\/issues",
"https:\/\/devguide.python.org\/",
"https:\/\/www.python.org\/static\/js\/libs\/masonry.pkgd.min.js",
"https:\/\/ton.twimg.com\/tfw\/css\/syndication_bundle_v1_b6ca60da9b93228ca492958b7d1b0b6a37402f5e.css",
"http:\/\/pyfound.blogspot.com\/",
"http:\/\/planetpython.org\/",
"http:\/\/legacy.python.org\/download\/releases\/src\/",
"http:\/\/plus.google.com\/",
"https:\/\/wiki.python.org\/moin\/PythonBooks",
"https:\/\/mail.python.org\/mailman\/listinfo\/python-dev",
"https:\/\/www.python.org\/",
"https:\/\/docs.python.org\/3\/license.html",
"http:\/\/www",
"https:\/\/platform.twitter.com\/widgets.js",
"https:\/\/platform.twitter.com\/js\/timeline.ea273fcd1d9c409019d7fd379c944daa.js",
"https:\/\/wiki.python.org\/moin\/BeginnersGuide",
"http:\/\/legacy.python.org\/download\/releases\/binaries-1.4\/",
"http:\/\/www.facebook.com\/pythonlang?fref=ts",
"http:\/\/legacy.python.org\/download\/releases\/binaries-1.2\/",
"https:\/\/platform.twitter.com\/css\/timeline.36dc7e02c4fc04be0f4abdb82ed477c1.light.ltr.css",
"https:\/\/pypi.python.org\/",
"https:\/\/docs.python.org",
"http:\/\/pycon.blogspot.com\/",
"http:\/\/python.org\/dev\/peps\/",
"http:\/\/twitter.com\/ThePSF",
"https:\/\/www.python.org\/search\/?q=",
"https:\/\/wiki.python.org\/moin\/PythonEventsCalendar",
"https:\/\/www.python.org\/download\/releases\/",
"https:\/\/www.python.org\/static\/stylesheets\/mq.css",
"https:\/\/bugs.python.org\/",
"https:\/\/docs.python.org\/faq\/",
"https:\/\/www.python.org\/jobs\/feed\/rss\/",
"http:\/\/wiki.python.org\/moin\/Languages",
"https:\/\/syndication.twitter.com\/i\/jot\/syndication?dnt=1",
"https:\/\/status.python.org\/",
"https:\/\/feeds.feedburner.com\/PythonInsider",
"http:\/\/schema.org",
"https:\/\/www.python.org\/static\/js\/main-min.js",
"http:\/\/www.ie6countdown.com\/",
"https:\/\/wiki.python.org\/moin\/",
"https:\/\/ssl.google-analytics.com\/ga.js",
"http:\/\/brochure.getpython.info\/",
"https:\/\/www.python.org\/static\/stylesheets\/style.css"
],
"crc32": "4950F7E2",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/b702980889c5cd95_64E75C732D9C3F23724ACEF48E9B6C566BC6D9BE",
"ssdeep": null,
"size": 45862,
"sha512": "5bf295e301b9aa262d71d7c8a3f4314cc8419f2cdfa457188714b78f55b389d1650afa53feb5cf1bfd792471c27fbdea31d58db8e4860464911f89edc46e4554",
"pids": [],
"md5": "c35dd8d047a909c480c1562f3f8b7670"
},
{
"yara": [],
"sha1": "0732b4b61d8e7c8082feed3eebf6ed03905673f5",
"name": "904239a47c54467f_firefox_new_scene1.2d7b3209f26e[1].css",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\firefox_new_scene1.2d7b3209f26e[1].css",
"type": "ASCII text, with very long lines, with no line terminators",
"sha256": "904239a47c54467fc7a0ef3e448c25d5267f5cb5ce5469ef253724696bc711bb",
"urls": [],
"crc32": "7CF9E819",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/904239a47c54467f_firefox_new_scene1.2d7b3209f26e[1].css",
"ssdeep": null,
"size": 17189,
"sha512": "4f192d687e7d828642bb7a1bf0e2e847a827447cc742a310fc933aef7907a8ff500b73321132269a8982ff1e0992d7b086a073f89cb1dc06beaf96d9b9658113",
"pids": [],
"md5": "32269a671ac26621250a35ea814ed1cd"
},
{
"yara": [],
"sha1": "453002b9bb154c9b53f0b740410805d258f1f405",
"name": "a282879240033834_BBtnGyF[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\BBtnGyF[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 100x75, frames 3",
"sha256": "a282879240033834dd684777a9ed4ad0cc83eaf486048d36b1480f7616dd7e4a",
"urls": [],
"crc32": "697C751E",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/a282879240033834_BBtnGyF[1].jpg",
"ssdeep": null,
"size": 2252,
"sha512": "2923b947b567449bfef5ef8b43b3a792349f65125cc8c8afd8b5c7772fc37eb0b0cd6a178c6c75c6d78885a70c61b25c452650333d2a0869178674a701da945c",
"pids": [],
"md5": "c07954f56ed9d3d7a1037b6b6f48018c"
},
{
"yara": [],
"sha1": "10c66032c5acac22d70670b9302437141e6371ef",
"name": "1e13d05d482c3d53_test-phish-simple.sbstore",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-phish-simple.sbstore",
"type": "data",
"sha256": "1e13d05d482c3d533dc6035af2b2d6e84749412a5748d1435b70cec8b312340b",
"urls": [],
"crc32": "D5EBE34A",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/1e13d05d482c3d53_test-phish-simple.sbstore",
"ssdeep": null,
"size": 232,
"sha512": "ae2f35c0549c26251053689c90ce831f0c5742d6f7c1dc13482560b02fb4a6029f107e472fcb26bf41b4e89e47559490f5da049d5b51864a3c4c2c2ae3f588c2",
"pids": [],
"md5": "3d1ce5e50208f0cb3b979186043a548f"
},
{
"yara": [],
"sha1": "34a8c5e17ed84698db735595c27b19cc576d3da1",
"name": "64f31b35a0fe1382_AAyGhnZ[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\AAyGhnZ[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 310x166, frames 3",
"sha256": "64f31b35a0fe1382c1d04d9f82ebebd5a209dbfcb0e1434f84fea34169dc4d73",
"urls": [],
"crc32": "EB77A42B",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/64f31b35a0fe1382_AAyGhnZ[1].jpg",
"ssdeep": null,
"size": 8434,
"sha512": "dffcd449ac521475dedd5f7674f7d03ab54497c826f21b939d3cf0abd691e9462f6b240b2a20357f5e03881a4b41ae53251924701c6cf2820a2b5aff7bd27dc4",
"pids": [],
"md5": "73536cfebe30cd7c5fd8994a17ed4c16"
},
{
"yara": [],
"sha1": "eeeaed01f7e32398d93e4d596030f642e17e4b7a",
"name": "08d1f96917452d3f_gtm[2].js",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\gtm[2].js",
"type": "UTF-8 Unicode text, with very long lines",
"sha256": "08d1f96917452d3fd670601f5e2db10656f7418a72d91c3adca4b93f0b95a810",
"urls": [
"https:\/\/github.com\/krux\/postscribe\/blob\/master\/LICENSE."
],
"crc32": "5DD31006",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/08d1f96917452d3f_gtm[2].js",
"ssdeep": null,
"size": 369129,
"sha512": "daa85423ccb236611aa97cd78ab0f6027f19aa5f05d51aeb56c4ca07bb4457be96e9c6b58313b13b2060b29377948042feebf2ed149f90ea631bffe410fd1828",
"pids": [],
"md5": "0fda856c1314f4860eafb0820eb5d20f"
},
{
"yara": [],
"sha1": "e54553fbd2600b3e3f1cdac1e7466e2ccaf76af3",
"name": "ec31e9dcd7045cf8_25D9FE4CEA5B58770648CDAF3242ACDE286A6CBF",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\25D9FE4CEA5B58770648CDAF3242ACDE286A6CBF",
"type": "data",
"sha256": "ec31e9dcd7045cf8f2b481fb1e10587839cbe4fdd2516e16d58b28f8fbf47c8a",
"urls": [
"https:\/\/platform.twitter.com\/"
],
"crc32": "D65A6017",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/ec31e9dcd7045cf8_25D9FE4CEA5B58770648CDAF3242ACDE286A6CBF",
"ssdeep": null,
"size": 107,
"sha512": "fdbf6456fd6402dd798711122999dbeff1aa3aa2896e6b6bc52a10bead498086ed6cc43c6eddd7b0b4d09d3ae32b577280bcfc2fef7f4dc5a070067a59ee8c1c",
"pids": [],
"md5": "1962b3fd0f8cd3306c0aa0b2423cd6ad"
},
{
"yara": [],
"sha1": "041f67ce022af7ecaeccae24d6847290d485dea8",
"name": "274578cdfd5e3ad5_AAyDpQn[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\AAyDpQn[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 100x75, frames 3",
"sha256": "274578cdfd5e3ad502a4b69e3fda75b2e9e5a46991c7e20d4cbfe3ed3501d039",
"urls": [],
"crc32": "1B76D17D",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/274578cdfd5e3ad5_AAyDpQn[1].jpg",
"ssdeep": null,
"size": 2292,
"sha512": "5934e6a7fb9e41306cb114ce0420ae2d25f2050008617a217d12d8076e0d313feebd58af381734017a546ce344249eed656b3fe09d0a08fa532ced1ef9e8da8f",
"pids": [],
"md5": "c9346c4230ad018b10e9ff91ffadffcd"
},
{
"yara": [],
"sha1": "9f85eb6223b131105af986bb7c3ae6e0ccf870e1",
"name": "fe4446d69b9afe89_AAyHIeD[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\AAyHIeD[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 310x166, frames 3",
"sha256": "fe4446d69b9afe8941bfda95069808bcca7e4b38a7016b415d01ea0ee1c00508",
"urls": [],
"crc32": "FEFD784B",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/fe4446d69b9afe89_AAyHIeD[1].jpg",
"ssdeep": null,
"size": 10611,
"sha512": "11e96d14d9ed0539ec588b18f814c2a0bc0e0233fe86dd093633ff058b306509796cfbc7095b700e45c46950c9954aa53682d35a4c1470f251de8373fbadaf69",
"pids": [],
"md5": "b32d0709fca4d2c7c4c6b219578c800a"
},
{
"yara": [],
"sha1": "3c726ac6560f81f7701a30ef5d563e540dafacff",
"name": "0b90997d47f52a41_AAyGF0V[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\AAyGF0V[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 311x333, frames 3",
"sha256": "0b90997d47f52a41d1c430a1c5b22ce8e1a3c9c627caeb8106f6956a8cf13d15",
"urls": [],
"crc32": "84283F4F",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/0b90997d47f52a41_AAyGF0V[1].jpg",
"ssdeep": null,
"size": 7022,
"sha512": "449351e3722e25b0482612ef13fe7e8f821f3f39569ef01dab3f9ce513c3b209133b3a6e457a1040f7634a634f84302ca78b21505f924ea95e63f33c4794f4f7",
"pids": [],
"md5": "d690c3be27c5b08065d61e329f3cef1c"
},
{
"yara": [],
"sha1": "6cc7ec83e1e973e817cecf5cac5800003273433d",
"name": "e7585c0cfbcab888_pptxDO.dll",
"filepath": "C:\\Program Files (x86)\\oFLcWER\\pptxDO.dll",
"type": "ASCII text, with no line terminators",
"sha256": "e7585c0cfbcab888f1c45bb68172f3a344f2a42c311677742b5819520654576e",
"urls": [],
"crc32": "BD6C7076",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/e7585c0cfbcab888_pptxDO.dll",
"ssdeep": null,
"size": 11,
"sha512": "80ad4a8afde8b0c56931722400f59c8eddcfc2dceea4305ea1e3ad868e925282d661811302d9682a0689eb1e453bd104b00b151dc5951f88448aa0ecd031d72c",
"pids": [
2628
],
"md5": "81629aadbe8802e74f98e27731b09b8a"
},
{
"yara": [],
"sha1": "60176cfb42da24980600dc1c7f1edddfae5404d5",
"name": "73dd5166acbb16d2_btn-app-store.ace60becd7d2[1].svg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\btn-app-store.ace60becd7d2[1].svg",
"type": "SVG Scalable Vector Graphics image",
"sha256": "73dd5166acbb16d27f9205b58c4f577d695dad2f9191302028dfb6270ad8943b",
"urls": [],
"crc32": "83C7106C",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/73dd5166acbb16d2_btn-app-store.ace60becd7d2[1].svg",
"ssdeep": null,
"size": 9257,
"sha512": "4052f2a91e30eb12b8f0f082e72438aaedc30f45f7876876c4da6f249cd46266d5a768c9c1e4ea0d926d08f845a96f3599fee31828ef9d5d9d4b1d312358809f",
"pids": [],
"md5": "ace60becd7d2f2f6713fd46e6ed355de"
},
{
"yara": [],
"sha1": "8dceb96874d5c6425ebb81bfee587244c89416da",
"name": "77c7c10b4c860d5d_gpt.ini",
"filepath": "C:\\Windows\\SysWOW64\\GroupPolicy\\gpt.ini",
"type": "ASCII text, with CRLF line terminators",
"sha256": "77c7c10b4c860d5ddf4e057e713383e61e9f21bcf0ec4cfbbc16193f2e28f340",
"urls": [],
"crc32": "E4327249",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/77c7c10b4c860d5d_gpt.ini",
"ssdeep": null,
"size": 11,
"sha512": "35253883bb627a49918e7415a6ba6b765c86b516504d03a1f4fd05f80902f352a7a40e2a67a6d1b99a14b9b79dab82f3ac7a67c512ccf6701256c13d0096855e",
"pids": [
2628
],
"md5": "ec3584f3db838942ec3669db02dc908e"
},
{
"yara": [],
"sha1": "e6dc0545b24233381a9a04f46b06dfe3346bc532",
"name": "981a42bc7ce12731_6E1FED29EBE0BFDE3E498E4192938BE957FF9246",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\6E1FED29EBE0BFDE3E498E4192938BE957FF9246",
"type": "data",
"sha256": "981a42bc7ce12731bc2108f37816ee8e2977478d1e712eecae4aeed63f1a5995",
"urls": [
"http:\/\/ocsp.digicert.com\/"
],
"crc32": "55C49C1D",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/981a42bc7ce12731_6E1FED29EBE0BFDE3E498E4192938BE957FF9246",
"ssdeep": null,
"size": 1306,
"sha512": "528d197f992ab404fb6946fe02fb886052ebf574a19d852b10bfc27f2c10f67b3d0774074c87995425277f20a6376e99bf960538489d3edf92fcb38d84cde0bd",
"pids": [],
"md5": "bbea31422ea783893b4b4f0763a11996"
},
{
"yara": [],
"sha1": "d6d4a115ab262393c639e3f426b0e3a3be7ef63b",
"name": "b6b3cda596f4d594_AC09BBF6FF451E6C03BF3FB18C85B1A52662C4FC",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\AC09BBF6FF451E6C03BF3FB18C85B1A52662C4FC",
"type": "data",
"sha256": "b6b3cda596f4d5945057dc79457c6d5402345949703abc01d2415026923f188b",
"urls": [
"https:\/\/www.google.com\/complete\/search?client=firefox"
],
"crc32": "8628B9D7",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/b6b3cda596f4d594_AC09BBF6FF451E6C03BF3FB18C85B1A52662C4FC",
"ssdeep": null,
"size": 7267,
"sha512": "726b01eedb84999f415641568701da078ca91bd5d3fc53215a46e3857013614ec8a127a95d4885f4f435805c39217283ecbb36b696a23f0c50e8849adca9241e",
"pids": [],
"md5": "3e70c1ce6b6d3133557fbc7fae6d67e2"
},
{
"yara": [],
"sha1": "bdd7dcd7423f3aacd04315c6f559f459ad069f6c",
"name": "0be692ae5ff1c7e8_A2FD2AEC52AD764EF05C6E7CE3A4CE4B752EA5F0",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\A2FD2AEC52AD764EF05C6E7CE3A4CE4B752EA5F0",
"type": "data",
"sha256": "0be692ae5ff1c7e8d83ec037fde376597f44263dd2cbc6c1a7c6cb49386f02c4",
"urls": [
"https:\/\/www.google.com\/domainless\/write?igu=1"
],
"crc32": "55DCBB12",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/0be692ae5ff1c7e8_A2FD2AEC52AD764EF05C6E7CE3A4CE4B752EA5F0",
"ssdeep": null,
"size": 6856,
"sha512": "f0e10fd903dd2b3a35c6318898ca37d73e83b4118552577d044247e7a60c4de6fd738f2736b7dc737c9882bd6b5655d9124ba5539656386c8c09bbc290ffefcd",
"pids": [],
"md5": "74805d869364faada1f5aeb55089a755"
},
{
"yara": [],
"sha1": "08784a98ed4127c45a7de25a49efa25fbbebf2ce",
"name": "9f2ce700be51d462_AA70XHo[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\AA70XHo[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x194, frames 3",
"sha256": "9f2ce700be51d46293b0b39e62cb25f2ee5c986731a166bc16a51ff47beb3fa8",
"urls": [],
"crc32": "016141BB",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/9f2ce700be51d462_AA70XHo[1].jpg",
"ssdeep": null,
"size": 6021,
"sha512": "48fc5b8d999e737ebb405535c4a09c4a4ec96137d12ce6f37ec932053a9cd8ac62185b0c738663b9a253d11db6b6f0f4476441705dd027adf7d32a813cb4394e",
"pids": [],
"md5": "e4d05b8eab900b8029c2573fd833c510"
},
{
"yara": [],
"sha1": "0e3a4ff13f6ab9011c57e9564251745719cf5037",
"name": "d97f00f0c8e5979d_AAwJdbf[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\AAwJdbf[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 311x333, frames 3",
"sha256": "d97f00f0c8e5979d03b24e32eb4433837520a8c3444292e5e412475e48ce214c",
"urls": [],
"crc32": "025657EC",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/d97f00f0c8e5979d_AAwJdbf[1].jpg",
"ssdeep": null,
"size": 7797,
"sha512": "02eaafbe6ab8a0a71d012a9d389686c90a809b06c10c1285f928da155ae11ccf4c5aaa785bb4a901fdc474ae1762bd136ad93cb2c09931c9f3d036122a680ba0",
"pids": [],
"md5": "dc2be9695d8a329d0244bb439c8e6a83"
},
{
"yara": [],
"sha1": "386896d7cb3974bdae39ea499ee8054850dcd09c",
"name": "e6484a7a3b6b22ad_AAyGEJ3[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\AAyGEJ3[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 310x166, frames 3",
"sha256": "e6484a7a3b6b22ad76d8427b21d94e8767ee49ae7cd5ec982fb98b58bf4167d3",
"urls": [],
"crc32": "6DB1C1CC",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/e6484a7a3b6b22ad_AAyGEJ3[1].jpg",
"ssdeep": null,
"size": 10581,
"sha512": "7d8ff1d829c9b072d6251507908c8f7454a5b4bca1181f1fdf9bdb7c67dea9e0b6d20f2a75689c0dcee3c201620473f316d115deac144971fc1ae7c083cae76e",
"pids": [],
"md5": "c5986a55e2ce1fe0711b1b4637ee5f8e"
},
{
"yara": [],
"sha1": "ca167b5059901be30d908af92cd73c397c82be44",
"name": "b8f978c57967ac8c_AAyHv0X[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\AAyHv0X[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 100x75, frames 3",
"sha256": "b8f978c57967ac8cd05c42313a23450e9abc2898f014bb8492df787ec12fec7c",
"urls": [],
"crc32": "528913E9",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/b8f978c57967ac8c_AAyHv0X[1].jpg",
"ssdeep": null,
"size": 1894,
"sha512": "e001838bddbdf716a260a86ba3ab9f7f4620232b7e609860314f37f0885d9ef0509c54cae532e6d055b2c49d4d803f16d7810bf2faad586f6dc9ba03aad55ba1",
"pids": [],
"md5": "9a6ea7784f5fc80b4dfe9d6917c9e65b"
},
{
"yara": [],
"sha1": "67f8a2669ba76cec533b5bde6801b6152bf6eef9",
"name": "ab1d541328163b2a_EFC872FB5405AFC377348FFCDD26E62BBB612D81",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\EFC872FB5405AFC377348FFCDD26E62BBB612D81",
"type": "data",
"sha256": "ab1d541328163b2aed1b2e67111c8a56820a7a1f42f04136d2521d28a902428b",
"urls": [
"https:\/\/snippets.cdn.mozilla.net\/5\/Firefox\/60.0.2\/20180605171542\/WINNT_x86-msvc\/sv-SE\/release\/Windows_NT%206.1\/default\/default\/"
],
"crc32": "D6B6F840",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/ab1d541328163b2a_EFC872FB5405AFC377348FFCDD26E62BBB612D81",
"ssdeep": null,
"size": 8675,
"sha512": "8794f33e2b1e60ab59414f028a13797401f84b795f3fcbee34d3eb0b142e478c0b6b723cfdd58c5fe231038f12e4cbfaac33ae229dd0ec039935463087a1cb1e",
"pids": [],
"md5": "0cf9c08516d7d7ebec1535531ac2f50b"
},
{
"yara": [],
"sha1": "17f555f6fa0fbd3d887c7317c2d75c6394b9c418",
"name": "859325cd6a8b4213_AAyGjyX[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\AAyGjyX[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 100x75, frames 3",
"sha256": "859325cd6a8b42130c973c6d00199280e0f08f8ccefd29ab3624f20b0a1abebe",
"urls": [],
"crc32": "1B3D9E2D",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/859325cd6a8b4213_AAyGjyX[1].jpg",
"ssdeep": null,
"size": 2143,
"sha512": "d9e721b0e6eda8c6ec02d75096145073d0252fba47570ac78c3b28cbdcff17d47f861e12a5117cc860324b177ac2da4e09c324a68c7e05a46317aea5405c1a1a",
"pids": [],
"md5": "92a2665f913b257d64a0b23f00002d91"
},
{
"yara": [],
"sha1": "da8bfca4622d48c1a22316081df38c0765362c85",
"name": "6cea1c43de868ae2_58-1abe64-91cdfbc1[1].txt",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\58-1abe64-91cdfbc1[1].txt",
"type": "UTF-8 Unicode text, with very long lines",
"sha256": "6cea1c43de868ae2de23f2aafdea31c620e240269faec471a45943c90b17c2ac",
"urls": [
"http:\/\/www.monotype.com\/"
],
"crc32": "09BF1411",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/6cea1c43de868ae2_58-1abe64-91cdfbc1[1].txt",
"ssdeep": null,
"size": 119142,
"sha512": "c1fb4b9b8e2b80ebdf2d8dc2819fd4546d8bf19edc83d32c527c4e379571beb632df0f7f55e78b37a0d19d1a00fdb460e756e6d2b08022a96595af64a803ec2f",
"pids": [],
"md5": "95948d25ccd83396bb35dba5822ff5eb"
},
{
"yara": [],
"sha1": "c0169868d4145fa85d6b12cf3d8664e4b33c8fc7",
"name": "e22ea5296338ce73_0CDAD0FEE8D457A239E21FCEAC3C12851FD524BB",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\0CDAD0FEE8D457A239E21FCEAC3C12851FD524BB",
"type": "gzip compressed data, from Unix",
"sha256": "e22ea5296338ce732849b6821eb3cb5c0bc2f365652f94b179fbff0f756a633b",
"urls": [
"https:\/\/report-uri.cloudflare.com\/cdn-cgi\/beacon\/expect-ct",
"https:\/\/www.mozilla.org\/media\/js\/BUNDLES\/site.8391e739b374.js"
],
"crc32": "79544170",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/e22ea5296338ce73_0CDAD0FEE8D457A239E21FCEAC3C12851FD524BB",
"ssdeep": null,
"size": 12027,
"sha512": "2c87db9318577eb45fe420558a755151337ae05068cfc635a01278f963c430edd78fa845bf42b7e0f4de40dff1e96a71ed41bf3c0b9dc3c98fb005910e2a30c7",
"pids": [],
"md5": "aa694573796b20c75ce95670be45da7e"
},
{
"yara": [],
"sha1": "1b06b4ee45269bc22a64ad0fcd9d20053929dd1a",
"name": "6a8bd87d16c936e7_C4FA0268E64A0AD9E2040B07A1F10F120BD4EB0C",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\C4FA0268E64A0AD9E2040B07A1F10F120BD4EB0C",
"type": "data",
"sha256": "6a8bd87d16c936e7abcf0b1a10a4065980b77f692de56af18a370438f6574cbf",
"urls": [
"https:\/\/www.google.com\/gen_204?atyp=csi"
],
"crc32": "CE6CFBF1",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/6a8bd87d16c936e7_C4FA0268E64A0AD9E2040B07A1F10F120BD4EB0C",
"ssdeep": null,
"size": 7064,
"sha512": "9f0a4ca9729761af3ce07262b65d035d27ad48516210121cf1a8f6603222fd38acc3ca21c70a25ad6ca37fda12fedeb5a6495d4dfa8303945924a3bc06f5baa3",
"pids": [],
"md5": "e6b52e663515201c35bf4ded53a8b1c8"
},
{
"yara": [],
"sha1": "6ebcef46ff5e35c27208f8a00367f78815258196",
"name": "ed44ce7dda383e25_F8AC72083E334F70A553AE68455FBDF0E65C5221",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F8AC72083E334F70A553AE68455FBDF0E65C5221",
"type": "gzip compressed data, max compression",
"sha256": "ed44ce7dda383e2567166ec578a1a02911c32315d263fff3dc40b48d3b4b6bbe",
"urls": [
"https:\/\/www.google-analytics.com\/plugins\/ua\/linkid.js"
],
"crc32": "3067F9FB",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/ed44ce7dda383e25_F8AC72083E334F70A553AE68455FBDF0E65C5221",
"ssdeep": null,
"size": 8906,
"sha512": "7554951e6b43c03b1f37a541043d7f9849aaaa5ac75e9d1713f949426f390902c138f32156ea780603c1f446a151469c6fae6d8d61ff0064321a3c611c6310af",
"pids": [],
"md5": "57a680c6210bbd6d6c27caa36f182dae"
},
{
"yara": [],
"sha1": "f50d6e5ff891e3baf84079324f1316becfaa5bae",
"name": "8b675cbb2bf40f39_3A472858AE5D0DD4813DF4EFC9F1037A487B1A64",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\3A472858AE5D0DD4813DF4EFC9F1037A487B1A64",
"type": "data",
"sha256": "8b675cbb2bf40f393b979f7d1675c8cfef1864031d3621f308a81ee08292c24d",
"urls": [
"https:\/\/accounts.firefox.com\/metrics"
],
"crc32": "758B2D8E",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/8b675cbb2bf40f39_3A472858AE5D0DD4813DF4EFC9F1037A487B1A64",
"ssdeep": null,
"size": 8481,
"sha512": "eb0a1313e9e24c522e6ca867db90ea162a070beab9e7b03143ffb0b557f89aeae0cdc7d7e5ed907955f11a9f492f29c432679fc52fb3cba43dd45d3e69066095",
"pids": [],
"md5": "7f27f552c6e567695acdac9545a25138"
},
{
"yara": [],
"sha1": "ef75551469d0ca26edb4dc2c3904b17cdfb82cb6",
"name": "0bdb207cfe7dae80_wc-utils[1].txt",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\wc-utils[1].txt",
"type": "UTF-8 Unicode text, with very long lines, with no line terminators",
"sha256": "0bdb207cfe7dae80b2c02aa0e68486d3ba415de3af0f486d74311fad1454e174",
"urls": [],
"crc32": "AA9AD0FC",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/0bdb207cfe7dae80_wc-utils[1].txt",
"ssdeep": null,
"size": 14806,
"sha512": "352824158e566d0cfdce29ae7ba2de4b8c5c27e87e0904b73e9c86d64e1ec8d969f0b0762874a4447d1d167d90ee6c7bb41c6e56676d54ad2cd412ff0bf0a6aa",
"pids": [],
"md5": "f21fa66c43f1a1556243d2489c75cbaa"
},
{
"yara": [],
"sha1": "188b82475628110e643bb600904fc7a431495f1b",
"name": "0b5caedb083a8a57_723D2D7D52AD8AD9A4B8D12D69CBCD97CB4FFC65",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\723D2D7D52AD8AD9A4B8D12D69CBCD97CB4FFC65",
"type": "gzip compressed data, from Unix",
"sha256": "0b5caedb083a8a5756920d391e1c0331b51b957beb125d00868a86c0780dafc2",
"urls": [
"https:\/\/report-uri.cloudflare.com\/cdn-cgi\/beacon\/expect-ct",
"https:\/\/www.mozilla.org\/media\/img\/privacy\/arrowhead-up-16.7aa7b4730363.svg"
],
"crc32": "F46A46B1",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/0b5caedb083a8a57_723D2D7D52AD8AD9A4B8D12D69CBCD97CB4FFC65",
"ssdeep": null,
"size": 10198,
"sha512": "74b22ffa68be596007c400d22cbc6a4b163dadf62a256ca9422d73508c8d4928e3cfa20d4a412015329c96dd25d6bec140bb12e7f46d42e005def373891aa7e9",
"pids": [],
"md5": "3952c384c9a8c9d26c95d4b9ea75d30f"
},
{
"yara": [],
"sha1": "aec852dfa9b8a689088eadeb854624c5fdcca60c",
"name": "7f0bfdb857e08116_nLAuwsOD.tmp",
"filepath": "C:\\Windows\\gaABPi\\nLAuwsOD.tmp",
"type": "ASCII text, with no line terminators",
"sha256": "7f0bfdb857e08116f50215eb813b6286e7cdd52faccd2f56d5623de2c39ff04c",
"urls": [],
"crc32": "76C11798",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/7f0bfdb857e08116_nLAuwsOD.tmp",
"ssdeep": null,
"size": 12,
"sha512": "171922c771d54a192ec1ca80d32afeba6264b0ec044f9122d3099382f904eefd1d9d3507e3ed87b1d6594162e689b6bf511ff47162f1667eb7f3d4fb8ba6c597",
"pids": [
2628
],
"md5": "7213d826cd6e2741753ab25359e79c4b"
},
{
"yara": [],
"sha1": "0486474c841106843c2c338d435bfb3d019b619e",
"name": "7daec8bb6829ba32_newsletter-graphic.1048dfaedfee[1].png",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\newsletter-graphic.1048dfaedfee[1].png",
"type": "PNG image data, 280 x 280, 8-bit colormap, non-interlaced",
"sha256": "7daec8bb6829ba32cc71240dc2815e5b08d38b647250ddac5ac68bbcfc3fad40",
"urls": [],
"crc32": "F99B39BB",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/7daec8bb6829ba32_newsletter-graphic.1048dfaedfee[1].png",
"ssdeep": null,
"size": 13189,
"sha512": "3bf7859ac36a9ac421e4114b7cdf5865d2e283f551abbcc83d3ba9d57be90fea7401400c3f40146443d5a2b18f51862b7e121debf53a04f34f6e109a4ca392cf",
"pids": [],
"md5": "1048dfaedfee978cdb8b1c078d706955"
},
{
"yara": [],
"sha1": "e4cfb13a7c4453e5d47d8d5c7b978e0f6593be34",
"name": "d13c6f929977b84d_19AE0F43DA3528C6C3423A49A8C88E2268C93A9F",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\19AE0F43DA3528C6C3423A49A8C88E2268C93A9F",
"type": "gzip compressed data, from FAT filesystem (MS-DOS, OS\/2, NT)",
"sha256": "d13c6f929977b84dd2aa51112a6c77f2588c717b08c554f9c72cdab6730cd027",
"urls": [
"https:\/\/syndication.twitter.com\/settings",
"https:\/\/platform.twitter.com"
],
"crc32": "8B35FE00",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/d13c6f929977b84d_19AE0F43DA3528C6C3423A49A8C88E2268C93A9F",
"ssdeep": null,
"size": 9867,
"sha512": "800891ce22a0ace3d113321aad5ef223e1049487b948e08e32e06a15e1e79c9d5b8a5cfcb3cd4d3144ae92a2b151c5d156b8ee6633aa0bb1eaace5a04a4e4a02",
"pids": [],
"md5": "6474c3920d39db7878b777e16c0f6a63"
},
{
"yara": [],
"sha1": "1263920bc56b52b5972cbd48f8c8c5aa8aeb0049",
"name": "32c8cb92c3b544a8_AAyGJkY[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\AAyGJkY[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 311x333, frames 3",
"sha256": "32c8cb92c3b544a823ae0cca1730cb8624d211da5d5ae6d28fee98fcca485ad0",
"urls": [],
"crc32": "B25E3016",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/32c8cb92c3b544a8_AAyGJkY[1].jpg",
"ssdeep": null,
"size": 20914,
"sha512": "2bfe3c7afce24f209deda71f012abf570a308359b57805eadf0902e21c683572c226e2f7573a57af34d60dab235827d2b04a6a3292c5b55d22c4d6d56d929bd0",
"pids": [],
"md5": "ebd03dbcd8edbd8e6779c2bd9d394e74"
},
{
"yara": [],
"sha1": "8e7258f35f4202db445ff2e2f49fadd37f5fb6b2",
"name": "b51164f769635c37_406A03EE0E91037465ACB2B4F4105250A54F282B",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\406A03EE0E91037465ACB2B4F4105250A54F282B",
"type": "data",
"sha256": "b51164f769635c37aa376b62c37de564da094e8962f531773608cf5f7ef5a5fc",
"urls": [
"http:\/\/ocsp.digicert.com\/"
],
"crc32": "0473C94F",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/b51164f769635c37_406A03EE0E91037465ACB2B4F4105250A54F282B",
"ssdeep": null,
"size": 1381,
"sha512": "e050e0115c97f799f34530683553a33957ade0fc8c7f580c95ad2cba84b4682f7a4a2c7b573038db4c86b2dcc1c23ea5cb44bdc1f6ae823e8532d44be3dc65e7",
"pids": [],
"md5": "81a329053e6a9124adf942723b36417a"
},
{
"yara": [],
"sha1": "329159519e97705296e3c2bd3cae8a8bd92a6fd9",
"name": "9d897ab47eaa335e_BBC0v57[1].png",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\BBC0v57[1].png",
"type": "PNG image data, 300 x 194, 8-bit\/color RGBA, non-interlaced",
"sha256": "9d897ab47eaa335eea8ca4dc9380d26779b2fd8f20a528a45a07f4482fd06c34",
"urls": [],
"crc32": "096DE920",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/9d897ab47eaa335e_BBC0v57[1].png",
"ssdeep": null,
"size": 67158,
"sha512": "0b400d80a2d5a50be7c609a993b8e59649227adc5458aef9ecc329aed26ae2d894e31f1b43977e69bcc7d87b98e5142bd6c3480adab8d0104c266c84d67ee9ba",
"pids": [],
"md5": "fb24b5229fa40c8dce445e6b0b21355d"
},
{
"yara": [],
"sha1": "28803260fd1186196e6d618723e3a4804bb2cb6d",
"name": "ca94d985b75c6764_AAyGAU5[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\AAyGAU5[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x194, frames 3",
"sha256": "ca94d985b75c67649ac70aa19f3454ba07f6b300f2affbec732785855b40854f",
"urls": [],
"crc32": "2D817621",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/ca94d985b75c6764_AAyGAU5[1].jpg",
"ssdeep": null,
"size": 13674,
"sha512": "58cf5a81172dd5b07d1c9cce40240d3a0d02b624af4885bfea89014060e5b033dfa2748a2284fe6724ea33c95e869df2e82beb1b8511ee740f8d25556be3c347",
"pids": [],
"md5": "18711f816e3589c5751f8ec7811250b4"
},
{
"yara": [],
"sha1": "8beb69ffec95ba5baa0a5aa042816cc6cdea20a7",
"name": "90a61dff1cf8880f_B028362E3889BEAC998CED49FD74BA83B106FF93",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B028362E3889BEAC998CED49FD74BA83B106FF93",
"type": "data",
"sha256": "90a61dff1cf8880f71c5cadde4188601e49b91aadf796616c18a8423c50bf0db",
"urls": [
"http:\/\/ocsp.pki.goog\/GTSGIAG3"
],
"crc32": "0D11895A",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/90a61dff1cf8880f_B028362E3889BEAC998CED49FD74BA83B106FF93",
"ssdeep": null,
"size": 1150,
"sha512": "68f23865d4bc9e9e90dee24933d08517109f43893bf91e653e733fb5168aa5ce990dd145f45f534b83d03911e8ef8bc2f8ff63279dfdf360160b081a8eb164d1",
"pids": [],
"md5": "570dc530b5014b62fcf6920cba908d9a"
},
{
"yara": [],
"sha1": "5b9110a19ec984e1bc16ec724b01d06b108d1c5e",
"name": "10ae8ef77640fff6_AFE5FBBD40656A0DF79CF1E5D0A1DF072C6B9AE9",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\AFE5FBBD40656A0DF79CF1E5D0A1DF072C6B9AE9",
"type": "data",
"sha256": "10ae8ef77640fff6ea01d7fcdbb677f1aa68293bebdd3535fec444cebc5ccd7b",
"urls": [
"http:\/\/ocsp.pki.goog\/GTSGIAG3"
],
"crc32": "FE750AFA",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/10ae8ef77640fff6_AFE5FBBD40656A0DF79CF1E5D0A1DF072C6B9AE9",
"ssdeep": null,
"size": 1150,
"sha512": "e41536773063d78eec8ff2f8f0a0b482b4b21b961f06fc2a67bc7a2c4171301d2274a89a6a84bd802deec91a7552625b6ed2b943b2745fd9233287aee8ec06d1",
"pids": [],
"md5": "ab28829fb7385bdfd6e86558e760c9c0"
},
{
"yara": [],
"sha1": "0d8a8f24d4372e6b4f1d21f930bf8cda71fc9c6f",
"name": "43ef58f424336f13_AAyGhnZ[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\AAyGhnZ[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 300x194, frames 3",
"sha256": "43ef58f424336f13fc9b2986d453a59835156de5c85b37f4a673a5d1c190e32f",
"urls": [],
"crc32": "438713BB",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/43ef58f424336f13_AAyGhnZ[1].jpg",
"ssdeep": null,
"size": 9248,
"sha512": "4c0f22d500b6f8c95e458b05a275842bcb2212c3b890997a656ed17a2a394e2e99fa662c4263e345fbce506e752471ffc3d4f1758087601aa2b6644c73b750cc",
"pids": [],
"md5": "f7f1260fe4c4d38068ab2d9b46106c9d"
},
{
"yara": [],
"sha1": "5b35c3f44331cc91fc4bab7d2d710c90e538bc8b",
"name": "249bcdcaa655bdee_aea7e831[1].js",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\aea7e831[1].js",
"type": "ASCII text, with no line terminators",
"sha256": "249bcdcaa655bdee9d61edff9d93544fa343e0c2b4dca4ec4264af2cb00216c2",
"urls": [],
"crc32": "4780350D",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/249bcdcaa655bdee_aea7e831[1].js",
"ssdeep": null,
"size": 229,
"sha512": "a664f5a91230c0715758416adaceeaefdc9e1a567a20a2331a476a82e08df7268914da2f085846a744b073011fd36b1fb47b8e4eed3a0c9f908790439c930538",
"pids": [],
"md5": "eee26aac05916e789b25e56157b2c712"
},
{
"yara": [],
"sha1": "b73c6453a102ddfcb2c77ebdb70fbd63395cef70",
"name": "c541ba9c1b7da47c_pebbles.03d45fb8fff9[1].css",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\pebbles.03d45fb8fff9[1].css",
"type": "ASCII text, with very long lines, with no line terminators",
"sha256": "c541ba9c1b7da47c3b464c43e1d133feb4234c9c38db2ba0ee0e1220a37134b6",
"urls": [],
"crc32": "1D8E10DB",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/c541ba9c1b7da47c_pebbles.03d45fb8fff9[1].css",
"ssdeep": null,
"size": 43305,
"sha512": "f5589590d49eff20a780f42a175ffd28d513bf9bfdcd7bfc5e563b0987f71288b4dbdef2d62ec7454e6c1dc48f6c5f61398374cb5d62c80b68da3b8fc7dc68ad",
"pids": [],
"md5": "139039bef6a2fa11d2e51d07a218ff10"
},
{
"yara": [],
"sha1": "ea5a8b030b5c85917e07442adbcebe4f05558db8",
"name": "51d19b4500d46168_6509930F4539DB79DA356F2C5D01976D46756302",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\6509930F4539DB79DA356F2C5D01976D46756302",
"type": "gzip compressed data, from Unix",
"sha256": "51d19b4500d46168d35fa22874c6fa4176ef7ef4c3cb44777def8b62bfcab5f5",
"urls": [
"https:\/\/report-uri.cloudflare.com\/cdn-cgi\/beacon\/expect-ct",
"https:\/\/www.mozilla.org\/media\/js\/BUNDLES\/stub-attribution.157168bbb235.js"
],
"crc32": "2C4C535B",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/51d19b4500d46168_6509930F4539DB79DA356F2C5D01976D46756302",
"ssdeep": null,
"size": 11090,
"sha512": "175f9838350a8c82285b08f9c174f1a763f5e9bf153e93e6b14ceefd955397a8569d29a8456e5704bbe9b6f4461a3f9b48ce17c15593431051f73433d4ddaee8",
"pids": [],
"md5": "0e725df679747d1f492ed3d797e1239e"
},
{
"yara": [],
"sha1": "b6589fc6ab0dc82cf12099d1c2d40ab994e8410c",
"name": "5feceb66ffc86f38_68b0925c[1].js",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\68b0925c[1].js",
"type": "very short file (no magic)",
"sha256": "5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9",
"urls": [],
"crc32": "F4DBDF21",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/5feceb66ffc86f38_68b0925c[1].js",
"ssdeep": null,
"size": 1,
"sha512": "31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99",
"pids": [],
"md5": "cfcd208495d565ef66e7dff9f98764da"
},
{
"yara": [],
"sha1": "90b2e81b1bbfae4c1abfb149aa0cc4f03eedaef2",
"name": "0114a37d192e4de2_AAmVurs[1].png",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\AAmVurs[1].png",
"type": "PNG image data, 16 x 16, 8-bit\/color RGBA, non-interlaced",
"sha256": "0114a37d192e4de20ae1bcac1b8b78f899ad06e33544f564f398ff5ead7272b4",
"urls": [],
"crc32": "130FAA64",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/0114a37d192e4de2_AAmVurs[1].png",
"ssdeep": null,
"size": 419,
"sha512": "fa7694718e132c60e736bc50142b1f1769969ffde8eaee88c093d9b385d69915f9b44e050a382225d47bb9154ab23c80e363b27c1d1e8eae70c0c4cf7db41e5e",
"pids": [],
"md5": "298d4e600eb85c9e452ee37a5bca1daf"
},
{
"yara": [],
"sha1": "6764d70fdd3462e73e6b0890849a3d41b7c3c14c",
"name": "b8b3f22206074eb0_01B2BB0FC84221A3593CA7991D57E56AC2CAE656",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\01B2BB0FC84221A3593CA7991D57E56AC2CAE656",
"type": "data",
"sha256": "b8b3f22206074eb0007f441835944a2d16ba47cb329a9688474815b1737be852",
"urls": [
"https:\/\/tiles.services.mozilla.com\/v3\/links\/ping-centre"
],
"crc32": "02565912",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/b8b3f22206074eb0_01B2BB0FC84221A3593CA7991D57E56AC2CAE656",
"ssdeep": null,
"size": 7547,
"sha512": "6c8db6240d6cfba408b56bb2af94b5c14af14aac799bd8bf7c8fc0a49544f30b6b38d2f8b026486c0f3646101c160117de769d86229397b57300c05102596d28",
"pids": [],
"md5": "d3af8b1e0b89af5aa51695ce5ace8711"
},
{
"yara": [],
"sha1": "aa12046efb3cddf85d33ecead738375f6bef2dc1",
"name": "133fbc747ce90629_D6BFEAEE7117A9C7FDE6A10EAB400F894E4195A8",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D6BFEAEE7117A9C7FDE6A10EAB400F894E4195A8",
"type": "data",
"sha256": "133fbc747ce9062963673d8d9dc4ae52b5ead91a733982533fdd62ec36603e4e",
"urls": [
"https:\/\/ajax.googleapis.com\/ajax\/libs\/jquery\/1.8.2\/jquery.min.js",
"https:\/\/www.python.org\/ftp\/python\/2.7.14\/python-2.7.14.amd64-pdb.zip.asc",
"https:\/\/www.python.org\/dev\/peps\/peps.rss\/",
"https:\/\/www.python.org\/ftp\/python\/2.7.14\/python2714.chm.asc",
"https:\/\/www.python.org\/static\/stylesheets\/style.css",
"http:\/\/www.google.com\/chromeframe\/?redirect=true",
"http:\/\/browsehappy.com\/",
"https:\/\/www.python.org\/ftp\/python\/2.7.14\/Python-2.7.14.tgz.asc",
"https:\/\/www.python.org\/static\/js\/libs\/modernizr.js",
"https:\/\/www.python.org\/ftp\/python\/2.7.14\/Python-2.7.14.tar.xz",
"https:\/\/www.python.org\/psf\/codeofconduct\/",
"https:\/\/ssl",
"https:\/\/www.python.org\/ftp\/python\/2.7.14\/python-2.7.14.msi.asc",
"https:\/\/www.python.org\/static\/opengraph-icon-200x200.png",
"https:\/\/www.python.org\/ftp\/python\/2.7.14\/python-2.7.14-macosx10.6.pkg.asc",
"https:\/\/feeds.feedburner.com\/PythonSoftwareFoundationNews",
"https:\/\/www.python.org\/ftp\/python\/2.7.14\/Python-2.7.14.tgz",
"https:\/\/devguide.python.org\/",
"https:\/\/www.python.org\/static\/js\/libs\/masonry.pkgd.min.js",
"https:\/\/bugs.python.org\/",
"https:\/\/www.python.org\/downloads\/release\/python-2714\/",
"http:\/\/pyfound.blogspot.com\/",
"http:\/\/planetpython.org\/",
"https:\/\/www.python.org\/ftp\/python\/2.7.14\/python-2.7.14-macosx10.5.pkg",
"http:\/\/plus.google.com\/",
"https:\/\/www.python.org\/ftp\/python\/2.7.14\/python-2.7.14.amd64.msi.asc",
"https:\/\/wiki.python.org\/moin\/PythonBooks",
"https:\/\/www.python.org\/ftp\/python\/2.7.14\/python2714.chm",
"https:\/\/www.python.org\/",
"https:\/\/docs.python.org\/3\/license.html",
"http:\/\/www",
"https:\/\/wiki.python.org\/moin\/BeginnersGuide",
"https:\/\/www.python.org\/static\/js\/main-min.js",
"https:\/\/github.com\/python\/pythondotorg\/issues",
"http:\/\/www.facebook.com\/pythonlang?fref=ts",
"https:\/\/www.python.org\/ftp\/python\/2.7.14\/python-2.7.14-macosx10.5.pkg.asc",
"https:\/\/pypi.python.org\/",
"https:\/\/docs.python.org",
"http:\/\/pycon.blogspot.com\/",
"https:\/\/www.python.org\/ftp\/python\/2.7.14\/python-2.7.14-pdb.zip.asc",
"http:\/\/python.org\/dev\/peps\/",
"http:\/\/twitter.com\/ThePSF",
"https:\/\/www.python.org\/search\/?q=",
"https:\/\/wiki.python.org\/moin\/PythonEventsCalendar",
"https:\/\/www.python.org\/ftp\/python\/2.7.14\/python-2.7.14.amd64.msi",
"https:\/\/www.python.org\/static\/stylesheets\/mq.css",
"https:\/\/www.python.org\/ftp\/python\/2.7.14\/python-2.7.14.amd64-pdb.zip",
"https:\/\/docs.python.org\/faq\/",
"https:\/\/www.python.org\/jobs\/feed\/rss\/",
"http:\/\/wiki.python.org\/moin\/Languages",
"https:\/\/www.python.org\/ftp\/python\/2.7.14\/Python-2.7.14.tar.xz.asc",
"https:\/\/mail.python.org\/mailman\/listinfo\/python-dev",
"https:\/\/status.python.org\/",
"https:\/\/www.python.org\/ftp\/python\/2.7.14\/python-2.7.14-pdb.zip",
"https:\/\/feeds.feedburner.com\/PythonInsider",
"http:\/\/schema.org",
"https:\/\/www.python.org\/ftp\/python\/2.7.14\/python-2.7.14.msi",
"http:\/\/www.ie6countdown.com\/",
"https:\/\/raw.githubusercontent.com\/python\/cpython\/84471935ed2f62b8c5758fd544c7d37076fe0fa5\/Misc\/NEWS",
"https:\/\/wiki.python.org\/moin\/",
"https:\/\/ssl.google-analytics.com\/ga.js",
"http:\/\/brochure.getpython.info\/",
"https:\/\/www.python.org\/ftp\/python\/2.7.14\/python-2.7.14-macosx10.6.pkg"
],
"crc32": "2E716101",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/133fbc747ce90629_D6BFEAEE7117A9C7FDE6A10EAB400F894E4195A8",
"ssdeep": null,
"size": 47663,
"sha512": "1050d1c8a0aca8e4b878be19af7f5402ff0c64dc1ae014ea68b92f04a198561cfbb7d0e913e3fd28f01c1f5045823b4f6fd46a9ff6e5a009c24608cf8909e552",
"pids": [],
"md5": "d2193674abd2d1252cf77bc3056bac95"
},
{
"yara": [],
"sha1": "9b5831ab718a0de09b135b80e04ba505395574be",
"name": "385d3e045abad1cc_4A7B3B12544D1B7ECC140DBCC7F13159E5C2811A",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4A7B3B12544D1B7ECC140DBCC7F13159E5C2811A",
"type": "data",
"sha256": "385d3e045abad1cc916356bc6667e3f7eccf2ced4aebe7f47b213342900602fb",
"urls": [
"http:\/\/ocsp.digicert.com\/"
],
"crc32": "7D215B93",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/385d3e045abad1cc_4A7B3B12544D1B7ECC140DBCC7F13159E5C2811A",
"ssdeep": null,
"size": 1304,
"sha512": "ee95d7a44d25f46b7eccbcd7e1562be73c488945fa2da5d86e8b6365fdf4ddad080a679f35df93d18da06278985e40201bc19c162abd4717334b5cd0e1d78a27",
"pids": [],
"md5": "fb93cee200669649b459061dbad8856f"
},
{
"yara": [],
"sha1": "fab247eca4a805540bd9da52da01ee75a29246fd",
"name": "69816087e4e0e90c_BB93Uyk[1].png",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\BB93Uyk[1].png",
"type": "PNG image data, 16 x 16, 8-bit\/color RGBA, non-interlaced",
"sha256": "69816087e4e0e90c681bb7ac344ca189dc9aeb8e8e011d442bcaefff071e6122",
"urls": [],
"crc32": "46788864",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/69816087e4e0e90c_BB93Uyk[1].png",
"ssdeep": null,
"size": 531,
"sha512": "cace2457d0fa47113a4c2daf644be334c484b3723539ed89196498d69b063303d9b21208b8e0af66af291f5b03f8982bb9bfe567a98984869ac0726d301c0662",
"pids": [],
"md5": "d024a2c14b0a84e85d6bf9fee6e002b1"
},
{
"yara": [],
"sha1": "2cb810a65b267fd7d7d7aeb6fc230aaa51a7e76e",
"name": "613d084448136800_AAyGPjb[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\AAyGPjb[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 100x75, frames 3",
"sha256": "613d084448136800f6c00c97d991790813f9230f196b786c361264c3f63d04f3",
"urls": [],
"crc32": "F85A2AA2",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/613d084448136800_AAyGPjb[1].jpg",
"ssdeep": null,
"size": 3129,
"sha512": "0a5d9a8a812ad492d29613d8a9573fdd277af8909fcb7d11b03e66383a609804e26c4f7cd743ac1b7c70cc0f0f9473ff63a19ac4e88cca20499c648d48afb9ba",
"pids": [],
"md5": "2b431a6947c0714e8fa4a52cc77a2142"
},
{
"yara": [],
"sha1": "97b90c1a3663a8bf81d9553ad39b041577eaba0f",
"name": "c9163d457a1dec66_MYAPRNiT.dll",
"filepath": "C:\\Windows\\gaABPi\\MYAPRNiT.dll",
"type": "ASCII text, with no line terminators",
"sha256": "c9163d457a1dec667e8c30bbd75f9d97d09817db97a8386ca618204986362993",
"urls": [],
"crc32": "BF029EDC",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/c9163d457a1dec66_MYAPRNiT.dll",
"ssdeep": null,
"size": 12,
"sha512": "3047fd0bbf7482a37fc55f2784b964ac2f91035caf46afcdd98bed768bdbbea513df947ddbcae32f3852348b86db387acfa17c4e4325ffe795a76c78f01de67f",
"pids": [
2628
],
"md5": "dc7b6e171a6f74ad8b1ecd07030f2f9a"
},
{
"yara": [],
"sha1": "c1edacaf604404f55ab847eac185e983d2792a2c",
"name": "3cd90e7ce9c31220_BBKbRxB[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\BBKbRxB[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 300x194, frames 3",
"sha256": "3cd90e7ce9c3122049bb01c0821e37bc6eeb04efcfa67ab4879434f532732500",
"urls": [],
"crc32": "C88D12F2",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/3cd90e7ce9c31220_BBKbRxB[1].jpg",
"ssdeep": null,
"size": 10816,
"sha512": "389a1f29ed1f250a150660bf026b30293f621d2acc5edc50b8a3d98cbb1bae16f5139fd179d4dfe7575a6b876de87a3368078c715a681e1efed8460235815fb5",
"pids": [],
"md5": "725ed189b490f6e6e6532966baffa62b"
},
{
"yara": [],
"sha1": "1a1b3365a037f8a7c15e3558f4fd6c67c90f3d75",
"name": "13b7453d2f69f616_F456E8433011E699C016D5F1A2CD66D7F02F61A1",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F456E8433011E699C016D5F1A2CD66D7F02F61A1",
"type": "data",
"sha256": "13b7453d2f69f616a511dc2399dde89a5b045115d0f45cafffa86c1b59d86455",
"urls": [
"https:\/\/www.google.com\/gen_204?atyp=csi"
],
"crc32": "214C0BF9",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/13b7453d2f69f616_F456E8433011E699C016D5F1A2CD66D7F02F61A1",
"ssdeep": null,
"size": 7062,
"sha512": "16354f2e1497638c940bb263de9551673e0aeef195c2259a47cd0c2ed3f6061243bf857ce771e97045b62a25c51e7c18d09b55e64a609b0467883335376c6049",
"pids": [],
"md5": "fa36815617cb106d0a2774ccf7a89477"
},
{
"yara": [],
"sha1": "d79d80118088dcbe834d5b854859c82956bc43d0",
"name": "e94b09f68daa8beb_ae00a169[1].js",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\ae00a169[1].js",
"type": "ASCII text, with very long lines, with no line terminators",
"sha256": "e94b09f68daa8beb80f627f69cd916ffdc1f324d322fcf90134d1c515bc89e0e",
"urls": [],
"crc32": "AE9EC0A5",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/e94b09f68daa8beb_ae00a169[1].js",
"ssdeep": null,
"size": 3808,
"sha512": "9765d769a457a1173effe05e12edcf868f317168d898efbca96a27052571c0e8f3bc0dab96a949fd4d3010559d0f94bbd53bdb8635695a5824aff0495d9a4206",
"pids": [],
"md5": "5463bd0ac6564d0df2e5f987eea8076d"
},
{
"yara": [],
"sha1": "7c4cf1d16e4cac0bda157a731e8455ce42d0ca63",
"name": "dd78355a6f529f52_167493A5CFB1A41265EC1B95DA06580C32BCF814",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\167493A5CFB1A41265EC1B95DA06580C32BCF814",
"type": "data",
"sha256": "dd78355a6f529f526f230ed9616f6726a9cffb44523b6e122146f41a76913e5f",
"urls": [
"https:\/\/www.google.com\/complete\/search?client=firefox"
],
"crc32": "9EA62014",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/dd78355a6f529f52_167493A5CFB1A41265EC1B95DA06580C32BCF814",
"ssdeep": null,
"size": 7019,
"sha512": "fa78d63977f8c911fa505af023eaf869797cf0624c2d62525c67969689cd91a23e9b2a85038e882282efe45fd37d9597cb07c27ef5fb252a743d13917ea6b016",
"pids": [],
"md5": "a177e99e6007e91c57d773274b95ee4d"
},
{
"yara": [],
"sha1": "b97514a330cf4fb2a9592de6a7b35e1817cd6da5",
"name": "7e93a5da8b7fee77_006309EAFFD4653F45B69F09BF6F930B6C5B394C",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\006309EAFFD4653F45B69F09BF6F930B6C5B394C",
"type": "data",
"sha256": "7e93a5da8b7fee77137e412be0b24f5a3c5663f64851cc6ceb9143c313ce6a02",
"urls": [
"https:\/\/platform.twitter.com\/jot.html"
],
"crc32": "B8DD484B",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/7e93a5da8b7fee77_006309EAFFD4653F45B69F09BF6F930B6C5B394C",
"ssdeep": null,
"size": 9015,
"sha512": "2fbd2618b8fab451068e45df8274fd71f07a37c13ac85af2222e5e1b6b82f554442bbb8873b995098823bab1a27d11b9fdf870af27bc2a279f5a4186c589c749",
"pids": [],
"md5": "8708ec285857b518028fc37b8e2680ac"
},
{
"yara": [],
"sha1": "54510272cecc18d3dc066ea23ecc8c14a5fc2628",
"name": "142aa667f761bf59_D172C03F361E7325D8F391F992106A828306767D",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D172C03F361E7325D8F391F992106A828306767D",
"type": "data",
"sha256": "142aa667f761bf599469e878482845ece474be3860eb5a4b5b21c2dcc87a01a6",
"urls": [
"http:\/\/ocsp.pki.goog\/GTSGIAG3"
],
"crc32": "C1ACB05C",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/142aa667f761bf59_D172C03F361E7325D8F391F992106A828306767D",
"ssdeep": null,
"size": 1150,
"sha512": "04afb53329f9066778ac1a7b23e80407ad83beb38120c8a4099845824f4f6b4f0e980fad150e742d58a81bb97f51a35f6a4866665e9d49973e375b7807b79917",
"pids": [],
"md5": "32eba3abcc7b0ac5a093919a83ce4a7a"
},
{
"yara": [],
"sha1": "86116cc9a6628207189f9e62055e085657b0965b",
"name": "a942219ec92b3fc9_448A2AB129B26377E2408BBC44A6B4E984B0F25D",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\448A2AB129B26377E2408BBC44A6B4E984B0F25D",
"type": "PNG image data, 144 x 144, 8-bit\/color RGBA, non-interlaced",
"sha256": "a942219ec92b3fc9edd2ecfa0275cedc30163a9c885eefe878160f5c6cbdd3bf",
"urls": [
"https:\/\/pbs.twimg.com\/card_img\/1006950667393437696\/iNLQuzbD?format=png"
],
"crc32": "E7CD7B32",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/a942219ec92b3fc9_448A2AB129B26377E2408BBC44A6B4E984B0F25D",
"ssdeep": null,
"size": 33187,
"sha512": "a77c8f41a02dd8ef4a75481d3ad8a8563103880291d26319e15b6d5f7ffc66fd526fa17ac795ca1adaa84b18ad9e295eb27f3bb4438072e2888de64dcfc4ffe0",
"pids": [],
"md5": "ec97a98a76705c364dde2cd31d2d236a"
},
{
"yara": [],
"sha1": "da39a3ee5e6b4b0d3255bfef95601890afd80709",
"name": "e3b0c44298fc1c14___tmp_rar_sfx_access_check_31297000",
"type": "empty",
"sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855",
"urls": [],
"crc32": "00000000",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/e3b0c44298fc1c14___tmp_rar_sfx_access_check_31297000",
"ssdeep": null,
"size": 0,
"sha512": "cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e",
"md5": "d41d8cd98f00b204e9800998ecf8427e"
},
{
"yara": [],
"sha1": "035ee44c843546645c48cd4aa3d232172bdd582d",
"name": "3927c9670d959f0e_0EDDF8C091E2FED62E44BEDDDC1723F5BF38FE4F",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\0EDDF8C091E2FED62E44BEDDDC1723F5BF38FE4F",
"type": "data",
"sha256": "3927c9670d959f0ef8971f8c089745146c3cfe7250515c7e5d12bd98443fa6bc",
"urls": [
"https:\/\/www.googletagmanager.com\/",
"https:\/\/www.mozilla.org\/",
"https:\/\/mozilla.org\/",
"https:\/\/www.google-analytics.com\/"
],
"crc32": "BBEC4260",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/3927c9670d959f0e_0EDDF8C091E2FED62E44BEDDDC1723F5BF38FE4F",
"ssdeep": null,
"size": 368,
"sha512": "c38af5a2253ac9f71cb6367bfa922a1bf41f1ba4e8eaf1340944f97dbc182a0c3a0f0c8ffb075eaf4cc33375f841b966730dd3974eaba5ee637464135098bf6c",
"pids": [],
"md5": "5c9948d560ce6e5e8903733a9e8245ba"
},
{
"yara": [],
"sha1": "a5b577050648c75105da5bbdfde470a1acc46d6f",
"name": "9f58873f3b4e4a30_AAyEhUL[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\AAyEhUL[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x194, frames 3",
"sha256": "9f58873f3b4e4a30a8bb71b039f240bead2e1eb17c1d5ca312e408027d3cb1b8",
"urls": [],
"crc32": "DE8984AB",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/9f58873f3b4e4a30_AAyEhUL[1].jpg",
"ssdeep": null,
"size": 7815,
"sha512": "696008f05550684f27a78b3b1818c3f0f0fb83ce2b1af3be3d689186c9d7d9523ac9e3eb5c4fc368c432ecd2c0bf62eaa78eb7dde8b19a95466ccf771550313c",
"pids": [],
"md5": "3dd96707ae3715ada182205103df4357"
},
{
"yara": [],
"sha1": "a30d26cee0f69fa67bf9e60ba692f4831373cc07",
"name": "0806d98fb3de55f7_test-harmful-simple.sbstore",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-harmful-simple.sbstore",
"type": "data",
"sha256": "0806d98fb3de55f75d7c0b17e26146567e08c483031526659a4a35d09b97ef19",
"urls": [],
"crc32": "B9D2E9EA",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/0806d98fb3de55f7_test-harmful-simple.sbstore",
"ssdeep": null,
"size": 232,
"sha512": "add2d3c503616070f056ea4e3a64fb54a2d8e75af8fd5d9f1f8ee6b72a1d548fd4ab7d4a3256e4a6f4e1422631439db62b251ee3f9d07b38a612aff5e58936d5",
"pids": [],
"md5": "051fb32dece757ba112ac36dc72e3a91"
},
{
"yara": [],
"sha1": "4a023402cfd7c06f856a50aefea1da55d36539c7",
"name": "14669e8410f74397_btn-google-play.f03f6c89e1e9[1].png",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\btn-google-play.f03f6c89e1e9[1].png",
"type": "PNG image data, 152 x 45, 8-bit colormap, non-interlaced",
"sha256": "14669e8410f74397724a3ca7721ebcf09e6a471465a0af6efd431f99d0b1e8fb",
"urls": [],
"crc32": "119531CC",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/14669e8410f74397_btn-google-play.f03f6c89e1e9[1].png",
"ssdeep": null,
"size": 2845,
"sha512": "bbc145e478d60ed067a18392e3c1f5f3f1bd1a6f41cc3b1b618cf5f35da70fc0ca55511d88d88a72616dc72ce0238af989483584ad37afca004d6670b6788776",
"pids": [],
"md5": "f03f6c89e1e9c701400ba8c4437582de"
},
{
"yara": [],
"sha1": "ed882fd32df713c9cf814b15ebc21d68ce83bed5",
"name": "a5c92e76bb8eec06_AAyH6wG[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\AAyH6wG[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 100x75, frames 3",
"sha256": "a5c92e76bb8eec06d684257013761320e3b45b47f05b7d8aba2c626cb4909a1b",
"urls": [],
"crc32": "FB920791",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/a5c92e76bb8eec06_AAyH6wG[1].jpg",
"ssdeep": null,
"size": 2235,
"sha512": "dbb3da96fbd7e618137db0c2bd2f08eeb62afd0dfe463659dea18c51d357d67b78dcb386d8464c2ef4f4e58d741e2f0c63d03427f1ff6dd25b106b6ed70b7af2",
"pids": [],
"md5": "3087e3ee83ad2ed642c8932523dbd4e0"
},
{
"yara": [],
"sha1": "992ccd655ed691a59c446ec40134b2584a3c5a33",
"name": "6357d26c8bd88776_AAh3Qlh[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\AAh3Qlh[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 100x75, frames 3",
"sha256": "6357d26c8bd88776d131d6b6c22fbfb03ca09eaeb634918a4372049c46d725ef",
"urls": [],
"crc32": "EFC48761",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/6357d26c8bd88776_AAh3Qlh[1].jpg",
"ssdeep": null,
"size": 1754,
"sha512": "ec671fa14b9be63f74bd8ac97aa9705a03540f1c8524c7bb1c4001b18a6547755f4f62b516fd94cbddb61542df2dfa5d953d785e301e69b16260b8a8ec43f134",
"pids": [],
"md5": "b06bccf62f70dd18fe08f738d6f6742e"
},
{
"yara": [],
"sha1": "64ddad9c7ae1d2c94d981c11e370a4ef3dd2e653",
"name": "0697b6004d8408ab_pV+3TL7Nu3EP5juvr_gPjg==.ico",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\jumpListCache\\pV+3TL7Nu3EP5juvr_gPjg==.ico",
"type": "MS Windows icon resource - 1 icon, 192x192",
"sha256": "0697b6004d8408ab86ccee76bb59eb07a9012e6f3e7adbc01f6e390f5c9b8836",
"urls": [],
"crc32": "3A1FCEBA",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/0697b6004d8408ab_pV+3TL7Nu3EP5juvr_gPjg==.ico",
"ssdeep": null,
"size": 5120,
"sha512": "e3e9086eedcc03aca1ffa83221a305cbd59c5a8ca4f36d9213ddf30a8265f2ff8541ab59ddf1654b74bc89e40a8a5f1655d4abfc1a7fbb8da793555e09978b75",
"pids": [],
"md5": "847cf8580806fda649b20afc264f4736"
},
{
"yara": [],
"sha1": "d5a3a4c4f8b5cb4ce9480adbc8a5ac7ad6d40b3f",
"name": "7f60b32ba5083914_AAyHxtY[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\AAyHxtY[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 310x166, frames 3",
"sha256": "7f60b32ba508391426845cd556f3a3cd3be1b4ea9f42c47bc43b4d666635d5c0",
"urls": [],
"crc32": "70972607",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/7f60b32ba5083914_AAyHxtY[1].jpg",
"ssdeep": null,
"size": 5919,
"sha512": "fca7505f83a444014b96f428683b139dd9853e1fdb692a1a8eca8069abbfe1e6e9bd91f8009ffd58b5311089c3d3868534d6ccaefdb79d9805334a1690aaceb7",
"pids": [],
"md5": "4ad0f14efeef741d258fb2e5001d5ea2"
},
{
"yara": [],
"sha1": "59b4479e46eebc984f6398facb41eb897625bd7b",
"name": "c81313eb3febff81_goog-unwanted-proto.metadata",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-unwanted-proto.metadata",
"type": "data",
"sha256": "c81313eb3febff8104f05785a1f00b0f3863d7145c7938abd7c1f77b46ff0d7c",
"urls": [],
"crc32": "5D853F5E",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/c81313eb3febff81_goog-unwanted-proto.metadata",
"ssdeep": null,
"size": 67,
"sha512": "de7f5780309d61d156c849b9821324880925d0bc02f94eabe037e53f457c0c2b60af31e4cbd0df6762fb5d6cfa977de4fb602a74f2bd4a5a744f7c531709e283",
"pids": [],
"md5": "b7d48a5d1458c835a2c6fb8961d165d1"
},
{
"yara": [],
"sha1": "ff74599b486b6b433f40f39b633d660dca3d7b63",
"name": "75543222d2d34957_AAyHs9t[1].png",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\AAyHs9t[1].png",
"type": "PNG image data, 100 x 75, 8-bit\/color RGBA, non-interlaced",
"sha256": "75543222d2d3495799fdbfbeeca01c8d80e378eb57f34c2ddc2c2a977037bb4b",
"urls": [],
"crc32": "005368D5",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/75543222d2d34957_AAyHs9t[1].png",
"ssdeep": null,
"size": 17009,
"sha512": "72e2fd601997dfd85c9aa60078e5bf9780cebc6b6d844fa3e4e723083af61a757bde3136238046891af58e70995ff9bdbc70b2da6201d16eab029b86c4dec326",
"pids": [],
"md5": "a185ce0ddf3703d8da5a2451584430ba"
},
{
"yara": [],
"sha1": "22d4076c45403e0290db4eaffacab554f4c708f8",
"name": "f1c0c34ba5c7d297_AAyHbX2[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\AAyHbX2[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 100x75, frames 3",
"sha256": "f1c0c34ba5c7d297e0a8e2bb5644745757222446d4c196eab3527af4ccd62529",
"urls": [],
"crc32": "63EDB120",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/f1c0c34ba5c7d297_AAyHbX2[1].jpg",
"ssdeep": null,
"size": 2208,
"sha512": "73a00b8dec17c590d777d096f539bf72020460b36f0d42ac1fa0db7f398e68bc4dfbcc60e840a865fdffc8b7d65c1140eaea907cea87dfe5996d69305d8f8814",
"pids": [],
"md5": "8eb5adf87d27fb2d43e575ac245e340e"
},
{
"yara": [],
"sha1": "7853482e6e7959f2f7898597c0484e09e9bb5907",
"name": "eda60877b80ec54f_BBwKMyE[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\BBwKMyE[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 100x75, frames 3",
"sha256": "eda60877b80ec54f85ba0275305c2914f00c25f4640e8b863a194d4c9de3aabe",
"urls": [],
"crc32": "94892BAA",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/eda60877b80ec54f_BBwKMyE[1].jpg",
"ssdeep": null,
"size": 2785,
"sha512": "50d2b3a2b0c1c8e38b2f382ece1dfba5e7aa88973cd2a3358aa53a94446edf34854274517682b53f19f61f207b70214111699ff335f5cd363ccb7b3408d5e1e7",
"pids": [],
"md5": "a6da1a6b2c81f58110c79c0321af83b0"
},
{
"yara": [],
"sha1": "d60d82a6a7531e281cfbde1778d1546011a3f07b",
"name": "090593876198bcd1_index.dat",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\index.dat",
"type": "Internet Explorer cache file version Ver 5.2",
"sha256": "090593876198bcd1d25eb7bbb4e1e20b9b803f84e9f9b855c55908c2f377d42e",
"urls": [
"https:\/\/download-installer.cdn.mozilla.net\/pub\/firefox\/releases\/60.0.2\/win32\/en-US\/Firefox%20Installer.exe",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/BBqpxNn.img?h=75",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAyHG50.img?h=166",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAyGojW.img?h=166",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAy5vpm.img?h=75",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAyDx8u.img?h=75",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAyFQsk.img?h=75",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAyDpQn.img?h=75",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAyGF76.img?h=166",
"https:\/\/www.microsoft.com\/mwf\/_h\/v2.77\/mwf.app\/fonts\/mwfmdl2-v2.77.woff)%20format(%22woff%22)",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAyGEJ3.img?h=166",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAt8NdA.img?h=75",
"https:\/\/login.live.com\/login.srf?wa=wsignin1.0",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAyGfyg.img?h=333",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAyHsSF.img?h=166",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAipTdr.img?h=75",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAyGCD1.img?h=75",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AA5Pgkt.img?h=16",
"https:\/\/www.mozilla.org\/media\/img\/pebbles\/moz-wordmark-light-reverse.cb1bdf6d1de6.svg",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAyGiLA.img?h=75",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAyH62f.img?h=75",
"https:\/\/report-uri.cloudflare.com\/cdn-cgi\/beacon\/expect-ct",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAyFYwA.img?h=75",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAyHysz.img?h=333",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAyGwT5.img?h=75",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAmTtWR.img?h=16",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/BBpREyq.img?h=16",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAyH8rV.img?h=333",
"https:\/\/download.mozilla.org\/?product=firefox-stub",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAyGJkY.img?h=333",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAyGEJ3.img?h=75",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAwJdbf.img?h=333",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/BBAIVZe.img?h=16",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/BBpDwny.img?h=16",
"https:\/\/www.microsoft.com\/mwf\/_h\/v1.17.3\/mwf.app\/fonts\/mwfmdl2-v1.17.3.eot?",
"http:\/\/e2ef87654406c61ecd6a1bde44934f74.clo.footprintdns.com\/apc\/trans.gif?e2ef87654406c61ecd6a1bde44934f74",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAyGZCX.img?h=194",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAa5VT3.img?h=75",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAyGmAd.img?h=75",
"http:\/\/static-global-s-msn-com.akamaized.net\/hp-neu\/sv-se\/homepage\/_sc\/css\/f5956224-916fcb60\/direction=ltr.locales=sv-se.themes=start.dpi=resolution1x\/c5-f551fc-300fb799\/ca-31edb2-85a65da7\/ec-223b0d-68ddb2ab\/62-3a291d-897b856\/62-6ba14d-518cfab8\/a4-41b6d9-bf78dbd\/da-8e0edb-199d546c\/2e-b11f4d-1c1809bb\/59-9eed77-354b4712\/70-142680-54f5482c\/c3-6f2fc9-5e6072c9\/fa-b09e36-80efbf89\/eb-bc039a-5960eecb\/73-231be3-5db26d4b\/fd-d6cef6-18b87804\/16-c13ab3-9ea6310d\/5f-4790bf-c171b3a4\/58-1abe64-91cdfbc1?ver=20180610_10297681",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAn2nbX.img?h=16",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAyGbHz.img?h=75",
"https:\/\/www.mozilla.org\/media\/img\/l10n\/sv-SE\/firefox\/android\/btn-google-play.f03f6c89e1e9.png",
"https:\/\/support.microsoft.com\/app\/content\/content\/mwf\/1.50.2\/css\/mwf-west-european-default.min.css",
"http:\/\/static-global-s-msn-com.akamaized.net\/hp-neu\/sv-se\/homepage\/_sc\/js\/f5956224-76a22ba8\/direction=ltr.locales=sv-se.themes=start.dpi=resolution1x\/2c-25f49f-1b970f51\/4e-29ef51-822266e7\/39-cd3033-11d52793\/ac-3c6d1f-68ddb2ab\/15-edfbe2-eb28cb89\/4c-ce26c8-4245f261\/51-17582d-bc3833fd\/b7-8dd7b3-e5780970\/ff-724a64-a3623e78\/b9-b5b4e1-68ddb2ab?ver=20180610_10297681",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAyHp3I.img?h=166",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAyGsMl.img?h=194",
"https:\/\/support.microsoft.com\/app\/content\/bundles\/css?v=mOfWyFtPkRDcynAZT769du1DdWqb-2Gn8HCAshijNfw1",
"https:\/\/support.microsoft.com\/app\/content\/content\/webcore-utils\/ltr\/wc-utils?v=QF17-v6VdxpQha_VhLtYVtcvnncULxuQ9gPjy4PzWqE1",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AA44aMX.img?h=16",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/BBC0v57.img?h=194",
"https:\/\/download-installer.cdn.mozilla.net\/pub\/firefox\/releases\/60.0.2\/win32\/sv-SE\/Firefox%20Installer.exe",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAyGjVk.img?h=194",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAyGuB1.img?h=75",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAyGjyX.img?h=75",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/BB5SfLo.img?h=16",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAm2UN1.img?h=16",
"https:\/\/statics-uhf-neu.akamaized.net\/west-european\/shell\/_scrf\/css\/themes=default.device=uplevel_web_pc\/b7-cff691\/fe-0f62aa\/c5-84ba17\/8c-ba3760\/c1-2e7f30\/24-7b7ef4\/41-e95610\/a7-b05f22?ver=2.0",
"https:\/\/www.mozilla.org\/media\/img\/firefox\/new\/browser.3c7a2e55d6ed.png",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/BBK3ss2.img?h=333",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAyG7xi.img?h=194",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/BBCEEBf.img?h=16",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAyGf6j.img?h=75",
"http:\/\/static-global-s-msn-com.akamaized.net\/hp-neu\/sc\/9b\/e151e5.gif",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AA5P5kF.img?h=16",
"https:\/\/www.googletagmanager.com\/gtm.js?id=GTM-MW3R8V",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAyDG2i.img?h=75",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAyHUCN.img?h=194",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAyAlCn.img?h=250",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAmS5r5.img?h=16",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAyHs9t.img?h=75",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAyFB3T.img?h=166",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAyGJAI.img?h=333",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/BBHs1Sb.img?h=194",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAyGytH.img?h=194",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAyHtqr.img?h=333",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAyH0lB.img?h=75",
"https:\/\/www.mozilla.org\/media\/img\/firefox\/favicon.e6bb0e59df3d.ico",
"https:\/\/www.mozilla.org\/media\/img\/logos\/mozilla\/wordmark-dark.731d4dab7347.svg",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/BBzUQnp.img?h=75",
"https:\/\/www.mozilla.org\/media\/img\/placeholder.71a50dbba44c.png",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/BBnAbEC.img?h=16",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/BBih5H.img?m=6",
"http:\/\/static-global-s-msn-com.akamaized.net\/hp-neu\/_h\/4c59fa2c\/webcore\/externalscripts\/jquery\/jquery-1.11.1.min.js",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/BBoqF0J.img?h=16",
"https:\/\/www.microsoft.com\/mwf\/_h\/v2.77\/mwf.app\/fonts\/mwfmdl2-v2.77.svg)%20format(%22svg%22",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/BBIMpSV.img?h=75",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAyD6MB.img?h=75",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAyHeQv.img?h=194",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAyvDNg.img?h=75",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAyH4gY.img?h=75",
"https:\/\/support.microsoft.com\/app\/content\/bundles\/application?v=g-YtfgKOuEea6gNj2h0teUiLEGi_YsiHj2QnBdqkTo01",
"http:\/\/static-global-s-msn-com.akamaized.net\/hp-neu\/sc\/72\/654562.eot?",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAyHFtw.img?h=166",
"https:\/\/www.microsoft.com\/mwf\/_h\/v2.77\/mwf.app\/fonts\/mwfmdl2-v2.77.eot?",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAxiGrh.img?h=75",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AA5ND4b.img?h=75",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAyGuU2.img?h=368",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAs7njq.img?h=16",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAyFSlO.img?h=75",
"https:\/\/support.microsoft.com\/app\/content\/scripts\/lib\/mwf\/1.50.2\/mwf-main.var.min.js",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/BBz3ebk.img?h=16",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AA43a4z.img?h=16",
"https:\/\/www.mozilla.org\/",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAyHa0Z.img?h=75",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAyI7qy.img?h=333",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/BByaqcs.img?h=75",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAyGjmK.img?h=75",
"https:\/\/www.mozilla.org\/media\/img\/home\/2018\/billboard-open-minds.11da5ba9e1e9.png",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAyGhnZ.img?h=166",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAyHpyj.img?h=194",
"https:\/\/www.mozilla.org\/media\/css\/BUNDLES\/firefox_new_scene2.80680e44761d.css",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAyHLXo.img?h=166",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AA8qzDM.img?h=16",
"https:\/\/www.mozilla.org\/media\/js\/BUNDLES\/gtm-snippet.9f9cf2026c5f.js",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAyHnHS.img?h=75",
"https:\/\/www.mozilla.org\/media\/js\/libs\/html5shiv.42594ff91377.js",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAyGa2y.img?h=333",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAywSGf.img?h=16",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAyGdND.img?h=75",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAxeXbc.img?h=194",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/BB44T8g.img?h=16",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/BBwKMyE.img?h=75",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAyFI8u.img?h=75",
"https:\/\/www.mozilla.org\/media\/img\/firefox\/new\/icon-check.c3513ac1f0bf.svg",
"https:\/\/www.mozilla.org\/media\/img\/firefox\/new\/icon-faster.71c685e66ffb.svg",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAyArFi.img?h=194",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAmAjxE.img?h=16",
"https:\/\/www.mozilla.org\/media\/css\/BUNDLES\/firefox_new_scene1.2d7b3209f26e.css",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAyH6ID.img?h=166",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/BBKbRxB.img?h=194",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAyG5Kq.img?h=75",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAtnxhd.img?h=16",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAyHSTw.img?h=166",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/BBpkUdu.img?h=194",
"https:\/\/www.microsoft.com\/mwf\/_h\/v2.77\/mwf.app\/fonts\/mwfmdl2-v2.77.ttf)%20format(%22truetype%22)",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAyHI2X.img?h=166",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAiEMTy.img?h=16",
"https:\/\/www.mozilla.org\/media\/img\/firefox\/new\/icon-newsletter.77592a9f8e1f.svg",
"https:\/\/www.mozilla.org\/media\/js\/BUNDLES\/stub-attribution.157168bbb235.js",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AA70XHo.img?h=194",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAyF1dp.img?h=75",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/BBKtzto.img?h=75",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAyHqcn.img?h=75",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAyx8m7.img?h=75",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAtg4eQ.img?h=194",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAyHgQO.img?h=166",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAyGAU5.img?h=194",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/BBGFWil.img?h=75",
"https:\/\/www.google-analytics.com\/plugins\/ua\/linkid.js",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAyHdfM.img?h=333",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAyDNXs.img?h=75",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAxiu7M.img?h=194",
"https:\/\/www.mozilla.org\/media\/img\/home\/2018\/billboard-more-power.f83d248d8724.png",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAyGwc2.img?h=75",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAyHtCF.img?h=166",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAh3Qlh.img?h=75",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAyHPKF.img?h=333",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAyEhUL.img?h=75",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAyGF0V.img?h=333",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAyH8Zz.img?h=75",
"https:\/\/www.mozilla.org\/media\/js\/BUNDLES\/common-ie8.1a18bf9598c9.js",
"http:\/\/e2ef87654406c61ecd6a1bde44934f74.clo.footprintdns.com\/apc\/trans.gif",
"https:\/\/www.mozilla.org\/media\/img\/firefox\/new\/icon-lighter.72a7f6016d33.svg",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAyGjgH.img?h=194",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/BBnDMqr.img?h=333",
"https:\/\/www.mozilla.org\/media\/img\/firefox\/new\/down-arrow-blue.3bcea1f6c2e8.svg",
"https:\/\/www.microsoft.com\/mwf\/_h\/v1.17.3\/mwf.app\/fonts\/mwfmdl2-v1.17.3.woff)%20format(%22woff%22)",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/BBrHbUZ.img?h=194",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAyHv0X.img?h=75",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAyHX0C.img?h=166",
"http:\/\/static-global-s-msn-com.akamaized.net\/hp-neu\/sc\/2b\/a5ea21.ico",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAyGBkP.img?h=75",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAyFB3T.img?h=194",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/BBFlpYy.img?h=75",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAyGe3I.img?h=166",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAmTseh.img?h=16",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AA5OV5j.img?h=16",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAyHdgG.img?h=194",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAyHu89.img?h=166",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/BBwDaSh.img?h=16",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAyGPjb.img?h=166",
"https:\/\/www.mozilla.org\/media\/img\/firefox\/new\/wave.6e6e5026bcc9.svg",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAyHqxT.img?h=194",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAxlHiU.img?h=16",
"http:\/\/352da1a96f277f27dea4ee1e6544af6b.clo.footprintdns.com\/apc\/trans.gif",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/BBnHKSc.img?h=16",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAyG0Ti.img?h=75",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAyGu6P.img?h=75",
"https:\/\/statics-uhf-neu.akamaized.net\/statics\/override.css?c=1",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAyEqbc.img?h=75",
"http:\/\/352da1a96f277f27dea4ee1e6544af6b.clo.footprintdns.com\/apc\/trans.gif?352da1a96f277f27dea4ee1e6544af6b",
"https:\/\/www.microsoft.com\/mwf\/_h\/v1.17.3\/mwf.app\/fonts\/mwfmdl2-v1.17.3.woff2)%20format(%22woff2%22)",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAni8qk.img?h=16",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAyH9fJ.img?h=194",
"https:\/\/c.s-microsoft.com\/mscc\/statics\/mscc-0.4.0.min.css",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAyGi8f.img?h=75",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAyGdpn.img?h=166",
"https:\/\/www.mozilla.org\/media\/img\/firefox\/new\/icon-private.d692fe1edf7f.svg",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAyGsjz.img?h=75",
"https:\/\/www.mozilla.org\/media\/img\/l10n\/sv-SE\/firefox\/ios\/btn-app-store.ace60becd7d2.svg",
"https:\/\/www.mozilla.org\/sv-SE\/firefox\/new\/",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAbmT59.img?h=16",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAyH6wG.img?h=75",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAyGPjb.img?h=75",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/BBru1ZR.img?h=194",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAyGU9t.img?h=166",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAyGF0V.img?h=194",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/BBKccj8.img?h=166",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAyGL2U.img?h=194",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAvNAS3.img?h=75",
"https:\/\/www.mozilla.org\/media\/img\/logos\/social\/social-icon-sprite.bf2ae0cd0f01.svg",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/BBtjihq.img?h=75",
"https:\/\/www.mozilla.org\/media\/img\/home\/2018\/billboard-healthy-internet.4c6fc8ad55a2.png",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAyGaSM.img?h=194",
"https:\/\/www.mozilla.org\/media\/img\/l10n\/en-US\/firefox\/android\/btn-google-play.77bdbc935c58.png",
"https:\/\/www.microsoft.com\/mwf\/_h\/v1.17.3\/mwf.app\/fonts\/mwfmdl2-v1.17.3.ttf)%20format(%22truetype%22)",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAyEGHA.img?h=75",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAyG9NB.img?h=75",
"https:\/\/www.microsoft.com\/favicon.ico?v2",
"https:\/\/www.mozilla.org\/en-US\/firefox\/download\/thanks\/",
"https:\/\/img-prod-cms-rt-microsoft-com.akamaized.net\/cms\/api\/am\/imageFileData\/RE1Mu3b?ver=5c31",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAyHwI4.img?h=166",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/BBFznKu.img?h=368",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAyGk1E.img?h=75",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAn16BU.img?h=16",
"https:\/\/www.mozilla.org\/media\/js\/BUNDLES\/site.8391e739b374.js",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAyin2O.img?h=194",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAyGKvo.img?h=166",
"https:\/\/www.mozilla.org\/media\/img\/l10n\/en-US\/firefox\/ios\/btn-app-store.1cfd5dba4a92.svg",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAyGd9q.img?h=194",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAyHa0Z.img?h=166",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAyHxtY.img?h=166",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAyGo2Z.img?h=75",
"https:\/\/www.mozilla.org\/media\/css\/BUNDLES\/firefox_new_common.2a164989aaa0.css",
"https:\/\/www.mozilla.org\/en-US\/firefox\/stub_attribution_code\/?referrer=http%3A%2F%2Fwww.bing.com%2Fsearch%3Fq%3Dfirefox%2Bdownload%2Benlish%26src%3DIE-SearchBox%26FORM%3DIE8SRC",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAyHebP.img?h=194",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAyEhUL.img?h=194",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAyHIeD.img?h=166",
"https:\/\/www.mozilla.org\/firefox\/download\/thanks\/",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAyDNV6.img?h=75",
"https:\/\/www.mozilla.org\/media\/img\/favicon.d4f1f46b91f4.ico",
"http:\/\/www.googletagmanager.com",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAmVurs.img?h=16",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAyGfks.img?h=75",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAyzFYA.img?h=75",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/BBj5yEG.img?h=75",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAyGCxD.img?h=333",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAyHbX2.img?h=75",
"https:\/\/mem.gfx.ms\/meversion?partner=smc",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAiEGxc.img?h=16",
"https:\/\/mozilla.org\/set_hsts.gif",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAyFYwA.img?h=166",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAyEE9W.img?h=250",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAyHK37.img?h=333",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAwGw6j.img?h=333",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAmVof7.img?h=16",
"https:\/\/support.microsoft.com\/app\/content\/scripts\/lib\/i18n\/angular-locale_en-us.js?v=1.0.18164.6",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAxeUzm.img?h=75",
"https:\/\/statics-uhf-neu.akamaized.net\/shell\/_scrf\/js\/themes=default\/98-425ea8\/75-cc6002\/1e-a91e34\/a9-8857cc\/a6-89b92f\/a1-bcff5c\/81-4934d0\/5c-4a6237\/cd-7f6639\/fd-4f81dc\/7f-caa9be\/4f-90852e\/83-f9e9f2\/76-db3bef\/14-f931ee\/dc-b4ca07\/70-21d143\/59-bbcb16\/3f-7cef4f\/ad-75d459\/7d-3558b2\/c2-4ef89d\/14-92219a\/7a-1f7e61\/f0-5001c1\/97-758e3f\/54-e2bc4c\/e3-94d85f\/42-f1f9ff\/a7-92e8a3\/73-f50172\/2d-6cbd1d\/d3-dfd8d6?ver=2.0",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAwzWIT.img?h=333",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAyDgPJ.img?h=75",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAyDBq2.img?h=194",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAyGMoR.img?h=75",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAyGc2M.img?h=75",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAyHbA2.img?h=333",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/BBtnGyF.img?h=75",
"https:\/\/www.mozilla.org\/media\/css\/BUNDLES\/oldIE-pebbles.b7e68dca9b65.css",
"https:\/\/c.s-microsoft.com\/mscc\/statics\/mscc-0.4.0.min.js",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAyGZCX.img?h=166",
"https:\/\/www.mozilla.org\/sv-SE\/firefox\/download\/thanks\/",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAmTi96.img?h=16",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAmV9I7.img?h=16",
"https:\/\/www.mozilla.org\/media\/css\/BUNDLES\/pebbles.03d45fb8fff9.css",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAyGhnZ.img?h=194",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/BB93Uyk.img?h=16",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAyESU1.img?h=75",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAyHp3I.img?h=194",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/BBI5uP7.img?h=75",
"https:\/\/www.mozilla.org\/en-US\/firefox\/new\/",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAmUOVK.img?h=16",
"https:\/\/www.microsoft.com\/mwf\/_h\/v1.17.3\/mwf.app\/fonts\/mwfmdl2-v1.17.3.svg)%20format(%22svg%22",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/BBrEbke.img?h=75",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAyGg2N.img?h=194",
"https:\/\/www.google-analytics.com\/analytics.js",
"https:\/\/support.microsoft.com\/app\/content\/bundles\/jslibraries?v=DMy4NO0p6y0nE7ZotmAwCZXevAPDwyAVit9cxFmKMyo1",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAyGFxl.img?h=75",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAyEBML.img?h=166",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAyFhTm.img?h=194",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAyG7xi.img?h=333",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/BBHnZrx.img?h=75",
"https:\/\/www.mozilla.org\/media\/img\/home\/2018\/newsletter-graphic.1048dfaedfee.png",
"https:\/\/www.mozilla.org\/en-US\/",
"https:\/\/www.mozilla.org\/media\/img\/logos\/firefox\/logo-quantum-wordmark-white.bd1944395fb6.png",
"http:\/\/static-global-s-msn-com.akamaized.net\/img-resizer\/tenant\/amp\/entityid\/AAykhnT.img?h=194"
],
"crc32": "CD3FDDA7",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/090593876198bcd1_index.dat",
"ssdeep": null,
"size": 262144,
"sha512": "0c8505b30f2d59f9d7ae54084c44c2c9fdb53b9bf5f8c68f4235fc600c3598b472d6dc1cd380d4b6cd4e6d25e6a1ec1cc42ffdf7aa75524146129a2bdba8c2ef",
"pids": [],
"md5": "06089e4672b8fdd2f05148958260584e"
},
{
"yara": [],
"sha1": "d3cd6595a06543bd146b9ec6fb715160351cff6d",
"name": "228af28ae8316140_ojPwIJFk.dll",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\FwFQmYtW\\ojPwIJFk.dll",
"type": "PE32 executable (DLL) (GUI) Intel 80386, for MS Windows",
"sha256": "228af28ae83161409485e0f45d09f756d885d782ca4e24eca400cadcce8c8988",
"urls": [],
"crc32": "A62CCA8E",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/228af28ae8316140_ojPwIJFk.dll",
"ssdeep": null,
"size": 4144,
"sha512": "666a5bfdf06435456c3577edd77db2dd5dead1f5fe8e1ef0094e2850b527e332e6c4c8e4a4d2da301d1652b97bc8134b98c3625274b5d0af75b367599c399542",
"pids": [
2628
],
"md5": "05bd9a3945730ef7c8d7de8356a6c4f2"
},
{
"yara": [],
"sha1": "d1ce14441b24c1b033325c0d66a21f9bf09c2bc0",
"name": "eff34c57a760e321_cuck@mozilla[1].txt",
"filepath": "C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\cuck@mozilla[1].txt",
"type": "ASCII text",
"sha256": "eff34c57a760e32115701de31f6271800e52d14247233307928ef48b53ba217c",
"urls": [],
"crc32": "28AAB7BC",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/eff34c57a760e321_cuck@mozilla[1].txt",
"ssdeep": null,
"size": 264,
"sha512": "0c0968b14dfe4e076d87c9d85002c9a39ee407392ff7904a131811b487ec8b0ca0650dab5629719c84ef554ce7fa442c0e6574b49823d7273a4675cf637ef68f",
"pids": [],
"md5": "3385b30e22129cc26b994111c184484d"
},
{
"yara": [],
"sha1": "64542dcf8897d43f720487ef31946378228634c5",
"name": "b58202af58ffbe2e_AAyH6ID[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\AAyH6ID[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 310x166, frames 3",
"sha256": "b58202af58ffbe2e527532579001d5f7844c3ff4001f8a41d2458f7f05177b9f",
"urls": [],
"crc32": "F6A944F2",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/b58202af58ffbe2e_AAyH6ID[1].jpg",
"ssdeep": null,
"size": 7283,
"sha512": "af752dd7ae5791cc6fdb803612e46075501c36d16fef619f322254e9073a177b81361081dd9fd65412650d437ae341eab1f12295600d3ccf12c322bd6baf8408",
"pids": [],
"md5": "9f15988281237ea344b3d376cfb20641"
},
{
"yara": [],
"sha1": "e2f677fef6632edf11c208df0f87ffe1b0e84986",
"name": "ed1691c1caf27ffd_196BCA845E91608F7B4CA6127A60D20AF55413AC",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\196BCA845E91608F7B4CA6127A60D20AF55413AC",
"type": "gzip compressed data, from Unix",
"sha256": "ed1691c1caf27ffd4291cc136c7e02a6b1cc5fbeeba3c470e029ed1f344b00c6",
"urls": [
"https:\/\/normandy.cdn.mozilla.net\/api\/v1\/classify_client\/",
"https:\/\/normandy-cloudfront.cdn.mozilla.net\/"
],
"crc32": "87A27FA9",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/ed1691c1caf27ffd_196BCA845E91608F7B4CA6127A60D20AF55413AC",
"ssdeep": null,
"size": 9001,
"sha512": "0d50ca863878c97f82bfc6eeb3566c3a17ee78b81168759b5879948e828b2c03191f7ccc556207528faf5e99c1d3decbce84fea9c7e56fdc057dcc5963e40d3e",
"pids": [],
"md5": "1d7499b7727279426caf7427f4d3ce76"
},
{
"yara": [],
"sha1": "8344df6c8c39c211266d921b120c986d59760191",
"name": "08853c6727517b53_scriptCache-current.bin",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\scriptCache-current.bin",
"type": "data",
"sha256": "08853c6727517b534f45a3d737b9ff1e98d294b5e55813aa01518736e298e1b0",
"urls": [
"https:\/\/bugzilla.mozilla.org\/show_bug.cgi?id=1100294",
"http:\/\/www.mozilla.org\/keymaster\/gatekeeper\/there.is.only.xul",
"https:\/\/bugzilla.mozilla.org\/show_bug.cgi?id=1238180",
"http:\/\/www.mozilla.org\/2006\/browser\/search\/",
"https:\/\/discovery.addons.mozilla.org",
"https:\/\/hg.mozilla.org\/releases\/mozilla-release\/rev\/a0b222c551f586904f51228c49149d9b6b7e2a81",
"https:\/\/bugzilla.mozilla.org\/show_bug.cgi?id=1243643",
"http:\/\/www.mozilla.org\/keymaster\/gatekeeper\/there.is.only.xulY",
"http:\/\/a9.com\/-\/spec\/opensearchdescription\/1.1\/_",
"https:\/\/discovery.addons-dev.allizom.org",
"https:\/\/support.mozilla.org\/kb\/warning-unresponsive-script",
"http:\/\/a9.com\/-\/spec\/opensearch\/1.1\/_",
"http:\/\/www.mozilla.org\/newlayout\/xml\/parsererror.xmlc",
"http:\/\/a9.com\/-\/spec\/opensearchdescription\/1.0\/",
"http:\/\/www.mozilla.org\/2006\/addons-blocklist",
"http:\/\/a9.com\/-\/spec\/opensearch\/1.0\/I",
"https:\/\/screenshots.firefox.com\/",
"https:\/\/developer.mozilla.org\/docs\/JavaScript_OS.File",
"https:\/\/discovery.addons.allizom.orgQ",
"http:\/\/www.openh264.org\/",
"http:\/\/example.com",
"https:\/\/support.mozilla.org\/kb\/reset-firefox-easily-fix-most-problems",
"http:\/\/www.mozilla.org\/keymaster\/gatekeeper\/there.is.only.xul\/",
"https:\/\/support.mozilla.org\/kb\/flash-protected-mode-autodisabled",
"http:\/\/www.mozilla.org\/2006\/addons-blocklisti",
"https:\/\/developer.mozilla.org\/en-US\/docs\/JavaScript_OS.File\/OS.File.Info",
"https:\/\/www.google.com\/policies\/privacy\/3",
"https:\/\/developer.mozilla.org\/en-US\/docs\/XPCOM_Interface_Reference\/nsIBrowserSearchService",
"https:\/\/www.widevine.com\/"
],
"crc32": "F5DC1A96",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/08853c6727517b53_scriptCache-current.bin",
"ssdeep": null,
"size": 4843242,
"sha512": "3dedf97d40047150aa47a34fe2a5e9594e6436cfa811e02de0221b27fc91b4e892354028dd7fa387eb9e940c44e3851ff806511e93233e4dd89b60e9cb3e8b31",
"pids": [],
"md5": "a7c8ac3fa84878d6f066477eec5ab25a"
},
{
"yara": [],
"sha1": "0ed99ac5f8f253fabff8ebe643bb5742eeae138d",
"name": "c2116d4890047681_AAyFYwA[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\AAyFYwA[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 310x166, frames 3",
"sha256": "c2116d4890047681615b5b4a45a1355f7a2b783e43bd5efe7e9f7c9925816d9e",
"urls": [],
"crc32": "61E58145",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/c2116d4890047681_AAyFYwA[1].jpg",
"ssdeep": null,
"size": 8159,
"sha512": "e6b33ddae50a02c025b08b17177af2d7a758014b2bc6dadd01bb8a2100054e922b40f3c2b99fced762cfb7157dec5a94b599efc8fa6a300604fbb703379f04ed",
"pids": [],
"md5": "89da2520f2d8597ceeac84924843cc5f"
},
{
"yara": [],
"sha1": "f656fe21c9c1a2972216b4895d948fd0b5663595",
"name": "d0cf1fb38fdffcd6_AAyGMoR[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\AAyGMoR[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 100x75, frames 3",
"sha256": "d0cf1fb38fdffcd688f4a8d4d5e5e6279acdbd99c488af89909b312a7ee6158d",
"urls": [],
"crc32": "C810EA93",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/d0cf1fb38fdffcd6_AAyGMoR[1].jpg",
"ssdeep": null,
"size": 2442,
"sha512": "2cda8c4b81d8a63935f933f0f239738139f23b4d1a05e5c2b0fa4a52909f83a378a846c1c63f7b135c483c582010f584a6688a2e308954e346330a7da8201e8b",
"pids": [],
"md5": "b905f50b670ae6eaea7c156013b93135"
},
{
"yara": [],
"sha1": "6bcb460bf314e1a5a74c8cd37a2c10526f8b133b",
"name": "0ed2181bc1ba3ed5_favicon.d4f1f46b91f4[1].ico",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\favicon.d4f1f46b91f4[1].ico",
"type": "MS Windows icon resource - 1 icon, 64x64",
"sha256": "0ed2181bc1ba3ed54a738dd345241b2064344e1ca66f83e623a609dc589c5e95",
"urls": [],
"crc32": "501BF596",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/0ed2181bc1ba3ed5_favicon.d4f1f46b91f4[1].ico",
"ssdeep": null,
"size": 16958,
"sha512": "365a95a97c1918da50da3476c98e3c03befa278479c9bccaaa150ae18cefdaf56e9ead6e643a0b6025fcaf394ae98345dfc611860b96d433412f574c7895ce85",
"pids": [],
"md5": "d4f1f46b91f4eaa341e230b3641c6a56"
},
{
"yara": [],
"sha1": "2aa1d368e4267e49e55d406ab899ca293f063326",
"name": "db78115a50ba6cf6_down-arrow-blue.3bcea1f6c2e8[1].svg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\down-arrow-blue.3bcea1f6c2e8[1].svg",
"type": "ASCII text",
"sha256": "db78115a50ba6cf6579d4445ec47039213f04de9fa179eb50201cb7f5ac49be1",
"urls": [],
"crc32": "6187A91C",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/db78115a50ba6cf6_down-arrow-blue.3bcea1f6c2e8[1].svg",
"ssdeep": null,
"size": 194,
"sha512": "c896ebb9d9c1fb28c9c76d81834eb3d50346b1ff38122f9dfcf54515465e7fc2059b166e58541d6a6858cd0ca030bfc6fc89fb5746269749684c81be28453d1d",
"pids": [],
"md5": "3bcea1f6c2e81d1bdc6b710fe72293ba"
},
{
"yara": [],
"sha1": "7337b272261ccaaef9f57eef86954f18563d2309",
"name": "e9169898ef3b7346_ACxtDalw.dll",
"filepath": "C:\\Windows\\ACxtDalw.dll",
"type": "ASCII text, with no line terminators",
"sha256": "e9169898ef3b7346088561dd8e11b5ed5217d1fc871b7ae059855ddbec9dbc99",
"urls": [],
"crc32": "14EFF3E0",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/e9169898ef3b7346_ACxtDalw.dll",
"ssdeep": null,
"size": 13,
"sha512": "27ae934a80c2f3b399eb2446826ca677efd9c4b580c36604b09297b12b46a2aeceaa58aacee209926648977d0833c9c58d7c26c57db6fe4417d72f3560bf263f",
"pids": [
2628
],
"md5": "3f8c97cd43e47bbca74fa656e45cf0d5"
},
{
"yara": [],
"sha1": "81b4609204e9f5e0473f6fa689858add7f8925a3",
"name": "e1fbce1f59a24372_7B303216787123E2E98A2B9594CDF8211C77C0EA",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\7B303216787123E2E98A2B9594CDF8211C77C0EA",
"type": "gzip compressed data, from Unix",
"sha256": "e1fbce1f59a2437231cc94070b56db146a66075b5078089f1ba4d8215356b5c4",
"urls": [
"https:\/\/normandy-cloudfront.cdn.mozilla.net\/api\/v1\/action\/console-log\/implementation\/sha384-dwDUzk7p67hyOW81gMBIWnhrBFoOvbRvrt2ftxkMrqBjbADVA_1TjHuv0i7bbFrN\/",
"https:\/\/normandy-cloudfront.cdn.mozilla.net\/"
],
"crc32": "8F86E611",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/e1fbce1f59a24372_7B303216787123E2E98A2B9594CDF8211C77C0EA",
"ssdeep": null,
"size": 10001,
"sha512": "25c86ae910e72fc5bd0681796540ad653ea47946cf89260cd0d9ebdafaa43d58edd1024ef0c972b7342e2b7f873cc0d56307e9c3e3570b61efff28632997d066",
"pids": [],
"md5": "f4f744e96eb19c3732e7ea04121d0881"
},
{
"yara": [],
"sha1": "c5551eb72b0971393b90c506cd9e057ae6daa370",
"name": "b6b503a322a2b052_AAyGjgH[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\AAyGjgH[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 300x194, frames 3",
"sha256": "b6b503a322a2b05288673bf2c1b2cd71a365b545297b0191a08b72c790b24561",
"urls": [],
"crc32": "8F7203B2",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/b6b503a322a2b052_AAyGjgH[1].jpg",
"ssdeep": null,
"size": 10302,
"sha512": "82ac31803036fc136f700dd066d4ae95f94c7b91556ed4648390883f6160d759ea6ac81be4f1b2fd1e6444b5e45c37c5c8af44bf659c4e1d41cae5ad6003d5d5",
"pids": [],
"md5": "50af44c7f102f2bc35a3a4977ab5afe6"
},
{
"yara": [],
"sha1": "d8392c876507223a698c51c1f147a602bd71a5f5",
"name": "a05f3b385be98bef_AAyFQsk[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\AAyFQsk[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 100x75, frames 3",
"sha256": "a05f3b385be98bef987dcb48c67bb02d104e22d6c97762ee2e9955dabd934591",
"urls": [],
"crc32": "C758953E",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/a05f3b385be98bef_AAyFQsk[1].jpg",
"ssdeep": null,
"size": 2631,
"sha512": "567f8897256b1a20054a14aaffb2109532bb4612a087da32e68a7b6e5500d9f91750a98fda673f50d922bd90d57882e15b483533592afe6f7cf52bb85d37e412",
"pids": [],
"md5": "9daeb61c1a5aa4110e5a06e024247461"
},
{
"yara": [],
"sha1": "fca2320500af602a4949a2381848f8b7e62b29a3",
"name": "02255126b4de3d2a_AAyH9fJ[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\AAyH9fJ[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 300x194, frames 3",
"sha256": "02255126b4de3d2a296f70068a864dc2e169c8391f10538bd609d712c6f9f6db",
"urls": [],
"crc32": "D9D3B93B",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/02255126b4de3d2a_AAyH9fJ[1].jpg",
"ssdeep": null,
"size": 7323,
"sha512": "a3344a9c50b1a08ba0c7add7fd03094f2f5dfdaced3650293809a1620773102fec4955dd5dbc0d802a59595b58d7fa0fd1072b452efc81756654cb9a48989fef",
"pids": [],
"md5": "5fbfbe13f1cc94065be2ef8f3ffcda45"
},
{
"yara": [
{
"meta": {
"description": "(no description)"
},
"name": "LnkHeader",
"offsets": {
"guid": [
[
4,
0
]
],
"signature": [
[
0,
1
]
]
},
"strings": [
"ARQCAAAAAADAAAAAAAAARg==",
"TAAAAA=="
]
}
],
"sha1": "76ba82a16298cb6ab5172b35f6844dd0a14fa87b",
"name": "0cac13d0250d9cdd_launch internet explorer browser.lnk",
"filepath": "C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Launch Internet Explorer Browser.lnk",
"type": "MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Has command line arguments, Archive, ctime=Sun Nov 21 02:25:08 2010, mtime=Sun Nov 21 02:25:08 2010, atime=Sun Nov 21 02:25:08 2010, length=673040, window=hide",
"sha256": "0cac13d0250d9cdda9f59cd131e71c0b211d1e743a8b8260d2520dd08b7deae1",
"urls": [],
"crc32": "0823AA63",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/0cac13d0250d9cdd_launch internet explorer browser.lnk",
"ssdeep": null,
"size": 1537,
"sha512": "8ddad219e4fefdaea438e916106d1661b73a68e2b01508c05fa87caef0a22741bd2964776589ce4f11c1ba503598fdd2a9c43ace5f005e7c33a1a4833812525c",
"pids": [
2628
],
"md5": "2a394b66f6fdbb1a5a8c908c7f1650e4"
},
{
"yara": [],
"sha1": "bbb337f83e62f06b258c3e0fb503c047ef53547d",
"name": "0b7c9754ea2e582c_17AFA6B228D2D87514B84B53E61306EC9F76A8AE",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\17AFA6B228D2D87514B84B53E61306EC9F76A8AE",
"type": "data",
"sha256": "0b7c9754ea2e582c07fe5e3cc4d06a01751e082c98ab184fc1091a246c5876c3",
"urls": [
"https:\/\/www.google.com\/complete\/search?client=firefox"
],
"crc32": "435F45E0",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/0b7c9754ea2e582c_17AFA6B228D2D87514B84B53E61306EC9F76A8AE",
"ssdeep": null,
"size": 7030,
"sha512": "563988bc0749656b70fcccdd144fe0631c1755acbbb287382dfdac075f5fd0ecc0c6a114e40b654ad6e217882b5b6caaa8765f2eb79e63c24e1320a42a16095c",
"pids": [],
"md5": "8adb96cfbded0833d17b9ec76de5e40e"
},
{
"yara": [],
"sha1": "d0b937d3128466fd2869dbf8c304748d6e39f10e",
"name": "36f3de8125c18db4_angular-locale_en-us[1].js",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\angular-locale_en-us[1].js",
"type": "ASCII text, with CRLF line terminators",
"sha256": "36f3de8125c18db4731b41f5403f2a7b9ac09fd6ed2ae40d4045f03a8cdd7a86",
"urls": [],
"crc32": "78D2BAC0",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/36f3de8125c18db4_angular-locale_en-us[1].js",
"ssdeep": null,
"size": 2855,
"sha512": "b598e343753894d9e071d96c9ec29aedcffd6e0fb9356515ce5f2b39672225ce07e9c4081cdffa3d9463fedeef7e39290fb49e0caad5677faf4d264ec39a0c07",
"pids": [],
"md5": "b55e03e13600a500be2a3c766b483f6f"
},
{
"yara": [],
"sha1": "d0fb456f7f43393f703049f0b9caa034a17537bf",
"name": "b5aba32bcf142876_71E6B979E60B9BE891481CC4F4A274E2DECFFCD7",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\71E6B979E60B9BE891481CC4F4A274E2DECFFCD7",
"type": "gzip compressed data, from Unix",
"sha256": "b5aba32bcf142876878ea0591fba0027699f0a2aed2cd1539aa99cc5fb8ec477",
"urls": [
"https:\/\/www.mozilla.org\/media\/js\/BUNDLES\/privacy_quantum_firefox.39f7169f2efb.js",
"https:\/\/report-uri.cloudflare.com\/cdn-cgi\/beacon\/expect-ct"
],
"crc32": "AEC77EAC",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/b5aba32bcf142876_71E6B979E60B9BE891481CC4F4A274E2DECFFCD7",
"ssdeep": null,
"size": 12235,
"sha512": "d085c70e5f56cedd9cbf43108b46023e4fa16a08552de306d77f96589d18056bd8fa1249e259553862a0128c219285eced61c774c0e965809c945664ad777de2",
"pids": [],
"md5": "ef7b3cb30f90c50308c85f1c4111e7be"
},
{
"yara": [],
"sha1": "0b9a37b168a4068a68443395f3e2d7e5a3f89815",
"name": "bea82c85b932597b_773ADD9F62EEAF7F2246C8AD56A9F1B7BAA7B703",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\773ADD9F62EEAF7F2246C8AD56A9F1B7BAA7B703",
"type": "data",
"sha256": "bea82c85b932597b165eedbee0f3bee03ecc1f966f45f0a7ef2722c9eefd3d49",
"urls": [
"https:\/\/tiles.services.mozilla.com\/v3\/links\/ping-centre"
],
"crc32": "3723E8D2",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/bea82c85b932597b_773ADD9F62EEAF7F2246C8AD56A9F1B7BAA7B703",
"ssdeep": null,
"size": 7565,
"sha512": "752165fe0da7ad4ad29e33bbc08c12f38d60cbae6488be3e5875d0060c04c883080ee3ca32e1b5f5c58994f116ab7df05b2b77a486772086b3c9e8886f389b22",
"pids": [],
"md5": "1f3c23095f31371917285dcf1140951c"
},
{
"yara": [],
"sha1": "8f2b75aa809298b8043b9dd7697d1fab8cc3a7e3",
"name": "0aca6baa19ee1b5b_AAt8NdA[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\AAt8NdA[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 100x75, frames 3",
"sha256": "0aca6baa19ee1b5bb570acf443bb77a904a090310b1eda4b5098a454dfe1c224",
"urls": [],
"crc32": "189485AA",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/0aca6baa19ee1b5b_AAt8NdA[1].jpg",
"ssdeep": null,
"size": 2254,
"sha512": "25b249c18447dccc8d01457a362c91b4fed7545d0e3527a0778137a52a7d4fb0347d03740f6a8a9d7a253281a557b8b3257368f0002d9393ad1ab69ad0221bb2",
"pids": [],
"md5": "8ec47cdafcd8ef2a30dd7d6b782c70cb"
},
{
"yara": [],
"sha1": "1e945e151eb86a2963d193f3cb9ae7a87b751593",
"name": "31dd9a0a4ef24de8_1679441B8AA7B4D31717C773CC4E86A25B37532B",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\1679441B8AA7B4D31717C773CC4E86A25B37532B",
"type": "gzip compressed data, from Unix",
"sha256": "31dd9a0a4ef24de8ba2574f4b581fd1d21de0277fb4eff260cc6b7fcb46d02a3",
"urls": [
"https:\/\/report-uri.cloudflare.com\/cdn-cgi\/beacon\/expect-ct",
"https:\/\/www.mozilla.org\/media\/img\/firefox\/favicon.e6bb0e59df3d.ico"
],
"crc32": "09351478",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/31dd9a0a4ef24de8_1679441B8AA7B4D31717C773CC4E86A25B37532B",
"ssdeep": null,
"size": 13388,
"sha512": "448f1e4bd3c3207ab1994d3cbd7c28d34c658d425f3512c80fcd51429e624a2f784cf9cf2542ab718b4e7fbd3a662e236a62519696828a69d161f929d00b0b24",
"pids": [],
"md5": "ebd450c3a8664e24538394b630198d4e"
},
{
"yara": [
{
"meta": {
"description": "(no description)"
},
"name": "LnkHeader",
"offsets": {
"guid": [
[
4,
0
]
],
"signature": [
[
0,
1
]
]
},
"strings": [
"ARQCAAAAAADAAAAAAAAARg==",
"TAAAAA=="
]
}
],
"sha1": "65030e6d66cccd0c9fc0d418ac5a65cdfd43c42a",
"name": "5a8c2f881c86962e_firefox.lnk",
"filepath": "C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Firefox.lnk",
"type": "MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Archive, ctime=Fri Jun 15 19:21:25 2018, mtime=Fri Jun 15 19:21:25 2018, atime=Tue Jun 5 19:30:42 2018, length=390096, window=hide",
"sha256": "5a8c2f881c86962ea8749486ed160c88974726d5037085b88734859a5d6f662b",
"urls": [],
"crc32": "86DBA28E",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/5a8c2f881c86962e_firefox.lnk",
"ssdeep": null,
"size": 1283,
"sha512": "f94d95f6657001cc07cf28532ea4e0f3adf6f921d61190be4bf2d83883daf8d0aa688d3b3b3b13dbb4596a870bbd5c6bbff0b6fdfb2cb40b285119148ceadd5d",
"pids": [
2628
],
"md5": "c07028a7ed45a551551c442756f3f2f0"
},
{
"yara": [],
"sha1": "2a2ef31437306d107b40f49fd76d73abc1429c39",
"name": "95bfccaf703698d3_AAyGZCX[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\AAyGZCX[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x194, frames 3",
"sha256": "95bfccaf703698d3480ea0304acce246271fd6a0b48ba76f915202353f1c8a4b",
"urls": [],
"crc32": "D6B60BD2",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/95bfccaf703698d3_AAyGZCX[1].jpg",
"ssdeep": null,
"size": 7331,
"sha512": "ec6d9ef19a5d1f999c44854099a8ea5329b6ca47533c7daaa3c0536a3c05783cc4958847156b0cdede90b756379b9ffc0e370ec28d88c96320391d781b36f099",
"pids": [],
"md5": "a9ba6e489f98f481a1dfce3ed5b7ad26"
},
{
"yara": [],
"sha1": "daa53cf17cc45878a1b153f3c3bf47dc9669d78f",
"name": "112fec798b78aa02_RE1Mu3b[1].png",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\RE1Mu3b[1].png",
"type": "PNG image data, 216 x 46, 8-bit\/color RGBA, non-interlaced",
"sha256": "112fec798b78aa02e102a724b5cb1990c0f909bc1d8b7b1fa256eab41bbc0960",
"urls": [
"http:\/\/ns.adobe.com\/xap\/1.0\/mm\/",
"http:\/\/ns.adobe.com\/xap\/1.0\/",
"http:\/\/ns.adobe.com\/xap\/1.0\/sType\/ResourceRef"
],
"crc32": "973E9ABB",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/112fec798b78aa02_RE1Mu3b[1].png",
"ssdeep": null,
"size": 4054,
"sha512": "d4f6e49c854e15fe48d6a1f1a03fda93218ab8fcdb2c443668e7df478830831acc2b41daefc25ed38fcc8d96c4401377374fed35c36a5017a11e63c8dae5c487",
"pids": [],
"md5": "9f14c20150a003d7ce4de57c298f0fba"
},
{
"yara": [],
"sha1": "e08ce1a144eceae0c3c2ea7a9d6fbc5658f24ce5",
"name": "90cdaf487716184e_favicon[1].ico",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\favicon[1].ico",
"type": "MS Windows icon resource - 6 icons, 128x128, 16 colors",
"sha256": "90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21",
"urls": [],
"crc32": "6A0CD9DE",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/90cdaf487716184e_favicon[1].ico",
"ssdeep": null,
"size": 17174,
"sha512": "c5030c55a855e7a9e20e22f4c70bf1e0f3c558a9b7d501cfab6992ac2656ae5e41b050ccac541efa55f9603e0d349b247eb4912ee169d44044271789c719cd01",
"pids": [],
"md5": "12e3dac858061d088023b2bd48e2fa96"
},
{
"yara": [],
"sha1": "11f6af3e9f8d33e07a7982fd3e9de7d191e65d0d",
"name": "cbf9b845c8dec3f2_AAyHu89[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\AAyHu89[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 310x166, frames 3",
"sha256": "cbf9b845c8dec3f2cd77c068e63d50671bc4cdf534d6e7a93d03d490b9913f68",
"urls": [],
"crc32": "F38E5048",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/cbf9b845c8dec3f2_AAyHu89[1].jpg",
"ssdeep": null,
"size": 7376,
"sha512": "604a620dab1ee211a084b12816bee92434972722c92af10235921d16a7b43fc6f6d373a4e0f5d23a1df40557d274d209874de448571ff007f49958e1966f61c4",
"pids": [],
"md5": "7832ee21415e180ab2876043bf324b56"
},
{
"yara": [],
"sha1": "f4794063b510576b4618e6ea7a2c48a55244b567",
"name": "7a9dfc6075e71ad2_meversion[1]",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\meversion[1]",
"type": "ASCII text, with very long lines, with no line terminators",
"sha256": "7a9dfc6075e71ad2b354f51f763cb3d8425534bf95616c1a73676df73fd04d95",
"urls": [
"https:\/\/mem.gfx.ms\/me"
],
"crc32": "46219580",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/7a9dfc6075e71ad2_meversion[1]",
"ssdeep": null,
"size": 11554,
"sha512": "6a5415964e44bd028eb67981983061d7aa67f208f7530d7fb19a2502ee238a0875b8cc8ae983deb87b4ee31c23ecf98496d894e2ac695df50825e1a0c7de64da",
"pids": [],
"md5": "621bcf8bb3459a8f5e9cf803470c3196"
},
{
"yara": [],
"sha1": "f67397579083bdcc1268adb0f0c2e8f5c0692b34",
"name": "2bd5ab44c2fe5750_BBpREyq[1].png",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\BBpREyq[1].png",
"type": "PNG image data, 16 x 16, 8-bit\/color RGBA, non-interlaced",
"sha256": "2bd5ab44c2fe575039fd75646aea1b7ee92c98bb919e2036c1b3a4f0310b2b62",
"urls": [],
"crc32": "8FD317FA",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/2bd5ab44c2fe5750_BBpREyq[1].png",
"ssdeep": null,
"size": 679,
"sha512": "55ad81ce9aff9d600435e10ffa53b59e269b688a6b237ef820d08ff5592e195d07fc2445b5461c57e9d539ac3aaec73206149deaba6297e90c950945e162d8cd",
"pids": [],
"md5": "9f1ab7c4824a0ed9797550ddf80ed18b"
},
{
"yara": [],
"sha1": "58556b901190b8776d6c7c4e9c9887fc166dc23b",
"name": "809e99d55344879a_89ACBB962943FAF1EF2F1C7CA72502C77A714625",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\89ACBB962943FAF1EF2F1C7CA72502C77A714625",
"type": "data",
"sha256": "809e99d55344879afd6d493a33c977207fdb219f6f4f01bb0df4d825390e6968",
"urls": [
"https:\/\/www.google.com\/complete\/search?client=firefox"
],
"crc32": "221DBA5F",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/809e99d55344879a_89ACBB962943FAF1EF2F1C7CA72502C77A714625",
"ssdeep": null,
"size": 7030,
"sha512": "2b65146a933d49e7d6da6506b7a9ec5c8a9203b0e33f1e06ed1790a5f2e39b5080d26f1dd0d49fc8f7c6d8e97f008b13006e9f949be9fc0323d2ca556031b1f6",
"pids": [],
"md5": "ab9c11d7c85a612360b5d391c0fb25a7"
},
{
"yara": [],
"sha1": "dbb37e1a4e2ca34379b9eb643e78b4cc4694d8f7",
"name": "c15dff2845540759_stub_attribution_code[1]",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\stub_attribution_code[1]",
"type": "ASCII text, with no line terminators",
"sha256": "c15dff2845540759eb78cf456019e19eee4663bc724d624a568250826ecdb616",
"urls": [],
"crc32": "E344CC66",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/c15dff2845540759_stub_attribution_code[1]",
"ssdeep": null,
"size": 235,
"sha512": "e02fa5e7f1aeedc985def30d909b7919d99ac9d7fc5a608180863d9ccacd8544033ad7563241c33c49e2b1ace815dd108edc3a42655f9c5f5b587f4aee03db6e",
"pids": [],
"md5": "62fe826cab9c7a4965eafbcbfd453797"
},
{
"yara": [],
"sha1": "8dc6ead175250dbccb3015343ee7e33cc38f4c04",
"name": "fc0aa4647dd793b1_9843E084E02CC996A82AAAF091B968B2F443AA96",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\9843E084E02CC996A82AAAF091B968B2F443AA96",
"type": "gzip compressed data, from Unix",
"sha256": "fc0aa4647dd793b17c8f091ee6944c4cd3d0f15d9156f36800eb5fdf85a2999b",
"urls": [
"https:\/\/www.python.org\/static\/js\/main-min.js",
"https:\/\/2p66nmmycsj3.statuspage.io\/api\/v2\/status.json",
"https:\/\/console.python.org\/python-dot-org-live-consoles-status"
],
"crc32": "FA357509",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/fc0aa4647dd793b1_9843E084E02CC996A82AAAF091B968B2F443AA96",
"ssdeep": null,
"size": 95525,
"sha512": "8ba507f0a17583f19c4e6ff280fd7357ff08933312be4fb54bc04fa9a72a1a38dfa77b18f0ffe307fff8b0c76edf1a164daa47d13c2ca5617c496e02a8f80498",
"pids": [],
"md5": "c288cd2d3db6a15e3599090d24638ce2"
},
{
"yara": [],
"sha1": "776f671304102b5147d6e3fcac1ec8a569ca88d3",
"name": "b645c0a5bf53693b_AC5E012C1887C7B691A8EA00C4E754025E25C235",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\AC5E012C1887C7B691A8EA00C4E754025E25C235",
"type": "gzip compressed data, from Unix",
"sha256": "b645c0a5bf53693b6fb9f1664cd8be9cc37c3a94bf9c8153245d677bb92c39a3",
"urls": [
"https:\/\/report-uri.cloudflare.com\/cdn-cgi\/beacon\/expect-ct",
"https:\/\/www.mozilla.org\/media\/js\/BUNDLES\/gtm-snippet.9f9cf2026c5f.js"
],
"crc32": "F51A6995",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/b645c0a5bf53693b_AC5E012C1887C7B691A8EA00C4E754025E25C235",
"ssdeep": null,
"size": 10442,
"sha512": "4e427d629edd8ed7aaef88a286cb93b72f60736e2f9b0d0f600dc10daec5688f0919a0046a902d7526f5d34919e6b89cd12879dcf99bbc10bbc2722e9d3caf8d",
"pids": [],
"md5": "a61b09ba7f31b32105479b2724102014"
},
{
"yara": [],
"sha1": "15f0c5f7bbe310214c0abba04060162ae2b5febb",
"name": "7f28abf88d36efed_AAyGu6P[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\AAyGu6P[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 100x75, frames 3",
"sha256": "7f28abf88d36efed6d6d5b990a64c728ed5c7451d48080ba8ac40618212159ec",
"urls": [],
"crc32": "5AF5B9C7",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/7f28abf88d36efed_AAyGu6P[1].jpg",
"ssdeep": null,
"size": 2887,
"sha512": "c1587cc6ac532da41553af0551da1af43e5c452c490f3a4742318d2f60f516e4497bf424618c872adbc9608fd7a836e08cd5a4dbae605c5b2eb6cda58f88dbf4",
"pids": [],
"md5": "64e5b0383982df533f185c22797f1863"
},
{
"yara": [],
"sha1": "30ede3226d1e34cc397600eda1e4db70102f0d4a",
"name": "813bf42cdea4f783_1E6CC88205509B4729347C79C048D6FEE47BA702",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\1E6CC88205509B4729347C79C048D6FEE47BA702",
"type": "data",
"sha256": "813bf42cdea4f783ca9e1f544d1b4ffbede3afb17b5f3003f57e20cc7a6e7938",
"urls": [
"https:\/\/www.google.com\/gen_204?s=webaft"
],
"crc32": "5C67A003",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/813bf42cdea4f783_1E6CC88205509B4729347C79C048D6FEE47BA702",
"ssdeep": null,
"size": 6875,
"sha512": "7a4320ad0d986d912edaeebd668f9bb5fb47e46289dc75a75d3b99f335f645106d3b3f59578a7af9cedb52e58c596369d2d24374feb553ab9bc38bc2612f54a2",
"pids": [],
"md5": "ae9c71b6f0f988975767ae18c155e78a"
},
{
"yara": [],
"sha1": "3b99e20d8da77cff0ee0d66dc142cb6625aab7ac",
"name": "690f44b570f72ebb_AAyHtCF[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\AAyHtCF[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 310x166, frames 3",
"sha256": "690f44b570f72ebb07251dd8e4968a127ed0a51af51d38f75a923780470a270c",
"urls": [],
"crc32": "BB7DFE14",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/690f44b570f72ebb_AAyHtCF[1].jpg",
"ssdeep": null,
"size": 12081,
"sha512": "c507e8404d8b4dee05a6c9558262ab4ea6b1eec1ea0bf8edf2993ebd51db1f09dede10a56d77ba521550a9487bd3f1d2b8a4283384a0c952d62bca9903743ede",
"pids": [],
"md5": "7314b80763588ccb18e51cd90e3b3eed"
},
{
"yara": [],
"sha1": "79a8b2a1ec9bdbc9a5c8e084734c987f42c755f1",
"name": "56838f47b237aae2_116C29D749EF02BBC3455756D834442785F9A388",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\116C29D749EF02BBC3455756D834442785F9A388",
"type": "gzip compressed data, from Unix",
"sha256": "56838f47b237aae247fd3500af515449d41add2ca7afe6388aea1fa0c07cbc5c",
"urls": [
"https:\/\/www.python.org\/static\/js\/libs\/modernizr.js"
],
"crc32": "33D6D3A6",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/56838f47b237aae2_116C29D749EF02BBC3455756D834442785F9A388",
"ssdeep": null,
"size": 60147,
"sha512": "b3bc8b16bb2b04ff714ea93c0c1f6087bdae8b1ed8945054aa532bdd99e57466dc9735c8324562f6c7269a72b3d1eb73d9eb4b9254a5687513d380def3a0707f",
"pids": [],
"md5": "2010ac3a120e073601039c7a0df2327c"
},
{
"yara": [],
"sha1": "3bb69b1182e31d93e70980c31596776259eeb44b",
"name": "a6f6e2176d3e252e_thanks[1].htm",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\thanks[1].htm",
"type": "HTML document, UTF-8 Unicode text, with very long lines",
"sha256": "a6f6e2176d3e252e43f6b0a161fc346af4f0f2eca7b62fe633933807de6b841b",
"urls": [
"https:\/\/www.youtube.com\/firefoxchannel",
"https:\/\/support.mozilla.org\/kb\/firefox-osx",
"https:\/\/itunes.apple.com\/us\/app\/apple-store\/id989804926?pt=373246",
"https:\/\/www.mozilla.org\/media\/img\/firefox\/template\/page-image.4b108ed0b8d8.png",
"https:\/\/itunes.apple.com\/se\/app\/apple-store\/id989804926?pt=373246",
"https:\/\/bugzilla.mozilla.org\/show_bug.cgi?id=1122305",
"https:\/\/careers.mozilla.org",
"https:\/\/www.instagram.com\/mozilla\/",
"https:\/\/wiki.mozilla.org\/Webdev\/GetInvolved\/mozilla.org",
"https:\/\/download.mozilla.org\/?product=firefox-stub",
"https:\/\/support.mozilla.org\/kb\/install-firefox-linux",
"https:\/\/blog.mozilla.org\/",
"https:\/\/ad.doubleclick.net\/ddm\/activity\/src=6417015",
"https:\/\/donate.mozilla.org\/sv-SE\/?presets=160",
"https:\/\/mozilla.org\/set_hsts.gif",
"https:\/\/www.mozilla.org\/contribute",
"https:\/\/play.google.com\/store\/apps\/details?id=cn.mozilla.firefox",
"https:\/\/download.mozilla.org\/?product=firefox-latest-ssl",
"https:\/\/twitter.com\/firefox",
"https:\/\/play.google.com\/store\/apps\/details?id=org.mozilla.firefox",
"https:\/\/www.mozilla.org\/sv-SE\/firefox\/new\/",
"https:\/\/twitter.com\/mozilla"
],
"crc32": "16EF4A01",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/a6f6e2176d3e252e_thanks[1].htm",
"ssdeep": null,
"size": 27900,
"sha512": "f577f62deb1b631edbfe2fff115cd92a16e128cfabfffac616752cdc54386f9ef9273bc9f9cc3d48ff89475c61c6a5c1306d47d7b8f3c55595a972f5afc6d4ca",
"pids": [],
"md5": "5a8c5e8dddc1e7c30337c42fce76fdab"
},
{
"yara": [],
"sha1": "fb6eac8eb39693977eac361a4972bef050a565ca",
"name": "d9dec94d2071cdb7_AAyEBML[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\AAyEBML[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 310x166, frames 3",
"sha256": "d9dec94d2071cdb7bea09a7a2185feaef0d4ce3e79f1808ae7d8b7f19ceed39e",
"urls": [],
"crc32": "DEDA913F",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/d9dec94d2071cdb7_AAyEBML[1].jpg",
"ssdeep": null,
"size": 10985,
"sha512": "bfae79155f69abbe458ec1848eaad829e70251a4bfa7538198c3641476bebe551b2bb7e435dd7d2d7d16d97a24a6d706be24fecc4eb41cda81d64ac4ac87193b",
"pids": [],
"md5": "1a281a2708ba62a78674e0e14ae96503"
},
{
"yara": [],
"sha1": "72a954024a05fe34d416021a19e2e4cee98a40a5",
"name": "ab10ee89148541f1_92B5C9352DD00CE3BC97E4D5F624D41C2B3E8A45",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\92B5C9352DD00CE3BC97E4D5F624D41C2B3E8A45",
"type": "data",
"sha256": "ab10ee89148541f133f42c6c52bdc2dbefffe2a1b32a766343995b5888ce0607",
"urls": [
"http:\/\/ocsp.pki.goog\/GTSGIAG3"
],
"crc32": "C67198C6",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/ab10ee89148541f1_92B5C9352DD00CE3BC97E4D5F624D41C2B3E8A45",
"ssdeep": null,
"size": 1227,
"sha512": "51a69183057958f04089c9f0d360f118df915a37c7b06027b0718ac540b4cef06d9a6d8d7dfd3dad38d2addad8fd54b69f285195c9ae09682506d10ca63e3a9d",
"pids": [],
"md5": "481ade6956383893955f71b8c28d4abe"
},
{
"yara": [],
"sha1": "18be8502838d31a6183492f536431fa24089b3bd",
"name": "a6073a7574de1235_AAm2UN1[1].png",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\AAm2UN1[1].png",
"type": "PNG image data, 16 x 16, 8-bit\/color RGBA, non-interlaced",
"sha256": "a6073a7574de1235d26987a54d31117cc5f76642a7e4be98ffd1a95b5197c134",
"urls": [],
"crc32": "F3B0405D",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/a6073a7574de1235_AAm2UN1[1].png",
"ssdeep": null,
"size": 410,
"sha512": "c87391d02b17ab9daca6116b4bd8eaee3cf5e9c05daf0d07f69f84be1d5749772fb9b97fd90b101f706e94ed25cdfb4e35035a627b6ffe273a179cfeda11d1a4",
"pids": [],
"md5": "c27b8e64968d515f46c818b2f940c938"
},
{
"yara": [],
"sha1": "dda0e6e8dd27a63aa2a3139f2df7d391621efde1",
"name": "800cd3a419c5b230_wilogon.exe",
"filepath": "C:\\Windows\\GLDmfsVFY\\wilogon.exe",
"type": "ASCII text, with no line terminators",
"sha256": "800cd3a419c5b230b1bd166c46751ff67baf58486665c34ce9a1e38467926e2d",
"urls": [],
"crc32": "AD34E248",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/800cd3a419c5b230_wilogon.exe",
"ssdeep": null,
"size": 12,
"sha512": "15d1456cf33f025062a60b92bfdef297e1f66bb111a6dcd2eb2f6d5e2616a81069d9a85d475a070fbb156e8c779dc6af6c33cc6f1ab3ed14a672d1dcd817638e",
"pids": [
2628
],
"md5": "468f2550344b833f4151a54f45632b61"
},
{
"yara": [],
"sha1": "165e7c6da6d9bd6fcc0ada0c05d1ca0d18de24bd",
"name": "af2832cd769b5a43_AAyGF76[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\AAyGF76[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 310x166, frames 3",
"sha256": "af2832cd769b5a43ca45ed80ba2b969ad19f3e454572ae15e423a88c299d0761",
"urls": [],
"crc32": "27C3D4AB",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/af2832cd769b5a43_AAyGF76[1].jpg",
"ssdeep": null,
"size": 7979,
"sha512": "1ab454583c77b4d6a7df57a1d2b8920adddbb1d0e4fc2899924c3fd44e62c80034dee3e75992397b952b8eee734583e4db441c76d7cba89a426b04e54dd43de3",
"pids": [],
"md5": "a6f778975fee1e0b283a63f3dac2e178"
},
{
"yara": [],
"sha1": "37b4f00104a7f37f20296768a4e2b1bbd405e09f",
"name": "5dec623a577db15f_AAyHUCN[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\AAyHUCN[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x194, frames 3",
"sha256": "5dec623a577db15f10ab52baccca293ad6abb1f3fba52ed38b4fdcf1bb672d71",
"urls": [],
"crc32": "D5FD6C43",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/5dec623a577db15f_AAyHUCN[1].jpg",
"ssdeep": null,
"size": 6373,
"sha512": "4130d359f0fdb6032e73c9e531e065d02a8e1b4b356ebc3844bfcfde7f737d598015302a5cb0df3bb5490811e57d90e2ac71d3d5043d33a728daf4ab72923333",
"pids": [],
"md5": "90eb3d10624af88b86fdfb9b9effa325"
},
{
"yara": [],
"sha1": "4188442577fa77f25820d9b2d01cc446e30684ac",
"name": "4cbbd8ca5215b8d1_allow-flashallow-digest256.pset",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\allow-flashallow-digest256.pset",
"type": "data",
"sha256": "4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0",
"urls": [],
"crc32": "42D3DAC4",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/4cbbd8ca5215b8d1_allow-flashallow-digest256.pset",
"ssdeep": null,
"size": 16,
"sha512": "6fcee9a7b7a7b821d241c03c82377928bc6882e7a08c78a4221199bfa220cdc55212273018ee613317c8293bb8d1ce08d1e017508e94e06ab85a734c99c7cc34",
"pids": [],
"md5": "076933ff9904d1110d896e2c525e39e5"
},
{
"yara": [],
"sha1": "f6ebea145d01100a9691575ca44c51abea6c9080",
"name": "c57e39faee9ef35d_B7DB036074231ACC212F58CA5B8AF0545A418060",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B7DB036074231ACC212F58CA5B8AF0545A418060",
"type": "data",
"sha256": "c57e39faee9ef35dc6678c4ee7fd2c60b7288dca498c48dcd9a86f019d4f1235",
"urls": [
"https:\/\/report-uri.cloudflare.com\/cdn-cgi\/beacon\/expect-ct",
"https:\/\/www.mozilla.org\/media\/fonts\/FiraSans-Light.3940026cbaf9.woff2"
],
"crc32": "D77C27D1",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/c57e39faee9ef35d_B7DB036074231ACC212F58CA5B8AF0545A418060",
"ssdeep": null,
"size": 139460,
"sha512": "3cf906d063a6104fc3154dc75894862350cb2f16c1ea75ce0081ef4dff39e1933bd76e181124c044b497d43070e30b9f62e3ee5ddbf069fb20ec1cc245f4ad83",
"pids": [],
"md5": "96f99a1df0ab06b710727627f5d4c52c"
},
{
"yara": [],
"sha1": "b047acb5ffa305c05dd1e66c6972286ec770fec9",
"name": "3a9060046ae0640a_4824C8FFDEE786A5D8721AF47836EA89F72B9E63",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4824C8FFDEE786A5D8721AF47836EA89F72B9E63",
"type": "gzip compressed data, from Unix",
"sha256": "3a9060046ae0640ab4b9c571829612d51a526176b92352b0ad5c394efe2d3a01",
"urls": [
"https:\/\/accounts.firefox.com\/?action=email",
"https:\/\/api.accounts.firefox.com",
"https:\/\/accounts.firefox.com",
"https:\/\/accounts-static.cdn.mozilla.net\/bundle-7ca432f78deff0314215bd9383f78d6bf4618498\/app.bundle.sv_SE.js",
"https:\/\/profile.accounts.firefox.com",
"https:\/\/accounts-static.cdn.mozilla.net",
"https:\/\/oauth.accounts.firefox.com",
"https:\/\/accounts-static.cdn.mozilla.net\/bundle-7ca432f78deff0314215bd9383f78d6bf4618498\/fxaClient.bundle.js",
"https:\/\/firefoxusercontent.com",
"https:\/\/accounts-static.cdn.mozilla.net\/images\/f865d0ab.spinnerlight.png",
"https:\/\/accounts-static.cdn.mozilla.net\/styles\/4b9df841.main.css",
"https:\/\/accounts-static.cdn.mozilla.net\/bundle-7ca432f78deff0314215bd9383f78d6bf4618498\/head.bundle.js",
"https:\/\/accounts-static.cdn.mozilla.net\/bundle-7ca432f78deff0314215bd9383f78d6bf4618498\/appDependencies.bundle.js",
"https:\/\/www.mozilla.org",
"https:\/\/secure.gravatar.com"
],
"crc32": "24C6DA10",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/3a9060046ae0640a_4824C8FFDEE786A5D8721AF47836EA89F72B9E63",
"ssdeep": null,
"size": 13831,
"sha512": "38c3211d52536aee9bc5c9aac31b1bc75e672de5acde2c350d2d0458e134a90e37f5fc6551a04a6dd91d0fc35ae86c3a18de76112688a277cefc2d84e4332ac5",
"pids": [],
"md5": "ca40d1cafa0102d8a473ec84b61e1e45"
},
{
"yara": [],
"sha1": "cb6c76a8aa6cc7deea9788c0d1f9ff9a08330605",
"name": "2cd439f1686beafb_AAyHFtw[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\AAyHFtw[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 310x166, frames 3",
"sha256": "2cd439f1686beafba9c83be7227cf3c106f1c4fba474fc831bf4300653fbb420",
"urls": [],
"crc32": "A054BFF0",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/2cd439f1686beafb_AAyHFtw[1].jpg",
"ssdeep": null,
"size": 8056,
"sha512": "f531a0276ca3fe2d767463250278fcb1be4d9fc95b0fb89e3da7ace303288a07314d8d340e0359da3b56f6c06093173d6127af4da601b807e51baa38b95b082d",
"pids": [],
"md5": "a41a337d7549735b7804b2a983e1d039"
},
{
"yara": [],
"sha1": "9e157e5955398e7a9797ff31cd87fb54a985b7c5",
"name": "9dd76f03a1c57254_AAn16BU[1].png",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\AAn16BU[1].png",
"type": "PNG image data, 16 x 16, 8-bit\/color RGBA, non-interlaced",
"sha256": "9dd76f03a1c5725479ea0c8407c42b12c49bca5ea4f5823cd344ab9336f7c654",
"urls": [],
"crc32": "2B858CC7",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/9dd76f03a1c57254_AAn16BU[1].png",
"ssdeep": null,
"size": 659,
"sha512": "365934c4ca9a5fa00de49c048fc1ea16da087d356beb49633fb6401d560561b0bb921e4a6dca698d71c83799a880f4c3a99717c25185adc04fd834cb5cf70727",
"pids": [],
"md5": "1fc0e7a63d416634ef087b038a328c7d"
},
{
"yara": [],
"sha1": "ddea4d15f21fc53e50d96dcaafedf40e38fde18b",
"name": "065b5429c6a969fa_webext.sc.lz4",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\webext.sc.lz4",
"type": "data",
"sha256": "065b5429c6a969fafa7671883ae519a148a679e647cb0afa16e7010887ad500f",
"urls": [
"https:\/\/github.com\/"
],
"crc32": "480A7333",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/065b5429c6a969fa_webext.sc.lz4",
"ssdeep": null,
"size": 83446,
"sha512": "a7251a26041161bd3c1a337ffe40c625d104d56a673b6986f1ea067cdae23cc09bef42e32c7b79fc60bec416f665ab2a1d36fd907765b2645966ee7c51354180",
"pids": [],
"md5": "253f0f3c0cac43789b5de164428ba4a8"
},
{
"yara": [],
"sha1": "1e415aae6218b0fc3f8397e7e04f2e40d63d52a9",
"name": "8cb85ec0f76ef33a_4E83181E964BD40E1FE4C41BAFED645D4BA363B1",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4E83181E964BD40E1FE4C41BAFED645D4BA363B1",
"type": "PNG image data, 1274 x 564, 4-bit colormap, non-interlaced",
"sha256": "8cb85ec0f76ef33a5a42bb24d0c9148255a107ce0d42f5e70e7ccac132febd97",
"urls": [
"https:\/\/report-uri.cloudflare.com\/cdn-cgi\/beacon\/expect-ct",
"https:\/\/www.mozilla.org\/media\/img\/privacy\/privacy-header.f4fcc601faeb.png"
],
"crc32": "E9D75D90",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/8cb85ec0f76ef33a_4E83181E964BD40E1FE4C41BAFED645D4BA363B1",
"ssdeep": null,
"size": 72722,
"sha512": "5c7ab9212e1e7619340c2345dcabc5a41b36db28e2403c61ad38aba6c9dedcda7292fe91799611106617e70a950545591099c6e6a69b38bb98e1cb3a188a1be2",
"pids": [],
"md5": "8339d59ac066ed789beb4252162cbe5e"
},
{
"yara": [],
"sha1": "9f0faa7edd98ae4e402845f4eb340543025fa220",
"name": "dfc0566feb397072_93B95B92B63A5C2327A8048A4BF57824C56B8CF1",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\93B95B92B63A5C2327A8048A4BF57824C56B8CF1",
"type": "PNG image data, 180 x 180, 8-bit\/color RGB, non-interlaced",
"sha256": "dfc0566feb39707219c8d1d8ccbc85b8a4fbf067d971882ce117cd9270c0d29f",
"urls": [
"https:\/\/www.google.com\/images\/branding\/product_ios\/3x\/gsa_ios_60dp.png"
],
"crc32": "186EA794",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/dfc0566feb397072_93B95B92B63A5C2327A8048A4BF57824C56B8CF1",
"ssdeep": null,
"size": 9856,
"sha512": "2d78af8b469d83dc33626171746dd698c0bda2a590bcfefcf68a1df01d2c3c3d915ec51a59843ca0ff2ed4a3757183f8e37cef6eb574937c116124a31453d8cb",
"pids": [],
"md5": "970b749b90931eb2ba62eda1ad6d0a57"
},
{
"yara": [],
"sha1": "2ef6283ece56d5b746b853ab67dd5efe6e0d2ce2",
"name": "aa897eeb56b96b4c_d3-dfd8d6[1]",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\d3-dfd8d6[1]",
"type": "UTF-8 Unicode text, with very long lines",
"sha256": "aa897eeb56b96b4c50eea68dc52035488f2169ea431e4d0cbc93163dfc54a3c4",
"urls": [
"https:\/\/compass-ssl.",
"https:\/\/ussearchprod.trafficmanager.net\/services\/api\/v1.0\/store\/categories",
"http:\/\/github.com\/requirejs\/almond\/LICENSE",
"https:\/\/uhf.microsoft.com\/c1.gif",
"https:\/\/uhf.microsoft.com\/_log?c=",
"https:\/\/uhf.microsoft.com\/c.gif",
"https:\/\/fpt.microsoft.com\/tags?session_id="
],
"crc32": "D1CCA0E4",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/aa897eeb56b96b4c_d3-dfd8d6[1]",
"ssdeep": null,
"size": 107225,
"sha512": "d1414cfd47a56e528b5f32c32b7c6a7c37069d784790078a0f6e7cb59e33435bfc376ffa28396c97c92038b195529446a2575c29f406e9d88593f37fa76b076a",
"pids": [],
"md5": "f6051d1a2b66393f160b7c49d4333210"
},
{
"yara": [],
"sha1": "84388a2972fb30d4fa1ccd91dfceebe6d2ae03d7",
"name": "733b29515069dd25_505DF13F4DA2C53FEB1945E0598B23F47FDBDCC7",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\505DF13F4DA2C53FEB1945E0598B23F47FDBDCC7",
"type": "data",
"sha256": "733b29515069dd25bcfc3158257ea52813a1b1df66933dfa5cb8ef4cd98c4d9f",
"urls": [
"https:\/\/www.google.com\/client_204?"
],
"crc32": "FEC40BBC",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/733b29515069dd25_505DF13F4DA2C53FEB1945E0598B23F47FDBDCC7",
"ssdeep": null,
"size": 6834,
"sha512": "ea01cdb845faca9265e56a1e425011b1e03f44770eb15444460a7e1840def672c21d5727f7b39444eb883d7074c98a03fca83416cb2e2dfa8f8dea6b0893defc",
"pids": [],
"md5": "29c93c27cda93d7adf22f840302586d6"
},
{
"yara": [],
"sha1": "3043b97bab2e8b692c209e9ea563c4f10d6231d4",
"name": "96c296ea935ace63_96ABC2EA8266E6EA2ABE62F8766B67BC8CA527BD",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\96ABC2EA8266E6EA2ABE62F8766B67BC8CA527BD",
"type": "data",
"sha256": "96c296ea935ace632503df9e4bffb415eb09acf105130f1c69aaafc2098eb782",
"urls": [
"https:\/\/tiles.services.mozilla.com\/v4\/links\/activity-stream"
],
"crc32": "07485D17",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/96c296ea935ace63_96ABC2EA8266E6EA2ABE62F8766B67BC8CA527BD",
"ssdeep": null,
"size": 7569,
"sha512": "d9aeee76cc5beb9b2dd63b8fd2c3817a92ec396ba4839e6857a8fa8cb07b3939a8b0be7b01cd524d2be52b1970d6e58d674b56104a7378af54e969f06ef819c9",
"pids": [],
"md5": "2102af4730e8feed07c3f9bcdab371b8"
},
{
"yara": [],
"sha1": "8cc1d5d6da515af8727166dbd698f1d00fa4ee02",
"name": "3c5bac65eec1acd2_A9004750076EB06EEC33AA7B9CC6D2557CD44CF4",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\A9004750076EB06EEC33AA7B9CC6D2557CD44CF4",
"type": "data",
"sha256": "3c5bac65eec1acd2ba8fad259a6a5ceb95da1317385561588a107ce0912ba3c7",
"urls": [
"http:\/\/ocsp.digicert.com\/"
],
"crc32": "7C276427",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/3c5bac65eec1acd2_A9004750076EB06EEC33AA7B9CC6D2557CD44CF4",
"ssdeep": null,
"size": 1304,
"sha512": "2fc111ab953165304729a6fdd89579db61003cfcbca66558a364de7893ec140d7b4abca43672df3736ebfd7232421f9447fb9172e0fc50b8b70ecf84c948da10",
"pids": [],
"md5": "b70a515dee21731f330b559cc8328b1f"
},
{
"yara": [],
"sha1": "92e62fe46e21a7493a85d551e0eb99470bdec843",
"name": "6ff3cbbe1d3afbf2_AAmTseh[1].png",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\AAmTseh[1].png",
"type": "PNG image data, 16 x 16, 8-bit\/color RGBA, non-interlaced",
"sha256": "6ff3cbbe1d3afbf214e83e8c5bf0df4b76093d52da43623c0c4dff6ef98859d5",
"urls": [],
"crc32": "B51D3B46",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/6ff3cbbe1d3afbf2_AAmTseh[1].png",
"ssdeep": null,
"size": 756,
"sha512": "878f9928631d6824caa7c00f41590620e1e078e2bf59d0be6112c6994b09de5ea90423c5120cf8b75496f32e52ba319cbb1ec43b07f232cdb9fc06ab48a47dc8",
"pids": [],
"md5": "377d805b5b346cb071d2a9d89143b26f"
},
{
"yara": [],
"sha1": "89cbe87689cf8967c597b0340dcc345c2168e995",
"name": "e42483ed75035d47_B43D30F6F6BD7155ECCE1FFC98748C5FE69D8051",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B43D30F6F6BD7155ECCE1FFC98748C5FE69D8051",
"type": "data",
"sha256": "e42483ed75035d479f2c23ccd7fe0ebd500708f54d3344c16bd00b3410a450f5",
"urls": [
"http:\/\/ocsp.digicert.com\/"
],
"crc32": "64DA98CD",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/e42483ed75035d47_B43D30F6F6BD7155ECCE1FFC98748C5FE69D8051",
"ssdeep": null,
"size": 1304,
"sha512": "25b66db4c47be7600a33f8da449c8e150cbcef4215b334e7a389a42b89e044b70b55957fcf15ab784aed216edfc008a8078889aaac6bfe1e01a44a4dfe3420d7",
"pids": [],
"md5": "e448e2d900183df3ea9f9a04662d9d07"
},
{
"yara": [],
"sha1": "8efe94116234d37849f617eebf11c9493bfe4e2f",
"name": "ac3876940d29691c_D56D07CBF04B0388B53B943F61C75FC6620FA0A9",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D56D07CBF04B0388B53B943F61C75FC6620FA0A9",
"type": "gzip compressed data, from Unix",
"sha256": "ac3876940d29691c26f46bb6c627642e3239327edfe6ece9d90e577b1c6e3546",
"urls": [
"https:\/\/report-uri.cloudflare.com\/cdn-cgi\/beacon\/expect-ct",
"https:\/\/www.mozilla.org\/media\/css\/BUNDLES\/privacy_quantum.eec7721f2d86.css"
],
"crc32": "489D77D1",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/ac3876940d29691c_D56D07CBF04B0388B53B943F61C75FC6620FA0A9",
"ssdeep": null,
"size": 11569,
"sha512": "878a91ac72c064c6ce280390f0ad8e936080509bffd7d864d5d67e051af96e2dc2a501aa4f133198dc97ed546eddfb288c0431f354b3eaa1d60f39010b543ddd",
"pids": [],
"md5": "58ca3ffb03498dff0ae97b736e9c63ee"
},
{
"yara": [],
"sha1": "87485580e9b17b72e327fccfe4b4c01ba8a471ad",
"name": "bee43be883f30a69_ED89A8241905354BB4530DC06257CEF53C1580A2",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\ED89A8241905354BB4530DC06257CEF53C1580A2",
"type": "gzip compressed data, from Unix",
"sha256": "bee43be883f30a696cf4b0ba3c1a7660be5c0c40d45b6621b3e3942933b122e2",
"urls": [
"https:\/\/www.python.org\/static\/stylesheets\/style.css"
],
"crc32": "7B8CD764",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/bee43be883f30a69_ED89A8241905354BB4530DC06257CEF53C1580A2",
"ssdeep": null,
"size": 121541,
"sha512": "1bf94f5473ac62e34eddeb42c3f572cf43904c189d454cf8b80f4a651aa165acaa14e0790bb058485b4b25d46dbcf39657dec90e7c53cda7c5df97accca83cf8",
"pids": [],
"md5": "db8720b174bef22f675de64e5a7dfb31"
},
{
"yara": [],
"sha1": "857e844edb3c616d14c4ed0708c46a9ef78e6739",
"name": "09189f5a0993bad5_BBnHKSc[1].png",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\BBnHKSc[1].png",
"type": "PNG image data, 16 x 16, 8-bit\/color RGBA, non-interlaced",
"sha256": "09189f5a0993bad5a9cdc0fe42bdf0de545fa888387c334359e5ea40d1e13fd9",
"urls": [],
"crc32": "7D618BCC",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/09189f5a0993bad5_BBnHKSc[1].png",
"ssdeep": null,
"size": 872,
"sha512": "64025ed6e2446b98f74bf77b2179bea09db58e288ae7534548f1b9f3b2d0a07eb96e34ba06d5d18eaf0dfe4a3ae2968bde8465ca22de977ea04ce086828115d4",
"pids": [],
"md5": "7f3d9783b20a3c3958620c3fe8909c49"
},
{
"yara": [],
"sha1": "84ee5127e6f274a8c5329c17e4c5c74e6309c0af",
"name": "421f83e893fa73ad_F18D85F52EBBBA2AB081EF739ED0D6E8A76D497C",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F18D85F52EBBBA2AB081EF739ED0D6E8A76D497C",
"type": "PGP\\011Secret Sub-key -",
"sha256": "421f83e893fa73ada5a04bed9b8e55fbfbbcff2d37948c42d3ecbe2855f06fcf",
"urls": [
"https:\/\/consent.google.com\/",
"https:\/\/id.google.com\/",
"https:\/\/www.google.com\/",
"https:\/\/ssl.gstatic.com\/",
"https:\/\/apis.google.com\/",
"https:\/\/adservice.google.com\/",
"https:\/\/www.gstatic.com\/"
],
"crc32": "BD2811FA",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/421f83e893fa73ad_F18D85F52EBBBA2AB081EF739ED0D6E8A76D497C",
"ssdeep": null,
"size": 526,
"sha512": "642c7bb57060fbb816da5d7d4ccfe0279888bcf6897e06aa8cce51f5e4998ee56e98d9336a7b401adbfc32bc5606b11c6700eb060927ef0e420e8f18fa23580e",
"pids": [],
"md5": "69965a5f8d04048fc855676396975a83"
},
{
"yara": [],
"sha1": "2829a125c852a1a3006c89adef92c9e574f94621",
"name": "0acb4b0b00cfd5c9_BBrEbke[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\BBrEbke[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 100x75, frames 3",
"sha256": "0acb4b0b00cfd5c9bd1a7023a238a09e88d5cfe1b2effbef2ba6020466b699f3",
"urls": [],
"crc32": "F6A1D56A",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/0acb4b0b00cfd5c9_BBrEbke[1].jpg",
"ssdeep": null,
"size": 2028,
"sha512": "225e11853398f8c8d336831bf8a48270c3ed613d983fc8892a2a69f6da1bd14f015a2638d326b3fc21a2dc35ff8bbf59e40fd9379c911f56ce0775e512790861",
"pids": [],
"md5": "9ad424b48e3fa2be7a25f7c806e76f24"
},
{
"yara": [],
"sha1": "f2cfbd25ea36f0b6aadf15a62739b27b5dda127b",
"name": "07a042a89f79f6cf_stub-attribution.157168bbb235[1].js",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\stub-attribution.157168bbb235[1].js",
"type": "ASCII text, with very long lines, with no line terminators",
"sha256": "07a042a89f79f6cf42040d5d62e60252e03ff1437c77badd976a2f63abf97887",
"urls": [],
"crc32": "EDB80125",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/07a042a89f79f6cf_stub-attribution.157168bbb235[1].js",
"ssdeep": null,
"size": 2628,
"sha512": "4499b07651b12e6fc8b673be8b2bf16d332610494f57a196e4d27a89e3747e9b0575a99824ab92bf70c75a801a6e88fcb144a2ea1af9b385c4153ca3fc755542",
"pids": [],
"md5": "157168bbb235c217fdb9500d66a7062d"
},
{
"yara": [],
"sha1": "c2636e8ffa8a5256d7d1f21e147101356e783114",
"name": "b48e58ebab82e4c3_block-flashsubdoc-digest256.sbstore",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\block-flashsubdoc-digest256.sbstore",
"type": "data",
"sha256": "b48e58ebab82e4c376f16150a3fff850c1111ff1f5985d68819cfd6f0db159d2",
"urls": [],
"crc32": "E364BCD6",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/b48e58ebab82e4c3_block-flashsubdoc-digest256.sbstore",
"ssdeep": null,
"size": 82744,
"sha512": "92914b56fb2bdcddcc1bee2bf4dc98420cf0b923d380bb889c8a6ebc333d74ea4ddca915218bea0e729782c4904983424f1de15be7087c5a5338aed7319a03e5",
"pids": [],
"md5": "04824a1f92353f43ebb9e7f74b7476fd"
},
{
"yara": [],
"sha1": "0b4cd01e88d6ea15e1fadfd1ca18a36bc2e541c3",
"name": "7a20743b6730e988_BD75785200C0E1E894D78880C72AC03D1B02A575",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\BD75785200C0E1E894D78880C72AC03D1B02A575",
"type": "PNG image data, 1837 x 1000, 8-bit colormap, non-interlaced",
"sha256": "7a20743b6730e9888767892b1c4112011b4dc9fbd8b49bd3971597c90b2c2884",
"urls": [
"https:\/\/report-uri.cloudflare.com\/cdn-cgi\/beacon\/expect-ct",
"https:\/\/www.mozilla.org\/media\/img\/firefox\/firstrun\/fox-tail-header.075d5293f79a.png"
],
"crc32": "4A5AE1CC",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/7a20743b6730e988_BD75785200C0E1E894D78880C72AC03D1B02A575",
"ssdeep": null,
"size": 69504,
"sha512": "20af700b82c203fdf8d241ff81396b4ae1e98f3f47ad3e473d5e8a89ca65a99aaacad827b30f725526a02993e141c10d34b73003b88e725b87f96b137f0e61cb",
"pids": [],
"md5": "0378073b933f6d69c7a455d094851b68"
},
{
"yara": [],
"sha1": "5438906f9cae2568b0fc0d6f41e420965d582b4b",
"name": "a7b42aa100804b4e_AAmS5r5[1].png",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\AAmS5r5[1].png",
"type": "PNG image data, 16 x 16, 8-bit\/color RGBA, non-interlaced",
"sha256": "a7b42aa100804b4e7a60a3c35934f0fcc42e1dacdc51c988ed92e5540af443ef",
"urls": [],
"crc32": "DD122444",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/a7b42aa100804b4e_AAmS5r5[1].png",
"ssdeep": null,
"size": 300,
"sha512": "7148008c135658414e719da024046eb63b1a4e6336f62db525c14ae0095e1864ee244b950062b764414a25e9408785f122a056b222b6689d77fa7e558f918ce8",
"pids": [],
"md5": "bfe1cb19de4597e3a006a20499b93dda"
},
{
"yara": [],
"sha1": "fab2e09b031d5a1de1bc6dd74e17817059759596",
"name": "0aaa2763276155b4_13AD07F4960A54F2D183ACF9E94C5128138B1927",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\13AD07F4960A54F2D183ACF9E94C5128138B1927",
"type": "data",
"sha256": "0aaa2763276155b485d859e729b363aa1d1d97b05f415b0a8d057c7a1045d31f",
"urls": [
"http:\/\/ocsp.digicert.com\/"
],
"crc32": "CB33E22E",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/0aaa2763276155b4_13AD07F4960A54F2D183ACF9E94C5128138B1927",
"ssdeep": null,
"size": 1304,
"sha512": "725b4eab2202b2c0d7379fbc820617c809f6847dc56bd310acee845ffdee452e36c3b0ea266eaa22c88a36b505ec67b044bb910714910b35866370d6aa4ca813",
"pids": [],
"md5": "3a32800e6a0f5a039ad935f68690303c"
},
{
"yara": [],
"sha1": "9d23b452ad0d06c355477cf70e3aa5d0adfe6278",
"name": "4ef1038730ec8bc7_except-flash-digest256.sbstore",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flash-digest256.sbstore",
"type": "data",
"sha256": "4ef1038730ec8bc7206713c29a936768831b922c5e6c83355fd62d7401d8c1dc",
"urls": [],
"crc32": "EF8A630C",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/4ef1038730ec8bc7_except-flash-digest256.sbstore",
"ssdeep": null,
"size": 268,
"sha512": "d06422752562afd1f8b94ff09fc9460be58e07a84fc537fb6b56b1551c37db7e56cb7932cc2d27d2ffe2cbab6ec85bdda6778f2e812e69e5193fcd6bc77066f2",
"pids": [],
"md5": "c921d8e98fa01b4f303481e112202e92"
},
{
"yara": [],
"sha1": "f4c2297becdbf38ff962a9c73a36b25ba7eaa56a",
"name": "156ea678c3b9aa40_AAyGf6j[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\AAyGf6j[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 100x75, frames 3",
"sha256": "156ea678c3b9aa4075c2b493925f1b0c5ea477c8e6837afc47cb337e88f844e1",
"urls": [],
"crc32": "C1EED3B3",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/156ea678c3b9aa40_AAyGf6j[1].jpg",
"ssdeep": null,
"size": 2159,
"sha512": "164dc4875bd60b4f0bf47e91bc038956657daf89c3cf0e67de2f8c05d169f3b18bd0e93304baa840ea3a2d9eb0ea334400046a6c9ae59b268615e8280dc8ab04",
"pids": [],
"md5": "626ebdd197ba9adca63a3cb18c548fd9"
},
{
"yara": [],
"sha1": "c70e982f13395e910461d73e0ebaa5a1c652e59c",
"name": "b7a68f567da08330_FF55B8192FB0DF5264A1A67E55A281598969EDD1",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\FF55B8192FB0DF5264A1A67E55A281598969EDD1",
"type": "MS Windows icon resource - 3 icons, 16x16",
"sha256": "b7a68f567da0833060319556fecdb4444405409747ff8386dfed9e0d4aac8c62",
"urls": [
"https:\/\/www.python.org\/static\/favicon.ico"
],
"crc32": "F9627545",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/b7a68f567da08330_FF55B8192FB0DF5264A1A67E55A281598969EDD1",
"ssdeep": null,
"size": 25178,
"sha512": "d8d1aa8b6302312d86fc73c4843ab3f9e37ed81e658d7826220a2a0875598233c1a7319c6aea35d55a4ce734c1505b82bfa93df7163e33d06a99b65e94e40530",
"pids": [],
"md5": "05cf0d5ee6fe1ae944eed8b7a2ad36db"
},
{
"yara": [],
"sha1": "27c6fd965e82a1b03e2e21bec813ad4a6cadd3c4",
"name": "5cb157de495559ad_24AB539CB6640E15DB1604220F3951544785212C",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\24AB539CB6640E15DB1604220F3951544785212C",
"type": "data",
"sha256": "5cb157de495559ad7107f5d6b111af4b280f23cf7fe3413f8197a363438b7fb7",
"urls": [
"http:\/\/ocsp.pki.goog\/GTSGIAG3"
],
"crc32": "F4B9A6AC",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/5cb157de495559ad_24AB539CB6640E15DB1604220F3951544785212C",
"ssdeep": null,
"size": 1150,
"sha512": "1345413b7801681d4827b64e0ef8acb76e3f4762c8da164c2b9cedf356bfc482aa35e217850b8ac2826b56c42779864605d7ad0d5e47821d39cbc032f6cc1489",
"pids": [],
"md5": "cff1326e7cb9a9d428b8c4d2c1aa8a89"
},
{
"yara": [],
"sha1": "a6e1dcf32254fad5444b5ad482ee997ec1e471be",
"name": "163100caab9c646d_AAyHebP[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\AAyHebP[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x194, frames 3",
"sha256": "163100caab9c646dbdf3b491b58b1881ecfe9d9b57825d187c914dc1de5e1ca7",
"urls": [],
"crc32": "B30DC9FC",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/163100caab9c646d_AAyHebP[1].jpg",
"ssdeep": null,
"size": 5135,
"sha512": "7ee95c4295666eba5d74162893e46e2be9d6febd67cf37a8e89a750e4a5a5c841324476b4eb01ccbcc7276661d97acb351a0381327c6ba49992e8f03fb100550",
"pids": [],
"md5": "7f94c173c1e1425af15d0723b42e1bb4"
},
{
"yara": [],
"sha1": "f5d9cc896bdd0a273d3b56ce7aabbe05cb6d4f58",
"name": "7b9f3fcfba483a8d_mwf-main.var.min[1].js",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\mwf-main.var.min[1].js",
"type": "HTML document, ASCII text, with very long lines, with CRLF line terminators",
"sha256": "7b9f3fcfba483a8ddebd58181a28cdcd84cb4c1f31255d64e488ef907d2430e9",
"urls": [
"https:\/\/modernizr.com\/download\/?-eventlistener-picture-printshiv-setclasses",
"http:\/\/www.apache.org\/licenses\/LICENSE-2.0",
"https:\/\/github.com\/scottjehl\/picturefill\/blob\/master\/Authors.txt",
"https:\/\/scottjehl.github.io\/picturefill\/"
],
"crc32": "91D78116",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/7b9f3fcfba483a8d_mwf-main.var.min[1].js",
"ssdeep": null,
"size": 329663,
"sha512": "58e3617a70691ff05c99a65da02e6aca5a0dc02c1993e3bd47b88da25889a30b38ca96efb2bbdcc8bb98638a5a12c5506db0ba9e53d296fecae122033c85e0f5",
"pids": [],
"md5": "ba8cb42c5110cd71e7569532c820554f"
},
{
"yara": [],
"sha1": "f5bc3974808dc9ea64993af37dad95a960c19247",
"name": "f1db2907e98399b1_AAyGo2Z[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\AAyGo2Z[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 100x75, frames 3",
"sha256": "f1db2907e98399b1e0bd6cd3538bda8a44fc627bb32d044b9077f38574f1a83a",
"urls": [],
"crc32": "7020C4E4",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/f1db2907e98399b1_AAyGo2Z[1].jpg",
"ssdeep": null,
"size": 2031,
"sha512": "744f95e63a8aabedcee1883ffa067ea7e4fe3e79990a3e84c8556599eaa3f9c46b0ae3a21093827776aac52250e219ba71ff3ab7d7dfd4b5eddc545dcf4907f3",
"pids": [],
"md5": "4789ae6152b3cbab93b8c498476aeb5b"
},
{
"yara": [],
"sha1": "e6f9f87bbcaaf850b8a64d109f476ac674a1213a",
"name": "7541e3b6938d935e_10506E8A46D6B713DA6BAF52F85CF29652AB094C",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\10506E8A46D6B713DA6BAF52F85CF29652AB094C",
"type": "data",
"sha256": "7541e3b6938d935e62b36c827fab3a698678d8d79c412b6ad36193ef52fe139d",
"urls": [
"https:\/\/www.google.com\/complete\/search?client=firefox"
],
"crc32": "5E8ABC8F",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/7541e3b6938d935e_10506E8A46D6B713DA6BAF52F85CF29652AB094C",
"ssdeep": null,
"size": 7018,
"sha512": "40c977e1824796716e1cc960ae8f605d57ca5c476433e56489113b11ce289d562afe13e0102dad0369ef5e43674dc58f700a646a6fae96da02c8252448276300",
"pids": [],
"md5": "c03d488ff74d1f2f78557eac5e7af71a"
},
{
"yara": [],
"sha1": "1c4eaa980e48ac623586d15618e939d2f67e9eb3",
"name": "52fbf408b100727a_AAyFI8u[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\AAyFI8u[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 100x75, frames 3",
"sha256": "52fbf408b100727a58672cc205297c209670d21e071129c197a1f0c447809ca2",
"urls": [],
"crc32": "BF8D9EF0",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/52fbf408b100727a_AAyFI8u[1].jpg",
"ssdeep": null,
"size": 1582,
"sha512": "024c85d0bc63c9c9f87eb289dd06c621dafee93d04b7aaa1857aad14f25fdeeb54681afa8695b699094b04e46c0938a8e0c512488905de5260f8292719700111",
"pids": [],
"md5": "8df5be69d92133650f262c6866ee2daa"
},
{
"yara": [],
"sha1": "786015a82c3d676558bd0c60f8560ba56657f6b3",
"name": "d6b36f432a2c9774_scriptCache-child.bin",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\scriptCache-child.bin",
"type": "data",
"sha256": "d6b36f432a2c97748b564c763238844807a544cd7c8b6b77191d0e3d83f4ee1f",
"urls": [
"http:\/\/www.mozilla.org\/keymaster\/gatekeeper\/there.is.only.xul"
],
"crc32": "5C709ED5",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/d6b36f432a2c9774_scriptCache-child.bin",
"ssdeep": null,
"size": 1521676,
"sha512": "4318c3447a66866bfaaacba85e9a42b25d8cdb27d6cfb2c71e2382cf117ab472436bc332b4f6ed6a846f563064275b4f45155f55ec9e68f62617b46c7001b499",
"pids": [],
"md5": "02f4b37b60d6f8d71bd699454a0423fb"
},
{
"yara": [],
"sha1": "e10eb23c0dec40ac1a86421ecda2cf4370fb4914",
"name": "495f2fa1df7e80d9_AAyGiLA[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\AAyGiLA[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 100x75, frames 3",
"sha256": "495f2fa1df7e80d9068e886ea75d7e98d7b61dcd7153819fe71c8b84c5a45a6a",
"urls": [],
"crc32": "71CEC5BB",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/495f2fa1df7e80d9_AAyGiLA[1].jpg",
"ssdeep": null,
"size": 1555,
"sha512": "5ff13321f0ac3faaff2e6708facfaa52c3273f749ab3f4cda87d541bfe1b3336e3a9e03cd30fbf9f29cc71398c56e5a5a5d4a62f13d78bd204471f908c0dce3f",
"pids": [],
"md5": "5df727c3571ab8e10caeebe9b1f9f11b"
},
{
"yara": [],
"sha1": "1af7fdfb894f6be27a91e5f3e24d905501cadca8",
"name": "6daf69551effe76e_new[1].htm",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\new[1].htm",
"type": "HTML document, UTF-8 Unicode text, with very long lines",
"sha256": "6daf69551effe76eb2737762713dbacbc9007a509f531af2d93caa0bd8b118cc",
"urls": [
"https:\/\/www.mozilla.org\/ko\/firefox\/new\/",
"https:\/\/www.mozilla.org\/gu-IN\/firefox\/new\/",
"https:\/\/www.mozilla.org\/nb-NO\/firefox\/new\/",
"https:\/\/www.mozilla.org\/th\/firefox\/new\/",
"https:\/\/www.mozilla.org\/fy-NL\/firefox\/new\/",
"https:\/\/www.mozilla.org\/de\/firefox\/new\/",
"https:\/\/www.mozilla.org\/ms\/firefox\/new\/",
"https:\/\/support.mozilla.org\/products\/?utm_source=mozilla.org",
"https:\/\/www.mozilla.org\/en-CA\/firefox\/new\/",
"https:\/\/www.mozilla.org\/az\/firefox\/new\/",
"https:\/\/www.mozilla.org\/cy\/firefox\/new\/",
"https:\/\/www.mozilla.org\/es-MX\/firefox\/new\/",
"https:\/\/www.mozilla.org\/zh-CN\/firefox\/new\/",
"https:\/\/www.mozilla.org\/hu\/firefox\/new\/",
"https:\/\/donate.mozilla.org\/sv-SE\/?presets=160",
"https:\/\/support.mozilla.org\/kb\/update-latest-version-firefox-android",
"https:\/\/www.mozilla.org\/it\/firefox\/new\/",
"https:\/\/www.mozilla.org\/en-US\/firefox\/new\/",
"https:\/\/www.mozilla.org\/ca\/firefox\/new\/",
"https:\/\/www.mozilla.org\/fi\/firefox\/new\/",
"https:\/\/www.mozilla.org\/hy-AM\/firefox\/new\/",
"https:\/\/www.mozilla.org\/mr\/firefox\/new\/",
"https:\/\/www.mozilla.org\/ta\/firefox\/new\/",
"https:\/\/blog.mozilla.org\/",
"https:\/\/www.youtube.com\/firefoxchannel",
"https:\/\/www.mozilla.org\/pt-BR\/firefox\/new\/",
"http:\/\/schema.org\/Organization",
"https:\/\/www.mozilla.org\/media\/img\/firefox\/template\/page-image.4b108ed0b8d8.png",
"https:\/\/www.mozilla.org\/pa-IN\/firefox\/new\/",
"https:\/\/www.mozilla.org\/pt-PT\/firefox\/new\/",
"https:\/\/www.mozilla.org\/id\/firefox\/new\/",
"https:\/\/www.mozilla.org\/ia\/firefox\/new\/",
"https:\/\/support.mozilla.org\/products\/mobile\/?utm_source=mozilla.org",
"https:\/\/wiki.mozilla.org\/Webdev\/GetInvolved\/mozilla.org",
"https:\/\/twitter.com\/mozilla",
"https:\/\/www.mozilla.org\/sl\/firefox\/new\/",
"https:\/\/support.mozilla.org\/kb\/refresh-firefox-reset-add-ons-and-settings?utm_source=mozilla.org",
"https:\/\/www.mozilla.org\/lt\/firefox\/new\/",
"https:\/\/www.mozilla.org\/tr\/firefox\/new\/",
"https:\/\/play.google.com\/store\/apps\/details?id=cn.mozilla.firefox",
"https:\/\/www.mozilla.org\/bs\/firefox\/new\/",
"https:\/\/www.mozilla.org\/es-ES\/firefox\/new\/",
"https:\/\/support.mozilla.org\/products\/ios\/?utm_source=mozilla.org",
"https:\/\/download.mozilla.org\/?product=firefox-latest-ssl",
"https:\/\/www.mozilla.org\/es-CL\/firefox\/new\/",
"https:\/\/www.mozilla.org\/an\/firefox\/new\/",
"https:\/\/www.mozilla.org\/en-GB\/firefox\/new\/",
"https:\/\/itunes.apple.com\/us\/app\/apple-store\/id989804926?pt=373246",
"https:\/\/download.mozilla.org\/?product=firefox-stub",
"https:\/\/itunes.apple.com\/se\/app\/apple-store\/id989804926?pt=373246",
"https:\/\/bugzilla.mozilla.org\/show_bug.cgi?id=1122305",
"https:\/\/www.mozilla.org\/eo\/firefox\/new\/",
"https:\/\/www.mozilla.org\/gn\/firefox\/new\/",
"https:\/\/www.mozilla.org\/firefox\/new\/",
"https:\/\/www.mozilla.org\/ro\/firefox\/new\/",
"https:\/\/www.mozilla.org\/ru\/firefox\/new\/",
"https:\/\/www.mozilla.org\/da\/firefox\/new\/",
"http:\/\/schema.org\/SoftwareApplication",
"https:\/\/www.mozilla.org\/contribute",
"https:\/\/www.mozilla.org\/cs\/firefox\/new\/",
"https:\/\/www.mozilla.org\/sk\/firefox\/new\/",
"https:\/\/www.mozilla.org\/es-AR\/firefox\/new\/",
"https:\/\/play.google.com\/store\/apps\/details?id=org.mozilla.firefox",
"https:\/\/www.mozilla.org\/sr\/firefox\/new\/",
"https:\/\/www.mozilla.org\/sv-SE\/firefox\/new\/",
"https:\/\/support.mozilla.org\/kb\/update-firefox-latest-version",
"https:\/\/www.mozilla.org\/hi-IN\/firefox\/new\/",
"http:\/\/schema.org\/Offer",
"https:\/\/www.mozilla.org\/sq\/firefox\/new\/",
"http:\/\/schema.org\/Product",
"https:\/\/www.mozilla.org\/firefox\/60.0.2\/releasenotes\/",
"https:\/\/www.mozilla.org\/nl\/firefox\/new\/",
"https:\/\/www.mozilla.org\/pl\/firefox\/new\/",
"https:\/\/www.mozilla.org\/nn-NO\/firefox\/new\/",
"https:\/\/www.mozilla.org\/et\/firefox\/new\/",
"https:\/\/www.mozilla.org\/fr\/firefox\/new\/",
"https:\/\/careers.mozilla.org",
"https:\/\/www.instagram.com\/mozilla\/",
"https:\/\/www.mozilla.org\/ml\/firefox\/new\/",
"https:\/\/www.mozilla.org\/eu\/firefox\/new\/",
"https:\/\/support.mozilla.org\/kb\/firefox-osx",
"https:\/\/www.mozilla.org\/ka\/firefox\/new\/",
"https:\/\/www.mozilla.org\/rm\/firefox\/new\/",
"https:\/\/mozilla.org\/set_hsts.gif",
"https:\/\/support.mozilla.org\/kb\/install-firefox-linux",
"https:\/\/www.mozilla.org\/ja\/firefox\/new\/",
"https:\/\/www.mozilla.org\/bg\/firefox\/new\/",
"https:\/\/www.mozilla.org\/uk\/firefox\/new\/",
"https:\/\/www.mozilla.org\/fa\/firefox\/new\/",
"https:\/\/twitter.com\/firefox",
"https:\/\/www.mozilla.org\/zh-TW\/firefox\/new\/",
"https:\/\/www.mozilla.org\/ar\/firefox\/new\/"
],
"crc32": "093360ED",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/6daf69551effe76e_new[1].htm",
"ssdeep": null,
"size": 66375,
"sha512": "d05df2e85a7ecc183b52b8beeed8e202b641e50804ec4df9de5a37971a3391a566ea2f17a47fcdf0f5be1a9006e9ab033a2f473e49f985e08f445d723d4d7dfc",
"pids": [],
"md5": "204a00948926caf5954301c0389718d1"
},
{
"yara": [],
"sha1": "4dca02b581a8648650dfdc363479de224c23647e",
"name": "6d149847e6373877_CCB2BB2D87699CA64DCF0C60BDECD1E30D1D6A11",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\CCB2BB2D87699CA64DCF0C60BDECD1E30D1D6A11",
"type": "data",
"sha256": "6d149847e6373877f7235851bba8e54820ff1a00408564ff7b6212a4fc742d61",
"urls": [
"https:\/\/www.python.org\/static\/fonts\/FluxRegular.woff",
"https:\/\/ajax.googleapis.com\/ajax\/libs\/jquery\/1.8.2\/jquery.min.js",
"http:\/\/docs.python.org\/dev\/whatsnew\/2.7.html",
"https:\/\/www.python.org\/dev\/peps\/peps.rss\/",
"http:\/\/www.google.com\/chromeframe\/?redirect=true",
"http:\/\/browsehappy.com\/",
"https:\/\/twitter.com\/ThePSF",
"https:\/\/www.python.org\/static\/js\/libs\/modernizr.js",
"http:\/\/docs.python.org\/2.7\/",
"https:\/\/www.python.org\/psf\/codeofconduct\/",
"http:\/\/bugs.python.org",
"https:\/\/ssl",
"https:\/\/cdn.syndication.twimg.com\/widgets\/timelines\/434113224703610882?callback=__twttr.callbacks.tl_i0_434113224703610882_old",
"https:\/\/www.python.org\/static\/opengraph-icon-200x200.png",
"https:\/\/feeds.feedburner.com\/PythonSoftwareFoundationNews",
"https:\/\/github.com\/python\/pythondotorg\/issues",
"https:\/\/devguide.python.org\/",
"https:\/\/www.python.org\/static\/js\/libs\/masonry.pkgd.min.js",
"http:\/\/svn.python.org\/projects\/python\/tags\/r27\/Misc\/NEWS",
"http:\/\/pyfound.blogspot.com\/",
"http:\/\/planetpython.org\/",
"http:\/\/plus.google.com\/",
"https:\/\/wiki.python.org\/moin\/PythonBooks",
"https:\/\/mail.python.org\/mailman\/listinfo\/python-dev",
"https:\/\/www.python.org\/",
"https:\/\/docs.python.org\/3\/license.html",
"http:\/\/www",
"https:\/\/platform.twitter.com\/widgets.js",
"https:\/\/platform.twitter.com\/js\/timeline.ea273fcd1d9c409019d7fd379c944daa.js",
"https:\/\/wiki.python.org\/moin\/BeginnersGuide",
"https:\/\/www.python.org\/static\/js\/main-min.js",
"http:\/\/www.facebook.com\/pythonlang?fref=ts",
"https:\/\/platform.twitter.com\/css\/timeline.36dc7e02c4fc04be0f4abdb82ed477c1.light.ltr.css",
"https:\/\/pypi.python.org\/",
"https:\/\/docs.python.org",
"http:\/\/pycon.blogspot.com\/",
"https:\/\/www.python.org\/static\/fonts\/FluxBold.woff",
"http:\/\/python.org\/dev\/peps\/",
"http:\/\/twitter.com\/ThePSF",
"https:\/\/www.python.org\/search\/?q=",
"https:\/\/ton.twimg.com\/tfw\/css\/syndication_bundle_v1_b6ca60da9b93228ca492958b7d1b0b6a37402f5e.css",
"https:\/\/www.python.org\/download\/releases\/2.7\/",
"https:\/\/www.python.org\/static\/fonts\/SourceSansPro-Bold-webfont.woff",
"https:\/\/wiki.python.org\/moin\/PythonEventsCalendar",
"https:\/\/www.python.org\/static\/stylesheets\/mq.css",
"https:\/\/bugs.python.org\/",
"https:\/\/docs.python.org\/faq\/",
"https:\/\/www.python.org\/jobs\/feed\/rss\/",
"http:\/\/wiki.python.org\/moin\/Languages",
"https:\/\/syndication.twitter.com\/i\/jot\/syndication?dnt=1",
"https:\/\/status.python.org\/",
"https:\/\/www.python.org\/static\/fonts\/SourceSansPro-Regular-webfont.woff",
"https:\/\/feeds.feedburner.com\/PythonInsider",
"http:\/\/schema.org",
"https:\/\/www.python.org\/static\/img\/python-logo.png",
"http:\/\/www.ie6countdown.com\/",
"https:\/\/wiki.python.org\/moin\/",
"https:\/\/ssl.google-analytics.com\/ga.js",
"http:\/\/brochure.getpython.info\/",
"https:\/\/www.python.org\/static\/stylesheets\/style.css"
],
"crc32": "AAABD142",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/6d149847e6373877_CCB2BB2D87699CA64DCF0C60BDECD1E30D1D6A11",
"ssdeep": null,
"size": 50228,
"sha512": "d8da0194db7188f9dc681c2b83cf3b70b594b74aacb31fd409a39492a7aa999c36123dcda00eebad8fa108d38717a1ea46b01acf7e6459dd59a69be64f378c26",
"pids": [],
"md5": "cf847534ff6f13bef5f778a0870c49b2"
},
{
"yara": [],
"sha1": "f24af6561851c5bda5544721a055b4c00fd9a8be",
"name": "6c4aa1c2950afb3a_9B1007AC2F741C4FD7099C41A741D0FD35957BB8",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\9B1007AC2F741C4FD7099C41A741D0FD35957BB8",
"type": "gzip compressed data, from FAT filesystem (MS-DOS, OS\/2, NT)",
"sha256": "6c4aa1c2950afb3a3965f2e86e5dfd6f240a17cebd21aca9317d8dc50986cfad",
"urls": [
"https:\/\/www.google.com\/xjs\/_\/js\/k=xjs.s.sv.3oxjWSK98FA.O\/m=aa"
],
"crc32": "027A2082",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/6c4aa1c2950afb3a_9B1007AC2F741C4FD7099C41A741D0FD35957BB8",
"ssdeep": null,
"size": 64561,
"sha512": "a91d298ec214dc11b7c6dd94ec7fd36e2aff42b2f36a058f3c35af37da8eaca49cbdffd2eb9f48752d6c3021e139907afec375b0b7d69bcbf6b1af59e6d6b17d",
"pids": [],
"md5": "a84c1fa401a7db5d5171868d8a4e9938"
},
{
"yara": [],
"sha1": "80e1f8c44e700f2dbd86be97cec27dfbb8809703",
"name": "c4aac25b2550092a_2732BCC97E7EB9EC9DE3E8EA8F56D7971CBDCD22",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2732BCC97E7EB9EC9DE3E8EA8F56D7971CBDCD22",
"type": "data",
"sha256": "c4aac25b2550092a4201567704b7dbb671b33840b69894cdacb8e4da1431f176",
"urls": [
"https:\/\/adservice.google.com\/adsid\/google\/ui",
"http:\/\/support.google.com\/accounts\/answer\/151657"
],
"crc32": "1AE23441",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/c4aac25b2550092a_2732BCC97E7EB9EC9DE3E8EA8F56D7971CBDCD22",
"ssdeep": null,
"size": 9615,
"sha512": "1c529a45cc90b65604c13c0d199b0ed9aec555d7b60bd580375c64d9b396939ae9ba8b8621bff171ad3d0bc05bc6ca47416236f778c1889ae69ec6d217e18768",
"pids": [],
"md5": "a8620c19f9d1c1d6ae8d35d3e57b6cf1"
},
{
"yara": [],
"sha1": "7fc010723502f23c6d31cc001610cdc5bb16b7aa",
"name": "8d74645755294220_I6vMf7Hi8Py.sys",
"filepath": "C:\\Windows\\SysWOW64\\I6vMf7Hi8Py.sys",
"type": "PE32+ executable (native) x86-64, for MS Windows",
"sha256": "8d74645755294220097550cc95d3603067b8a82c96d26218ec380a0115cda018",
"urls": [
"http:\/\/ts-crl.ws.symantec.com\/tss-ca-g2.crl0(",
"http:\/\/crl.globalsign.com\/root.crl0Y",
"http:\/\/crl.thawte.com\/ThawteTimestampingCA.crl0",
"https:\/\/www.globalsign.com\/repository\/0",
"http:\/\/ocsp.globalsign.com\/rootr103",
"http:\/\/crl.globalsign.com\/gs\/gscodesigng3.crl0",
"http:\/\/ocsp.thawte.com0",
"http:\/\/ts-aia.ws.symantec.com\/tss-ca-g2.cer0",
"http:\/\/ocsp2.globalsign.com\/gscodesigng30V",
"http:\/\/secure.globalsign.com\/cacert\/gscodesigng3ocsp.crt04",
"http:\/\/ts-ocsp.ws.symantec.com07"
],
"crc32": "C9002D59",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/8d74645755294220_I6vMf7Hi8Py.sys",
"ssdeep": null,
"size": 411120,
"sha512": "4499b5c29e4b39bac2da443a9f5fdba43b372ef5ebd3a7d1946e1fb10a39c73a5abfa08c877267b535e7dd8f6cfa04db7dee5cfc16193fb4eaafc2df6001f242",
"pids": [
2628
],
"md5": "830a5cb89cd3bfeac38986d1231a1cc1"
},
{
"yara": [],
"sha1": "ed03a95ec1410b1aa5023f5dcde2e8a911f722e7",
"name": "a9e21ebaed9f7eeb_AAyHG50[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\AAyHG50[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 310x166, frames 3",
"sha256": "a9e21ebaed9f7eeb70dce3a44bcba64d4a27130a2df41ca9bd432f0ac2053178",
"urls": [],
"crc32": "F885BEB1",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/a9e21ebaed9f7eeb_AAyHG50[1].jpg",
"ssdeep": null,
"size": 7016,
"sha512": "4d53fccfafcf6833db1979d7f3c2a93bc582d4ba297b1db4e34ff73f0d6b940c84065107f43049860ea28bb96020ddd4d3b2917fb6cef048fc0310ba28e83645",
"pids": [],
"md5": "b988bcbb3f9d3cbf28104db5d2740619"
},
{
"yara": [],
"sha1": "6e99078cf1e80e1fabfe75c4e55ff82636e4f3e8",
"name": "afe64d3e2d89c752_AAmTi96[1].png",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\AAmTi96[1].png",
"type": "PNG image data, 16 x 16, 8-bit\/color RGBA, non-interlaced",
"sha256": "afe64d3e2d89c75293b3e40690d2ffa413e103e05f9b8d77ea7aa9091ce22e61",
"urls": [],
"crc32": "AD390ECF",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/afe64d3e2d89c752_AAmTi96[1].png",
"ssdeep": null,
"size": 449,
"sha512": "ac6176299001b6792db937eb6fedb07d3bd4220c1aabfe981343097f52730c852b72efa4b4268ad69a58a9b286209b5648cfe1ced66ca27a4183ff8fa434d4d0",
"pids": [],
"md5": "5b7c1221d1c1fdcf30c6c3a09eab8a39"
},
{
"yara": [],
"sha1": "c4ebd0a710cfecc5bcca4e2aa10becb214168553",
"name": "d774be84478c80f2_AAyGi8f[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\AAyGi8f[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 100x75, frames 3",
"sha256": "d774be84478c80f2be7c0c599a23b7852b0314dbd20c7fcf5812c2f6a1c65e10",
"urls": [],
"crc32": "720630F4",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/d774be84478c80f2_AAyGi8f[1].jpg",
"ssdeep": null,
"size": 2755,
"sha512": "9db1d8820dee05e03575a12bd2b29909b7b7653a7719286f5ea63c3d33a18e0fed552eedd08ac28c289092a344d2aa2d1094dc1972c4e8fee698c0e1d5505e92",
"pids": [],
"md5": "9ca55c8717a8e60a71f5ef71809c7275"
},
{
"yara": [],
"sha1": "10a457b2edebf832bdf5cff0d12b688e508aa8cc",
"name": "8a466c9c0d9404ac_AAyG7xi[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\AAyG7xi[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 311x333, frames 3",
"sha256": "8a466c9c0d9404ac5fd129c378883e268a2bf612e748f43461d317f971884aee",
"urls": [],
"crc32": "33429113",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/8a466c9c0d9404ac_AAyG7xi[1].jpg",
"ssdeep": null,
"size": 13679,
"sha512": "27cb2d209b3c2388256e13fd61d6a654ca81c85cc1d4b3e596ad27abb7a1a04bd5de2a2635710caa915f1366f5c0198ddfcf3dc24c3b408f73805fe03fe17ba4",
"pids": [],
"md5": "acfc916e2883385cb112d902f5094299"
},
{
"yara": [],
"sha1": "75c1edc032e6a073b7b6a88e5df70d6fcc75c260",
"name": "dd656c65496bfa85_87526A8EBFB030E474085D20EF15DC8C63814072",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\87526A8EBFB030E474085D20EF15DC8C63814072",
"type": "data",
"sha256": "dd656c65496bfa8556fa962eb9ee5fed95cb8950200e5386637cba9593423d85",
"urls": [
"https:\/\/www.google.com\/url?sa=t"
],
"crc32": "7B45FB82",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/dd656c65496bfa85_87526A8EBFB030E474085D20EF15DC8C63814072",
"ssdeep": null,
"size": 7249,
"sha512": "897d2ac943b5a25222506b773ae7838e7b06503b6075a3a6b2165c10e750ec3edb4d605141ee7a015d2601c98d825aa625a104e6461a0d5b6791c7375b9dec09",
"pids": [],
"md5": "f16e7ede986d3f42d06cfb67000eaa4b"
},
{
"yara": [],
"sha1": "e15a0d566a68a835b3242ffa5d7b1d9b6f6fcecc",
"name": "8944fbd7fdae54dd_AAxiGrh[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\AAxiGrh[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 100x75, frames 3",
"sha256": "8944fbd7fdae54dd102af31d89660cb3cfe09297f3cefed2b5eabc64d13f24a2",
"urls": [],
"crc32": "338D1AE5",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/8944fbd7fdae54dd_AAxiGrh[1].jpg",
"ssdeep": null,
"size": 1801,
"sha512": "61fda11bbd21d6217044d90e7f8d1e8d7b1fe1e23543e8eed43b0c34b6f95e743036c7dd0125d311f95aa5e2e76a34d9c6514c5c9acec6a74c040b171f038373",
"pids": [],
"md5": "6fbf4440f481b05bf8b7066e823f31cc"
},
{
"yara": [],
"sha1": "24296d87800c76067a9618fdeae1fd67919760a5",
"name": "ff484fc8d7af7a82_AAyFYwA[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\AAyFYwA[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 100x75, frames 3",
"sha256": "ff484fc8d7af7a82012de63cebcac74b54ae34e52db73566ca3aef95dc2fec72",
"urls": [],
"crc32": "11491283",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/ff484fc8d7af7a82_AAyFYwA[1].jpg",
"ssdeep": null,
"size": 2068,
"sha512": "73ae20b94294628bfaf88d3b0f4e06b99259ef967d8604fd308b262d2d61a89f1bf5033de036d45c8bcecdbdceb8cbff8e345a550ca264f41f1fc12d978fa275",
"pids": [],
"md5": "13538bff842a10c2d4d97dfc63a14cf7"
},
{
"yara": [],
"sha1": "4a47547b0780bb73850825da5b1e1cbe20052ba6",
"name": "cb6407a83c8febcd_billboard-more-power.f83d248d8724[1].png",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\billboard-more-power.f83d248d8724[1].png",
"type": "PNG image data, 346 x 346, 8-bit colormap, non-interlaced",
"sha256": "cb6407a83c8febcd0c7202f457c9e54a1a85a1fa77d1fc45a4a95dec95dc3a1d",
"urls": [],
"crc32": "F7BE86E0",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/cb6407a83c8febcd_billboard-more-power.f83d248d8724[1].png",
"ssdeep": null,
"size": 26329,
"sha512": "ff7b6e2e1e9f40919625c1893bd34d4d945a28254b42b6a6071301c78ecd5c319ea778baa92e2f9433ca9194c4c962a7984605c54fa7c29f37b402ecf5b3cc20",
"pids": [],
"md5": "f83d248d87241ae56693b7a86e1e07dc"
},
{
"yara": [],
"sha1": "f2b12b30a0ffd1e733e45ec822b292b909e291cd",
"name": "553b21108e58f400_B597DA2E9B2D181DF7F2FB8D2BAEC133C8DBA0A3",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B597DA2E9B2D181DF7F2FB8D2BAEC133C8DBA0A3",
"type": "gzip compressed data, max compression",
"sha256": "553b21108e58f400091da00788448b17c95c6b8b843d79d49c13620b1ec90e09",
"urls": [
"https:\/\/www.google.com\/analytics\/web\/inpage\/pub\/inpage.js?",
"https:\/\/ssl.google-analytics.com\/ga.js",
"https:\/\/ssl.google-analytics.com",
"https:\/\/ssl.google-analytics.com\/j\/__utm.gif",
"http:\/\/www.google-analytics.com"
],
"crc32": "D421069A",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/553b21108e58f400_B597DA2E9B2D181DF7F2FB8D2BAEC133C8DBA0A3",
"ssdeep": null,
"size": 217491,
"sha512": "310c0b434617641d970ab6b27f86f810112f61dab58f83d0406b8cc718bb9c1660cf3695245a838d39f1b95aa69e2f45429a4c5f4b51bbfe4be1c570e25d8ca7",
"pids": [],
"md5": "f51f7aef807f830a955bed66f310ac45"
},
{
"yara": [],
"sha1": "4642c93032f171fe6703c64404b532b75d3d199d",
"name": "9ba94402bb999f7f_BBnAbEC[1].png",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\BBnAbEC[1].png",
"type": "PNG image data, 16 x 16, 8-bit\/color RGBA, non-interlaced",
"sha256": "9ba94402bb999f7f3c43ea75245e9a849e78a290b88946fe1dfc825172561397",
"urls": [],
"crc32": "9EEE5B65",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/9ba94402bb999f7f_BBnAbEC[1].png",
"ssdeep": null,
"size": 548,
"sha512": "baefaff11222de5a453d4da130fc8ab4b68706b788fea75c06c9f80c052ca75801bd3cb8df53594da041b7eb9ec239b32738f404bd5d7476366ab5d574cb8a57",
"pids": [],
"md5": "5c990e8ce39a41426b82c194912b4b75"
},
{
"yara": [],
"sha1": "c264cf6d862b0d0c978db48738a8d8058b8060a2",
"name": "c8a3b61b3926fd03_AAn2nbX[1].png",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\AAn2nbX[1].png",
"type": "PNG image data, 16 x 16, 8-bit\/color RGBA, non-interlaced",
"sha256": "c8a3b61b3926fd032823f516f7ef1975b3ae877f2c972e8dfc49928a271abb36",
"urls": [],
"crc32": "97244117",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/c8a3b61b3926fd03_AAn2nbX[1].png",
"ssdeep": null,
"size": 478,
"sha512": "3ab5d57af2d3df8a4c73539baa222c5f476eef74689d6125a40be1050ea5f7672e7140c0507f092d535356b9d6b6ebab5df3fafc095677ea224099ba27a8a1e3",
"pids": [],
"md5": "8436d83fdf9142db6f5b232fc0ad4fa0"
},
{
"yara": [],
"sha1": "eca12fee18875b100ff1763bdeab3ed225904595",
"name": "5fea368e9b9ea268_BBAIVZe[1].png",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\BBAIVZe[1].png",
"type": "PNG image data, 16 x 16, 8-bit\/color RGBA, non-interlaced",
"sha256": "5fea368e9b9ea268b889ef1178a86e56f5046eef1b0ff91e47b922bd5522dad8",
"urls": [],
"crc32": "2F99961D",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/5fea368e9b9ea268_BBAIVZe[1].png",
"ssdeep": null,
"size": 221,
"sha512": "88bb9156a5ff86964496ee93934e5370ca2edfb52c462e8500fabcc5282e083dbe7a6673fa2111dbb3d0afbd5243e7e46c50b55f1b95a6fce92a31a69b76f05b",
"pids": [],
"md5": "1ccd451f3a43a76619c117b99b4c80de"
},
{
"yara": [],
"sha1": "32235029f2917ab4d20195e7610122b19c13b488",
"name": "939665535d593791_firefox_new_scene2.80680e44761d[1].css",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\firefox_new_scene2.80680e44761d[1].css",
"type": "ASCII text, with very long lines, with no line terminators",
"sha256": "939665535d593791676584c60c25fd61cc3a7728caf6528eb91d5688b01e28b3",
"urls": [],
"crc32": "121E5EB0",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/939665535d593791_firefox_new_scene2.80680e44761d[1].css",
"ssdeep": null,
"size": 1413,
"sha512": "47bd2168bbfb460cc2041eff823e7117477ca6022ed6ed7ef8718a38fcfb185ad3f4d701716af30b30cc882667086246af6d0b739fc19445fd9b36414f5ac755",
"pids": [],
"md5": "80680e44761d6661792c97104de841f3"
},
{
"yara": [],
"sha1": "2d61620350c842f1cfc401f8799fea42a78d8083",
"name": "d33cec03f474492a_AA5OV5j[1].png",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\AA5OV5j[1].png",
"type": "PNG image data, 16 x 16, 8-bit\/color RGBA, non-interlaced",
"sha256": "d33cec03f474492ac03017c9282ccb0c88426c5dd3aa458a5b6862d9b676f892",
"urls": [],
"crc32": "A6DEA107",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/d33cec03f474492a_AA5OV5j[1].png",
"ssdeep": null,
"size": 757,
"sha512": "a8862a57a74bc93e30bb6eb36cf9c1e1892f71d4d4ce99b592a3516a017b27f06a85d74680636de961df45626a01d4e62b89217aab556f9592432905fdca8804",
"pids": [],
"md5": "5170e5d7f2c3b6713c9341bf7210be86"
},
{
"yara": [],
"sha1": "3e8d3925b550345123f2cab26568221fd4154f9c",
"name": "92fca55833f48b42_linkid[1].js",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\linkid[1].js",
"type": "ASCII text, with very long lines",
"sha256": "92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54",
"urls": [],
"crc32": "6A42CEA6",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/92fca55833f48b42_linkid[1].js",
"ssdeep": null,
"size": 1569,
"sha512": "5801c9db98c4998480772ca5ad71f0e400c4756ae713aab0358ca6593b3a3426499d6dec81a768c861cbbcd8394dd8c6d647628a13f124ff3a1119f9b7793e8c",
"pids": [],
"md5": "0cc3a63fe10060af4a349e5df666eefe"
},
{
"yara": [],
"sha1": "4bd74673d2b26ca7c3511648eecaee982e35a815",
"name": "e01ae3e6206e3b53_AAyGKvo[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\AAyGKvo[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 310x166, frames 3",
"sha256": "e01ae3e6206e3b536afbca49ecf84ac38ff0a422ce104668bfbfeca4bf057793",
"urls": [],
"crc32": "9152C82B",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/e01ae3e6206e3b53_AAyGKvo[1].jpg",
"ssdeep": null,
"size": 11816,
"sha512": "ff1a8aeb2a48ce0e9d720cf33d3c357ccc22b2b9c48a4352ce2be7431c83299c7e5b41adb00e65a17b84f4e903d87bb7bbd4c19b34760eee6727b04320917d66",
"pids": [],
"md5": "18f2da110286bad37e6928bf664d6cfa"
},
{
"yara": [],
"sha1": "62583f6e607ef248c903027f406dfc1114c6b73f",
"name": "5e3329eb23fbfc88_E2E836DA4479746F0312710A7F9EE78D7DFD4750",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\E2E836DA4479746F0312710A7F9EE78D7DFD4750",
"type": "data",
"sha256": "5e3329eb23fbfc883146707a1bc3a86d10e395e0efb673fccc78c191eeb2f697",
"urls": [
"http:\/\/ocsp.digicert.com\/"
],
"crc32": "A52632FB",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/5e3329eb23fbfc88_E2E836DA4479746F0312710A7F9EE78D7DFD4750",
"ssdeep": null,
"size": 1304,
"sha512": "4b482fdb76f794e2babcbe95e85a9e1e2ca07c328565659a5da6c8066f57e2fcd2ef2a0b72468eaee9c83b1a544ea22b2bc950c6c75143a83ef4df0fc3421033",
"pids": [],
"md5": "d3b3d53d45e3c22777ec7426278d1e52"
},
{
"yara": [],
"sha1": "af9ab155bb3ef64d9ad481869f3e7a9e15644a90",
"name": "9411b1d248e3d1a9_BBpkUdu[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\BBpkUdu[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 600x600, segment length 16, baseline, precision 8, 300x194, frames 3",
"sha256": "9411b1d248e3d1a9f13bcf7ecc992b3fd44e751dc52a451ff055e86508df77fb",
"urls": [],
"crc32": "3AA87F2B",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/9411b1d248e3d1a9_BBpkUdu[1].jpg",
"ssdeep": null,
"size": 5258,
"sha512": "08022149cf45880dbe4f49c1d400ff096911e81230cad3e7f3e2e4aa9d8691cdc9cfa8cb3dc3512acb3ca036ea86e8ca5bde1e399c01ced335a36238b5545a50",
"pids": [],
"md5": "60320205212e829faeac783d62b6c859"
},
{
"yara": [],
"sha1": "c747bfd674fdc07eeec03cfd02186c815a3aa87c",
"name": "2f6b012e7942e8e1_AAwzWIT[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\AAwzWIT[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 311x333, frames 3",
"sha256": "2f6b012e7942e8e1be5d0a3b3fd3ba25bcafe08f1396e136c05357925e765741",
"urls": [],
"crc32": "3D403B88",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/2f6b012e7942e8e1_AAwzWIT[1].jpg",
"ssdeep": null,
"size": 14972,
"sha512": "ad9218c81e1063ff547b41ae058c852096bac216403b12ac09d6fcf64ea42e11108365e28eb18039145e061ffc063d1346ea445585e78c1fd1f0aafc60b8acb8",
"pids": [],
"md5": "c09c09b35dd475d7e81529927d385d5c"
},
{
"yara": [],
"sha1": "c85986f7d551da508b03ce3ac3e22d1cd1dc8bb3",
"name": "ca4df45764c4b5d4_BBI5uP7[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\BBI5uP7[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 100x75, frames 3",
"sha256": "ca4df45764c4b5d4342c83b2434c66fd0adb24f571cedb1f445c76e762b6d71d",
"urls": [],
"crc32": "DA213D7D",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/ca4df45764c4b5d4_BBI5uP7[1].jpg",
"ssdeep": null,
"size": 1902,
"sha512": "d4e1c9526ebe9355aced7ecff6d4d9e6d0e020c180f391771344475a019be10a665632019488597451ce62c73f9804424176f09150a30acf688093ff2c9bb588",
"pids": [],
"md5": "a28e2ad2aee63402aecdd5fd668a6fc5"
},
{
"yara": [],
"sha1": "ff478c21c134a03df2bdb48c15aa8a0f36dc10ad",
"name": "89f6844f7c8dcf7d_22C4B7AADA22F61015D43F2AC3959E959BFA7C92",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\22C4B7AADA22F61015D43F2AC3959E959BFA7C92",
"type": "gzip compressed data, from FAT filesystem (MS-DOS, OS\/2, NT)",
"sha256": "89f6844f7c8dcf7d0e7ce928642376c05001aec94e33e3288b4b6f50d6d5b522",
"urls": [
"https:\/\/www.google.com\/xjs\/_\/js\/k=xjs.s.sv.3oxjWSK98FA.O\/m=RMhBfe\/am=wCIyGUMA5P8pGEgUsIIRFphAYUA\/rt=j\/d=1\/exm=sx"
],
"crc32": "0F852863",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/89f6844f7c8dcf7d_22C4B7AADA22F61015D43F2AC3959E959BFA7C92",
"ssdeep": null,
"size": 8822,
"sha512": "66b2d41b943f7c89cba37ca92b60b628c2b462195f279a7b6d8827094c22c08c4c79c99a7c284a88f5d2f9d47bb0a5b2679a5115b04a4c9aa2942c86ea31ff32",
"pids": [],
"md5": "bba9f6734d1bbc10f24e004f210e3b68"
},
{
"yara": [],
"sha1": "29241f15d7f1b54acc9ce8877333d902e2d27419",
"name": "1ead7959e64385e1_AA44aMX[1].png",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\AA44aMX[1].png",
"type": "PNG image data, 16 x 16, 8-bit\/color RGBA, non-interlaced",
"sha256": "1ead7959e64385e1b74e6862771a3a435fb0e2acf770b579944a11931f853c51",
"urls": [],
"crc32": "F07688D5",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/1ead7959e64385e1_AA44aMX[1].png",
"ssdeep": null,
"size": 375,
"sha512": "058bb70a0e86f93ef6c6e0f260bbe5057e88df298369863c23052950e31c8aa4bd7e4a09f13eca163bc2148070f6a761d6615fa7c30994ad756a0f3ceeea7c13",
"pids": [],
"md5": "1133552d03dec7ca3931ee6ec4093efd"
},
{
"yara": [],
"sha1": "13b146d1960747ca15dfe9582fe04f13a9a0de47",
"name": "0ebdf267d4bf7d73_6301F538B782708AB243E2D7E05058C93BB83863",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\6301F538B782708AB243E2D7E05058C93BB83863",
"type": "PNG image data, 563 x 345, 8-bit\/color RGBA, non-interlaced",
"sha256": "0ebdf267d4bf7d7362c00975db6a8546ff2cc639f51a908522014116f20e9717",
"urls": [
"https:\/\/www.python.org\/static\/img\/landing-downloads.png?1414305901"
],
"crc32": "91C4B12F",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/0ebdf267d4bf7d73_6301F538B782708AB243E2D7E05058C93BB83863",
"ssdeep": null,
"size": 133948,
"sha512": "1709cdec63f5d11e65aeff7d3fc52c41daf6003a12ffcbbc2a5a61aa68d21f3eb68ef6227b2fcc4fa9389bce0e44a998343c7540bc06cf00b21622aa5fe35f71",
"pids": [],
"md5": "60e508affc55695bcf221527c92afb28"
},
{
"yara": [],
"sha1": "932b4392e27cb91f067be3f5f39e44413fccacfa",
"name": "f9a67355753b1a29_html5shiv.42594ff91377[1].js",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\html5shiv.42594ff91377[1].js",
"type": "HTML document, ASCII text, with very long lines, with no line terminators",
"sha256": "f9a67355753b1a29be764f6b1d8bdb09e988a585dc3825ff0e0c6fadcea70f85",
"urls": [],
"crc32": "1E63CCAE",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/f9a67355753b1a29_html5shiv.42594ff91377[1].js",
"ssdeep": null,
"size": 1823,
"sha512": "c6d43b76db291f456eb139adb4b2f04ad8ca5d49db9d7cd5fb5d03b660b520e4d2b060ae5a40bbe42dfc858281cfd9ecd5104b50668f336b937520ca3999666f",
"pids": [],
"md5": "42594ff9137738a4f6344ae61026cd13"
},
{
"yara": [],
"sha1": "8234f047909b9fc898d610cf919bcd5b03a16489",
"name": "4105e750b4b2a611_AAyGJAI[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\AAyGJAI[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 299x299, segment length 16, baseline, precision 8, 311x333, frames 3",
"sha256": "4105e750b4b2a611f46d17abf012424b6153369ec61da987ec5097808f91305f",
"urls": [],
"crc32": "E7477FEE",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/4105e750b4b2a611_AAyGJAI[1].jpg",
"ssdeep": null,
"size": 16491,
"sha512": "007cc59be82459ab7aeb1cf9808a0c6d31dc235ed864f9bc891218928f06738bc6afecf251cbfe7fa1ab9a0c2f283c32dbdf07878b252d29fb2f33a5cef861fb",
"pids": [],
"md5": "1d1373a9cc821c5c1ed1cb8aedea3ac3"
},
{
"yara": [],
"sha1": "ade7ce43d4fb387a0d038433dce81b1836232951",
"name": "bcc3b13d1fd6176d_0CB83587A5F8FCB502CB86AC361A93E2B36E861C",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\0CB83587A5F8FCB502CB86AC361A93E2B36E861C",
"type": "gzip compressed data, from FAT filesystem (MS-DOS, OS\/2, NT)",
"sha256": "bcc3b13d1fd6176da08945cace1800d2b164e94b27ecbde14c1f2559fe69b80b",
"urls": [
"https:\/\/www.google.com\/xjs\/_\/js\/k=xjs.s.sv.3oxjWSK98FA.O\/m=RMhBfe\/am=wCIyGUMA5P8pGEgUsIIRFphAYUA\/rt=j\/d=1\/exm=sx"
],
"crc32": "A514CAE9",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/bcc3b13d1fd6176d_0CB83587A5F8FCB502CB86AC361A93E2B36E861C",
"ssdeep": null,
"size": 8828,
"sha512": "351f88e016125199377401d06b6305bac96178ba749e24a74f510b005eecb419cb56d2958241a61eebecf0f3a66e1fde08ad3cd02c16fd6e65e46d2de63254f6",
"pids": [],
"md5": "036c065121d04f536f5557924b1818ba"
},
{
"yara": [],
"sha1": "9af2d90c4306406a69157176cadcdb2b872a63a2",
"name": "04794b8153a7c207_AAyF1dp[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\AAyF1dp[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 100x75, frames 3",
"sha256": "04794b8153a7c207fc9b7338f8c6310ca2d32a2ed3a26ee893b5555d122cbc6e",
"urls": [],
"crc32": "02FB996E",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/04794b8153a7c207_AAyF1dp[1].jpg",
"ssdeep": null,
"size": 1486,
"sha512": "43b3c9d62997851d1e515c5e4a1b00577b6612188aa783a93f7110a65620a76024944be0813e7f0898c15c0ccab7745a62fb2f8cdad772bf62ba36e965bf81c2",
"pids": [],
"md5": "33aecc3bf8877d8d920c9d0b1d77d6fb"
},
{
"yara": [],
"sha1": "cc6db313570d78f79f94a3906ce7583dc659e36a",
"name": "f2d8caee8f9c8d4c_XQENWVVw.dll",
"filepath": "C:\\Windows\\gaABPi\\XQENWVVw.dll",
"type": "ASCII text, with no line terminators",
"sha256": "f2d8caee8f9c8d4c887799d3d112b5ffd2bafa329042827dd728a80da442ba57",
"urls": [],
"crc32": "85520F1F",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/f2d8caee8f9c8d4c_XQENWVVw.dll",
"ssdeep": null,
"size": 10,
"sha512": "0be796d2720eb32aa478beafe81f1c0ced01b052141b9f23372d00cf533687ca1a20af5a727cbede88da6d650708343c224f33d5679cb82ddb6aa39741a69fbc",
"pids": [
2628
],
"md5": "067381f032874362db5b616d32539356"
},
{
"yara": [],
"sha1": "c354190bb2b8a00a6051ef2fb86e189ab053fe93",
"name": "f1e07b1d717433f4_test-block-simple.sbstore",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-block-simple.sbstore",
"type": "data",
"sha256": "f1e07b1d717433f47073dc54a7d98e3e87b3d0fa88e53466f93ea544af885d11",
"urls": [],
"crc32": "C3BCA3E0",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/f1e07b1d717433f4_test-block-simple.sbstore",
"ssdeep": null,
"size": 232,
"sha512": "7a585735abfb1292b9fc4709b797f09c6be4dc90a133fbedb14428aae79c6de5faae0b151758a75bf90566c98e5bd2a8201e738f321688180bc5b5814a97bb69",
"pids": [],
"md5": "e2cf527ca7550b7e7bdf7311e483a2c3"
},
{
"yara": [],
"sha1": "daf550217c5aa3d8fe9ccc713e9fc31b2cce455c",
"name": "efeb10c939ef2f66_F17F04878A68505AE5481A71D8B733C5FFC6F285",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F17F04878A68505AE5481A71D8B733C5FFC6F285",
"type": "gzip compressed data, from Unix",
"sha256": "efeb10c939ef2f66b0328204e952e46909e11b423701b19292054a20a97950c9",
"urls": [
"https:\/\/normandy-cloudfront.cdn.mozilla.net\/",
"https:\/\/normandy-cloudfront.cdn.mozilla.net\/api\/v1\/action\/show-heartbeat\/implementation\/sha384-HPVq7HQfkuz0J1Wymdy7c0Wv3ja0VIO96EEDW-nJ-BLdJt0agaltyGGo9J_95Zmm\/"
],
"crc32": "EF65B872",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/efeb10c939ef2f66_F17F04878A68505AE5481A71D8B733C5FFC6F285",
"ssdeep": null,
"size": 11239,
"sha512": "df911c528bce60e28e28f7dcfa30fafa84ad4231c4be0b37ba15fdc2190eec14e6acb028242352f539004e3ea41f8cadfac069169dd1b0534e083a1b0bcafce1",
"pids": [],
"md5": "c11c66803802ad9263c344f906194740"
},
{
"yara": [],
"sha1": "d8e570c3146acf0437162e0ba115575711b7718c",
"name": "70deac0706726b59_BA3014356B4F6ECADF1B5288B6841EB407783B99",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\BA3014356B4F6ECADF1B5288B6841EB407783B99",
"type": "data",
"sha256": "70deac0706726b59461444421256cfed5b2fced91652e686329fa4029ce53a39",
"urls": [
"https:\/\/activity-stream-icons.services.mozilla.com\/v1\/icons.json.br"
],
"crc32": "4EC94B4D",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/70deac0706726b59_BA3014356B4F6ECADF1B5288B6841EB407783B99",
"ssdeep": null,
"size": 30096,
"sha512": "b42d57e0edbd1f899ed096a17c88e0f3988f29a279c0ad5d30c49fe010589136f26d82f199b3ffe3865c3f8792b5bddd0fedf8f57974558f2b5735db3885ec4e",
"pids": [],
"md5": "edebeaeb390eb0776268e0a890b920a1"
},
{
"yara": [],
"sha1": "16bf9a5c12862d188ba9a878f261d94d00cdc8ec",
"name": "762987716441249f_32D3D40B1A49D72C523AF9C518AFE673224DF48F",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\32D3D40B1A49D72C523AF9C518AFE673224DF48F",
"type": "data",
"sha256": "762987716441249f7ea609f1e48a60306cd112385d3ca89e1cf84eac26dbd6a0",
"urls": [
"https:\/\/www.python.org\/downloads\/release\/python-2714\/",
"https:\/\/python.org\/downloads\/release\/python-2714\/"
],
"crc32": "E40C75FA",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/762987716441249f_32D3D40B1A49D72C523AF9C518AFE673224DF48F",
"ssdeep": null,
"size": 8556,
"sha512": "bd13c3bfaaf2a3a69ef016483ede935549697a6d6afad9d704b6f8d0360c8b1989f8355ea1a3d9de2e6f32ccd07242d53e52abc70369c051c3f229b309c176b5",
"pids": [],
"md5": "95556974626113c79e74844ed6c7a0ca"
},
{
"yara": [],
"sha1": "0d582febe760a4951f1fd90923032a7b8a6847f9",
"name": "55d4602f5998d605_AAyGuU2[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\AAyGuU2[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 622x368, frames 3",
"sha256": "55d4602f5998d605e22de7436955d6f35a1915b46730f4ab6cf841409c2b1c20",
"urls": [],
"crc32": "C974D3B5",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/55d4602f5998d605_AAyGuU2[1].jpg",
"ssdeep": null,
"size": 21392,
"sha512": "0e572d3ab84a82aaa47c299de2433846e6cdaa810b41f6131ff7336b6918fd723151794aa1d913f8f6793b4b237deb1a0876424e1b57c8803dca8b12bf1a54e1",
"pids": [],
"md5": "9b6aaa3ae7d1346e6646c0f5487dca9e"
},
{
"yara": [],
"sha1": "99e145f71dc1b8b73e129a965e81861c41927cb1",
"name": "dc92288d6dc431db_BA91797ACB41F0E0E1E95742571EEE322A6A70F0",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\BA91797ACB41F0E0E1E95742571EEE322A6A70F0",
"type": "data",
"sha256": "dc92288d6dc431db2dda09675d48257ff4d39e44068f3653bd453e521883ebbf",
"urls": [
"http:\/\/ocsp.pki.goog\/GTSGIAG3"
],
"crc32": "B7914D9F",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/dc92288d6dc431db_BA91797ACB41F0E0E1E95742571EEE322A6A70F0",
"ssdeep": null,
"size": 1150,
"sha512": "746e6b428e1372dd3aced93dcbf94e305587f7bb06af586d2d0ee373222aa930d35c231d7b7d192bd08816c4ae9a866d30bc49703674f1e1479993d54d110898",
"pids": [],
"md5": "dcfe4be33ccb5aec64531bf0bf798232"
},
{
"yara": [],
"sha1": "10a8f8e6d9f700eba1894dcd47d6670eae232e8f",
"name": "4159ee0136c6b32b_AAyFB3T[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\AAyFB3T[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 310x166, frames 3",
"sha256": "4159ee0136c6b32b36b8ffb50bbe3875633ebc35e6327a61ccc18d18fc6518b3",
"urls": [],
"crc32": "0BCD6344",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/4159ee0136c6b32b_AAyFB3T[1].jpg",
"ssdeep": null,
"size": 13506,
"sha512": "e3445a4262fcb903a61eeec35d89435e057571ac845ba77dbea7481a5fb206a57f66a5bf44aefe2bfb83525afa2a0e7f6d09cd487833ff26d581f690835759ba",
"pids": [],
"md5": "167b0eeebe7973935b859b44305e58e7"
},
{
"yara": [],
"sha1": "950dda2ef40ad79692b7096a6060a329187a437a",
"name": "746023a86c9a9343_AAyGBkP[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\AAyGBkP[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 800x800, segment length 16, baseline, precision 8, 100x75, frames 3",
"sha256": "746023a86c9a9343f64e7f53bf1d2cb9343763e7b6815ecf6316b3bc464a347d",
"urls": [],
"crc32": "CFA6C836",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/746023a86c9a9343_AAyGBkP[1].jpg",
"ssdeep": null,
"size": 2337,
"sha512": "cc1812a9262d53c472ec3e9007502f30d616450a37eb14a2c51a6b9afca03e30c95c6d1e4f9baa224cf4f3dd21b87db89e764feca238a90ae859e65837babf93",
"pids": [],
"md5": "34e8f80b1f51b7a36071828e45c9114d"
},
{
"yara": [],
"sha1": "42e2c08e33d68098eb4f9f6c2a10bf63ee2bf3ea",
"name": "52f856489918a372_CA53C817FAB68ABF181745737562B15E8CCB7039",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\CA53C817FAB68ABF181745737562B15E8CCB7039",
"type": "data",
"sha256": "52f856489918a372d7df901f25fb3df5946096d6025260997e2f4c8eb9a1b2a6",
"urls": [
"http:\/\/ocsp.pki.goog\/GTSGIAG3"
],
"crc32": "E744E2DE",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/52f856489918a372_CA53C817FAB68ABF181745737562B15E8CCB7039",
"ssdeep": null,
"size": 1150,
"sha512": "495c53c8ea340bb64e170e248c4078b8b327ef64b1816aea78077607cb20599aa1a08d11215162a2dad730d1b4a6e0dc9ebd570b32d87c8ef6830c931d09664b",
"pids": [],
"md5": "b1bdd792b0c94bc3d0258c860ca463e1"
},
{
"yara": [],
"sha1": "ecc0d34cece2b74c28c9e89d5409f453ea28aecc",
"name": "977181fcb28e26a4_AAs7njq[1].png",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\AAs7njq[1].png",
"type": "PNG image data, 16 x 16, 8-bit\/color RGBA, non-interlaced",
"sha256": "977181fcb28e26a46c175f08c02212103f792b2184b041996a357389dcfd78d1",
"urls": [],
"crc32": "DCD4858F",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/977181fcb28e26a4_AAs7njq[1].png",
"ssdeep": null,
"size": 912,
"sha512": "731143d5a708187552273985e02bab54f321ba75c864eb12cf5db87eceff264181467e5fe551e8ea5a1b54acf15f5852f8b9bd749ca03313eca78900b4342811",
"pids": [],
"md5": "04954cf9890cbe899950afcf61e6301e"
},
{
"yara": [],
"sha1": "c742997b4596820e1b76c27b4bc42260466bc171",
"name": "76204c328e717dd9_AAyHqcn[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\AAyHqcn[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 100x75, frames 3",
"sha256": "76204c328e717dd98abcd08fa7e84a4326020390abecfe285abad42c745a0d47",
"urls": [],
"crc32": "5742A144",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/76204c328e717dd9_AAyHqcn[1].jpg",
"ssdeep": null,
"size": 2026,
"sha512": "69290d2b7d132d3a571b99100b881cfe0b77b143a20165f4470d23d0a9c2025b405ea432ce8d039f2bf50bb0631b3bb508d357229fd0713162caceae14ff348c",
"pids": [],
"md5": "ae50064a711673efe62c6705b6af25ea"
},
{
"yara": [],
"sha1": "6ff0d9d64af1498a0b332c82b8f0d59f39321dea",
"name": "fd1c35226afe7b78_AAyEE9W[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\AAyEE9W[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x250, frames 3",
"sha256": "fd1c35226afe7b7847fa918cc864ae9b6a32711920cba0e2dabef5f90592b337",
"urls": [],
"crc32": "087CAB11",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/fd1c35226afe7b78_AAyEE9W[1].jpg",
"ssdeep": null,
"size": 9457,
"sha512": "14e94d8906e052ae925f95861efc1437f6c15e919d5ffbbb6da49692818aff76fbf06c7b8de51eb8f3c72aa55a29e0511a30b779a0c99ea32db6420da9d4263e",
"pids": [],
"md5": "be64e290899243ec8043c2a7cd7207fa"
},
{
"yara": [],
"sha1": "88c863b97b26574a050f497d88ba99d6e0974ed1",
"name": "14ee217baeb535a4_browser.3c7a2e55d6ed[1].png",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\browser.3c7a2e55d6ed[1].png",
"type": "PNG image data, 702 x 531, 8-bit colormap, non-interlaced",
"sha256": "14ee217baeb535a47e63d2d4f14a7d522578e1991e764c91cbbf0aa48404b150",
"urls": [],
"crc32": "2C631B42",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/14ee217baeb535a4_browser.3c7a2e55d6ed[1].png",
"ssdeep": null,
"size": 52637,
"sha512": "a49a2243cae88c503f4ad782673e84deb3af452f829fbc606c89ef126a618ee34115485b7391f6201fec90b485f2c6be2e3a2748a0271dcda8fc930592cd1e6f",
"pids": [],
"md5": "3c7a2e55d6ed7625722d2607ae365f23"
},
{
"yara": [],
"sha1": "ec19faab3d17abe4dea69644389abbae5c8f3a92",
"name": "f5e326410b431d8d_BByaqcs[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\BByaqcs[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 100x75, frames 3",
"sha256": "f5e326410b431d8dfb3ac1dd1b842ed0020fa7618314a01d0b0669f35cd228d5",
"urls": [],
"crc32": "4EC474F7",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/f5e326410b431d8d_BByaqcs[1].jpg",
"ssdeep": null,
"size": 2278,
"sha512": "5b6c426165584fb9f3821d0826183c265f8a4bfd5e9d14986df01277d54d109baeba0cd8613bdd1bd52c122f523ac1484edb309ebf6c678947a1562e6891ab88",
"pids": [],
"md5": "ee4c061fff4a6510a031c3a0055aaa8e"
},
{
"yara": [],
"sha1": "4ba05b3da10ab65c84be1098fc9da348c33fac6a",
"name": "ff053e0a97186624_AAyH8Zz[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\AAyH8Zz[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 100x75, frames 3",
"sha256": "ff053e0a97186624258f5a2f8a974e635774c787756e5b3c8a913ae822220e32",
"urls": [],
"crc32": "0DE107DA",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/ff053e0a97186624_AAyH8Zz[1].jpg",
"ssdeep": null,
"size": 1985,
"sha512": "7e8fef1b66af82bde892576a8f8abaccf431b92497fe486ba3c77f95ef7d3bf2870079640f8905395bde12ed6702f2f6084f313862445b72dd47d4ca1cdeb376",
"pids": [],
"md5": "2968b26b27062d5be7184e4aaefdd8fb"
},
{
"yara": [],
"sha1": "dc1bc072d2ca1470f084e0e2910e8a441df27995",
"name": "3cd14e442ad5d710_DF08D94982E136FE7C4F2C94421F9E48C2C74A77",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\DF08D94982E136FE7C4F2C94421F9E48C2C74A77",
"type": "data",
"sha256": "3cd14e442ad5d710aa6747d5bae5cd7284b3e78d6cd4600c86a4e73bde255c8b",
"urls": [
"http:\/\/ocsp.pki.goog\/GTSGIAG3"
],
"crc32": "3162C733",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/3cd14e442ad5d710_DF08D94982E136FE7C4F2C94421F9E48C2C74A77",
"ssdeep": null,
"size": 1150,
"sha512": "8532de0a46c9e5f498a525f4724e19221a6b078d30072243301161ccbe272e19a69892276cf3da071d84bdc33b73fb72322b38b4727d65a70d0708307f96d475",
"pids": [],
"md5": "12cd7f70d9c7820c105a2ed5a0f07c55"
},
{
"yara": [],
"sha1": "991d3c4bbe04b3d1839efea9fa80482e3bcbaf1d",
"name": "79bc32b294b3c167_1E1444ABF82EF1DC8EE0944028E4CDA455D636F3",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\1E1444ABF82EF1DC8EE0944028E4CDA455D636F3",
"type": "PNG image data, 144 x 144, 8-bit\/color RGBA, non-interlaced",
"sha256": "79bc32b294b3c1673d0a5771e6cfbd9fb3c315557b075c92272de46b5af3e4d2",
"urls": [
"https:\/\/www.python.org\/static\/apple-touch-icon-144x144-precomposed.png"
],
"crc32": "BDF36A40",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/79bc32b294b3c167_1E1444ABF82EF1DC8EE0944028E4CDA455D636F3",
"ssdeep": null,
"size": 17472,
"sha512": "53c06815e5e33db2b27bdcea9147c976a893e3160823941e898e85739b1c435e0812bd0a5684cabeef27e1802cccd4ec0cfb7d9e872cc68a7877bb697c43d9ed",
"pids": [],
"md5": "c4ae82357c1e01bcfdbc362a5e2b60c6"
},
{
"yara": [],
"sha1": "692b25a4ecfc7f7d2a82d13f2f8addd5911943da",
"name": "88128c5562774860_b9-b5b4e1-68ddb2ab[1]",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\b9-b5b4e1-68ddb2ab[1]",
"type": "UTF-8 Unicode text, with very long lines, with no line terminators",
"sha256": "88128c5562774860cd1d6bfd4a0aa5f0c35278ce8806a751b2fce8c20b48c820",
"urls": [
"https:\/\/support.skype.com",
"https:\/\/hotmailproxy.betaplace.com\/pm\/v1.0\/getheaders.aspx",
"https:\/\/office.live.com\/start\/PowerPoint.aspx?WT.mc_id=MSN_site",
"https:\/\/mail.live.com\/default.aspx",
"https:\/\/onedrive.live.com\/?qt=allmyphotos",
"http:\/\/help.live.com\/help.aspx?project=wl_searchv1",
"https:\/\/clk.tradedoubler.com\/click?p=261853",
"https:\/\/redirect.viglink.com\/?key=29045bc04c786d46d362906f803b13a2",
"https:\/\/www.microsoft.com\/sv-se\/store\/b\/windows?icid=MSN_Win10",
"https:\/\/aka.ms\/qeqf5y",
"https:\/\/login.skype.com\/login\/oauth\/microsoft?client_id=738133",
"https:\/\/mail.live.com\/default.aspx?rru=compose",
"https:\/\/onedrive.live.com\/",
"https:\/\/twitter.com",
"https:\/\/onedrive.live.com",
"https:\/\/www.microsoft.com\/en-us\/store\/b\/windows?icid=MSN_Win10",
"https:\/\/support.microsoft.com\/en-us\/products\/store",
"https:\/\/www.microsoft.com\/sv-se\/store\/b\/surface?icid=MSN_surface",
"http:\/\/www.hotmail.msn.com\/pii\/ReadOutlookEmail\/",
"https:\/\/onedrive.live.com\/about\/en\/download\/",
"http:\/\/onlinehelp.microsoft.com\/sv-se\/bing\/ff808490.aspx",
"https:\/\/clk.tradedoubler.com\/click?p=213746",
"https:\/\/www.skype.com\/sv",
"https:\/\/www.skype.com\/sv\/download-skype",
"https:\/\/facebook.com\/Msnsverige",
"https:\/\/www.skype.com\/go\/onedrivepromo.download?cm_mmc=MSFT_2390_MSN-com",
"https:\/\/www.microsoft.com\/store\/media\/redirect\/music?view=hub",
"https:\/\/www.sway.com\/?WT.mc_id=MSN_site",
"https:\/\/office.live.com\/start\/Word.aspx?WT.mc_id=MSN_site",
"https:\/\/swc.cdn.skype.com\/sdk\/v1\/sdk.min.js",
"https:\/\/www.onenote.com\/notebooks?WT.mc_id=MSN_OneNote_Recent",
"http:\/\/rewards.microsoft.com",
"https:\/\/support.microsoft.com\/sv-se\/products\/store\/",
"https:\/\/fpt.msn.com\/tags?session_id=",
"https:\/\/hotmailproxy.msn.com\/pm\/v1.0\/getheaders.aspx",
"https:\/\/www.microsoft.com\/en-us\/store\/b\/surface?icid=MSN_surface",
"https:\/\/www.booking.com\/index.nl.html?aid=1274296",
"https:\/\/redirect.viglink.com",
"https:\/\/amazon.com",
"https:\/\/aka.ms\/Ixhi8e",
"https:\/\/client-s.gateway.messenger.live.com",
"https:\/\/onedrive.live.com\/?qt=mru",
"https:\/\/office.live.com\/start\/Excel.aspx?WT.mc_id=MSN_site",
"https:\/\/aka.ms\/msvmj1",
"https:\/\/account.microsoft.com\/rewards\/redeem\/all",
"https:\/\/twitter.com\/i\/notifications",
"https:\/\/ebay.com",
"https:\/\/calendar.live.com\/calendar\/calendar.aspx",
"https:\/\/www.microsoft.com\/sv-se\/store\/b\/home?icid=MSN_storeHL",
"https:\/\/www.onenote.com\/notebooks?WT.mc_id=MSN_OneNote_QuickNote"
],
"crc32": "87F83E6C",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/88128c5562774860_b9-b5b4e1-68ddb2ab[1]",
"ssdeep": null,
"size": 238196,
"sha512": "0b87199f5b90bcf7865dcccee4437fb7f06a831a1ab2069747d135c904a16f5f5181946c28dc9f1680623be2d2b59d34a1c63b2f9c4c48432ecc33b1b9ba04e5",
"pids": [],
"md5": "6abfea26f2dabe25bdc23717b87808f7"
},
{
"yara": [],
"sha1": "28804922453e6aca39312ec03a33241520a08109",
"name": "09c1019c4e36ccbb_mwfmdl2-v1.17.3[1].eot",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\mwfmdl2-v1.17.3[1].eot",
"type": "Embedded OpenType (EOT)",
"sha256": "09c1019c4e36ccbb6adb9cdd297b8451f913f1e7d77df578f4d437971b16dabf",
"urls": [],
"crc32": "C48D9035",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/09c1019c4e36ccbb_mwfmdl2-v1.17.3[1].eot",
"ssdeep": null,
"size": 11891,
"sha512": "6e94c6f5f8396bfbc8fbaf6f0ce3eb7512bd79cfa2fe4b4e7ffa1f8e6d5d9e450b17078d05e58c657423aa22ef42b99251c3848e9f8703b06573e0eafc5d0130",
"pids": [],
"md5": "1738b1d12aa745e51fb7f110959ebabd"
},
{
"yara": [],
"sha1": "7b336f8dc5e67ba723c9593103fe348add8ac403",
"name": "db13d4e3776eaef7_AAykhnT[1].png",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\AAykhnT[1].png",
"type": "PNG image data, 300 x 194, 8-bit\/color RGBA, non-interlaced",
"sha256": "db13d4e3776eaef7e4a2578d3300fe7c93a87458c8e50d133bfe5fabf733a85a",
"urls": [],
"crc32": "2D0D0F5C",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/db13d4e3776eaef7_AAykhnT[1].png",
"ssdeep": null,
"size": 56878,
"sha512": "24dbcf7feac708bc9fb45a7034820a07fa6227e10491149e4d6f03fe62cf8a56cc5ac5dec6bf2582ad68dcb6558975057b44fe0f49295f06f044a926007bb2f9",
"pids": [],
"md5": "2d1fba5552adebd86990446d29a8c7fc"
},
{
"yara": [],
"sha1": "d456164972b508172cee9d1cc06d1ea35ca15c21",
"name": "7122de322879a654_e151e5[1].gif",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\e151e5[1].gif",
"type": "GIF image data, version 89a, 1 x 1",
"sha256": "7122de322879a654121ea250aeac94bd9993f914909f786c98988adbd0a25d5d",
"urls": [],
"crc32": "9BE151E5",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/7122de322879a654_e151e5[1].gif",
"ssdeep": null,
"size": 43,
"sha512": "299a7712b27c726c681e42a8246f8116205133dbe15d549f8419049df3fcfdab143e9a29212a2615f73e31a1ef34d1f6ce0ec093ecead037083fa40a075819d2",
"pids": [],
"md5": "f8614595fba50d96389708a4135776e4"
},
{
"yara": [],
"sha1": "59e863e0d2b4e428d8c738d48fa0f6f7bac36849",
"name": "a03c5e2656d2f292_allow-flashallow-digest256.sbstore",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\allow-flashallow-digest256.sbstore",
"type": "data",
"sha256": "a03c5e2656d2f292bf5794c8eeb8d223cd6ba4f4bfb2ed1f325460e879d0bcf7",
"urls": [],
"crc32": "99C6119F",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/a03c5e2656d2f292_allow-flashallow-digest256.sbstore",
"ssdeep": null,
"size": 232,
"sha512": "8b5a117bc33463f181458f0a99c14657b365ce2a7695db346d2d086109176ad019dbd5a5f34f09dc3438e6c89ca93d83875daa6d463eb06d995a2523fe51a5ed",
"pids": [],
"md5": "d886a47c89d9c49c795da345bc236990"
},
{
"yara": [],
"sha1": "ab86733bf57f41a386e10f1a0b600e803ee8d4c5",
"name": "aa531053b9dcde5e_7A140995F2B1632A4366B29F84525E129CE8019A",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\7A140995F2B1632A4366B29F84525E129CE8019A",
"type": "data",
"sha256": "aa531053b9dcde5ebfa0b0022605c8854a14aa9a1611a8cb7582485f308edfc5",
"urls": [
"https:\/\/tiles.services.mozilla.com\/v3\/links\/ping-centre"
],
"crc32": "B6B993C2",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/aa531053b9dcde5e_7A140995F2B1632A4366B29F84525E129CE8019A",
"ssdeep": null,
"size": 7565,
"sha512": "b2a96c91f3ae601031da463bfa8e5089aa02d932d67ac5e89e0e9a6953f5bbd0fe562155b42c20ece6ec1d08b0a6f8cafc3d0aac767eaa49e4a0739e27460e2f",
"pids": [],
"md5": "d12bfbdeb140f1fd8be12b8c0241c202"
},
{
"yara": [],
"sha1": "23b2f63e7eb654fab1ed96ceea488c1fe1b5d248",
"name": "5a6d5e296b83560f_589D8E1EA927649272150213A47BD1143DECB82A",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\589D8E1EA927649272150213A47BD1143DECB82A",
"type": "JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 600x314, frames 3",
"sha256": "5a6d5e296b83560f366f88d4e9077eb8c13610940e676b40bd9fb94dbf3a8fff",
"urls": [
"https:\/\/pbs.twimg.com\/card_img\/1007303651071754240\/Kjt6n99S?format=jpg"
],
"crc32": "19547FCE",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/5a6d5e296b83560f_589D8E1EA927649272150213A47BD1143DECB82A",
"ssdeep": null,
"size": 67876,
"sha512": "93f93b9750a64e8763b71a63f915a45411d812d2c0150d3aa49ccdb5408984a8fb81f2379933900e320e90ff9873e22f5a042b857c974f1503cc8cad0c85fe92",
"pids": [],
"md5": "0161bf5441712ede5baa9ea95077b1bc"
},
{
"yara": [],
"sha1": "17232a4e8125f03ceb8f18f49bc16f2e32079477",
"name": "dc39dbe5d2e1c3cd_goog-badbinurl-proto.metadata",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-badbinurl-proto.metadata",
"type": "data",
"sha256": "dc39dbe5d2e1c3cd7e3f515adf9edfa64c989e34046c11767c9b202b83a7bb29",
"urls": [],
"crc32": "928B241F",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/dc39dbe5d2e1c3cd_goog-badbinurl-proto.metadata",
"ssdeep": null,
"size": 67,
"sha512": "f0151b0c62659aa74080556581e442c72089dd922ab33b8904796ff2a4afce47cbda45b57fcffcffc10bcba11bf25c36777385da835e4fe39df5d578163d6923",
"pids": [],
"md5": "40af141e7ec9ad9fba987072531dc8b9"
},
{
"yara": [],
"sha1": "90f4d5bc4ec354d32f65a10d182c3a256e7d3383",
"name": "09301e6b2eed8117_BBK3ss2[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\BBK3ss2[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 311x333, frames 3",
"sha256": "09301e6b2eed8117a33b1c8c4226104f2cbc932d4181add1ef68fd317b5f707c",
"urls": [],
"crc32": "2C116CDE",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/09301e6b2eed8117_BBK3ss2[1].jpg",
"ssdeep": null,
"size": 23207,
"sha512": "3137d1a725253be7b2ea6be1589241813627fdb766f13ab416bdffb1519fe638b4a380c408e16f6a90ff7d649573ea64a8c63867f70097b54c620e084e966a52",
"pids": [],
"md5": "71fac7c2bde0b679359f8e1188be4df5"
},
{
"yara": [],
"sha1": "57c550ed86ddb3f2c2f6cb338f13f9a2b3f169ce",
"name": "6b6fb2b3f7fc255c_XQENWVVw.dll",
"filepath": "C:\\Windows\\gaABPi\\XQENWVVw.dll",
"type": "ASCII text, with no line terminators",
"sha256": "6b6fb2b3f7fc255c26d053d0bd32923b079b7f9d73fa9bd25261fb8f82b403d4",
"urls": [],
"crc32": "27C9DED8",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/6b6fb2b3f7fc255c_XQENWVVw.dll",
"ssdeep": null,
"size": 10,
"sha512": "21ad1af01a895e22705c555cb981638e377c6ac8c2fbd5005d065ded3cdd458a2d75b137e88e0b747734b0489582e3eb8ef193eb543eb6bf555e5b55c3e3076b",
"pids": [
2628
],
"md5": "1a4746d4f052e582a42a4931ea86f014"
},
{
"yara": [],
"sha1": "f5daf4953a8b9e13bb33daac3b97f699892e1e46",
"name": "6c5dccd055388384_AAyGsjz[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\AAyGsjz[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 100x75, frames 3",
"sha256": "6c5dccd0553883844d7a8ff9f722323fc89aa1389423aa9ddf06dc6ff4c1888d",
"urls": [],
"crc32": "B3642013",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/6c5dccd055388384_AAyGsjz[1].jpg",
"ssdeep": null,
"size": 2374,
"sha512": "883759a16a1087cead65e69961418430b332a00b11238ccfac2b68fa1714f86faa66269b2704e9451330e84bba8f6676112c39c7986f59afb073298e77aa1ac2",
"pids": [],
"md5": "f70fa139b82c716377a8688802de962f"
},
{
"yara": [],
"sha1": "0be08a96802453391e381fdc5bc000f6253dc453",
"name": "bf8849c0cb59bd82_8df804ba[1].js",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\8df804ba[1].js",
"type": "ASCII text, with very long lines, with no line terminators",
"sha256": "bf8849c0cb59bd82f492fe9ef18b470ea5a1414c6aab67a6610b55ca8e6e2d5e",
"urls": [],
"crc32": "5518C8D7",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/bf8849c0cb59bd82_8df804ba[1].js",
"ssdeep": null,
"size": 18642,
"sha512": "ceb5d05df7bd3d2b375eb38028753b332ed4be19fa9bdc1daaf186bfe519b32142cdc1b2229e71a10195f708b4558ebdd6252794c024d1f62c80d7e80527c824",
"pids": [],
"md5": "e8e13ed27d35dec828dba686a624d1a5"
},
{
"yara": [],
"sha1": "a86a3f048266b6d82e6777bba6a9442c1f628327",
"name": "df8d3aa10218e8e4_D5D7B247774E63182A9E2C82B62424AAB64C79A8",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D5D7B247774E63182A9E2C82B62424AAB64C79A8",
"type": "PNG image data, 196 x 196, 8-bit grayscale, non-interlaced",
"sha256": "df8d3aa10218e8e44f1995443b73f4da3b5d1746415d9c6cf752c404924ab244",
"urls": [
"https:\/\/report-uri.cloudflare.com\/cdn-cgi\/beacon\/expect-ct",
"https:\/\/www.mozilla.org\/media\/img\/favicon\/favicon-196x196.c80e6abe0767.png"
],
"crc32": "65DE06BC",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/df8d3aa10218e8e4_D5D7B247774E63182A9E2C82B62424AAB64C79A8",
"ssdeep": null,
"size": 10930,
"sha512": "5b090ee2b8c07e77a0c31c3f554ca37061390f76cd7207a5bae406f1c9d720a21e4255322662657522c1966ee96dcbe96d967aaa90154d73df0bb1c87614ce20",
"pids": [],
"md5": "4e86b92ca167c2b5857d233653543639"
},
{
"yara": [],
"sha1": "1301c1f4285e909316f814a338f7927f9869608f",
"name": "26ffad584206aa61_AAyGjVk[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\AAyGjVk[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 300x194, frames 3",
"sha256": "26ffad584206aa6144bebd5ba82ff90ab28978ed80e9290230ebb6c41d3c1beb",
"urls": [],
"crc32": "DE0D64CF",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/26ffad584206aa61_AAyGjVk[1].jpg",
"ssdeep": null,
"size": 7518,
"sha512": "0244dda95c4d59bdffb201c5f209fc2bbbe562b9b637c7d5603eb4f87fd0c3ef29c55405b4a1e423a34a57eb4c7651ad3ea70329ca8522206de6b7ecdc81af32",
"pids": [],
"md5": "0d99b8aaadd5327f1b40b6756fc11e29"
},
{
"yara": [],
"sha1": "80f7d95afc0de8c608f672a6837c664ef847bcd5",
"name": "87763df78772f7d7_test-track-simple.sbstore",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-track-simple.sbstore",
"type": "data",
"sha256": "87763df78772f7d750b0fa5a31eec23e931fd3bd1cbb33beddfc61889da36478",
"urls": [],
"crc32": "2A4B9D4F",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/87763df78772f7d7_test-track-simple.sbstore",
"ssdeep": null,
"size": 272,
"sha512": "c6e09c76840ddea559e243e5c13881cfbcdcc7b0c2163461fdcce1f3f5110e2b0bb553de447a4e1e0d5edf516eeee2fad5efc15c398e101ef3c81501e55320af",
"pids": [],
"md5": "95f28ede25c301301f25fbbd9a3c56ec"
},
{
"yara": [],
"sha1": "8db13cf86fa09d44b60d8e3e480da1646631b00e",
"name": "3fab1c883847e4b5_analytics[1].js",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\analytics[1].js",
"type": "ASCII text, with very long lines",
"sha256": "3fab1c883847e4b5a02f3749a9f4d9eab15cd4765873d3b2904a1a4c8755fba3",
"urls": [
"https:\/\/www.google-analytics.com\/analytics",
"https:\/\/www.google-analytics.com\/u\/d",
"https:\/\/www.google-analytics.com\/gtm\/js?id=",
"https:\/\/www.google.com\/analytics\/web\/inpage\/pub\/inpage.js?",
"https:\/\/stats.g.doubleclick.net\/r\/collect?t=dc",
"https:\/\/ampcid.google.com\/v1\/publisher:getClientId",
"https:\/\/www.google.",
"https:\/\/stats.g.doubleclick.net\/j\/collect"
],
"crc32": "9EC5681A",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/3fab1c883847e4b5_analytics[1].js",
"ssdeep": null,
"size": 35266,
"sha512": "e77057008fc0a3b8380e9f8daf79bb521daa5ea545e9ddb01de8fd38f70e30c224fd8018c349ec8f32aa9cec7470f204378a70db59ef3eb09807016e84431146",
"pids": [],
"md5": "64615acd5da6e5acbd0a54b34174aefe"
},
{
"yara": [],
"sha1": "98a3ac743fb55391d407b446324833e09a135427",
"name": "431bd007d5d65e6c_2E3648501A7ACB740BAFCE7FC3EAF3D4DC4E995D",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2E3648501A7ACB740BAFCE7FC3EAF3D4DC4E995D",
"type": "Web Open Font Format, flavor 65536, length 29992, version 0.0",
"sha256": "431bd007d5d65e6c4f8377142030331a5ae4217978dc317c55b85c36b2d72e5e",
"urls": [
"https:\/\/www.python.org\/static\/fonts\/FluxRegular.woff"
],
"crc32": "62715CAD",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/431bd007d5d65e6c_2E3648501A7ACB740BAFCE7FC3EAF3D4DC4E995D",
"ssdeep": null,
"size": 40150,
"sha512": "3f73688e08e9565be709e8e09ee1db9cff00181817d1042618c802c8dbfdeb19d7d241f5b31dcbe5e0d4e459e4c6117bc59430a27fe5500214605c80d752b9fa",
"pids": [],
"md5": "8caaeb1ce8867f6afb137f1e787cb2c3"
},
{
"yara": [],
"sha1": "23de9e25c172440a7f9ccf23aadcf24de0b14f66",
"name": "07b21e88ef4f33ca_BBj5yEG[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\BBj5yEG[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 100x75, frames 3",
"sha256": "07b21e88ef4f33ca5b0cea6817eac489c92880ca52991917ceda519816cd1800",
"urls": [],
"crc32": "C6C8391E",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/07b21e88ef4f33ca_BBj5yEG[1].jpg",
"ssdeep": null,
"size": 2798,
"sha512": "a42b8889a06fc66a628297734d7e398520283569cbfdffea800832cbd7eaf676edf3e2d5ba0354b87874a7ca8307b94d6e8d4ca01b500459e81f59c6eac7aea2",
"pids": [],
"md5": "f613886ba5bc3615aa7fbea7017100ac"
},
{
"yara": [],
"sha1": "ec4004f228764b75af0d806382afb23ec4c9641c",
"name": "7d495187b0daac2a_AAyGfks[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\AAyGfks[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 100x75, frames 3",
"sha256": "7d495187b0daac2a864ba1ab6139e11dc3f53cb74fda475e91f20b7dc7528717",
"urls": [],
"crc32": "A6214027",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/7d495187b0daac2a_AAyGfks[1].jpg",
"ssdeep": null,
"size": 1960,
"sha512": "9370b24788bc5533242ef44a32a9a3971d76463ac8d79cb9cf6988e2a087a08ce7b5abd51cb5ca7f5d2a405c0fd0801f237b83b24d14747db1e6d1e22b444a79",
"pids": [],
"md5": "03b4d110917bbf8e14385e5b8092f9bc"
},
{
"yara": [],
"sha1": "1c15efaaaa2932bd5eae3f4c1e38bab13d3035d3",
"name": "a43359226c7b94c4_AAyGe3I[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\AAyGe3I[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 310x166, frames 3",
"sha256": "a43359226c7b94c4140e029ebef7a7ea4cadc1ced7be957ff00f84742711bc49",
"urls": [],
"crc32": "FAD3482A",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/a43359226c7b94c4_AAyGe3I[1].jpg",
"ssdeep": null,
"size": 7126,
"sha512": "376ad956ccca0a886ece75afddaa9e3f97cd7ed6730f9c8ecd7cdf2850c3eda450f0fe77c211938106d3bec3e79992b1ac0c95ea1d7829c6b15e47c57ea7a9d3",
"pids": [],
"md5": "07d250b738f3247264858297229672cf"
},
{
"yara": [],
"sha1": "d6267b08df5d8ed5914e4a7d2698d9fb5eeb8605",
"name": "e9fbe569ec91fdaa_activity-stream.tippytop.json",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\activity-stream.tippytop.json",
"type": "ASCII text, with very long lines, with no line terminators",
"sha256": "e9fbe569ec91fdaaf0e7acf6f8374a813196ab543259baf9b45fcacf6fa19d91",
"urls": [
"https:\/\/www.o2.pl\/static\/favicon-192x192.png",
"http:\/\/asset.comicbook.com\/img\/comicbook\/favicon.ico?v=1",
"https:\/\/m.rp5.ru\/images\/favicons\/android_2\/192x192.png",
"https:\/\/www.gap.com\/assets\/common\/apple-touch-icon-144x144.png",
"https:\/\/assets.targetimg1.com\/static\/images\/apple-touch-icon-precomposed.png",
"http:\/\/i.plug.it\/hplibero\/v3_1\/img\/fi\/android-chrome-192x192.png",
"https:\/\/cdn.qiita.com\/assets\/favicons\/public\/apple-touch-icon-f9a6afad761ec2306e10db2736187c8b.png",
"https:\/\/studiosol-a.akamaihd.net\/mletras\/static\/img\/icone_letras_144px.vc113c9d1.png",
"https:\/\/www.1111.com.tw\/1111app\/images\/1111-job-1.png",
"https:\/\/www.google.com.do\/images\/branding\/product_ios\/3x\/gsa_ios_60dp.png",
"https:\/\/static.ettoday.net\/style\/mobileweb2014\/images\/touch-icon.png",
"https:\/\/www.google.com.co\/images\/branding\/product_ios\/3x\/gsa_ios_60dp.png",
"https:\/\/bitbucket-marketing-cdn.atlassian.com\/assets\/img\/favicons\/bitbucket\/apple-touch-icon.png",
"https:\/\/www.uniqlo.comassets\/images\/uniqlo_logo_180x180.png",
"https:\/\/www.bannedbook.org\/apple-touch-icon.png",
"https:\/\/avgle.com\/templates\/frontend\/bright-blue\/img\/webapp-icon.png",
"https:\/\/static.turkiye.gov.tr\/themes\/izmir\/images\/favicons\/favicon-196x196.1.2.png",
"https:\/\/m.n11.com\/apple-touch-icon.png",
"https:\/\/m.sfgate.com\/apple-touch-icon-152x152.png",
"https:\/\/www.google.ru\/images\/branding\/product_ios\/3x\/gsa_ios_60dp.png",
"https:\/\/www.google.ca\/images\/branding\/product_ios\/3x\/gsa_ios_60dp.png",
"http:\/\/polpix.sueddeutsche.com\/staticassets\/img\/touch-icon-ipad-retina.png",
"https:\/\/www.hltv.org\/img\/static\/favicon\/apple-touch-icon.png",
"https:\/\/assetscdn.paytm.com\/dexter\/paytm.png",
"https:\/\/astatic.ccmbg.com\/www.commentcamarche.net\/_skin\/favicon\/android-chrome-192x192.png",
"http:\/\/static.sfdict.com\/dcom\/img\/apple-touch-icon-precomposed-152x152.png",
"https:\/\/assets.wordpress.envato-static.com\/uploads\/2016\/08\/cropped-favicon-192x192.png",
"https:\/\/cdn.arstechnica.net\/wp-content\/themes\/ars-mobile\/assets\/images\/material-ars.png",
"https:\/\/cdn.diply.com\/static-images\/gizmo\/ico\/favicon_144x144.png",
"https:\/\/cdn7.digitaltrends.com\/wp-content\/themes\/digitaltrends-2018\/assets\/images\/favicons\/apple-touch-icon.png",
"https:\/\/static.yandex.sx\/iconostasis\/_\/wT9gfGZZ80sP0VsoR6dgDyXJf2Y.png",
"http:\/\/www.ycombinator.com\/favicon.ico",
"https:\/\/www.valuecommerce.co.jp\/en\/wp\/wp-content\/themes\/valuecommerce\/commons\/images\/common\/favicon.ico",
"https:\/\/cdn.images.express.co.uk\/appletouchicons\/20160608\/apple-touch-icon-180x180.png",
"http:\/\/www.wordreference.com\/favicons\/apple-touch-icon.png",
"https:\/\/vb.3dlat.com\/apple-touch-icon.png?v=zXraYmGwyg",
"http:\/\/live-static.bamilo.com\/images\/local_mobile\/favicon\/bamilo\/logo_cart",
"https:\/\/d1gwm4cf8hecp4.cloudfront.net\/images\/favicons\/apple-touch-icon-180x180.png",
"https:\/\/www.tagesschau.de\/favicon-196x196.png",
"https:\/\/www.google.dk\/images\/branding\/product_ios\/3x\/gsa_ios_60dp.png",
"https:\/\/kinogo.by\/templates\/apple-touch-icon-180x180.png",
"https:\/\/m.macys.com\/mew20\/images\/favicons\/favicon-196x196.png",
"https:\/\/cdn-a.production.liputan6.static6.com\/assets\/images\/bola\/favicons\/android-chrome-192x192.png?v=2",
"https:\/\/www.gumtree.com\/static\/1\/resources\/assets\/rwd\/images\/app-icons\/7ec446eb998ece80ea734745.apple-touch-icon-180x180.png",
"https:\/\/www.google.com.br\/images\/branding\/product_ios\/3x\/gsa_ios_60dp.png",
"https:\/\/s2.wp.com\/wp-content\/themes\/vip\/nypost-2016\/static\/images\/apple-icons\/nypost\/apple-icon.png",
"https:\/\/s.isanook.com\/sh\/0\/di\/icon-sanook-114x144-06.png",
"https:\/\/m.imimg.com\/gifs\/im2-192.png",
"https:\/\/1gr.cz\/u\/favicon\/apple-touch-icon.png",
"https:\/\/www.google.com.tr\/images\/branding\/product_ios\/3x\/gsa_ios_60dp.png",
"https:\/\/stripe.com\/img\/apple-touch-icon\/180x180.png",
"http:\/\/s.hurriyet.com.tr\/mobilestatic\/img\/touch\/144x144-precomposed.png",
"http:\/\/www.chip.defec\/fea-home\/1.3.24\/favicon\/apple-touch-icon.png",
"http:\/\/m.ynet.co.il\/content\/images\/icons\/ios\/apple-touch-icon-152x152.png",
"https:\/\/www.besoccer.com\/media\/images\/favicon-152.png",
"https:\/\/www.google.lv\/images\/branding\/product_ios\/3x\/gsa_ios_60dp.png",
"https:\/\/www.deutsche-bank.de\/etc\/designs\/db-eccs-pws-pwcc\/assets\/db-logo-192x192.png",
"https:\/\/www.qualtrics.com\/apple-touch-icon.png",
"https:\/\/www.thingiverse.com\/img\/favicons\/favicon-192x192.png",
"https:\/\/24smi.info\/frontend\/public\/img\/icon.ico",
"https:\/\/www.scdn.co\/i\/_global\/touch-icon-144.png",
"https:\/\/www.google.si\/images\/branding\/product_ios\/3x\/gsa_ios_60dp.png",
"http:\/\/www.mathrubhumi.com\/img\/icons\/favicon_192x192.png",
"https:\/\/s.sbito.it\/1201525269738\/img2\/mobile\/android_launcher_icon.png",
"https:\/\/stat100.ameba.jp\/common_style\/img\/sp\/apple-touch-icon.png",
"https:\/\/cdn.myntassets.com\/pwa\/icons\/ios\/app\/Icon-App-60x60",
"https:\/\/img1a.coupangcdn.com\/image\/mobile\/v3\/web_favicon.png",
"https:\/\/ssl-gumtree.classistatic.com\/cached\/img\/au\/apple-touch-icon-144x144-precomposed.png",
"https:\/\/m.bhaskar.com\/public\/nbhaskarpwa\/images\/192app.png",
"http:\/\/www.lg.com\/lg4-common\/favicons\/228x228.png",
"http:\/\/www.chinatimes.com\/images\/touch-icon-192x192.png",
"https:\/\/whatsapp.com\/favicon.png",
"http:\/\/mp3party.net\/static\/apple-touch-icon-152-95c1428829c5da55df2efe0dd044fcf4.png",
"https:\/\/sputniknews.com\/i\/sputnik.png",
"https:\/\/www.google.be\/images\/branding\/product_ios\/3x\/gsa_ios_60dp.png",
"https:\/\/imgs.sapo.pt\/sapologos\/touchicon\/sapo.ao\/touch-icon-192.png",
"https:\/\/www.telekom.com\/blueprint\/servlet\/static-cms\/android-chrome-192x192.png",
"https:\/\/sportsfly.cbsistatic.com\/fly-832\/bundles\/sportsmediacss\/images\/core\/webclips\/touch-icon-ipad-retina.png",
"https:\/\/p5.focus.de\/mobile-bookmark-152x152.png",
"https:\/\/www.google.co.uk\/images\/branding\/product_ios\/3x\/gsa_ios_60dp.png",
"https:\/\/privatbank.ua\/sites\/pb\/img\/favicon\/favicon-192x192.png?v=18.9.9",
"https:\/\/static.bab.la\/img\/languages\/favicon-196x196.png",
"https:\/\/www.ft.com\/__origami\/service\/image\/v2\/images\/raw\/ftlogo-v1%3Abrand-ft-logo-square-coloured?source=update-logos",
"https:\/\/s.rbk.ru\/v8_top_static\/common\/common-8.5.85\/mobile\/apple-touch-icon-180x180.png",
"https:\/\/m.liontravel.com\/images\/custom_icon152x152.png",
"https:\/\/www.google.gr\/images\/branding\/product_ios\/3x\/gsa_ios_60dp.png",
"https:\/\/d26a57ydsghvgx.cloudfront.net\/www\/public\/assets\/images\/logos\/zendesk144.png",
"https:\/\/icon.zhiding.cn\/m\/wap\/favicon\/favicon_zd_114x114.png",
"https:\/\/thepiratebay-proxylist.org\/assets\/img\/icons\/favicon-194x194.png?v=oLL92y77",
"https:\/\/www.google.co.id\/images\/branding\/product_ios\/3x\/gsa_ios_60dp.png",
"https:\/\/m.clien.net\/service\/image\/icon180x180.png",
"https:\/\/st.tivision.ru\/images\/apple\/152x152.png",
"http:\/\/m.coolmath-games.com\/sites\/cmatgame\/themes\/cmatgame_mob\/images\/cm_hs_logo_114_114.png",
"https:\/\/www.google.nl\/images\/branding\/product_ios\/3x\/gsa_ios_60dp.png",
"http:\/\/oceanofgames.com\/wp-content\/uploads\/2014\/12\/gfav.png",
"http:\/\/www.dhl.com\/img\/dhl-favicons\/favicon-192-dhl.png",
"https:\/\/c.rdrom.ru\/touch\/images\/mobile\/icons\/apple-touch-icon.png",
"https:\/\/www-league.nhlstatic.com\/nhl.com\/builds\/site-core\/79d918380cd2f47409659d4e627bf4653a408699_1525184967\/images\/iOS\/apple-icon-144x144.png",
"https:\/\/s.abcnews.com\/assets\/images\/apple-touch-icons\/touch-icon-ipad-retina.png",
"http:\/\/www.alhilalalyoum.com\/themes\/new\/images\/favicon\/android-icon-192x192.png",
"https:\/\/www.gismeteo.ru\/amg\/images\/meta\/icon-196.png",
"https:\/\/e2-cdns2-fp.akamaized.net\/media\/img\/favicons\/apple-icon-144x144-precomposed.png",
"https:\/\/ria.ru\/i\/favicons\/favicon-194x194.png",
"http:\/\/mb.ntd.tv\/assets\/themes\/ntd\/images\/ENTD_180x180.jpg",
"https:\/\/cdn.vox-cdn.com\/uploads\/hub\/sbnu_logo_minimal\/441\/touch_icon_iphone_retina_1000_yellow.755.png",
"https:\/\/m.freelancer.comimages\/icons\/launcher-icons\/65008340.launcher-icon-192x192.png",
"https:\/\/trust-static.teamviewer.com\/wp-content\/uploads\/2017\/08\/favicon.ico",
"https:\/\/www.seznam.cz\/media\/img\/seznam-icons\/favicon-192x192.png",
"https:\/\/chsi.com.cnimages\/chsi-logo-pad2x.png",
"http:\/\/m.bles.com\/wp-content\/themes\/mobile\/favicon.ico?v=1.2",
"https:\/\/pages.anjukestatic.com\/usersite\/touch\/img\/app\/144x144.png",
"https:\/\/m.sporx.com\/_img\/144x144.png",
"https:\/\/assets.suara.com\/mobile2017\/images\/img\/suara-icon-114x114.png",
"https:\/\/static.wikia.nocookie.net\/qube-assets\/f2\/3064\/favicons\/apple-touch-icon.png?v=a2aeb86e18269b3ea0472f697b50915a8953004e",
"https:\/\/www.forever21.com\/images\/en\/common\/apple-touch-icon-144x144-precomposed.png",
"https:\/\/c.cheggcdn.com\/s\/_mobile\/images\/icon_retina.png",
"https:\/\/www.1und1.de\/modules\/frontend-elements\/img\/components\/header\/apple-touch-icon-114x114px.png",
"http:\/\/s15858.pcdn.co\/wp-content\/themes\/semplicemente-scribol-dartfish\/images\/icons\/apple-touch-icon-180x180.png",
"https:\/\/www.google.hr\/images\/branding\/product_ios\/3x\/gsa_ios_60dp.png",
"https:\/\/www.nbcsports.com\/sites\/all\/themes\/custom\/nbcsports\/img\/apple-touch-icons\/nbcsports\/ios\/apple-touch-icon-180x180.png",
"https:\/\/123movies.fun\/icon\/apple-touch-icon.png",
"https:\/\/s1.reutersmedia.net\/resources_v3\/images\/favicon\/android-chrome-192x192.png",
"https:\/\/www.flashscore.com\/res\/image\/mobile-icons\/fs-black\/180x180.png",
"https:\/\/assets-cdn.github.com\/apple-touch-icon-180x180.png",
"https:\/\/static.1tv.ru\/assets\/web\/favicon\/android-chrome-192x192-fc56652994ace8c546dee7b60495bddb.png",
"http:\/\/img-hws.y8.com\/assets\/y8\/favicon-6550acf2615ebc92afe5418b756405a742f3a2fbcf48319b6b65cfadee85d533.ico",
"http:\/\/www.cqnews.net\/common\/cache\/images\/weblogo.png",
"https:\/\/www.sketchup.com\/sites\/all\/themes\/sketch\/touch-icon-ipad-retina.png",
"https:\/\/www.google.fi\/images\/branding\/product_ios\/3x\/gsa_ios_60dp.png",
"https:\/\/www.nike.com\/android-icon-192x192.png",
"http:\/\/m.asos.com\/apple-touch-icon.png",
"https:\/\/fast.com\/assets\/favicons\/android-icon-192x192.png",
"https:\/\/cdn-images-1.medium.com\/fit\/c\/304\/304\/1",
"http:\/\/www.ansa.it\/sito\/img\/ico\/ansa-144-precomposed.png",
"https:\/\/www.google.com.kw\/images\/branding\/product_ios\/3x\/gsa_ios_60dp.png",
"https:\/\/www.asahi.com\/logo_icon.png",
"https:\/\/image.fmkorea.com\/common\/tpl\/images\/logo152.png",
"http:\/\/www.elcomercio.com\/apple-touch-icon.png",
"https:\/\/www.itau.com.br\/_arquivosestaticos\/Itau\/img\/itau-icon.png",
"https:\/\/www.wykop.pl\/static\/wykoppl7\/img\/apple-touch-icon-180x180.png",
"http:\/\/www.wwe.com\/sites\/all\/themes\/custom\/wwe_theme\/apple-touch-icon-precomposed-144x144.png",
"https:\/\/assets.genius.com\/images\/apple-touch-icon.png?1525812922",
"https:\/\/gameforge.com\/assets\/images\/icons\/favicon-196x196.png",
"https:\/\/www.retailmenot.com\/www\/gui\/im\/apple-touch-icon-152.png",
"https:\/\/www.nationalgeographic.com\/etc\/designs\/platform\/v3\/images\/apple-touch-icon.ngsversion.zaG7EbKN.png",
"https:\/\/cdn0-a.production.vidio.static6.com\/assets\/logo\/new-android-icon-192x192-a2e89a9ca578fa5fdc68232eca10eb180e8c1b45a03d72c0232533d8d724ed3f.png",
"https:\/\/www.google.co.ve\/images\/branding\/product_ios\/3x\/gsa_ios_60dp.png",
"https:\/\/www.haberler.com\/static\/favicons\/icon-512x512.png",
"https:\/\/www4.9anime.is\/assets\/favicons\/favicon.png",
"https:\/\/www.digitalocean.com\/apple-touch-icon.png",
"http:\/\/hdrezka.ag\/apple-touch-icon-144.png",
"http:\/\/www.w3school.com.cn\/logo-144.png",
"https:\/\/assets.guim.co.uk\/images\/favicons\/ac43fe9507600081b58760450f518d07\/152x152.png",
"https:\/\/www.sheypoor.com\/img\/favicon\/192.png",
"https:\/\/www.mos.ru\/static\/images\/favicon\/icon192x192.png?",
"https:\/\/u.alicdn.com\/mobile\/img\/common\/favicons\/apple-touch-icon-180x180.png",
"https:\/\/s.blogsmithmedia.com\/www.engadget.com\/assets-h73b1bee94a42ddcb54c22aabfdea96bb\/images\/favicon-160x160.png?h=1638b0a8bbe7effa8f85c3ecabb63620",
"https:\/\/images-na.ssl-images-amazon.com\/images\/G\/33\/anywhere\/a_smile_196x196._CB368246395_.png",
"https:\/\/upst.fwdcdn.com\/ukrnet-icon-144x144.png",
"https:\/\/s.kaskus.id\/themes_3.0\/mobile\/img\/apps_icon.png",
"https:\/\/humblebundle-a.akamaihd.net\/static\/hashed\/03df0490a53d595fd930f9fff52038366d60a05d.png",
"https:\/\/icdn.lenta.ru\/lenta_touch.png",
"https:\/\/3-cache11.stubhubstatic.com\/promotions\/scratch\/ue-app-head\/android-icon-192x192.png",
"https:\/\/opgg-static.akamaized.net\/icon\/Icon-144.png?v2",
"http:\/\/m.spiegel.de\/static\/V2\/logo\/favicon\/touch-icon152.png",
"http:\/\/www.goal.com\/rebuild-beta-assets\/favicons\/android-chrome-192x192.png?v=3.59.0.0",
"http:\/\/www.wiocha.pl\/apple-touch-icon.png",
"https:\/\/mjs.sinaimg.cn\/wap\/online\/public\/images\/addToHome\/sina_114x114_v1.png",
"https:\/\/indoxxi.tv\/images\/xxi-movie.ico\/android-icon-192x192.png",
"https:\/\/s.yimg.jp\/c\/icon\/s\/bsc\/2.0\/y120.png",
"https:\/\/hayabusa.io\/abema\/assets\/img_icon.w180.h180.v55e9268.png",
"https:\/\/www.daraz.pk\/images\/local_mobile\/favicon\/daraz\/logo_cart",
"https:\/\/www.google.cl\/images\/branding\/product_ios\/3x\/gsa_ios_60dp.png",
"https:\/\/www.google.com.ly\/images\/branding\/product_ios\/3x\/gsa_ios_60dp.png",
"https:\/\/www.allrecipes.com\/apple-touch-icon-180x180-precomposed.png",
"https:\/\/www.westernjournal.com\/wp-content\/uploads\/2017\/11\/android-chrome-192x192-150x150-1.jpg",
"https:\/\/www.otto.de\/static\/all\/img\/global-resources\/23d1239aa2c1223b\/favicons\/favicon-196x196.png",
"https:\/\/a.slack-edge.com\/436da\/marketing\/img\/meta\/app-256.png",
"http:\/\/di30d2kxyxn22.cloudfront.net\/images\/favicons\/android-chrome-192x192.0595e57f5d3b.png",
"https:\/\/modo3.com\/favicon.ico",
"https:\/\/www.apartments.com\/a\/3cd4b6\/touch-icon-iphone.png",
"https:\/\/www.ryanair.com\/etc\/designs\/ryanair\/favicon\/apple-touch-icon-152x152.png",
"https:\/\/www2.coinbase.com\/assets\/96x96.png",
"https:\/\/secure.gravatar.com\/blavatar\/8181b523e3c891bc770494a0bbbe8244?s=114",
"http:\/\/m.discuss.com.hkimages\/bookmark-icon-144.png?v=20150302",
"https:\/\/www.instagram.com\/static\/images\/ico\/favicon-192.png\/b407fa101800.png",
"https:\/\/www.wellsfargo.com\/assets\/images\/icons\/icon-hires-192x192.png",
"https:\/\/cdns.klimg.com\/vemale.com\/i\/a\/apple\/apple-touch-icon-152x152-precomposed.png",
"https:\/\/cache.nymag.com\/media\/vulture\/icon.square.svg",
"https:\/\/m.bedbathandbeyond.com\/_assets\/mobileAssets\/global\/images\/BBB_appStore.png",
"https:\/\/www.cheatsheet.com\/wp-content\/themes\/wallstcheatsheet-v2\/images\/icons\/apple-icon-180x180-precomposed.png?x23912",
"https:\/\/s3.pstatp.com\/image\/toutiao_mobile\/icon_180_1.png",
"https:\/\/www.credit-agricole.frlocal\/cache-gd2\/bc\/e21b894b552eeb14686a29fb76cb18.png?1525814003",
"https:\/\/www.udemy.com\/staticx\/udemy\/images\/v6\/favicon-196x196.png",
"https:\/\/www.doubleclickbygoogle.com\/static\/v4624\/core\/img\/favicons\/favicon-194x194.png",
"https:\/\/images-eu.ssl-images-amazon.com\/images\/G\/03\/anywhere\/a_smile_196x196._CB368246539_.png",
"https:\/\/scdn.vnecdn.net\/vnexpress\/restruct\/i\/v56\/logos\/114x114.png",
"https:\/\/www.shop-apotheke.com\/mobile\/pix\/icons\/apple-icon.png",
"https:\/\/d1a3f4spazzrp4.cloudfront.net\/uber-com\/1.3.8\/d1a3f4spazzrp4.cloudfront.net\/images\/apple-touch-icon-180x180-45befcd014.png",
"https:\/\/secure.img1-fg.wfcdn.com\/st4\/stores\/common\/mobile\/touch_icons\/wayfair_192x192.png",
"https:\/\/www.google.com.sv\/images\/branding\/product_ios\/3x\/gsa_ios_60dp.png",
"https:\/\/www.researchgate.net\/apple-touch-icon-180x180.png",
"https:\/\/www.yr.no\/assets\/images\/android-chrome-192x192.png",
"https:\/\/cdn.comcast.com\/learn\/-\/media\/common\/favicon\/apple-touch-icon.png",
"https:\/\/images-na.ssl-images-amazon.com\/images\/G\/30\/anywhere\/a_smile_196x196._CB368246671_.png",
"https:\/\/iqoption.com\/assets\/images\/favicons\/android-chrome-192x192.png?v=XBBobPBryW",
"https:\/\/www.babycenter.com\/xapple-touch-icon-152x152.png.pagespeed.ic.-XhxSt8l0U.png",
"https:\/\/www.coursehero.com\/assets\/img\/apple-touch-icon.png",
"https:\/\/images-americanas.b2w.io\/zion\/manifest\/icons\/0617b391f7ef445b69ea03658739a4f9.apple-touch-icon-152x152.png",
"https:\/\/vice-web-statics-cdn.vice.com\/favicons\/vice\/coast-228x228.png",
"https:\/\/www.neobux.comimagens\/fi\/apple-touch-icon-144x144.png",
"https:\/\/cs.pikabu.ru\/mobile\/img\/apple-touch-icon-152x152.png",
"https:\/\/dl4ptssjks9ce.cloudfront.net\/assets\/icons\/android-chrome-192x192.png",
"http:\/\/m.star.com.tr\/assets\/img\/star-chrome-icon.png",
"https:\/\/www.codeproject.com\/favicon\/apple-touch-icon.png",
"http:\/\/m.bldaily.com\/wp-content\/themes\/mobile\/favicon.ico?v=1.2",
"https:\/\/static1-ssl.dmcdn.net\/images\/neon\/favicons\/apple-icon-precomposed.png.vd206cf7434adbe852",
"https:\/\/www.google.pt\/images\/branding\/product_ios\/3x\/gsa_ios_60dp.png",
"https:\/\/www.mbank.pl\/images\/logos\/favicons\/apple-touch-icon-114x114.png?b1039868503f94399de85ccfabd7ea2b",
"https:\/\/static.runoob.com\/images\/icon\/mobile-icon.png",
"https:\/\/www.surveymonkey.com\/apple-touch-icon-precomposed.png",
"https:\/\/cdn1.olymptrade.com\/p_dec0ced669ba\/favicons\/android-chrome-192x192.png",
"https:\/\/m.laposte.fr\/_ui\/mobile\/img\/favicon\/android-chrome-192x192.png",
"https:\/\/abola.pt\/img\/icons\/android-icon-192x192.png",
"https:\/\/static6-a.akamaihd.net\/assets\/images\/ios\/touch-icon-ipad-retina.png",
"https:\/\/www.infusionsoft.com\/android-chrome-256x256.png",
"https:\/\/http2.mlstatic.com\/ui\/navigation\/2.0.9\/mercadolibre\/192x192-precomposed.png",
"https:\/\/a.academia-assets.com\/images\/favicons\/favicon-194x194.png",
"https:\/\/www.google.es\/images\/branding\/product_ios\/3x\/gsa_ios_60dp.png",
"https:\/\/www.hollywoodreporter.com",
"https:\/\/r.r10s.jp\/com\/img\/home\/logo\/touch.png",
"https:\/\/g0.evitecdn.com\/static\/images\/v2\/mobile\/apple-touch-icon-114.9c86830bb928.png",
"https:\/\/static.segmentfault.com\/v-5aec1215\/global\/img\/touch-icon.png",
"https:\/\/www.mozilla.org\/media\/img\/firefox\/favicon-196.c6d9abffb769.png",
"https:\/\/www.google.com.ph\/images\/branding\/product_ios\/3x\/gsa_ios_60dp.png",
"https:\/\/m.kumparan.com\/logo-192.png",
"https:\/\/c.disquscdn.com\/next\/current\/marketing\/assets\/img\/brand\/favicon-192x192.png",
"https:\/\/cbsnews4.cbsistatic.com\/fly\/bundles\/cbsnewscore\/apple-touch-icon.png?v=824336b681a48d701181e214791cd362a898af90",
"https:\/\/images-eu.ssl-images-amazon.com\/images\/G\/29\/anywhere\/a_smile_196x196._CB368246716_.png",
"https:\/\/marvel.com\/i\/images\/favicon\/apple-touch-icon-180.png",
"https:\/\/www.jumia.com.ng\/images\/local_mobile\/favicon\/jumia\/logo_cart",
"https:\/\/a.amz.mshcdn.com\/assets\/mashable.touchicon-85568436777b97f88ef7182140a53fd1a4f7cec7c0fa5568a3783fcdb0d08eb5.png",
"https:\/\/www.oxforddictionaries.com\/favicon-194x194.png",
"https:\/\/www.mlbstatic.com\/mlb.com\/builds\/site-core\/b1f0c226cb2df26dc50e85bcfe2e270ff5457aff_1525816315\/images\/favicon.png",
"https:\/\/ecs7.tokopedia.net\/assets-tokopedia-lite\/prod\/media\/icons\/icon512.png",
"http:\/\/www.breitbart.com\/t\/assets\/i\/w-logo-orange.png",
"https:\/\/img-buyma-com.akamaized.net\/apple-touch-icon-precomposed.png?ede456d05a6625f9b",
"https:\/\/www.cdc.gov\/TemplatePackage\/3.0\/images\/cdc-touch-icon-144x144.png",
"http:\/\/www.zougla.gr\/App_Themes\/default\/_gfx\/favicons\/apple-touch-icon.png?v=XBr3Y2myQ5",
"http:\/\/static.im-g.pl\/gazetapl180x180.png",
"https:\/\/www.tomshardware.com\/medias\/favicon\/android-chrome-192x192.png?v=oLLokpekrr",
"http:\/\/www.nydailynews.com\/pb\/resources\/images\/nydn_icons\/144-iTunesArtwork.png?v=39",
"http:\/\/www.namasha.com\/apple-touch-icon-precomposed.png",
"http:\/\/m.tmz.com\/assets\/20180502230309\/theme\/images\/touch-icon.png",
"https:\/\/ss.sport-express.ru\/projects\/apple\/icons\/apple-touch-icon-152x152.png",
"https:\/\/m.vk.com\/images\/safari_152.png?1",
"https:\/\/static.gamespot.com\/bundles\/gamespotsite\/images\/touch-icon-ipad-retina-precomposed.png",
"https:\/\/cdn2.doodle.com\/dist\/i\/7479b568749fca315a2969e30cbee4f5.png",
"https:\/\/static.mailchimp.com\/web\/favicon.ico",
"https:\/\/m.hao123.com\/apple-touch-icon-114x114-2.png",
"https:\/\/www.micstatic.com\/mt\/img\/apple-touch-icon-144x144-precomposed.png?_v=1525763330170",
"https:\/\/www.cargurus.com\/favicon.ico",
"https:\/\/cdn-static.farfetch-contents.com\/static\/images\/favicon\/Generated\/apple-touch-icon-180x180.png",
"https:\/\/www.utorrent.com\/img\/banners\/utSmartBanner.png",
"https:\/\/s0.cdn3x.com\/jb\/i\/apple-touch-ipad-retina.png",
"https:\/\/s.cafebazaar.ir\/1\/upload\/icons\/divar-logo-512x512.png",
"https:\/\/assets.billboard.com\/assets\/1525405189\/images\/BB_favicon144.png?201c973b076ead19af2c",
"https:\/\/www.cda.pl\/touch-icon-192x192.png",
"http:\/\/image.bitautoimg.com\/wap\/ios\/images\/144x144.png",
"https:\/\/i.kinja-img.com\/gawker-media\/image\/upload\/s--2gXbBeUI--\/c_fill",
"https:\/\/6ce7249d60697cecb233-c2e8d057e491f208ac0828a45bc359e1.ssl.cf1.rackcdn.com\/wp-content\/uploads\/2016\/08\/cropped-tt-favicon-1-192x192.png",
"https:\/\/s.pinimg.com\/webapp\/style\/images\/logo_180-f06edffd.png",
"https:\/\/i.kinja-img.com\/gawker-media\/image\/upload\/s--iIvh_25i--\/c_fill",
"https:\/\/cdn-a.production.liputan6.static6.com\/assets\/images\/favicons\/android-chrome-192x192.png",
"http:\/\/sp.res.nimg.jp\/img\/apple-touch-icon-114x114.png",
"https:\/\/www.google.co.in\/images\/branding\/product_ios\/3x\/gsa_ios_60dp.png",
"https:\/\/app.gomein.net.cn\/plus\/images\/public\/apple-touch-icon-iphone4.png?v=2017092001",
"https:\/\/gw.alicdn.com\/tps\/i2\/TB1nmqyFFXXXXcQbFXXE5jB3XXX-114-114.png",
"https:\/\/www.ninisite.com\/favicon-192x192.png",
"https:\/\/m.twitch.tv\/apple-touch-icon.png",
"https:\/\/www.google.de\/images\/branding\/product_ios\/3x\/gsa_ios_60dp.png",
"https:\/\/cdn1-images.nutaku.com\/images\/icons\/favicon-192x192.png",
"http:\/\/img02.babytreeimg.com\/mobile\/img\/common\/icon-144.png",
"https:\/\/gfx.aftonbladet-cdn.se\/assets\/gfx\/social\/abAppIcon.png",
"https:\/\/www.google.lt\/images\/branding\/product_ios\/3x\/gsa_ios_60dp.png",
"https:\/\/quizlet.com\/a\/i\/brandmark\/1024.TGu7.png",
"https:\/\/mayoclinic.org\/styles\/img\/GBS\/apple-touch-icon-152x152.png",
"https:\/\/shared.ydstatic.com\/dict\/v5.15\/images\/icon.png",
"https:\/\/www.otvfoco.com.br\/wp-content\/uploads\/2017\/03\/cropped-favicon-192x192.png",
"https:\/\/assets.padletcdn.com\/assets\/crane_196x196-a7319aaa217d6f0198f1ea8359be879318c79014727d03553af9fe77ce608956.png",
"https:\/\/a.cdn-hotels.com\/da\/assets\/s\/63.0.8526\/images\/brands\/hcomrosso\/icons\/ios-bookmark-180.png",
"http:\/\/static.sfdict.com\/m\/img\/apple-touch-icon-precomposed-152x152.png",
"https:\/\/www.nalog.ru\/css\/ul\/icons\/mobile\/android-icon-192x192.png",
"https:\/\/hotmovs.com\/android-chrome-192x192.png?v=2",
"https:\/\/www.crictracker.com\/wp-content\/themes\/crictracker\/images\/favicon\/apple-touch-icon.png",
"https:\/\/ficbook.net\/apple-touch-icon.png",
"https:\/\/www.britishcouncil.org\/profiles\/solas2\/themes\/solas_ui\/apple-touch-icons\/touch-icon-ipad-retina.png",
"https:\/\/securet9.classistatic.com\/1.1.640\/images\/pl_PL\/touch-ipad-retina.png",
"https:\/\/www.so-net.ne.jp\/apple-touch-icon.png",
"https:\/\/d3nn82uaxijpm6.cloudfront.net\/icon-strava-chrome-192.png?v=dLlWydWlG8",
"https:\/\/m.sftcdn.net\/images\/1b7fb-259c9.png",
"https:\/\/dlweb.sogoucdn.com\/logo\/images\/2018\/apple-touch-icon.png",
"https:\/\/www.biobiochile.cl\/assets\/biobiochile\/img\/icons\/icon-194x194.png",
"http:\/\/i.haber7.net\/assets\/v3\/common\/images\/favicons\/apple-touch-icon-114x114.png",
"https:\/\/www.google.iq\/images\/branding\/product_ios\/3x\/gsa_ios_60dp.png",
"https:\/\/turbo.azstatic.com\/assets\/favicons\/favicon-192x192-6b9c580dfcf07578fd2cc600922decaa52bd80bd217bd5f5869bc61e91c472c6.png",
"https:\/\/ekstat.com\/img\/apple-touch-icon.png",
"https:\/\/www.jstor.org\/assets\/global_20180504T1804\/build\/images\/favicons\/android-chrome-512x512.png",
"https:\/\/www.google.com.eg\/images\/branding\/product_ios\/3x\/gsa_ios_60dp.png",
"https:\/\/www.oui.sncf\/sites\/all\/themes\/hermes\/favicons\/favicon-196x196.png",
"http:\/\/www.dw.com\/favicon.png",
"https:\/\/www.usc.edu\/wp-content\/themes\/usc-homepage-2017\/assets\/images\/favicon.ico?v=3.3.0",
"https:\/\/i.investopedia.com\/public\/img\/apple-touch-icon.png",
"https:\/\/static.tutsplus.com\/assets\/apple-touch-icon-3e53736827c755caa0e2ced2e1b94e2f.png",
"http:\/\/m.ign.com\/apple-touch-icon.png",
"https:\/\/cdn.vox-cdn.com\/uploads\/chorus_asset\/file\/7395351\/android-chrome-192x192.0.png",
"https:\/\/m.hclips.com\/favicon-194x194.png?v=3",
"https:\/\/www.paypalobjects.com\/webstatic\/icon\/pp196.png",
"https:\/\/images-fe.ssl-images-amazon.com\/images\/G\/09\/anywhere\/a_smile_196x196._CB368246755_.png",
"https:\/\/www.rt.com\/static\/block\/touch-icon\/apple-touch-icon-144x144-precomposed.png",
"https:\/\/img7.mynet.com\/mmynet\/mynet-g-play-icon.png",
"https:\/\/www.setn.comsettouch152.png",
"https:\/\/www.visualstudio.com\/wp-content\/uploads\/2017\/02\/BrandVisualStudioIDE2017RTW_64x.png",
"https:\/\/s1.pir.fm\/pf\/favicons--AwgCBwYOBQc\/apple-touch-icon.png",
"https:\/\/www.debate.com.mx\/__export\/1513187264000\/sites\/debate\/arte\/el-debate\/apps\/favicon.png_2040392579.png",
"https:\/\/www.redditstatic.com\/mweb2x\/favicon\/192x192.png",
"https:\/\/www.patria.org.ve\/android-icon-192x192.png",
"https:\/\/www.drive2.ru\/apple-touch-icon.png",
"https:\/\/www.ed.gov\/profiles\/ed_main\/themes\/ed3\/images\/apple-touch-icon-114x114.png",
"https:\/\/st.stripcdn.com\/assets\/common\/images\/favicon_xh.png",
"https:\/\/s.4cdn.org\/image\/apple-touch-icon-ipad-retina.png",
"http:\/\/www.xinhuanet.com\/desk_icon.png",
"https:\/\/m.sfr.fr\/mist\/assets\/logos\/iphone_114x114.png",
"https:\/\/stc.utdstc.com\/favicon.ico",
"https:\/\/images.kizlarsoruyor.com\/content\/images\/tr\/ks-icon-152.png",
"https:\/\/aglasem.com\/wp-content\/uploads\/2017\/03\/aglasem-logo-192x192.jpg",
"https:\/\/media.npr.org\/templates\/favicon\/favicon-180x180.png",
"https:\/\/www.google.com.hk\/images\/branding\/product_ios\/3x\/gsa_ios_60dp.png",
"https:\/\/yastatic.net\/iconostasis\/_\/fDd53jOe-AyM1FrE6Ikra1suP1Q.png",
"https:\/\/about.gitlab.com\/ico\/favicon-192x192.png",
"http:\/\/www.latimes.com\/pb\/resources\/images\/lat_icons\/144-iTunesArtwork.png?v=39",
"https:\/\/kemdikbud.go.idassets\/icon\/android-icon-192x192.png",
"https:\/\/www.cloudflare.com\/favicon-196x196.png",
"https:\/\/s.glbimg.com\/en\/ho\/static\/touchphone\/img\/apple-touch-icon-iphone-retina.png",
"https:\/\/index.hu\/assets\/images\/favicons\/apple-touch-icon.png",
"http:\/\/orf.at\/mojo\/1_3\/storyserver\/\/news\/news\/images\/touch-icon-ipad-retina.png",
"https:\/\/s3-media2.fl.yelpcdn.com\/assets\/2\/mobile\/img\/fef81b306d81\/mobile\/homescreen_3x.png",
"https:\/\/www.google.com\/images\/branding\/product_ios\/3x\/gsa_ios_60dp.png",
"https:\/\/mobi.sndcdn.com\/assets\/images\/sc-icons\/iphone",
"https:\/\/betacssjs.chesscomfiles.com\/bundles\/web\/images\/chess-touch-1200.png",
"https:\/\/www.glassdoor.com\/app\/static\/img\/mobile\/icons\/touch-icon-144.png?v=0efaf240j",
"http:\/\/res.17track.net\/global-v2\/imgs\/oauth_image\/apple_touch_152x152.png",
"https:\/\/assets.bwbx.io\/s3\/javelin\/public\/hub\/images\/apple-touch-icon-180x180-c1a237984e.png",
"https:\/\/css.dhresource.com\/mobile_v2\/common\/image\/pwa\/favicons\/android-chrome-192x192.png",
"https:\/\/hiptoro.com\/wp-content\/uploads\/2017\/12\/VBGFob0g.png",
"https:\/\/www.avito.st\/s\/common\/touch-icons\/common\/apple-touch-icon-180x180-precomposed.png?57be3fb",
"https:\/\/static1.seekingalpha.com\/assets\/favicon-192x192-59bfd51c9fe6af025b2f9f96c807e46f8e2f06c5ae787b15bf1423e6c676d4db.png",
"https:\/\/i.vimeocdn.com\/favicon\/main-touch_180",
"https:\/\/om.forgeofempires.com\/media\/images\/favicon\/foe\/apple-touch-icon-192x192-precomposed.1525697525.png",
"https:\/\/webst.depositphotos.com\/_img\/apple-touch-icon-152x152.png",
"https:\/\/a0.muscache.com\/airbnb\/static\/icons\/android-icon-192x192-c0465f9f0380893768972a31a614b670.png",
"https:\/\/www.google.com.pe\/images\/branding\/product_ios\/3x\/gsa_ios_60dp.png",
"https:\/\/popmyads.comimages\/apple-touch-icon.png",
"https:\/\/cdn.ecosia.org\/assets\/images\/png\/apple-touch-icon.png",
"https:\/\/s.tradingview.com\/static\/images\/favicon.ico",
"https:\/\/mobile.southwest.com\/images\/icon-180x180.37f99b89.png",
"https:\/\/static.syosetu.com\/view\/images\/apple-touch-icon-precomposed.png?ojjr8x",
"https:\/\/www.qiyipic.com\/common\/fix\/h5_white_images\/desktop_logo-114.png",
"https:\/\/news.zing.vn\/touch-icon-144x144.png",
"https:\/\/www.nih.gov\/sites\/all\/themes\/nih\/apple-touch-icon.png",
"https:\/\/people.com\/img\/favicons\/favicon-192.png",
"https:\/\/m.ebay-kleinanzeigen.de\/favicons\/favicon-192x192.png",
"https:\/\/www.livestrong.com\/favicon.png",
"https:\/\/mobile.nytimes.com\/vi-assets\/static-assets\/apple-touch-icon-319373aaf4524d94d38aa599c56b8655.png",
"https:\/\/static.dnevnik.ru\/img\/icons\/favicons\/apple\/152x152.png",
"https:\/\/mw4.wsj.net\/mw5\/content\/images\/favicons\/apple-touch-icon-180x180.png",
"https:\/\/assets.cdngetgo.com\/dims4\/default\/73b7dc4\/2147483647\/thumbnail\/128x128\/quality\/90\/?url=https%3A%2F%2Fassets.cdngetgo.com%2F1e%2F34%2F2d924a3944a7b040c9379cd11f2d%2Fg2w-favicon.png",
"https:\/\/yts.am\/assets\/images\/website\/apple-touch-icon-180x180.png",
"https:\/\/www.sport.es\/img\/ico-180.png",
"https:\/\/y2mate.com\/themes\/images\/logo.png",
"https:\/\/www.google.no\/images\/branding\/product_ios\/3x\/gsa_ios_60dp.png",
"https:\/\/assets.ubuntu.com\/v1\/3361409d-apple-touch-icon-144x144-precomposed.png",
"https:\/\/www.umich.edu\/skins\/um2013\/media\/images\/touch-icon-ipad-retina.png",
"https:\/\/assets-9gag-fun.9cache.com\/s\/fab0aa49\/a130c97b656993fa45b47b64a31472078cd222f8\/static\/dist\/mobile7\/img\/apple-touch-icon-180.png",
"http:\/\/livedoor.blogimg.jp\/jin115\/imgs\/6\/7\/67e4a6a3.jpg",
"https:\/\/resource.binance.com\/resources\/img\/binance_icon.png",
"https:\/\/gw.alicdn.com\/tfs\/TB1m9hGhXOWBuNjy0FiXXXFxVXa-152-152.jpg",
"https:\/\/cdn.sstatic.net\/Sites\/stackexchange\/img\/apple-touch-icon.png",
"https:\/\/line.me\/apple-touch-icon-precomposed.png",
"https:\/\/yastatic.net\/s3\/kinopoisk-frontend\/touch-www\/0.0.1266-touch-www\/dist\/favicon-196.png",
"https:\/\/ca.classistatic.com\/static\/V\/6425\/img\/favicons\/apple-touch-icon.png",
"https:\/\/imgs.sapo.pt\/sapologos\/touchicon\/generic\/touch-icon-192.png",
"https:\/\/www.plex.tv\/wp-content\/themes\/plex\/img\/favicons\/apple-touch-icon-152x152.png",
"http:\/\/us.jobrapido.com\/static\/img\/favicon\/apple-icon-precomposed.png",
"https:\/\/images-na.ssl-images-amazon.com\/images\/G\/01\/digital\/video\/DVUI\/favicons\/favicon-196x196._CB527404564_.png",
"https:\/\/img01.bt.co.uk\/s\/assets\/270418\/images\/apple-touch-icon-114x114.png",
"https:\/\/gss0.bdstatic.com\/5bd1bjqh_Q23odCf\/static\/wiseindex\/img\/screen_icon_new.png",
"https:\/\/ekstatic.net\/assets\/icon\/apple-icon-180x180.png?h=5.0.9",
"http:\/\/www.blackboard.com\/images\/apple-touch-icon-144x144-precomposed.png",
"https:\/\/m.pc6.com\/public\/img\/touch-icon-iphone.png",
"https:\/\/www.exlibrisgroup.com\/wp-content\/uploads\/2018\/01\/cropped-ex_favicon-192x192.png",
"https:\/\/www.urbanoutfitters.com\/static\/2.8.1\/images\/itunes_artwork_x3.png",
"https:\/\/www.telegraph.co.uk\/etc\/designs\/telegraph\/core\/clientlibs\/core\/icons\/favicon-152x152.png",
"http:\/\/www.elbalad.news\/themes\/balad\/favicon\/android-icon-192x192.png",
"https:\/\/www.foodnetwork.com\/etc\/clientlibs\/assets\/images\/food\/favicon-192x192.png",
"http:\/\/static.jade.synacor.com\/assets\/site_config\/att-gen4\/assets\/en_US\/gen4\/shared\/images\/icons\/appletouch-152.png",
"https:\/\/www.thestartmagazine.com\/assets\/favicon_196_196.png",
"https:\/\/www.alodokter.com\/assets\/cms_engine\/android-chrome-192x192-fbe9a22f2fc74b52818c962ab91b40031f1e6dd2d614f376eb1efcc03c5bba0b.png",
"https:\/\/www.google.ie\/images\/branding\/product_ios\/3x\/gsa_ios_60dp.png",
"https:\/\/cdn.futbin.com\/design\/img\/favic\/android-icon-192x192.png?17",
"https:\/\/www.unrealengine.com\/apple-touch-icon.png",
"https:\/\/www.google.com.gt\/images\/branding\/product_ios\/3x\/gsa_ios_60dp.png",
"https:\/\/img1a.flixcart.com\/www\/linchpin\/batman-returns\/images\/logo_lite-cbb3574d.png",
"https:\/\/www.buzzfeed.com\/static-assets\/img\/touch-icon-android.6f90f349a263fafae3843e9decf2812a.png",
"http:\/\/www.trbas.com\/jive\/prod\/common\/images\/chinews-apple-touch-icon.1q2w3_94554d959ec79959c59a94283f117703.png",
"http:\/\/m.milliyet.com.tr\/D\/i\/Fav\/android-icon-192x192.png",
"https:\/\/static.rdc-next-prod.rdc.moveaws.com\/assets\/apple-touch-icon-050bdb9e192096f6ca07f7c4cc24eaafc1320f74b1b82f3a8a1e92acf84ccb42.png",
"https:\/\/s.uicdn.com\/uimag\/4.663.0\/assets\/favicon\/gmx\/favicon-196x196.png",
"https:\/\/i.forbesimg.com\/media\/assets\/appicons\/forbes-app-icon_144x144.png",
"https:\/\/static.change.org\/favicons\/favicon-114x114.png",
"http:\/\/img.tfd.com\/touch\/ipad-r.png",
"https:\/\/static.reverb.com\/assets\/apple-icons\/touch-icon-iphone-6-plus-ce906aac2a12554fb224b378d60f658a.png",
"https:\/\/lichess1.org\/assets\/favicon.256.png",
"https:\/\/static.trulia-cdn.com\/images\/icons\/apple-touch-icon-144x144.png",
"http:\/\/www.rsc.org\/apple-touch-icon.png",
"http:\/\/cdn.nba.net\/assets\/icons\/apple-touch-icon.png",
"https:\/\/gamewith.jp\/assets\/img\/apple-touch-icon-144.png",
"https:\/\/prezi-a.akamaihd.net\/cover-versioned\/614-3f990c150926279da07e7bacfc37dc0825ea6de0\/common\/img\/prezi-apple-touch-icon.png",
"https:\/\/www.python.org\/static\/apple-touch-icon-144x144-precomposed.png",
"https:\/\/www.google.com.my\/images\/branding\/product_ios\/3x\/gsa_ios_60dp.png",
"https:\/\/www.zillowstatic.com\/static\/images\/m\/apple-touch-icon.png",
"https:\/\/slate.com\/media\/sites\/slate-com\/icon.svg",
"http:\/\/www.sportbible.com\/assets\/images\/theme\/favicons\/android-chrome-192x192.png",
"https:\/\/global.fncstatic.com\/static\/orion\/styles\/img\/fox-news\/favicons\/android-chrome-192x192.png",
"https:\/\/static-cdn.123rf.com\/images\/faviconBig.png",
"http:\/\/m.haberturk.com\/assets\/images\/apple-touch-icons\/152x152.png",
"https:\/\/fextralife.com\/wp-content\/uploads\/2015\/07\/cropped-flswords-160-192x192.png",
"https:\/\/3upg5n1ajpdonqkkp34tcif1-wpengine.netdna-ssl.com\/wp-content\/themes\/spiceworks\/apple-touch-icon.png",
"http:\/\/www.independent.co.uk\/sites\/all\/themes\/ines_themes\/independent_theme\/img\/apple-icon-180x180.png",
"https:\/\/gfycat.com\/static\/favicons\/favicon.ico",
"https:\/\/codepen.io\/favicons\/favicon-192x192.png",
"https:\/\/www.dcard.tw\/build\/\/images\/favicon_512.png",
"https:\/\/srs1.blastingcdn.com\/images\/apple-touch-icons\/touch-icon-ipad-retina.png",
"https:\/\/ca.gov\/images\/template2014\/apple-touch-icon-144x144.png",
"https:\/\/i.onthe.io\/vllkytaHR0cHM6Ly93d3cubmFpamEubmcvbmFpamEvaW1nL2FwcGxlLXRvdWNoLWljb24ucG5nP2hhc2g9YTFhYjJiMTZjYjBjYWZmOTk5ZmFlMjY2M2U0N2RkZDA=.prx.6056b5e7.png",
"https:\/\/www.google.bg\/images\/branding\/product_ios\/3x\/gsa_ios_60dp.png",
"https:\/\/m.ranker.com\/touch-icon-ipad-retina.png",
"https:\/\/www1.bac-assets.com\/homepage\/spa-assets\/images\/assets-images-global-favicon-android-chrome-192x192-CSXf4a81122.png",
"https:\/\/a.fsdn.com\/con\/img\/sandiego\/svg\/originals\/sf-icon-orange-no_sf.svg",
"https:\/\/s.uicdn.com\/uimag\/4.663.0\/assets\/favicon\/webde\/favicon-196x196.png",
"http:\/\/m.xuite.net\/home_screen_icon.php",
"https:\/\/meb.gov.tr\/image\/meb_logo.png",
"http:\/\/www.jeuxvideo.com\/android-icon-144x144.png",
"https:\/\/cdn-www.bluestacks.com\/bs-images\/favicon.png",
"https:\/\/ssl-cdn2.vscdns.com\/images\/icons\/f4f-iOS-icon-144x144.png",
"https:\/\/unsplash.com\/apple-touch-icon-152x152-precomposed.png",
"https:\/\/duckduckgo.com\/assets\/icons\/meta\/DDG-iOS-icon_152x152.png",
"https:\/\/m.lowes.com\/etc\/designs\/lowes-mobile-first\/images\/apple-touch-icon-114-precomposed.png",
"https:\/\/www.google.tn\/images\/branding\/product_ios\/3x\/gsa_ios_60dp.png",
"https:\/\/www.mobile01.comapple-touch-icon-180x180.png",
"https:\/\/unity3d.com\/profiles\/unity3d\/themes\/unity\/images\/ui\/favicons\/apple-touch-icon-152x152.png",
"https:\/\/cs3.wettercomassets.com\/wcomv5\/images\/icons\/favicon\/android-icon-192x192.png",
"https:\/\/mobile.nation.co.ke\/nationmedia\/css\/icons\/dnmobile\/apple-touch-icon-152x152.png",
"https:\/\/a0.awsstatic.com\/libra-css\/images\/site\/touch-icon-ipad-144-smile.png",
"https:\/\/www.jetbrains.com\/apple-touch-icon.png",
"https:\/\/udn.com\/static\/img\/favicon.ico",
"https:\/\/www.google.com.pr\/images\/branding\/product_ios\/3x\/gsa_ios_60dp.png",
"http:\/\/www.tgju.org\/touch-icon-ipad.png",
"https:\/\/www.lequipe.fr\/elements\/img\/favicons\/android-chrome-192x192.png?140917",
"https:\/\/abs-0.twimg.com\/responsive-web\/web\/ltr\/icon-ios.a9cd885bccbcaf2f.png",
"https:\/\/www.google.co.kr\/images\/branding\/product_ios\/3x\/gsa_ios_60dp.png",
"http:\/\/imgcdn.pandora.tv\/ptv_img\/ch\/favicon-192x192.png",
"https:\/\/st.ilfattoquotidiano.it\/wp-content\/themes\/ifq\/assets\/icons\/touch_192.png",
"https:\/\/www.google.co.il\/images\/branding\/product_ios\/3x\/gsa_ios_60dp.png",
"https:\/\/gyazo.com\/apple-touch-icon.png",
"https:\/\/static.nrk.no\/kurator\/front\/apple-touch-icon.png",
"https:\/\/www.clarin.com\/android-icon-192x192.png",
"http:\/\/2.fwcdn.pl\/gf\/beta\/ic\/logo-228.png",
"https:\/\/m.chron.com\/apple-touch-icon-152x152.png",
"https:\/\/www.google.fr\/images\/branding\/product_ios\/3x\/gsa_ios_60dp.png",
"http:\/\/panet.co.il\/apple-touch-icon-152x152.png",
"https:\/\/images-na.ssl-images-amazon.com\/images\/G\/15\/anywhere\/a_smile_196x196._CB368246733_.png",
"http:\/\/www.cbc.ca\/a\/apple-touch-icon.png",
"https:\/\/www.metropoles.com\/wp-content\/themes\/metropoles-mobile\/library\/images\/apple-touch-icon.png",
"https:\/\/sc.cnbcfm.com\/applications\/cnbc.com\/staticcontent\/img\/mobile\/touch\/cnbc-logo-sharing-114.jpg",
"https:\/\/static.makeuseof.com\/wp-content\/themes\/makeuseof2016\/components\/icons\/favicon.ico",
"https:\/\/www.outbrain.com\/favicon\/favicon-192x192.png",
"http:\/\/monstercrawler.com\/favicon\/android-icon-192x192.png",
"http:\/\/static.tvtropes.org\/img\/icons\/favicon-192x192.png",
"https:\/\/in.bmscdn.com\/m6\/images\/icons\/logo-192.png",
"https:\/\/www.ny.gov\/sites\/all\/themes\/ny_gov\/apple-touch-icon-precomposed-144x144.png",
"https:\/\/www.mk.ru\/media\/img\/mk.ru\/____i-img\/apple-touch-icon-180.png",
"https:\/\/www.flvto.biz\/favicon-194x194.png",
"https:\/\/web.poecdn.com\/image\/favicon\/apple-touch-icon.png?oriath",
"https:\/\/st.championat.com\/i\/favicon\/apple-touch-icon.png",
"https:\/\/creditkarmacdn-a.akamaihd.net\/ckfiles.com\/assets\/1092347025680\/res\/favicons\/apple-touch-icon.png",
"https:\/\/www.google.co.jp\/images\/branding\/product_ios\/3x\/gsa_ios_60dp.png",
"https:\/\/i.kinja-img.com\/gawker-media\/image\/upload\/s--07JMH5kN--\/c_fill",
"https:\/\/d2gatte9o95jao.cloudfront.net\/assets\/apple-touch-icon-1734beeaa059fbc5587bddb3001a0963670c6de8767afb6c67d88d856b0c0dad.png",
"https:\/\/static.tacdn.com\/img2\/mobile\/apple-touch-icon.png",
"https:\/\/rs.20m.es\/mobile\/apple-touch-icon.png",
"https:\/\/css2.corriereobjects.it\/includes2013\/LIBS\/css\/assets\/touch-icon-ipad-retina.png",
"https:\/\/www.google.co.za\/images\/branding\/product_ios\/3x\/gsa_ios_60dp.png",
"https:\/\/www.repstatic.it\/cless\/main\/nazionale\/2016-v1\/img\/common\/favicon\/apple-touch-icon-120.png",
"https:\/\/s.togetter.com\/static\/1.15.48\/web\/img\/icon\/tg_icon_192.png",
"https:\/\/www.1and1.com\/modules\/frontend-elements\/img\/components\/header\/apple-touch-icon-114x114px.png",
"https:\/\/m.ok.ru\/mres\/img\/browser-theme\/oklogo.png",
"https:\/\/wac-cdn.atlassian.com\/assets\/img\/favicons\/atlassian\/apple-touch-icon-152x152.png",
"https:\/\/images-eu.ssl-images-amazon.com\/images\/G\/02\/anywhere\/a_smile_196x196._CB368246590_.png",
"http:\/\/www.metacritic.com\/images\/iphone\/webpage.png",
"https:\/\/s.uicdn.com\/mailint\/8.984.0\/assets\/favicon_gmxcom.ico",
"https:\/\/static.kickstarter.com\/assets\/touch-icon-192x192-710ace6840055401ec231c1d86ce7312c56bb510fad8b775229b0ce73d0054c5.png",
"http:\/\/s3.india.com\/wp-content\/uploads\/2015\/02\/152x1521.png",
"https:\/\/www.premierleague.com\/resources\/ver\/i\/favicon\/favicon-196x196.png",
"http:\/\/fivethirtyeight.com\/wp-content\/themes\/espn-fivethirtyeight\/assets\/images\/fivethirtyeight-logo-touch.png?v=1.0.7",
"http:\/\/s.glbimg.com\/po\/tt2\/img\/icone-tt-192.png",
"https:\/\/d35aaqx5ub95lt.cloudfront.net\/images\/duolingo-touch-icon.png",
"https:\/\/m-assets.2gis.com\/apple-icon.png",
"https:\/\/www.colorado.edu\/profiles\/express\/themes\/expressbase\/apple-icon-144x144.png",
"https:\/\/m.porn555.com\/images\/favicons\/favicon-194x194.png?v=20161031",
"https:\/\/www.google.at\/images\/branding\/product_ios\/3x\/gsa_ios_60dp.png",
"https:\/\/m.mediafire.com\/icons\/android-chrome-192x192.png",
"https:\/\/www.biglobe.ne.jp\/a-top\/i\/apple-touch-icon-new.png",
"https:\/\/static.zara.net\/mstatic\/1525686532435\/\/images\/zara_webmobile_icon_1024x1024.png",
"https:\/\/www.state.gov\/state-responsive\/images\/favicons\/android-chrome-192x192.png",
"http:\/\/i0.jrjimg.cn\/mjrj_v2015\/apple-touch-icon-ipad-retina.png",
"https:\/\/ocdn.eu\/onetmobilemainpage\/manifestprod\/icons\/pwa-192x192_ios.png",
"https:\/\/www.runescape.com\/img\/global\/mobile.png?1",
"http:\/\/www.psu.eduprofiles\/psu_profile\/themes\/psu_main\/144.png",
"https:\/\/images-cn.ssl-images-amazon.com\/images\/G\/28\/anywhere\/a_smile_196x196._CB368246750_.png",
"https:\/\/static.104.com.tw\/logo\/104logo_o_152x152_appletouchicon.png",
"https:\/\/techcrunch.com\/wp-content\/uploads\/2015\/02\/cropped-cropped-favicon-gradient.png?w=192",
"https:\/\/www.ziprecruiter.com\/zrs\/dcf7ca7c\/img\/mobile\/chair-icon-114x114-precomposed.png",
"https:\/\/virgilio.plug.it\/v1.1\/img\/fi\/favicon-194x194.png",
"https:\/\/images-eu.ssl-images-amazon.com\/images\/G\/31\/anywhere\/a_smile_196x196._CB368246681_.png",
"https:\/\/www.wikipedia.org\/static\/apple-touch\/wikipedia.png",
"https:\/\/vgc.no\/vgnett-prod\/img\/icons\/apple-touch-icon-114-precomposed.png",
"http:\/\/c.speedtest.net\/images\/apple-touch-icon.png",
"https:\/\/cdn.narcity.com\/uploads\/93981849a69062d0aee8c0e53418360237aafa53.png",
"https:\/\/www.google.tm\/images\/branding\/product_ios\/3x\/gsa_ios_60dp.png",
"https:\/\/s.w-x.co\/twc_180x180.png",
"https:\/\/glosbe.com\/resources\/android-chrome-192x192.png?v=2",
"https:\/\/www.harvard.edu\/sites\/all\/themes\/hedu2015\/assets\/img\/apple-touch-icon-144x144.png",
"https:\/\/static1.jabong.com\/live\/images\/apple-icon-180x180.png",
"https:\/\/media1.popsugar-assets.com\/v3866\/static\/imgs\/apple\/apple-touch-icon-180x180.png",
"https:\/\/limg.imgsmail.ru\/touchsplash\/v\/i\/android-touch-icon-192x192-3329a9ff53.png",
"https:\/\/m.lotterypost.com\/images\/icon-lp-180.png",
"https:\/\/pcpartpicker.com\/apple-touch-icon-144x144-precomposed.png",
"https:\/\/www.geeksforgeeks.org\/wp-content\/uploads\/gfg_200X200.png",
"https:\/\/giphy.com\/static\/img\/icons\/apple-touch-icon-180px.png",
"https:\/\/www.sports.ru\/apple-touch-icon-1024.png",
"https:\/\/ssl.cdn-redfin.com\/v209.0.3\/images\/logos\/Touch-icon-152.png",
"https:\/\/www.static-src.com\/4.32.2-2\/resources\/images\/favicon\/blibli-192.png",
"https:\/\/www.google.az\/images\/branding\/product_ios\/3x\/gsa_ios_60dp.png",
"http:\/\/www.dikaiologitika.gr\/images\/ios\/Icon-App-72x72",
"https:\/\/www.wp.pl\/f\/2\/2.23.20\/favicon-192x192.png",
"https:\/\/www.rei.com\/apple-touch-icon-180x180.png",
"https:\/\/ssl.ulximg.com\/apple-touch-icon.png",
"https:\/\/cdn.pitchfork.com\/assets\/misc\/favicon-152-v2.png",
"https:\/\/vanilla.futurecdn.net\/techradar\/201805032\/apple-touch-icon.png",
"https:\/\/a.f1g.fr\/f\/img\/favicon\/apple-touch-icon.png",
"https:\/\/shahid4u.com\/wp-content\/uploads\/2015\/07\/tv-xl-1.png",
"https:\/\/upornia.com\/android-chrome-192x192.png?v=2",
"https:\/\/tap.azstatic.com\/assets\/favicons\/favicon-192x192-ca4e64094eb6086d3f70f4bce6a86e770660480cd248f98430188ea08aab702e.png",
"https:\/\/www.v2ex.com\/static\/img\/v2ex_192.png",
"https:\/\/m.hm.com\/entrance\/entrance-assets\/static\/mobile\/img\/common\/apple-touch-icon-114.png",
"https:\/\/securet9.classistatic.com\/assets\/images\/en_ZA\/icon-144x144-5540dc007f.png",
"http:\/\/www.lavanguardia.com\/rsc\/images\/ico\/apple-touch-icon-152x152.png",
"https:\/\/www.google.cz\/images\/branding\/product_ios\/3x\/gsa_ios_60dp.png",
"https:\/\/itslearning.com\/us\/wp-content\/uploads\/sites\/29\/2016\/09\/cropped-itslearning-favicon-300x300.png",
"https:\/\/static.bn-static.com\/img-48195\/mobile\/touch\/chrome-touch-icon-192x192.png",
"https:\/\/css.gbtcdn.com\/imagecache\/gbm\/img\/ico\/apple-touch-icon-ipad3-144",
"https:\/\/cfl.dropboxstatic.com\/static\/images\/logo_catalog\/dropbox_webclip_152_m1-vflU0bwfQ.png",
"https:\/\/m.avito.ma\/img\/favicon_ios_ma.png?8.30.633933",
"https:\/\/www.thrillist.com\/images\/thrillist\/apple-touch-icon-retina.png",
"https:\/\/www.ultimate-guitar.com\/static\/_img\/bootstrap\/ug\/img\/touchicons\/apple-touch-icon-152x152.png",
"https:\/\/public-assets.envato-static.com\/icons\/videohive.net\/apple-touch-icon-144x144-precomposed.png",
"https:\/\/www.google.com.sg\/images\/branding\/product_ios\/3x\/gsa_ios_60dp.png",
"http:\/\/www.hatena.ne.jp\/images\/hatenaportal\/portal\/common\/apple-touch-icon.png",
"https:\/\/d3njjcbhbojbot.cloudfront.net\/web\/images\/favicons\/icon-194x194.png",
"https:\/\/webtoons-static.pstatic.net\/image\/favicon\/ios_152x152.png?dt=2018022801",
"https:\/\/bleacherreport.com\/img\/favicon\/appleTouchIcon.png",
"https:\/\/img.bol.com.br\/icon-touch.png",
"http:\/\/static4.businessinsider.com\/assets\/images\/us\/favicons\/apple-touch-icon.png?v=BI-US-2017-06-22",
"http:\/\/0.gravatar.com\/blavatar\/efe0300e7f891c5c802ed340f6b20b67?s=114",
"http:\/\/www.rfi.fr\/favicon-192x192.png?version=20180201121500",
"https:\/\/s1.lemde.fr\/medias\/web\/1.2.705\/ico\/apple\/icon-144.png",
"https:\/\/www2.shutterstock.com\/base\/public\/images\/favicons\/apple-touch-icon-114x114-83c9784481.png",
"https:\/\/www.chase.com\/etc\/designs\/chase-ux\/favicon-152.png",
"http:\/\/static.naver.net\/www\/mobile\/edit\/2016\/0410\/mobile_115557242406.png",
"https:\/\/static.everydayhealth.com.tw\/front\/images\/android_c192.png",
"https:\/\/us.sagepub.com\/sites\/all\/themes\/sage_corp\/touch_icons\/touch-icon-192x192.png",
"https:\/\/dy6j70a9vs3v1.cloudfront.net\/funnel_wap\/static\/files\/74682b4a33619593dc9e722f6a1801be\/favicon-196x196.png",
"https:\/\/cdn.bustle.com\/bustle\/production\/public\/icon-c485b4.png",
"https:\/\/n1.global.ssl.fastly.net\/img\/common\/apple-touch-icons\/apple-touch-icon.png",
"https:\/\/www.welt.de\/favicon-180.png",
"https:\/\/template.digi-kala.com\/DigikalaMobileWeb\/webapp\/launcher-icon-4x.png",
"https:\/\/static1.squarespace.com\/static\/ta\/5134cbefe4b0c6fb04df8065\/8987\/assets\/logos\/icons\/app-icon-1024.png",
"https:\/\/www.daily.co.jp\/apple-touch-icon.png",
"http:\/\/chouftv.ma\/Content\/images\/favicon.ico",
"https:\/\/dailypakistan.com.pk\/assets\/dailypakistan\/images\/favicons\/android-icon-192x192.png",
"http:\/\/mobile.abc.net.au\/homepage\/mobile\/images\/homepage\/apple-touch-icon-144x144.png",
"http:\/\/time.com\/img\/favicons\/favicon-192.png",
"https:\/\/www.thoughtco.com\/static\/2.45.1\/icons\/favicons\/apple-touch-icon-152x152.png",
"https:\/\/m.img4399.com\/static\/web\/mobile\/images\/APP-icon.png?1e6eca7",
"https:\/\/static.dwatchseries.to\/templates\/default\/images\/apple-touch-icon.png",
"https:\/\/www.consultant.ru\/apple-touch-icon-180x180.png",
"https:\/\/mellowads.comlargeicon.png",
"https:\/\/www.gotporn.com\/assets\/favicon\/apple-touch-icon.png",
"https:\/\/www.xing.com\/assets\/frontend_minified\/img\/shared\/xing_icon_apple.png",
"https:\/\/img.mixi.net\/img\/smartphone\/touch\/favicon\/x001_prec.png",
"https:\/\/www.hubspot.com\/hs-fs\/hub\/53\/file-8149778-png\/fav.png?t=1525833701780",
"https:\/\/i.onthe.io\/pogudxaHR0cHM6Ly93d3cubnVyLmt6L251ci9pbWcvYXBwbGUtdG91Y2gtaWNvbi5wbmc\/aGFzaD1mMTg2ZDA3ZjE4MTQxNTdkODM5YmE4MTQzZjg5MzEwNw==.prx.a3862508.png",
"https:\/\/cdn.tnt-online.ru\/tnt2012\/tnt-144.png",
"https:\/\/www.yaplakal.com\/html\/ico\/favicon-194x194.png",
"https:\/\/assets.cpcdn.com\/assets\/device\/apple-touch-icon-precomposed.png?92b8bd477aedd34713e3d853583626f4d29101bdc7e6ceb52dcfe037b49e0988",
"https:\/\/apache.org\/favicons\/favicon-194x194.png",
"https:\/\/cdn.vox-cdn.com\/uploads\/hub\/sbnu_logo_minimal\/405\/touch_icon_ipad_retina_1000x1000.7014.png",
"https:\/\/e00-marca.uecdn.es\/apple-touch-icon-152x152-precomposed.png",
"https:\/\/www.google.com.tw\/images\/branding\/product_ios\/3x\/gsa_ios_60dp.png",
"https:\/\/www.webmd.com\/favico\/apple-touch-icon-114x114-precomposed.png",
"https:\/\/m.elwatannews.com\/assets\/img\/favicons\/152.png",
"https:\/\/www.google.kz\/images\/branding\/product_ios\/3x\/gsa_ios_60dp.png",
"https:\/\/cdn.okezone.com\/underwood\/revamp\/2018\/home\/img\/favicon\/android-chrome-192x192.png",
"https:\/\/okdiario.com\/img\/i\/android-icon-192x192.png",
"http:\/\/m.programme-tv.net",
"https:\/\/content.unicredit.it\/etc\/designs\/ucpublic\/it\/img\/favicon\/favicon-192x192.png",
"https:\/\/www.purdue.edu\/purdue\/images\/icon-ipad-retina.png",
"https:\/\/rapidvideo.com\/android-icon-192x192.png",
"https:\/\/d3isfnyiuldmfu.cloudfront.net\/img\/wikiwand_icon_apple.png",
"https:\/\/smi2.ru\/img\/smi2.ru\/icon-touch-152.png",
"https:\/\/www.google.co.th\/images\/branding\/product_ios\/3x\/gsa_ios_60dp.png",
"http:\/\/m.dagospia.com\/apple-touch-icon-114x114.png",
"https:\/\/yastatic.net\/iconostasis\/_\/cre7kjNuw5KlI0roqjbhqhqJjL4.png",
"https:\/\/assetscdn.paytm.com\/tmalld\/m\/paytmmall.png",
"https:\/\/tinder.com\/static\/apple-touch-icon.png",
"https:\/\/static4.dditscdn.com\/mbl\/frontend_backbone\/static\/livejasmin\/image\/apple-touch-icon-ipad",
"https:\/\/static.finncdn.no\/_c\/spaden\/v8.5.5\/favicons\/favicon-t-192x192.png",
"https:\/\/hp5.b.woopic.com\/icons\/WebClipIcon114.png",
"https:\/\/www.skroutz.gr\/touch-icon-192x192.png",
"https:\/\/www.meetup.com\/mu_static\/en-US\/b5c9ccb2eec82ad0436c3b768a1bc348.png",
"https:\/\/m.nownews.com\/static\/img\/apple-touch-favicon.png",
"http:\/\/m.interia.pl\/i\/minteria-ico-144x144.png",
"https:\/\/ew.com\/img\/favicons\/favicon-192.png",
"https:\/\/www.google.co.ao\/images\/branding\/product_ios\/3x\/gsa_ios_60dp.png",
"https:\/\/www.google.rs\/images\/branding\/product_ios\/3x\/gsa_ios_60dp.png",
"https:\/\/www.lifewire.com\/static\/2.51.1\/icons\/favicons\/apple-touch-icon-152x152.png",
"https:\/\/a1.r9cdn.net\/res\/images\/marble\/icon-192x192.png?v=023852353302099dff414c319ca59d2778fb3abd",
"https:\/\/s1.cdnpc.net\/front\/img\/favicons\/180.png?version=v57",
"https:\/\/vanilla.futurecdn.net\/pcgamer\/20180508\/apple-touch-icon.png",
"https:\/\/www.alc.co.jp\/img\/webclip_icon.png",
"https:\/\/www.francetvinfo.fr\/skin\/dist\/www\/img\/icn\/apple\/144x144-95a89ab4a1.png",
"https:\/\/public-assets.envato-static.com\/icons\/codecanyon.net\/apple-touch-icon-144x144-precomposed.png",
"https:\/\/pixabay.com\/apple-touch-icon.png",
"https:\/\/www.google.lk\/images\/branding\/product_ios\/3x\/gsa_ios_60dp.png",
"https:\/\/www.google.ch\/images\/branding\/product_ios\/3x\/gsa_ios_60dp.png",
"https:\/\/getpocket.com\/i\/apple-touch-icon\/Pocket_AppIcon_144.png",
"https:\/\/media.flaticon.com\/img\/apple-icon-152x152-precomposed.png",
"https:\/\/cdn.lifehacker.ru\/wp-content\/uploads\/2017\/01\/cropped-apple-icon_1484931984_1484932001-192x192.png",
"http:\/\/www.ladbible.com\/assets\/images\/theme\/favicons\/android-chrome-192x192.png",
"https:\/\/irecommend.ru\/themes\/irecommend_new\/images\/favicon.png?v=1",
"https:\/\/cdn4.uzone.id\/assets\/uploads\/others\/uzone\/favicon-2.png",
"https:\/\/st.deviantart.net\/minish\/touch-icons\/android-192.png",
"https:\/\/www.google.co.nz\/images\/branding\/product_ios\/3x\/gsa_ios_60dp.png",
"https:\/\/img.ruliweb.com\/img\/2016\/icon\/ruliweb_icon_144_144.png",
"https:\/\/i.kinja-img.com\/gawker-media\/image\/upload\/s--kxRKqXNr--\/c_fill",
"https:\/\/i-m.hh.ru\/favicon\/hh\/touch-icon-ipad-retina.png",
"http:\/\/news.ltn.com.tw\/assets\/images\/all\/ltn.png",
"https:\/\/asset-z.sindonews.net\/mobile\/2016\/images\/icon\/favicon-192x192.png",
"http:\/\/www.cambridge.org\/packages\/cambridge_themes\/images\/favicons\/touch-icon-iphone-retina-precomposed.png",
"https:\/\/m.kp.ru\/apple-touch-icon.png",
"https:\/\/36kr.com\/apple-touch-icon-iphone4.png",
"https:\/\/cdn.okccdn.com\/media\/img\/template\/icon\/okc144.png",
"https:\/\/www.google.com.au\/images\/branding\/product_ios\/3x\/gsa_ios_60dp.png",
"https:\/\/yastatic.net\/iconostasis\/_\/wT9gfGZZ80sP0VsoR6dgDyXJf2Y.png",
"http:\/\/m.1688.com\/144px.png",
"https:\/\/www.pexels.com\/assets\/icons\/pexels-icon-c89972421096df12c2b564575d6df896b612ca415b706033d2e44562f97343bc.png",
"https:\/\/www.constantcontact.com\/apple-touch-icon.png",
"https:\/\/s.wsj.net\/media\/wsj_apple-touch-icon-180x180.png",
"https:\/\/n.nordstrommedia.com\/id\/2f67442a-0338-42db-a214-701d94077281.ico",
"https:\/\/www.malwarebytes.com\/favicon-196x196.png",
"https:\/\/st.hzcdn.com\/static\/apple-touch-icon-144x144-precomposed.png?v=20180306",
"http:\/\/m.thepiratebay.org\/images\/apple-touch-icon-114x114.png",
"https:\/\/assets.yenisafak.com\/yenisafak\/wwwroot\/images\/appicon\/apple-touch-icon-180x180.png",
"https:\/\/endimages.s3.amazonaws.com\/static\/assets\/img\/end-114.png",
"https:\/\/www.ria.com\/dist\/img\/icon-hires.png?v=2f3b4473d7",
"https:\/\/www.thesun.co.uk\/wp-content\/uploads\/2016\/04\/icon-e1459786005667.png?strip=all",
"https:\/\/www.givemesport.com\/content\/img\/touch-icon-192x192.png",
"https:\/\/cdn.dribbble.com\/assets\/dribbble-ball-192-ec064e49e6f63d9a5fa911518781bee0c90688d052a038f8876ef0824f65eaf2.png",
"https:\/\/www.manyvids.com\/apple-touch-icon.png",
"https:\/\/hamariweb.comHW",
"http:\/\/mb.ntdtv.kr\/assets\/themes\/ntd\/images\/ENTD_180x180.jpg",
"https:\/\/styleguide.brainly.com.br\/images\/favicons\/brainly\/favicon-hd-0865c7f19f.png",
"http:\/\/www.in.gr\/wp-content\/themes\/ingr\/common\/imgs\/touch-icon-iphone\/touch-icon-ipad-retina.png",
"https:\/\/www.hsbc.com.hk\/etc\/designs\/dpws\/common\/favicons\/apple-touch-icon.png",
"https:\/\/cdn.theatlantic.com\/assets\/static\/a\/theatlantic\/common\/img\/apple-touch-icon-ipad-retina.png",
"https:\/\/ssl.feebee.com.tw\/touch-icon-ipad-retina.png",
"https:\/\/m.imgur.com\/assets\/icons\/icon-152.png",
"https:\/\/cdn3.livescore.com\/web2\/img\/touch-icon-iphone-152.png",
"https:\/\/sheinm.ltwebstatic.com\/dist\/images\/apple-touch-icon-ipad3-144-fb8d193bbe.png",
"https:\/\/www.android.com\/static\/img\/touch-icon-ipad-retina.png",
"https:\/\/www-mercari-com.akamaized.net\/favicon-194x194.png?1902452737",
"https:\/\/telegraf.com.ua\/i\/touch-icon-iphone.png",
"https:\/\/d1ulmmr4d4i8j4.cloudfront.net\/static\/icons\/ifixit\/android-chrome-192x192.png",
"http:\/\/s.globalsources.com\/gsol\/en\/mobile\/images\/TOUCH-ICON.PNG",
"https:\/\/www.tomsguide.com\/medias\/favicon\/favicon-194x194.png?v=kPPAMMXoY2",
"https:\/\/namu.wiki\/img\/apple_icon.png",
"https:\/\/assets.cdngetgo.com\/dims4\/default\/75feec2\/2147483647\/thumbnail\/128x128\/quality\/90\/?url=https%3A%2F%2Fassets.cdngetgo.com%2F7c%2Fdc%2Fe67bc1de4793aa0f2bb45472329c%2Fg2m-favicon.png",
"https:\/\/iface.adme.ru\/",
"http:\/\/www.free.fr\/freebox\/im\/icon_h.png",
"https:\/\/cdn.lynda.com\/static\/favicon-152.png",
"https:\/\/mangadex.org\/favicon.ico",
"http:\/\/www.channelmyanmar.org\/wp-content\/uploads\/2018\/03\/Layer-1-3.png",
"https:\/\/cdn.online-convert.com\/images\/favicon\/apple-touch-icon.png?v=oLdOl99jzy",
"https:\/\/assets.hollywoodreporter.com\/assets\/1525323694\/images\/brand\/apple-touch-icon.png?8eed3d92f9467810ac34",
"https:\/\/www.google.pl\/images\/branding\/product_ios\/3x\/gsa_ios_60dp.png",
"https:\/\/www.ilmeteo.it\/img\/icon-256.png",
"https:\/\/unblocked.mx\/img\/apple-touch-icon.png",
"https:\/\/www.pearson.com\/us\/etc\/designs\/one-dot-com\/one-dot-com\/us\/favicon.ico",
"https:\/\/www.google.ro\/images\/branding\/product_ios\/3x\/gsa_ios_60dp.png",
"https:\/\/i.kinja-img.com\/gawker-media\/image\/upload\/s--Tj4IOqWp--\/c_fill",
"https:\/\/www.google.com.ng\/images\/branding\/product_ios\/3x\/gsa_ios_60dp.png",
"https:\/\/www.gittigidiyor.com\/fred\/framework\/assets\/img\/core\/apple-touch-icons\/apple-icon-152x152-precomposed.png",
"https:\/\/www.google.com.pk\/images\/branding\/product_ios\/3x\/gsa_ios_60dp.png",
"http:\/\/cdn1.tstatic.net\/img\/icon\/tribun-icon_128.png",
"https:\/\/getcryptotab.com\/static\/favicon.ico",
"https:\/\/cdn.elsevier.io\/verona\/includes\/favicons\/favicon-192x192.png",
"https:\/\/m.torrent.love\/data\/seo\/phone_icon.png",
"https:\/\/r-ec.bstatic.com\/static\/img\/apple-touch-icon_new_lrg\/c9b35bf29a75cac2f430f80a5d4bc7fd961d21a7.png",
"https:\/\/www.psychologytoday.com\/sites\/all\/themes\/pt_brand\/img\/touch-icons\/apple-touch-icon-152x152-precomposed.png",
"https:\/\/sinst.fwdcdn.com\/img\/newImg\/touch-icon-ipad-retina.png",
"https:\/\/jci.book.com.tw\/img\/icons\/apple_icon_152x152.png",
"https:\/\/www.pole-emploi.fr:443\/accueil\/file\/sitemodel\/pefr\/img\/favicon\/android-chrome-192x192.png",
"https:\/\/cdn-a.production.liputan6.static6.com\/assets\/images\/bintang\/favicons\/android-chrome-192x192.png?v=2",
"http:\/\/company.wizards.com\/themes\/wx\/icons\/favicon.ico",
"https:\/\/www.google.sk\/images\/branding\/product_ios\/3x\/gsa_ios_60dp.png",
"https:\/\/kino-hd1080.ru\/templates\/kino1080\/images\/apple-touch-icon-114x114.png",
"https:\/\/m.youtube.com\/yts\/mobile\/img\/apple-touch-icon-144x144-precomposed-vflopw1IA.png",
"https:\/\/www.sberbank.ru\/portalserver\/static\/sb-bundle\/images\/sber-logo152.png",
"http:\/\/www.nature.com\/homepage\/public\/resources\/nature-logo-180x180-b369fb96a354ff79099772f368918ad9.png",
"http:\/\/www.vetogate.com\/favicon.ico",
"https:\/\/static3.avast.com\/20180507\/web\/i\/apple-touch-icon-152x152.png",
"https:\/\/img09.zhaopin.cn\/2012\/other\/mobile\/favicons\/android-chrome-192x192.png",
"http:\/\/m.gamer.com.tw\/apple-touch-icon-144x144.png",
"https:\/\/secure.skypeassets.com\/i\/common\/images\/icons\/apple-touch-icon.png",
"https:\/\/isbh.tmgrup.com.tr\/sbh\/site\/v3\/i\/favicon.png",
"http:\/\/static.bfmtv.com\/ressources\/favicon\/site01net\/apple-touch-icon-144x144.png",
"https:\/\/m.bukalapak.com\/_nuxt\/icons\/icon_512.a0wy000y00w.png",
"https:\/\/static.tianyaui.com\/global\/m\/touch\/images\/icons\/apple-touch-icon-114x114.png",
"https:\/\/www.spectrum.net\/favicon.ico",
"https:\/\/www.sakura.ad.jp\/resource\/favicon\/sakura_logo.png",
"https:\/\/manofile.com\/themes\/flow\/frontend_assets\/images\/icons\/favicon\/apple-touch-icon-114x114.png",
"https:\/\/cdn2.jianshu.io\/assets\/apple-touch-icons\/152-bf209460fc1c17bfd3e2b84c8e758bc11ca3e570fd411c3bbd84149b97453b99.png",
"https:\/\/cdns.klimg.com\/dream.co.id\/resources\/m-assets\/img\/apple-touch-icon-152x152-precomposed.png",
"http:\/\/m.cricbuzz.com\/images\/cricbuzz\/coast_cricbuzz_logo.png",
"https:\/\/assets.tumblr.com\/images\/apple-touch-icon-228x228.png?_v=ed8916adbf85271047144d96446117be",
"https:\/\/www.inquirer.net\/inq2016\/icons\/apple-touch-icon-180x180.png",
"https:\/\/m.rambler.ru\/favicons\/android-chrome-192x192.png",
"http:\/\/turnitin.com\/templates\/yoo_katana\/apple_touch_icon.png",
"http:\/\/a.espncdn.com\/wireless\/mw5\/r1\/images\/bookmark-icons-v2\/espn-icon-180x180.png",
"https:\/\/st.deviantart.net\/minish\/widgets\/apple-touch-icon-lg.png",
"https:\/\/startme.com\/assets\/favicons\/favicon-256-d25cfb75f825ddf44161a7f1ae1e689280165b1761771ca0a1d043cb198b0f62.png",
"https:\/\/crptentry.com\/apple-touch-icon-180x180.png?v=1",
"https:\/\/cdn.kastatic.org\/images\/apple-touch-icon-144x144-precomposed.png",
"http:\/\/cdn.seasonvar.ru\/images\/fav\/apple-touch-icon-144x144.png",
"https:\/\/mcss.banggood.com\/default\/images\/icons\/icon-wap192.png",
"https:\/\/www.google.com.mx\/images\/branding\/product_ios\/3x\/gsa_ios_60dp.png",
"https:\/\/www.dmm.com\/images\/general\/apple-touch-icon.png",
"https:\/\/s1.hespress.com\/themes\/hespress_mobile_v2\/\/img\/hespress-apple.png",
"https:\/\/socialblade.com\/apple-touch-icon-180x180.png",
"https:\/\/cdn6.agoda.net\/images\/mobile\/app-new-agoda-logo.png",
"https:\/\/www.google.by\/images\/branding\/product_ios\/3x\/gsa_ios_60dp.png",
"https:\/\/www.startpage.com\/graphics\/favicon\/sp-favicon-196x196.png",
"https:\/\/www.vjav.com\/images\/favicons\/apple-touch-icon.png",
"https:\/\/media1.shmoop.com\/images\/general\/apple-touch-icon-144x144-precomposed.png",
"https:\/\/subhd.com\/images\/favicon-196x196.png",
"https:\/\/static-global-s-msn-com.akamaized.net\/hp-eus\/sc\/fc\/2ba87e.png",
"https:\/\/wow.zamimg.com\/apple-touch-icon.png",
"https:\/\/tblg.k-img.com\/images\/smartphone\/favicon.png?20140320",
"https:\/\/www.xgoo.jp\/img\/goosp_icon_512.png",
"https:\/\/img.zeit.de\/static\/img\/ZO-ipad-114x114.png",
"https:\/\/www.google.it\/images\/branding\/product_ios\/3x\/gsa_ios_60dp.png",
"https:\/\/secure-static.tagged.com\/img\/favicons\/tagged\/favicon-196x196.png?30fd39bf82e7ae143721b4ea2b6d6442e8f205ca024566fd6d176ee2969bf1d8-",
"https:\/\/s1.gismeteo.ua\/static\/v5\/images\/favicons\/android\/default-highres-icon.png",
"https:\/\/www.politico.com\/android-chrome-192x192.png",
"https:\/\/ssl.pstatic.net\/static\/m\/vlive\/mobile\/2018\/04\/24\/android_192x192_xxxhpdi.png",
"https:\/\/o2.t26.net\/image\/touch-icon-iphone-retina.png",
"https:\/\/ir.ebaystatic.com\/pictures\/aw\/pics\/mobile\/images\/apple-touch-icon.png",
"https:\/\/static.mgid.com\/images\/favicon\/mgid-144x144.png?r=15258",
"https:\/\/www.icloud.com\/system\/cloudos\/1807Project44\/cloudos_foundation\/1807Project44\/en-us\/source\/resources\/images\/touch-icon-pad-retina.png",
"https:\/\/screenrant.com\/wp-content\/themes\/screenrant\/images\/sr-touch-icon-144x144.png",
"https:\/\/m.hujiang.com\/images\/icon144.png",
"https:\/\/www.google.com.mm\/images\/branding\/product_ios\/3x\/gsa_ios_60dp.png",
"https:\/\/cdn.vox-cdn.com\/uploads\/chorus_asset\/file\/8991995\/favicon-196x196.0.png",
"https:\/\/www.google.ae\/images\/branding\/product_ios\/3x\/gsa_ios_60dp.png",
"https:\/\/i.kinja-img.com\/gawker-media\/image\/upload\/s---erriNCS--\/c_fill",
"https:\/\/styleguide.znanija.com\/images\/favicons\/znanija\/favicon-hd-a8a566d502.png",
"https:\/\/ru-wotp.wgcdn.co\/static\/5.20.0_770946\/wotp_static\/img\/core\/frontend\/scss\/common\/img\/favicon-192x192.png",
"https:\/\/m.fatosdesconhecidos.com.br\/images\/faviconv2\/android-icon-192x192.png",
"https:\/\/cdn.cnnindonesia.com\/cnnid\/mobile\/images\/logo__cnn.png",
"https:\/\/static.hepsiburada.net\/assets\/sfstatic\/Content\/images\/apple-touch-icon-120x120.png",
"https:\/\/www.blogger.comfavicon\/android-chrome-192x192.png",
"https:\/\/www.google.com.ec\/images\/branding\/product_ios\/3x\/gsa_ios_60dp.png",
"https:\/\/e00-elmundo.uecdn.es\/apple-touch-icon-precomposed.png",
"https:\/\/www.idntimes.com\/assets\/new-icon.png",
"https:\/\/it.altervista.org\/images\/favicon\/apple-touch-icon-152x152.png",
"https:\/\/static-us.24h.com.vn\/images\/m2014\/images\/logo-24h_bookmarks.png",
"http:\/\/www.afreecatv.com\/images\/mobile\/afreeca_mobile.png",
"https:\/\/www.ikea.com\/ext\/ikeagateway\/statics\/apple-touch-icon.png",
"https:\/\/images-eu.ssl-images-amazon.com\/images\/G\/08\/anywhere\/a_smile_196x196._CB368246545_.png",
"https:\/\/www.google.com.ar\/images\/branding\/product_ios\/3x\/gsa_ios_60dp.png",
"https:\/\/www.mozilla.org\/media\/img\/favicon\/favicon-196x196.c80e6abe0767.png",
"https:\/\/static-cache.ua.uaprom.net\/image\/portal\/icons\/favicon.svg?r=cd072736baf8c2957bfc9272153b1002",
"https:\/\/ltn.hitomi.la\/favicon-192x192.png",
"https:\/\/hootsuite.com\/dist\/images\/icons\/apple-touch-icon",
"http:\/\/www.pchome.com.twapple-touch-icon-152.png",
"https:\/\/img.danawa.com\/new\/mdanawa\/img\/ico_danawa_web_114.ico",
"http:\/\/www.euronews.com\/android-chrome-192x192.png",
"https:\/\/www.hulu.com\/static\/hitch\/static\/favicon.ico.png",
"http:\/\/blog.jp\/img\/portal\/lite\/ld_blog.png",
"https:\/\/www.vanguardngr.com\/wp-content\/uploads\/2013\/12\/cropped-vanguardlogo-192x192.png",
"https:\/\/www.livejournal.com\/favicon.ico?v=2",
"https:\/\/steemit.com\/images\/favicons\/favicon-196x196.png",
"https:\/\/www.google.com.af\/images\/branding\/product_ios\/3x\/gsa_ios_60dp.png",
"https:\/\/s.yimg.com\/dh\/ap\/default\/130909\/y_200_a.png",
"https:\/\/www.google.se\/images\/branding\/product_ios\/3x\/gsa_ios_60dp.png",
"https:\/\/images-na.ssl-images-amazon.com\/images\/G\/01\/anywhere\/a_smile_196x196._CB368246573_.png",
"https:\/\/assets.beinsports.com\/3.0.93\/images\/favicon.ico",
"https:\/\/d3ui957tjb5bqd.cloudfront.net\/fav128.png?v5",
"https:\/\/www.intuit.com\/content\/dam\/intuit\/intuitcom\/icons\/favicons\/apple-touch-icon-152x152.png",
"http:\/\/global.oup.com\/system\/images\/favicon-180.png",
"https:\/\/cdn.blog.st-hatena.com\/images\/common\/meta-icon-global.png?version=695328b41f3c476d641267d307b5e6c7e5d31b8f",
"https:\/\/cdns.klimg.com\/kapanlagi.com\/v5\/i\/channel\/apple-touch-icon-152x152-precomposed.png",
"https:\/\/mobile.bet365.comgrfx\/webclip\/114.png",
"https:\/\/c5.patreon.com\/external\/favicon\/apple-touch-icon.png?v=jw6AR4Rg74",
"https:\/\/s.blogsmithmedia.com\/www.aol.com\/assets-h7a53f0c3ac32f7b4dc46b80ee9c06c70\/images\/favicon\/android-chrome-192x192.png?h=c58a2e25108c16c28d0a2c1e554b73a6",
"https:\/\/www.utexas.edu\/apple-touch-icon.png",
"https:\/\/badoo.com\/img\/app-icons\/badoo\/android-chrome-192x192.png?v4",
"https:\/\/bilder.bild.de\/fotos\/bild-de-35605834\/Bild\/3.bild.png",
"http:\/\/dunia21.tv\/wp-content\/themes\/layarkaca21\/images\/favicon-set\/android-icon-192x192.png",
"https:\/\/www.zappos.com\/marty-assets\/1ZTbV-apple-touch-icon-180x180.png",
"https:\/\/coinmarketcap.com\/apple-touch-icon.png",
"https:\/\/www.sap.com\/etc\/designs\/sapdx\/clientlib-generic\/images\/apple-touch-icons\/touch-icon-1024x1024.png",
"https:\/\/pa.tedcdn.com\/apple-touch-icon.png",
"https:\/\/cnet2.cbsistatic.com\/fly\/bundles\/cnetcss\/images\/core\/logo_192.png",
"https:\/\/r.nikkei.com\/.resources\/static\/app\/icons\/favicon-192.rev-1c32ce.png",
"https:\/\/getbootstrap.com\/docs\/4.1\/assets\/img\/favicons\/apple-touch-icon.png",
"https:\/\/www.leo.org\/img\/favicons\/leo-192.png",
"https:\/\/forum.xda-cdn.com\/images\/2015\/favicons\/favicon-196x196.png",
"https:\/\/www.soycarmin.com\/__export\/1507125893000\/sites\/debate\/arte\/soy-carmin\/apps\/precomposed.png_2040392579.png",
"https:\/\/m.so.com\/favicon.png",
"https:\/\/www.stanford.edu\/assets\/favicon\/favicon-196x196.png",
"https:\/\/gu-st.ru\/htdocs\/img\/icon\/iphone\/ico152.png?ver=1.1",
"http:\/\/www.ratemyprofessors.com\/images\/favicon-196.png",
"https:\/\/egy.best\/android-chrome-192x192.png",
"https:\/\/static1.squarespace.com\/static\/561f85f1e4b0f197c394a579\/t\/561f95e0e4b048525fce5946\/favicon.ico",
"https:\/\/s.wp.com\/wp-content\/themes\/vip\/newscorpau-nca\/assets\/dist\/img\/common\/favicon\/apple-touch-icon-180x180.png",
"https:\/\/zmt.itc.cn\/static\/images\/pic\/sohu-logo\/logo-144.png",
"https:\/\/vtv1.mediacdn.vn\/web_images\/vtv192.png",
"https:\/\/media.newjobs.com\/id\/mobile30\/core\/m-touch-icon-144.png",
"https:\/\/hp.imguol.com.br\/c\/home\/layout\/camaleao\/mobile2017\/icon-touch.png",
"https:\/\/www.google.com.sa\/images\/branding\/product_ios\/3x\/gsa_ios_60dp.png",
"https:\/\/www.healthline.com\/hlcmsresource\/images\/frontend-static\/favicon\/apple-touch-icon.png",
"https:\/\/d3rqdbvvokrlbl.cloudfront.net\/areas\/woot\/images\/apple-touch-icon-144x144-precomposed.3.png",
"https:\/\/www.skyscanner.net\/framework\/images\/icons\/android-chrome-192x192.png",
"https:\/\/0.gravatar.com\/blavatar\/653166773dc88127bd3afe0b6dfe5ea7?s=114",
"http:\/\/img1.kakaku.k-img.com\/images\/smartphone\/logo\/apple-touch-icon-precomposed.png",
"https:\/\/s5emagst.akamaized.net\/layout\/ro\/images\/144x144.png",
"https:\/\/assets.publishing.service.gov.uk\/static\/apple-touch-icon-180x180-ea1cbb1cbbeddfff275dfa6e8e46b84cd530892df79dc4882a8f99b802b49a90.png",
"https:\/\/images-static.trustpilot.com\/community\/shared\/web-app-icon-196x196.png",
"https:\/\/www.google.dz\/images\/branding\/product_ios\/3x\/gsa_ios_60dp.png",
"http:\/\/image.donga.com\/mobile\/image\/icon\/donga\/favicon.ico",
"https:\/\/pirateproxy.sh\/mobileproxy\/images\/apple-touch-icon-114x114.png",
"https:\/\/youla.ru\/favicon-196x196.png?v208",
"https:\/\/assetsnffrgf-a.akamaihd.net\/themes\/content-theme\/images\/icon_homeButton.png",
"https:\/\/cdn.brilio.net\/static\/m\/assets\/img\/favicon.png",
"https:\/\/s.yimg.com\/pw\/apple-touch-icon.png",
"https:\/\/cdn.evbstatic.com\/s3-build\/perm_001\/e04503\/django\/images\/favicons\/favicon-194x194.png",
"http:\/\/ui.crackedcdn.com\/favicon-196x196.png",
"https:\/\/www2.grouponcdn.com\/layout\/assets\/grpn-apple-touch-icon-e6b3bc0d95.png",
"https:\/\/rwm.ltwebstatic.com\/rwm_dist\/images\/touch-icon-ipad-144-204b4c56d1.png",
"https:\/\/www.pcmag.com\/android-chrome-192x192.png",
"https:\/\/www.unam.mx\/sites\/all\/themes\/unam\/apple_icon.png",
"https:\/\/m2.daumcdn.net\/deco\/comics\/mtop\/webicon\/i120x120_201611041636.png",
"https:\/\/www.upwork.com\/static\/marketing\/adquiro-assetic\/20b2dd7\/apple-touch-icon.png",
"http:\/\/s1.softpedia-static.com\/_img\/favicon_512.png?2015",
"https:\/\/asset.kompas.com\/data\/2017\/mobile\/images\/apple-touch-icon.png",
"https:\/\/www.google.com.vn\/images\/branding\/product_ios\/3x\/gsa_ios_60dp.png",
"https:\/\/public-assets.envato-static.com\/icons\/themeforest.net\/apple-touch-icon-144x144-precomposed.png",
"https:\/\/cdns.klimg.com\/merdeka.com\/media\/i\/a\/apple\/apple-touch-icon.png",
"https:\/\/www.wikihow.com\/skins\/WikiHow\/wH-initials_152x152.png",
"https:\/\/www.ixl.com\/ixl-favicon.png",
"https:\/\/m.media-amazon.com\/images\/G\/01\/imdb\/images\/mobile\/android-mobile-196x196-1358942022._CB499613265_.png",
"https:\/\/www.google.hu\/images\/branding\/product_ios\/3x\/gsa_ios_60dp.png",
"https:\/\/b.zmtcdn.com\/images\/logo\/zomato_favicon5.png",
"https:\/\/e-cdns-files.dzcdn.net\/cache\/images\/common\/favicon\/favicon-196x196.222c146b8a8155fed8f1150971dbfbd1.png",
"https:\/\/www.collinsdictionary.com\/apple-touch-icon.png",
"https:\/\/img.toi.de\/mo\/apple-touch-icon-114-114.png",
"https:\/\/zi.media\/images\/favicon.png?20180426v2",
"https:\/\/www.google.com.ua\/images\/branding\/product_ios\/3x\/gsa_ios_60dp.png",
"https:\/\/www.wattpad.com\/image\/icon_152.png",
"https:\/\/i2.sdlcdn.com\/static\/mobile\/img\/mobile\/mobileviews\/SDiconNew.png",
"http:\/\/static.bbci.co.uk\/wwhp\/1.123.289\/responsive\/img\/apple-touch\/apple-touch-180.jpg",
"https:\/\/s.discogs.com\/images\/apple-touch-icon-precomposed.png",
"https:\/\/i.kinja-img.com\/gawker-media\/image\/upload\/s--OqAhAoNZ--\/c_fill",
"https:\/\/static.npmjs.com\/1996fcfdf7ca81ea795f67f093d7f449.png",
"https:\/\/www.docusign.com\/sites\/all\/themes\/custom\/docusign\/favicons\/android-chrome-192x192.png",
"https:\/\/images2.gazzettaobjects.it\/favicon.ico?v=20150119140009",
"http:\/\/kenh14cdn.com\/channel-icon\/kenh14-192.png",
"https:\/\/static.leboncoin.fr\/img\/favicon-beta-touch.png",
"https:\/\/secure.gravatar.com\/blavatar\/0d8531262d92570876b84bba1cbad7f7?s=114",
"https:\/\/basecamp.com\/favicon.ico",
"https:\/\/cdnwp.global.ssl.fastly.net\/assets\/favicon-afcf7f1ff6dd5b7bd16fdff6c809867dc635b343eaccaebb8da8d376769a6601.ico",
"https:\/\/www.nasa.gov\/sites\/all\/themes\/custom\/nasatwo\/images\/apple-touch-icon-152x152.png",
"https:\/\/m.newegg.com\/content\/usa\/en\/link\/logo_180x180.13525.png",
"https:\/\/www.heise.de\/icons\/ho\/apple-touch-icon-152.png",
"http:\/\/static.emol.cl\/emol50\/img\/movil\/emol_App_Web_2.png",
"https:\/\/gp.58cdn.com.cn\/global\/index\/icon58b.png",
"https:\/\/static.naukimg.com\/s\/5\/135\/i\/appLaucherIcon\/iOS"
],
"crc32": "7AFC215F",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/e9fbe569ec91fdaa_activity-stream.tippytop.json",
"ssdeep": null,
"size": 97960,
"sha512": "45f747db0c9654488ec432a8a7f7d3eefdf4e0246df3323f12b5f92a2e8f0aeab2081be381cc4844e6bd109dafe38e5e67755a21a647b2d0e6e5b37630fe4405",
"pids": [],
"md5": "a66832500baf2801a1ff318fee27b32b"
},
{
"yara": [],
"sha1": "2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a",
"name": "b1442e85b03bdcaf_trans[1].gif",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\trans[1].gif",
"type": "GIF image data, version 89a, 1 x 1",
"sha256": "b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b",
"urls": [],
"crc32": "9ACCEAB1",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/b1442e85b03bdcaf_trans[1].gif",
"ssdeep": null,
"size": 43,
"sha512": "717ea0ff7f3f624c268eccb244e24ec1305ab21557abb3d6f1a7e183ff68a2d28f13d1d2af926c9ef6d1fb16dd8cbe34cd98cacf79091dddc7874dcee21ecfdc",
"pids": [],
"md5": "325472601571f31e1bf00674c368d335"
},
{
"yara": [],
"sha1": "56ea8ebed28a97312563e4813b49a377ea50e9d9",
"name": "97851990e841b08b_1FD79E550E990A5DE8BC811C9BBECF380A66A9DF",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\1FD79E550E990A5DE8BC811C9BBECF380A66A9DF",
"type": "data",
"sha256": "97851990e841b08b01a141a75e1b53311736521179b27f1b288e1d992c2d4329",
"urls": [
"http:\/\/ocsp.digicert.com\/"
],
"crc32": "56DAEF6D",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/97851990e841b08b_1FD79E550E990A5DE8BC811C9BBECF380A66A9DF",
"ssdeep": null,
"size": 1306,
"sha512": "bf18c11dd73004be64daad80b8e6a06be59d2234e481737f75cbba929e94f21046c5aa3bcb11cf61a97ebbfc3beb58ee25c05c428281374388d12f08dfb1c6b7",
"pids": [],
"md5": "4067b8fe55d39ec6330ae68f4c84e946"
},
{
"yara": [],
"sha1": "755ff3a5a8e1955141cf8f45885f86415738c52b",
"name": "00dce01845d833ef_goog-downloadwhite-proto.pset",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-downloadwhite-proto.pset",
"type": "data",
"sha256": "00dce01845d833eff11f38b41499714ee6d3d1b343473c2686dc830cf5297fbe",
"urls": [],
"crc32": "751FD1F8",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/00dce01845d833ef_goog-downloadwhite-proto.pset",
"ssdeep": null,
"size": 15993,
"sha512": "97653f98f1be95fdbbd156676792daa5f2ae3eb1d9cc6248e1c8f6eb1b74a025ce44d8e58a202c549e2e7f9de0ded9881ac17e1b3352dd336db7883b8b2e373e",
"pids": [],
"md5": "16c5aee35e9d1fd0e735cfbef142be20"
},
{
"yara": [],
"sha1": "830e9f7e53dcd059d7a15f261f4cf6f9f0db42ea",
"name": "4f30357ba7ea87d1_EAF97F7535E2FBDA3D23E536591F7BBFE203FAC1",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\EAF97F7535E2FBDA3D23E536591F7BBFE203FAC1",
"type": "data",
"sha256": "4f30357ba7ea87d1022ae47816bfb804f9937a248a8335acda34981af12a9eff",
"urls": [
"https:\/\/www.google.com\/gen_204?atyp=i"
],
"crc32": "9F51F758",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/4f30357ba7ea87d1_EAF97F7535E2FBDA3D23E536591F7BBFE203FAC1",
"ssdeep": null,
"size": 6894,
"sha512": "aecb7db496fe9b7519a2366866817bb1ea36d978dbf89bafbc3204622a9d98ae381184c512b64bcaad1b182b7d63e0679e128d3f52f1cf2ca420dd47b0271cae",
"pids": [],
"md5": "acd1388c772ba8dbfdd0905d01bffbee"
},
{
"yara": [],
"sha1": "a84663627ca56f499a18cb8df5d3114202a28035",
"name": "80a0709c41905e30_16114BA75206B6FA4C51ADC8A73DB4C6635F6AF9",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\16114BA75206B6FA4C51ADC8A73DB4C6635F6AF9",
"type": "data",
"sha256": "80a0709c41905e309f5abc6422eaeb59e895031a792383ce83717c4e0e4e790a",
"urls": [
"https:\/\/www.mozilla.org\/media\/fonts\/opensans-bold.5cf854f3d1c0.woff2",
"https:\/\/report-uri.cloudflare.com\/cdn-cgi\/beacon\/expect-ct"
],
"crc32": "C681C8F5",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/80a0709c41905e30_16114BA75206B6FA4C51ADC8A73DB4C6635F6AF9",
"ssdeep": null,
"size": 62755,
"sha512": "fc0fcee56a1b072a16a4ddd3b2e8ced19340925ef8271ff37016d0dafccec05a2acbc2a8a3b9aed8c92a247597e54350929149782d72689e0513a33e0aa39eae",
"pids": [],
"md5": "8dec1b53477d5fc566bc509fa8da3c45"
},
{
"yara": [],
"sha1": "590a59c121e61baad2a047bbaa4bfa02a6c0cf33",
"name": "1c8f499f11a30a1f_54EF37D18C4E81EE554527CBAE4A41871ECA817A",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\54EF37D18C4E81EE554527CBAE4A41871ECA817A",
"type": "data",
"sha256": "1c8f499f11a30a1fcebaa825d03a1b60d90e290af65b5076b4cbdc4a00766473",
"urls": [
"https:\/\/www.google.com\/gen_204?s=webaft"
],
"crc32": "71F8CD83",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/1c8f499f11a30a1f_54EF37D18C4E81EE554527CBAE4A41871ECA817A",
"ssdeep": null,
"size": 6874,
"sha512": "936c1d9cba8c20dd0a85aa679f19f6c35eb7dcb80b90ea95b8b95c8a3b6833ed6a9588216dfee71189d9c94d6d8baa8d1b28f878f42c6725b754f8e73acaf476",
"pids": [],
"md5": "a261c68b624b6581a346796f0e11ec51"
},
{
"yara": [],
"sha1": "9c5d17a573fe2dc2acb2729381bc777c9c8474a3",
"name": "efd678cbfa67bbd3_BBih5H[1].png",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\BBih5H[1].png",
"type": "PNG image data, 30 x 30, 8-bit\/color RGBA, non-interlaced",
"sha256": "efd678cbfa67bbd38dcf9bfbdba90804ea2425b93f0a7447daca21f9ecccd458",
"urls": [],
"crc32": "0A98CD26",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/efd678cbfa67bbd3_BBih5H[1].png",
"ssdeep": null,
"size": 930,
"sha512": "5fdd9593498d0c5c479ceb7cd51ce39f47f27a7eca75d66372e9f633c5d35ac5350b6d3dbd5f3830c2f2a45e53c80340d2b3502a48cf0051d02eb13c844786ca",
"pids": [],
"md5": "f1aeb21b524de2509415284bb45c9d1b"
},
{
"yara": [],
"sha1": "c48f3cd310af69c1a704dd75d834e19d06016e97",
"name": "e9fd812cc908f733_AAyGF0V[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\AAyGF0V[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 300x194, frames 3",
"sha256": "e9fd812cc908f733e8d2fcb55c2513c1c28f85e5be208e3852f99af5704da029",
"urls": [],
"crc32": "E215A634",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/e9fd812cc908f733_AAyGF0V[1].jpg",
"ssdeep": null,
"size": 4361,
"sha512": "1af7c3a09d234f1084cbcdd9e93ef7cd746b95eba9ba80e39ad16f20fed5b586eaf810c6e6eb30f0df59b254fca2fdcf0b9eae27f55a7197448d4c9d618c65e9",
"pids": [],
"md5": "468080445bfd5f98bd28927815893090"
},
{
"yara": [],
"sha1": "fc5360f55fe275502cd426ee963cc040b8d32d2c",
"name": "d3dc51d4a65da7f3_0C2824F70ADF87E5071FE4771AF36357A5500643",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\0C2824F70ADF87E5071FE4771AF36357A5500643",
"type": "data",
"sha256": "d3dc51d4a65da7f317f202b783f780c2a1bc3fba4bc6b58a3d49d7d7cf952646",
"urls": [
"https:\/\/accounts.firefox.com\/?action=email",
"https:\/\/www.mozilla.org\/media\/css\/BUNDLES\/firefox_firstrun_quantum.377f6df2a79c.css",
"https:\/\/www.google-analytics.com\/plugins\/ua\/linkid.js",
"https:\/\/www.mozilla.org\/media\/img\/firefox\/firstrun\/sync\/sync-devices-icons-anim.b1539dd40ed3.svg",
"https:\/\/www.mozilla.org\/media\/js\/BUNDLES\/site.8391e739b374.js",
"https:\/\/www.mozilla.org\/media\/img\/firefox\/template\/page-image.4b108ed0b8d8.png",
"https:\/\/www.mozilla.org\/media\/js\/BUNDLES\/firefox_firstrun_quantum.d1700ebe473a.js",
"https:\/\/bugzilla.mozilla.org\/show_bug.cgi?id=1122305",
"https:\/\/www.googletagmanager.com\/gtm.js?id=GTM-MW3R8V",
"https:\/\/accounts.firefox.com\/",
"https:\/\/www.mozilla.org\/media\/js\/BUNDLES\/common.945cfb8770ab.js",
"https:\/\/report-uri.cloudflare.com\/cdn-cgi\/beacon\/expect-ct",
"https:\/\/www.mozilla.org\/sv-SE\/firefox\/",
"https:\/\/www.google-analytics.com\/analytics.js",
"https:\/\/accounts.firefox.com.cn\/",
"https:\/\/www.mozilla.org\/media\/img\/logos\/firefox\/logo-quantum.9c5e96634f92.png",
"https:\/\/careers.mozilla.org",
"https:\/\/www.mozilla.org\/sv-SE\/firefox\/60.0.2\/firstrun\/",
"https:\/\/www.mozilla.org\/media\/js\/BUNDLES\/gtm-snippet.9f9cf2026c5f.js",
"https:\/\/mozilla.org\/set_hsts.gif",
"https:\/\/www.mozilla.org\/contribute",
"https:\/\/www.mozilla.org\/media\/img\/firefox\/firstrun\/fox-tail-header.075d5293f79a.png",
"https:\/\/www.mozilla.org\/media\/js\/BUNDLES\/stub-attribution.157168bbb235.js",
"https:\/\/www.mozilla.org\/media\/fonts\/FiraSans-Light.3940026cbaf9.woff2"
],
"crc32": "BCB36353",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/d3dc51d4a65da7f3_0C2824F70ADF87E5071FE4771AF36357A5500643",
"ssdeep": null,
"size": 21073,
"sha512": "2ee81e6c0aab789075b405ddcbfa9594725bd1f3f5148692b94c9b24b3c932a5e3b90eb52bb6d88028c7a58da0befe681bd331b407fec54d0939e1030f8947a9",
"pids": [],
"md5": "bcdc58ac9192926b1c4cf0148aba730b"
},
{
"yara": [],
"sha1": "cfa8f9525958deacd241b9877d17dc3335fb0d85",
"name": "3c83ec025c0a1e36_AAyHSTw[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\AAyHSTw[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 310x166, frames 3",
"sha256": "3c83ec025c0a1e36ab5b39e44c8ce01baf66a84b57d3f9e4e0dbb0ecf7432aa4",
"urls": [],
"crc32": "356F26E6",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/3c83ec025c0a1e36_AAyHSTw[1].jpg",
"ssdeep": null,
"size": 9893,
"sha512": "365bf7366d50be3f3855da0fac4eefbf80bea2054de3b95c9d0381ceb0854169ece7c9cddefb4d0b39b7962270c3fe8609e3f2f58fee8aef1379242bd37206bc",
"pids": [],
"md5": "d5058a385e641821df62e5ad78300620"
},
{
"yara": [],
"sha1": "112204d4de4fcef218b23373a1ad237ef8eb98a8",
"name": "1f613a7df3ace5e1_YRFEtcu.dll",
"filepath": "C:\\Windows\\YRFEtcu.dll",
"type": "ASCII text, with no line terminators",
"sha256": "1f613a7df3ace5e1b473344e5e9caa780f926d28ded64e4f68d732ab01200c84",
"urls": [],
"crc32": "76EF4106",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/1f613a7df3ace5e1_YRFEtcu.dll",
"ssdeep": null,
"size": 12,
"sha512": "33217db74f39ea3bc4c53dad0ffa22f48ffb148a7ec380f0aa059e94d915c3217d2ae4fea151a31aa32990a843de23b3a3a9024e4153e79f2e75fb145aeb22b3",
"pids": [
816
],
"md5": "2e8c0f43bf98fca17979cc9e265353cd"
},
{
"yara": [],
"sha1": "4d88a6c28bc597a47ed9ed85f211d572d5921c18",
"name": "dd898378c3a4f7eb_C9BC79B1EF4DD1EF133FEDF6433E235214534AB1",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\C9BC79B1EF4DD1EF133FEDF6433E235214534AB1",
"type": "data",
"sha256": "dd898378c3a4f7eb12cfef93f1ffed3ecf0eafada1eb475b74438c7f1c0f3aee",
"urls": [
"http:\/\/ocsp.pki.goog\/GTSGIAG3"
],
"crc32": "2F95B9CE",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/dd898378c3a4f7eb_C9BC79B1EF4DD1EF133FEDF6433E235214534AB1",
"ssdeep": null,
"size": 1150,
"sha512": "2b4fa3a571b10ab32862808dc6099a8887e60d0cbd5b3c6c315b5194b47a08795e7c73092608fb01ebec238a281f15ff378119b7fd0d98ba78dcac64d0e258b1",
"pids": [],
"md5": "c16b8c16c475b0f3189606f97c34e1ba"
},
{
"yara": [],
"sha1": "328e472721a93345801ed5533240eac2d1f8498c",
"name": "6d8ba81d1b60a187_set_hsts[1].gif",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\set_hsts[1].gif",
"type": "GIF image data, version 89a, 1 x 1",
"sha256": "6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93",
"urls": [],
"crc32": "AC0633C4",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/6d8ba81d1b60a187_set_hsts[1].gif",
"ssdeep": null,
"size": 42,
"sha512": "202612457d9042fe853daab3ddcc1f0f960c5ffdbe8462fa435713e4d1d85ff0c3f197daf8dba15bda9f5266d7e1f9ecaeee045cbc156a4892d2f931fe6fa1bb",
"pids": [],
"md5": "b4682377ddfbe4e7dabfddb2e543e842"
},
{
"yara": [],
"sha1": "a6f4a7838507d7cbeb9ca22cb77b5d2346eb1a9e",
"name": "b964bf0199c0b9f5_AAyin2O[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\AAyin2O[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x194, frames 3",
"sha256": "b964bf0199c0b9f5c30f9e8a43ee427f8d57f4e8465783bc9ef8da9119cd2ca8",
"urls": [],
"crc32": "17266565",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/b964bf0199c0b9f5_AAyin2O[1].jpg",
"ssdeep": null,
"size": 8872,
"sha512": "03af54e2758633a5d7ad6fad9ebc2ab34eea0b97540d6db034dab3422843ef681c3202178af784be1ef8dbae7fa8554e910db79241223e78a3ab2eac2ba2c52d",
"pids": [],
"md5": "0c919df5e0e75f9ffc79390e9caf8b0d"
},
{
"yara": [],
"sha1": "d6163899f91ee839f5e58f8b83bf8bcb9c1a415f",
"name": "68bcfc1db35e5bd8_A9970A5D52CA09C13D9BD1531BCA7CF8B73E283E",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\A9970A5D52CA09C13D9BD1531BCA7CF8B73E283E",
"type": "data",
"sha256": "68bcfc1db35e5bd84617826b6faa2caa5c2222dcf410339676847c01ba85c34c",
"urls": [
"https:\/\/www.google.com\/gen_204?atyp=i"
],
"crc32": "396C602C",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/68bcfc1db35e5bd8_A9970A5D52CA09C13D9BD1531BCA7CF8B73E283E",
"ssdeep": null,
"size": 6896,
"sha512": "a25573647e4eca13027d2c567cfa73f0e650cdfe7ed40f39ea129d151e022c0a0799540fe8d84e4ddd9ae118ea724dc65b0d8e964a7dea0f627a17737ecdc181",
"pids": [],
"md5": "ad7e729e40fa1b7849c4a0b736644914"
},
{
"yara": [],
"sha1": "3a4d9333fdbdd3a9a065a1d423ef4e33d1cb9201",
"name": "901e9314521820e8_index.sqlite",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\OfflineCache\\index.sqlite",
"type": "SQLite 3.x database",
"sha256": "901e9314521820e81e92fedc01addf07ecd32df6d1b0356e475de74e7c8bcc47",
"urls": [],
"crc32": "DCCCF3BB",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/901e9314521820e8_index.sqlite",
"ssdeep": null,
"size": 262144,
"sha512": "39806caa9da5f42c03f9a62f2064344676645fa0a9d46c4a9c399267e39a00085ae13f2fdc3eb493af597614dd21df83a3e61d8e3c587383112dca0d503b9249",
"pids": [],
"md5": "90b2dceeb9ddaf443ca5dd083d2e2a26"
},
{
"yara": [],
"sha1": "f5ea870690fd657db23dfbcb7fad3c58a74b94d3",
"name": "1309332af911d445_BBpDwny[1].png",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\BBpDwny[1].png",
"type": "PNG image data, 16 x 16, 8-bit\/color RGBA, non-interlaced",
"sha256": "1309332af911d44506a06d8d2911dbbdb1602f05d3bd78599f4d6909702dc9fb",
"urls": [],
"crc32": "C1E4AB2F",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/1309332af911d445_BBpDwny[1].png",
"ssdeep": null,
"size": 475,
"sha512": "a6272a9cd5da492bad9b59dfc612a3c0274665b3040b832ec1c1f4495a592f2809c7a83c6a115b9cc59a0d4ed734b0b34dc2e14322ada2bd00db5bed1880690d",
"pids": [],
"md5": "fd5fb7e2a7b4ffec410ef2787b633a10"
},
{
"yara": [],
"sha1": "5ad68c8324c556e6e7cdcd7905b4655f7a4704f1",
"name": "0226920055c60bef_urlCache.bin",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\urlCache.bin",
"type": "data",
"sha256": "0226920055c60befc05b14bae56ef8e5c6fc6926edd455a0a5499da60ca53464",
"urls": [],
"crc32": "F2026C5E",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/0226920055c60bef_urlCache.bin",
"ssdeep": null,
"size": 3301,
"sha512": "268cf65554ead8648a0971f526cf97956eb3fdd3346c6775637728b37fc46b446993d13dbc5f5caeeda7f565fafe52c93b026839cf27be5001f22460dc214b81",
"pids": [],
"md5": "f3a3076d922bb3acc9ff08db7fb66fea"
},
{
"yara": [],
"sha1": "a857b3fc77ba9944bd1f610aab5835eeb27f09e6",
"name": "eb511899e7b87e64_2F8B15C93D75669CC70EBF85BF71871359837EAF",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2F8B15C93D75669CC70EBF85BF71871359837EAF",
"type": "JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 144x144, frames 3",
"sha256": "eb511899e7b87e6483132a35265eb0073e16bbf0ece66157aeeaed61866293a4",
"urls": [
"https:\/\/pbs.twimg.com\/card_img\/1005525064719196162\/KdesZJ2d?format=jpg"
],
"crc32": "479E9907",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/eb511899e7b87e64_2F8B15C93D75669CC70EBF85BF71871359837EAF",
"ssdeep": null,
"size": 14003,
"sha512": "4ce60f5faa0a8b3e99a7d669a6740bcd5c47dca4e5ac6e469397b107f73214d06e5e207c2c1f71a49c20d205363258f25ede3504ffe53d26abb29363a2332451",
"pids": [],
"md5": "1811a3d25869b81ce05042f03788d7c6"
},
{
"yara": [],
"sha1": "a75a92422818c2aeedd6478031a91352bf9521f5",
"name": "1211db132dc51979_goog-downloadwhite-proto.metadata",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-downloadwhite-proto.metadata",
"type": "data",
"sha256": "1211db132dc519792e8fcd0d7142f04ed1e342133c5bac414efae7a6ccf3d1a3",
"urls": [],
"crc32": "45AB169C",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/1211db132dc51979_goog-downloadwhite-proto.metadata",
"ssdeep": null,
"size": 65,
"sha512": "7283aaa795c081d80c00dadd7331800558352dae07f9c27cc2c89e9540969da2450749726e76f7feb88afc621b240289af91b727ced0b697791fdeadf66357f9",
"pids": [],
"md5": "831cbf3edba160742da613fa2ea71a06"
},
{
"yara": [],
"sha1": "1ada48c86f1e9a4f82457d33d1740d263d706b7f",
"name": "dc66c5190b298e58_345843dc[1].js",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\345843dc[1].js",
"type": "ASCII text, with very long lines, with no line terminators",
"sha256": "dc66c5190b298e586827d819e2481359d6abeac2c4b8b0b20c4964f8dbce4219",
"urls": [],
"crc32": "6204AB60",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/dc66c5190b298e58_345843dc[1].js",
"ssdeep": null,
"size": 1299,
"sha512": "2b839e82dcbf344408495e1efcb02f8809303128af708778fc3bbbd1724823d13c8ecc044e6e95bb56934246fdd4bbaffca5b3296ca505e1bb958f511e4f9117",
"pids": [],
"md5": "53e6bda7464b1114e437edd925b2f5eb"
},
{
"yara": [],
"sha1": "495d7f78e04daa348a5c89d27a78a8a411faaa2a",
"name": "debf4a9c6a02ca70_BBtjihq[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\BBtjihq[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 100x75, frames 3",
"sha256": "debf4a9c6a02ca701129b90f7b92840494dc0bf8df8d081998a7df6e7d43c036",
"urls": [],
"crc32": "3ACC6C8D",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/debf4a9c6a02ca70_BBtjihq[1].jpg",
"ssdeep": null,
"size": 2151,
"sha512": "8800a94d82057bae12386e0207ed21c4672d524dfc33951c35adc9e802818e755f35552ca58a147d373e96cb2ba5958e4509855d47575a666c698a5aa260da57",
"pids": [],
"md5": "4dc1128e2f4cb3da83f45196b6fa1e3f"
},
{
"yara": [],
"sha1": "1c61f1676ed4215afbbcf26e62778305f4ab78a4",
"name": "1d7cb2dbcc79cb46_site.8391e739b374[1].js",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\site.8391e739b374[1].js",
"type": "ASCII text, with very long lines, with no line terminators",
"sha256": "1d7cb2dbcc79cb465195b60b14303bfad1f5652c359a289f4c605b0cac30760c",
"urls": [],
"crc32": "3B2D18AF",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/1d7cb2dbcc79cb46_site.8391e739b374[1].js",
"ssdeep": null,
"size": 4758,
"sha512": "011ea71c1333367605e09d63590fe28536385bc7b0ad7fa40225564446afe0bc26893b72f56b2186c572a9ac74cd7e07997c9c980beae61c1bd9c1f02a09f010",
"pids": [],
"md5": "8391e739b3748113430c567004c368e3"
},
{
"yara": [],
"sha1": "311378fabaf83f1390203b8297edf48d013444a0",
"name": "ba18864a620c736d_AAvNAS3[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\AAvNAS3[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 100x75, frames 3",
"sha256": "ba18864a620c736d73aabc2f523ca2d4db72476cff85a8d6149a2b27e5965047",
"urls": [],
"crc32": "0CB270C6",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/ba18864a620c736d_AAvNAS3[1].jpg",
"ssdeep": null,
"size": 1815,
"sha512": "ba2bb163cc96cb61700cfbae80ee523ff4d1f3a8db730b191551236935fcc2ee317041198c537ef3e9ec4f592ee29c2c5bc3b75b07553ce371c55b59fe9b5f0b",
"pids": [],
"md5": "691632edd718a389ad7986dee830f937"
},
{
"yara": [],
"sha1": "b18020f162dece51251489be269db7629a223fcd",
"name": "4cfabcfdbec9a5cd_btn-app-store.1cfd5dba4a92[1].svg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\btn-app-store.1cfd5dba4a92[1].svg",
"type": "SVG Scalable Vector Graphics image",
"sha256": "4cfabcfdbec9a5cd903190f150028743f38c3533b53ea21c6e4dd35a52a80383",
"urls": [],
"crc32": "B8775715",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/4cfabcfdbec9a5cd_btn-app-store.1cfd5dba4a92[1].svg",
"ssdeep": null,
"size": 12224,
"sha512": "2da8474456bfdbfdcda58ece8fe623886c494b745655bb955175557b446c72c3c7c7f21ef09a8dd9bb0191eaf30aff606bcdd62d40701a6678fe384b139ce251",
"pids": [],
"md5": "1cfd5dba4a9210bcf77f5dbe48ec2e66"
},
{
"yara": [],
"sha1": "8dba7fc8355bc8bea167ebd34dac6390b15cba5c",
"name": "864da1341a989b14_EE34617993BEF52E93EC1819B22D42B99366214A",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\EE34617993BEF52E93EC1819B22D42B99366214A",
"type": "data",
"sha256": "864da1341a989b14267aa9cf68ca16a610a7fa74853937e29a5cce6a8300208c",
"urls": [
"http:\/\/ocsp.digicert.com\/"
],
"crc32": "C7BE9FFC",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/864da1341a989b14_EE34617993BEF52E93EC1819B22D42B99366214A",
"ssdeep": null,
"size": 1302,
"sha512": "2cb120176611680902cf8d15106e0d8e78e021dd90878a01173b35db3c0d1818021a5c241b3eab023b9bb23c7302e378cde60bc390a587a81ff08fda56ab5a70",
"pids": [],
"md5": "db1d5726b34d8e8694c6c30c592e0825"
},
{
"yara": [],
"sha1": "6032301abfb72c731922b0625731399dcbbff761",
"name": "9be274d79a74acb8_46E3AF25E304979396708B69DA68563169275511",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\46E3AF25E304979396708B69DA68563169275511",
"type": "gzip compressed data, last modified: Thu Jun 14 20:33:34 2018, from Unix",
"sha256": "9be274d79a74acb84b034efa0feb99e6704d67b1d928376a894f2c3276189201",
"urls": [
"https:\/\/platform.twitter.com\/widgets\/widget_iframe.c5b006ac082bc92aa829181b9ce63af1.html?origin=https%3A%2F%2Fwww.python.org"
],
"crc32": "31666006",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/9be274d79a74acb8_46E3AF25E304979396708B69DA68563169275511",
"ssdeep": null,
"size": 15063,
"sha512": "44fc99b9c0ced91a48e37eb01059a595a165c97d20bfc399a4efe16589a38f0671f772c020058220dc4808c0bc0e025b7e5e209b81865c3ce7b9c62548d12c13",
"pids": [],
"md5": "d05773f423bd128cb1bcf627f0bb73c7"
},
{
"yara": [],
"sha1": "3836ff1e4f36ba4ab88a18214a69a0aa889e675e",
"name": "3e05e54695fa7442_1AB027184D2B00AF60C1FC40EDE4333DEACDB184",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\1AB027184D2B00AF60C1FC40EDE4333DEACDB184",
"type": "JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 144x144, frames 3",
"sha256": "3e05e54695fa74424103cd6b49820cf7a3cddb67ca2817e3800186f162005cfd",
"urls": [
"https:\/\/pbs.twimg.com\/card_img\/1006914535314395136\/Zz1USh3Z?format=jpg"
],
"crc32": "04CDDB6B",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/3e05e54695fa7442_1AB027184D2B00AF60C1FC40EDE4333DEACDB184",
"ssdeep": null,
"size": 11243,
"sha512": "1b496399acb68e84533942feaa1ecaac36c4bcc5469f17005a004bc9c8b10e15b0f8e8379c7817f3cdeaaa79935f9855b399698ceb7b88925f584e702560940b",
"pids": [],
"md5": "89dee1499d40c92636e9d7465db9a85f"
},
{
"yara": [],
"sha1": "0a07a72962a84cf12fcdc0cf5489e34ec7b8cb61",
"name": "08a347a43df085a9_BB44T8g[1].png",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\BB44T8g[1].png",
"type": "PNG image data, 16 x 16, 8-bit\/color RGBA, non-interlaced",
"sha256": "08a347a43df085a9e58d45f7e09f569ac1a48fac015de6a8f703823dad56fb93",
"urls": [],
"crc32": "B133EB8C",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/08a347a43df085a9_BB44T8g[1].png",
"ssdeep": null,
"size": 708,
"sha512": "c637c1cdf087037a9a668fde9a238c08ef9c69e9f47407910f99e427926004639e30534af5be650cf40db6b9e156bc7c475fb031833f0b7f7d6f610c42a4bd28",
"pids": [],
"md5": "63d2702b2e74b573200f33aedbadcd5e"
},
{
"yara": [],
"sha1": "078f53cc2f03aaa9bab9e0423e01b4d11f0dcbe6",
"name": "927a7d98e120b9ed_950506BC89C1114E4E75E993855000430CECD9D9",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\950506BC89C1114E4E75E993855000430CECD9D9",
"type": "data",
"sha256": "927a7d98e120b9ed6245ce436fa64ecc621106552e1c6e61f5b37e0cf21f2b52",
"urls": [
"https:\/\/www.google.com\/complete\/search?client=firefox"
],
"crc32": "16F60AB4",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/927a7d98e120b9ed_950506BC89C1114E4E75E993855000430CECD9D9",
"ssdeep": null,
"size": 7008,
"sha512": "75f46e8f0533491e2b19abf9a7918d36412f005e7a8e293b03ade9289e4b9d361f7123f62bb7dc044f43796961043449e5c0b0c106ffc4b2a76d5ef5e37952c7",
"pids": [],
"md5": "5cd85463307668c0118d7eddcbb8ca16"
},
{
"yara": [],
"sha1": "a99814b64a9d81a69359d827a7f0ad9b1bb0f833",
"name": "18e50bf165c72336_wave.6e6e5026bcc9[1].svg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\wave.6e6e5026bcc9[1].svg",
"type": "ASCII text, with very long lines",
"sha256": "18e50bf165c723366226b250a1fd850c906cbaaf45d21064a58cdcb209ee583f",
"urls": [],
"crc32": "D1467722",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/18e50bf165c72336_wave.6e6e5026bcc9[1].svg",
"ssdeep": null,
"size": 472,
"sha512": "430f9e762101f664a1e77220914b892fe98214ebd63e9a7bad1a655fee0c00190f08610fe5285064243385c4c9a89e91b701736dc19bb7f532224a0baeef4956",
"pids": [],
"md5": "6e6e5026bcc95685fe9dd6eb383fd160"
},
{
"yara": [],
"sha1": "bc06a6b44efc1a1df88f3cc51aaaa091d7c7292a",
"name": "d2632c49d1237b40_AAyHsSF[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\AAyHsSF[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 310x166, frames 3",
"sha256": "d2632c49d1237b4003583663261fecdf142a8862a37ea76de8dbc499e847c239",
"urls": [],
"crc32": "04F03C1F",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/d2632c49d1237b40_AAyHsSF[1].jpg",
"ssdeep": null,
"size": 9619,
"sha512": "e2e7b643c6850d7cdc37aec25e796037863f4cfc930078248f06179e3ad92f8ea07021840c252f047a712435d17272ec743f8c82fb8b3acd12bfebcddc80f481",
"pids": [],
"md5": "de451431dc557e0f83467ff1084cbf66"
},
{
"yara": [],
"sha1": "2e33ed81cb0e0a8b81a8c140af0ecfd4d8fdf55c",
"name": "1aedd6a63d833c2a_eLW8Bgf+jWqmmQuXh0IceA==.ico",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\jumpListCache\\eLW8Bgf+jWqmmQuXh0IceA==.ico",
"type": "MS Windows icon resource - 1 icon, 144x144",
"sha256": "1aedd6a63d833c2a81fabf8882a7965c19a11c2eb1ba3943b6df760a5c43a471",
"urls": [],
"crc32": "73F6CE57",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/1aedd6a63d833c2a_eLW8Bgf+jWqmmQuXh0IceA==.ico",
"ssdeep": null,
"size": 7311,
"sha512": "45afc147c88ae79b2531bb7e019404b1e60dc21e0bc7d16afe6c5d0cfd665fd92a289eb58271901aa3c6b9fccfd51bc7291f21be95e0ffff8bb9d10a3449c5b6",
"pids": [],
"md5": "447f22444f2ec1733f656c58ab711ada"
},
{
"yara": [],
"sha1": "f9e0e886e224a6366eacfed73fe38384e5a9899d",
"name": "e59ce4250b23fc12_5014D54D3346C39B07AF70090657B2AD092771C7",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\5014D54D3346C39B07AF70090657B2AD092771C7",
"type": "gzip compressed data, from FAT filesystem (MS-DOS, OS\/2, NT)",
"sha256": "e59ce4250b23fc126c5ad0b2e168e017df5ac275b4035d2415ca26dc64837b3e",
"urls": [
"https:\/\/twitter.com",
"https:\/\/ton.twimg.com\/tfw\/assets\/news_stroke_v1_78ce5b21fb24a7c7e528d22fc25bd9f9df7f24e2.svg"
],
"crc32": "2948CA57",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/e59ce4250b23fc12_5014D54D3346C39B07AF70090657B2AD092771C7",
"ssdeep": null,
"size": 9785,
"sha512": "96d53f509f7c74e0bc07ab60a4033826125b396c57e4a15dafa6a1fb8f4b1a84ddb699ea2f880d772cb0a496c4bec9374f8f0c1d369f07946668c74baea2623a",
"pids": [],
"md5": "f066e8c152aee09da8e8bd75c5564c29"
},
{
"yara": [
{
"meta": {
"description": "Contains an embedded PE32 file",
"author": "nex"
},
"name": "embedded_pe",
"offsets": {
"b": [
[
98382,
0
],
[
307278,
0
],
[
348238,
0
],
[
19525710,
0
]
]
},
"strings": [
"VGhpcyBwcm9ncmFt"
]
},
{
"meta": {
"description": "A non-Windows executable contains win32 API functions names",
"author": "nex"
},
"name": "embedded_win_api",
"offsets": {
"api6": [
[
290118,
5
],
[
338984,
5
],
[
373650,
5
]
],
"api7": [
[
289682,
4
]
],
"api2": [
[
289964,
0
],
[
338394,
0
],
[
373582,
0
]
],
"api8": [
[
291178,
1
],
[
19541952,
1
]
],
"api14": [
[
291178,
1
],
[
19541952,
1
]
],
"api12": [
[
290332,
3
],
[
290710,
3
]
],
"api13": [
[
290130,
2
]
]
},
"strings": [
"R2V0UHJvY0FkZHJlc3M=",
"R2V0V2luZG93c0RpcmVjdG9yeQ==",
"R2V0VGVtcFBhdGg=",
"U2V0RmlsZVBvaW50ZXI=",
"U2hlbGxFeGVjdXRl",
"V3JpdGVGaWxl"
]
},
{
"meta": {
"description": "Matched shellcode byte patterns",
"author": "nex"
},
"name": "shellcode",
"offsets": {
"shell5": [
[
219232,
1
],
[
219255,
1
]
],
"shell6": [
[
105413,
2
],
[
105796,
2
],
[
106786,
2
],
[
109637,
2
],
[
117808,
2
],
[
139619,
2
],
[
141004,
2
],
[
141521,
2
],
[
146382,
2
],
[
149825,
2
],
[
151212,
2
],
[
151517,
2
],
[
157571,
2
],
[
158005,
2
],
[
164353,
2
],
[
165619,
2
],
[
170571,
2
],
[
170727,
2
],
[
176274,
2
],
[
176654,
2
],
[
184529,
2
],
[
198014,
2
],
[
204034,
2
],
[
205232,
2
],
[
350476,
2
],
[
355909,
2
],
[
358558,
2
],
[
362872,
2
],
[
19531823,
2
],
[
19532226,
2
],
[
19538580,
2
]
],
"shell7": [
[
163990,
0
],
[
164807,
0
],
[
165255,
0
],
[
172348,
0
],
[
186481,
0
],
[
350408,
0
]
],
"shell1": [
[
4902437,
3
],
[
4902439,
3
],
[
4902441,
3
],
[
4902443,
3
],
[
4902445,
3
],
[
4902447,
3
],
[
4902449,
3
],
[
4902451,
3
],
[
12480001,
3
]
],
"shell2": [
[
186493,
4
],
[
5055781,
4
]
]
},
"strings": [
"VYvs6A==",
"VYvsg8Q=",
"VYvsgew=",
"ZItk",
"ZKEw"
]
}
],
"sha1": "84c41700bd5aeedeb418e3d065000a297ca6ad57",
"name": "3a6f17a82d79477d_6052DF2D478CD99FDE4D4B2D810BB2BA580793EC",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\6052DF2D478CD99FDE4D4B2D810BB2BA580793EC",
"type": "Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Title: Installation Database, Subject: Python 2.7.14 (64-bit), Author: Python Software Foundation, Template: x64;1033, Revision Number: {A5E62488-AED0-43A0-8497-C9BA8FBF6D6E}, Number of Words: 2, Number of Pages: 200, Name of Creating Application: Python MSI Library",
"sha256": "3a6f17a82d79477d9ffd2499f641f4042940a5bf3a3e2659931143fcb4977484",
"urls": [
"http:\/\/www.startssl.com\/policy0",
"http:\/\/ts-crl.ws.symantec.com\/tss-ca-g2.crl0(",
"http:\/\/www.startssl.com\/0P",
"http:\/\/crl.thawte.com\/ThawteTimestampingCA.crl0",
"http:\/\/aia.startssl.com\/certs\/sca.code3.crt06",
"http:\/\/aia.startssl.com\/certs\/ca.crt0",
"http:\/\/ocsp.startssl.com00",
"http:\/\/crl.startssl.com\/sfsca.crl0f",
"http:\/\/ocsp.thawte.com0",
"http:\/\/ts-aia.ws.symantec.com\/tss-ca-g2.cer0",
"http:\/\/ocsp.startssl.com07",
"http:\/\/crl.startssl.com\/sca-code3.crl0",
"https:\/\/www.python.org\/ftp\/python\/2.7.14\/python-2.7.14.amd64.msi",
"http:\/\/ts-ocsp.ws.symantec.com07"
],
"crc32": "DC3588C4",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/3a6f17a82d79477d_6052DF2D478CD99FDE4D4B2D810BB2BA580793EC",
"ssdeep": null,
"size": 20179020,
"sha512": "e113b85f6a4b0a81a47f598fdd7dfcd0f5d7751be23b8e69193620507a4171013f42eba0f864b9596d073a9c8050cbee660c4a49f30cae2b65f1b4786505202d",
"pids": [],
"md5": "e8ec2fcdccda756ad982fe44bad9f065"
},
{
"yara": [],
"sha1": "9b308c9bbaeb9002d4b4731d59757c034b861306",
"name": "97fa25b25051b70c_BBKccj8[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\BBKccj8[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 310x166, frames 3",
"sha256": "97fa25b25051b70cee274489766ce2b47a70cd5ecc38a6859ccf4e3b9bda33eb",
"urls": [],
"crc32": "D5FC557D",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/97fa25b25051b70c_BBKccj8[1].jpg",
"ssdeep": null,
"size": 7661,
"sha512": "c01e52e38cd2a750179e5f7f097f3bd34aa332cb153f610ed752d4876188a7775d2e57d67da65602516c43f579eef8ed50296ddae99e2b7ec781d579f11dba43",
"pids": [],
"md5": "9bbd51e0473c0d155da2d5e9623151c7"
},
{
"yara": [],
"sha1": "d88324e82b0d71403057bd5d7ada070cf3336c6a",
"name": "574a1d7e52f072ea_65C9C9A27B78717F1015DE362F028E04C3945DEC",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\65C9C9A27B78717F1015DE362F028E04C3945DEC",
"type": "gzip compressed data, from FAT filesystem (MS-DOS, OS\/2, NT)",
"sha256": "574a1d7e52f072ead3e801c58e7eb44141ebd35115eb795abe1f39d888f33976",
"urls": [
"https:\/\/cdn.syndication.twimg.com\/widgets\/timelines\/434113224703610882?callback=__twttr.callbacks.tl_i0_434113224703610882_old",
"https:\/\/twitter.com\/i\/xss_report"
],
"crc32": "B3B760B7",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/574a1d7e52f072ea_65C9C9A27B78717F1015DE362F028E04C3945DEC",
"ssdeep": null,
"size": 19650,
"sha512": "334b4bc20dca050282ff12888a1f2ef658d4b825a1cc2628e21b3e879f673f3066f63d42328e3d055e0d181793b800dc83f473d1e7fb35c7d3c0955168764244",
"pids": [],
"md5": "78ae8e281caf6fa06d9b73538960b60c"
},
{
"yara": [],
"sha1": "9c9af7d7ab064d46b277b33c1b5024ae48fc72af",
"name": "0142a2befd3ace61_464DAA9FB3675E2054BC44273AFC184FA46471CB",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\464DAA9FB3675E2054BC44273AFC184FA46471CB",
"type": "data",
"sha256": "0142a2befd3ace619a24848d7f2cdf09e4b3f1efae9c209ea62d2a4a2cd9b2bd",
"urls": [
"http:\/\/ocsp.digicert.com\/"
],
"crc32": "B29FBAB4",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/0142a2befd3ace61_464DAA9FB3675E2054BC44273AFC184FA46471CB",
"ssdeep": null,
"size": 1306,
"sha512": "6792f8a907c6ab34ec0439b36f38c1096a10385a76272a7b1c270130e8f9c4b69a380b779912462e5ca0447af56938d9c8e1a597b9171aceeb3f46db0f0a6bbf",
"pids": [],
"md5": "093e61fe1f3508e2ad8f2481b779454d"
},
{
"yara": [],
"sha1": "93f9d8535a2d395a8c3af36e383cdd23a3f7e65f",
"name": "503f1c6426ce9c7f_1D7A050D55E3C4EE69402F8D55391DE5B50ADDB9",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\1D7A050D55E3C4EE69402F8D55391DE5B50ADDB9",
"type": "data",
"sha256": "503f1c6426ce9c7fe2eec3fdf50871c01163b08d6e2856775d311dfeed74c5ae",
"urls": [
"https:\/\/www.google.com\/gen_204?atyp=i"
],
"crc32": "9E9D2BEA",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/503f1c6426ce9c7f_1D7A050D55E3C4EE69402F8D55391DE5B50ADDB9",
"ssdeep": null,
"size": 6864,
"sha512": "2aa39f7ef1e8eb20fdc413d99967d7ec86f602ccddefa5b5434c3bc4e9c71c17a288916421ddb06c8779a613118784b482f7817dd0761816be668f509ce2bc2a",
"pids": [],
"md5": "fadb055f37fe500ba1144e64ca0a6e50"
},
{
"yara": [],
"sha1": "f2b1c1d3cbbe646684deb68f2ea1372fba481ad9",
"name": "968033d43b72c52d_AAyESU1[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\AAyESU1[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 100x75, frames 3",
"sha256": "968033d43b72c52d273b9b344479d061d0269c4b6c0f63a970fc3b3b94a521c2",
"urls": [],
"crc32": "E4A4369F",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/968033d43b72c52d_AAyESU1[1].jpg",
"ssdeep": null,
"size": 1413,
"sha512": "ab943bc8fb2807c5b508e770fddb866081dbc56211777c1b9aa2b69fb47f9e3d1f5dd08cca5af28f435550bad278df01adba4e5118bcf066667791a06d89ac98",
"pids": [],
"md5": "36078ba8d27031813feb431b3f889649"
},
{
"yara": [],
"sha1": "8de983df97e93808ced92df0133a22f2b3ec55fd",
"name": "c4127ef292676383_66F684AF9CC570C6247262B47C769C601C2A338B",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\66F684AF9CC570C6247262B47C769C601C2A338B",
"type": "data",
"sha256": "c4127ef2926763836e030cbfb7f5150a125dc51b99487e2d5d7db629bbcbbe76",
"urls": [
"https:\/\/report-uri.cloudflare.com\/cdn-cgi\/beacon\/expect-ct",
"https:\/\/www.mozilla.org\/privacy\/firefox\/",
"https:\/\/www.mozilla.org\/sv-SE\/privacy\/firefox\/"
],
"crc32": "74778D91",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/c4127ef292676383_66F684AF9CC570C6247262B47C769C601C2A338B",
"ssdeep": null,
"size": 12643,
"sha512": "be6925044b173131b4971f7c53fbe4afe69aaa28f09dfd52e52a3c13dffab5625ba4d965fdcea3a75f2ce00d714404df5213f991fa8167887f65200b8716c4ac",
"pids": [],
"md5": "3712186aad15e8a3c51554f445baae5c"
},
{
"yara": [],
"sha1": "a963b97c3ce2e693319a4e9ff1bb3e66623324c1",
"name": "70e85d9072d5a40f_7A8D3A9360CC37F0AD80962D4AEA72B6D0F0B2B3",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\7A8D3A9360CC37F0AD80962D4AEA72B6D0F0B2B3",
"type": "data",
"sha256": "70e85d9072d5a40f54bab71c8ee21c85b4325ed2822165c02a19ba653cea5e86",
"urls": [
"https:\/\/accounts.firefox.com\/",
"https:\/\/accounts-static.cdn.mozilla.net\/"
],
"crc32": "3357BC93",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/70e85d9072d5a40f_7A8D3A9360CC37F0AD80962D4AEA72B6D0F0B2B3",
"ssdeep": null,
"size": 207,
"sha512": "741e161acd688e74d129a130643847f0fc8fb7ec4ac6465591bd0ea25b85a9fad8804b303777c2f4079edb4c0dd141809a9b15e04edd0c2cd21dca79d604f7fe",
"pids": [],
"md5": "3782bd4ef9650cf72c37c21747b1df66"
},
{
"yara": [],
"sha1": "46cf85f027afe3e489f70e5384a85e5e30250a7c",
"name": "32775a687bb3c361_registry.pol",
"filepath": "C:\\Windows\\System32\\GroupPolicy\\Machine\\Registry.pol",
"type": "data",
"sha256": "32775a687bb3c361df4e1ccd712a433f02d7f981da47ccf3a6639eb8fe06b0e5",
"urls": [],
"crc32": "2C69D089",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/32775a687bb3c361_registry.pol",
"ssdeep": null,
"size": 176,
"sha512": "33a5835e38a5b90d6f28ffe1615cb2e2dc0022a0b492f2aaa2b444fad13355280fcd2df707fb4882d01fd8e667e7bb20ae2d23ecbe508119c259b15647531dba",
"pids": [
2628
],
"md5": "0d71c450c268270d5bc288c99e2137ca"
},
{
"yara": [],
"sha1": "2f245f7a874351649a76145410a45d370ece3486",
"name": "211b3778f133c4e9_icon-lighter.72a7f6016d33[1].svg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\icon-lighter.72a7f6016d33[1].svg",
"type": "ASCII text, with very long lines",
"sha256": "211b3778f133c4e9e2bcd663119d1d1e3409b9157b95402d3bdc81dd9d99504f",
"urls": [],
"crc32": "722737A3",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/211b3778f133c4e9_icon-lighter.72a7f6016d33[1].svg",
"ssdeep": null,
"size": 2599,
"sha512": "0f9e2573a2f03464a122d0b652e3687c8c6d71474902dc9a1186769a03aa35c4f888a95749be79f261698f2d36b8f543f83727cf70a30cda423096b6207a8025",
"pids": [],
"md5": "72a7f6016d33820ec9865b719ccb3ddb"
},
{
"yara": [],
"sha1": "b9058479c9d123d42a570b8c8f5b3469833cf5b4",
"name": "01dc058feccca70c_AAyHpyj[1].png",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\AAyHpyj[1].png",
"type": "PNG image data, 300 x 194, 8-bit\/color RGBA, non-interlaced",
"sha256": "01dc058feccca70c4d5af108fb68c785e5ed329fdc424dedf45973e0bb6ae385",
"urls": [],
"crc32": "9457C900",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/01dc058feccca70c_AAyHpyj[1].png",
"ssdeep": null,
"size": 120770,
"sha512": "8eb8826bbe3442d07796ab7c454b03b3170b3f47b55515def217d618d7bfdb12f0c9de465aba71e556a5a79d7ac307142b52431af3f4667bc0284d34de2cb60d",
"pids": [],
"md5": "405ec4914a812d54cb0fe7d17aec5097"
},
{
"yara": [],
"sha1": "c40a69a35931609f26e393ee02ea096162765915",
"name": "7eb3a32139ee55ae_639DC9A240AA5E77CE1A930EDDD634BE796CBFA8",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\639DC9A240AA5E77CE1A930EDDD634BE796CBFA8",
"type": "data",
"sha256": "7eb3a32139ee55aeda3010ed19f62199ea450d21a18ffa4aebac74a3977ffe80",
"urls": [
"http:\/\/ocsp.pki.goog\/GTSGIAG3"
],
"crc32": "93133AEA",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/7eb3a32139ee55ae_639DC9A240AA5E77CE1A930EDDD634BE796CBFA8",
"ssdeep": null,
"size": 1227,
"sha512": "28823d88b326a2a777d0c97dca8d2e056a51d64243fe41d63451a2fdc9a9ab1b09dc706c2644661728e30ec547cb404dfa4fdb7e928d310eecdec0c0b8b17d59",
"pids": [],
"md5": "fe77b433cc640771818286b4018092dc"
},
{
"yara": [],
"sha1": "0a27b5656d624dbf84fd6a5e58c0e47fce947220",
"name": "887038436153763c_AAyGytH[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\AAyGytH[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 300x194, frames 3",
"sha256": "887038436153763cfd41200edb482c871c3526c3894a134bc11316c1934e6366",
"urls": [],
"crc32": "73AC31F1",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/887038436153763c_AAyGytH[1].jpg",
"ssdeep": null,
"size": 15795,
"sha512": "2ed5c43d859cefc0baebc3a335d4df28039883e6caac2d97a0c1687eec98c29b5b58528870b0b13bcc8c43079b5c7bea9752b03c01e2a03bcf6b80ff88293d30",
"pids": [],
"md5": "4b52136daed2207e2e101749826099ca"
},
{
"yara": [],
"sha1": "4a7d84d903ecf9ba96d6b95692f9b02289a7122f",
"name": "0f9ba70df58e4584_AAyGFxl[1].png",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\AAyGFxl[1].png",
"type": "PNG image data, 100 x 75, 8-bit\/color RGBA, non-interlaced",
"sha256": "0f9ba70df58e4584a81c71be8cddef154e9094cd2805bfa7782f37ef0062b792",
"urls": [],
"crc32": "427F4A27",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/0f9ba70df58e4584_AAyGFxl[1].png",
"ssdeep": null,
"size": 20670,
"sha512": "864b4447bcd3dd1e6555ef79418d97cb37944399eedecf274c1729cbf86b805d68e3c5d0fe7b6aa1c988496cfe3a83b3ed12ba1a2a33444189823b7e363b642d",
"pids": [],
"md5": "ddc226435bdc5855bb8938602be79fd5"
},
{
"yara": [],
"sha1": "805cea49d8432b934339a0f556c65f3d91592f08",
"name": "4a95a1d0257a2c86_120B4106EC203FC932984367D86BBE11C2B9B93C",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\120B4106EC203FC932984367D86BBE11C2B9B93C",
"type": "data",
"sha256": "4a95a1d0257a2c86d9ac221a8ae88988043407034871f43ce8840da1682bc58a",
"urls": [
"https:\/\/www.google.com\/xjs\/_\/js\/k=xjs.s.sv.3oxjWSK98FA.O\/m=RMhBfe\/am=wCIyGUMA5P8pGEgUsIIRFphAYUA\/rt=j\/d=1\/exm=sx",
"https:\/\/ssl.gstatic.com\/gb\/images\/i1_1967ca6a.png",
"https:\/\/www.google.com\/xjs\/_\/js\/k=xjs.s.sv.3oxjWSK98FA.O\/m=sx",
"https:\/\/www.google.com\/client_204?",
"https:\/\/www.google.com\/images\/nav_logo242.png",
"https:\/\/www.google.com\/images\/hpp\/shield_privacy_checkup_green_2x_web_96dp.png",
"https:\/\/www.google.com\/images\/branding\/googlelogo\/2x\/googlelogo_color_120x44dp.png",
"https:\/\/apis.google.com\/_\/scs\/abc-static\/_\/js\/k=gapi.gapi.en.mi8SElW72Gs.O\/m=gapi_iframes",
"https:\/\/www.google.com\/search?q=download",
"https:\/\/www.gstatic.com\/inputtools\/images\/tia.png",
"https:\/\/adservice.google.com\/adsid\/google\/ui",
"https:\/\/consent.google.com\/status?continue=https:\/\/www.google.com",
"https:\/\/www.gstatic.com\/og\/_\/js\/k=og.og2.en_US.hAkhwdR_wSU.O\/rt=j\/m=def\/exm=in",
"https:\/\/www.google.com\/xjs\/_\/js\/k=xjs.s.sv.3oxjWSK98FA.O\/m=aa"
],
"crc32": "24681485",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/4a95a1d0257a2c86_120B4106EC203FC932984367D86BBE11C2B9B93C",
"ssdeep": null,
"size": 118767,
"sha512": "ab051c8db7abc63fdc3aad31b2a66e4c23e273353499baa08a51b7fe02b34095e1436233872bf43843c00232873b8769c7a0dc3e9f99169b220195c35f5f3b38",
"pids": [],
"md5": "e78b7d4e35c4c288e2859ae4bc8f0461"
},
{
"yara": [],
"sha1": "ac9851447c72d6c06ce1637cbc3d685cf1a3c983",
"name": "dfcb28e88feb6422_social-icon-sprite.bf2ae0cd0f01[1].svg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\social-icon-sprite.bf2ae0cd0f01[1].svg",
"type": "ASCII text, with very long lines",
"sha256": "dfcb28e88feb642244a7549555a674e0f275a0fe4f4784e08f021e480b775c90",
"urls": [],
"crc32": "2D58D4FF",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/dfcb28e88feb6422_social-icon-sprite.bf2ae0cd0f01[1].svg",
"ssdeep": null,
"size": 3699,
"sha512": "7677fb66aa9445a8651e5b9517e058396007e49d72eef54de49329fabce66468a4e29b16a89cd6c536f16e1387a1f23493f0f3336d5490410f282ad8bb94ce69",
"pids": [],
"md5": "bf2ae0cd0f01b93be30f0e71e3412006"
},
{
"yara": [],
"sha1": "3fb06ee03e870c5aa8f12b2ede79a0a4c5338a74",
"name": "70edfdc348bbec6b_XQENWVVw.dll",
"filepath": "C:\\Windows\\gaABPi\\XQENWVVw.dll",
"type": "ASCII text, with no line terminators",
"sha256": "70edfdc348bbec6b77b9d78a907ad996146fca1fe54f8127459102f5c761e9d0",
"urls": [],
"crc32": "7A6BCB72",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/70edfdc348bbec6b_XQENWVVw.dll",
"ssdeep": null,
"size": 10,
"sha512": "f0e8b0059611f36d6efc1f67e18ce3a67876f8045d0a3a5a111712678ba0600045b03788606c32de718b62674f18c2db0cf231468e1ea767254e28220361a89f",
"pids": [
2628
],
"md5": "f4b20cd504c86e6e79f1db7959066d7b"
},
{
"yara": [],
"sha1": "48277b40106653f10ca2aca1d8e82f0b1905660d",
"name": "53d7a01a1a9ec6eb_AAyAlCn[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\AAyAlCn[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 300x250, frames 3",
"sha256": "53d7a01a1a9ec6eb169e5cb97c3171e04034d221fd18232f07303065b69266b2",
"urls": [],
"crc32": "8BECB28C",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/53d7a01a1a9ec6eb_AAyAlCn[1].jpg",
"ssdeep": null,
"size": 9189,
"sha512": "ef8ec4428bd5b5f2e25573508231a08c5a534cc373a75349bb494b3f0ca1ed8a9c98e041ca387f64ff3747e33779f3727bcee4bb80649373565c2793e1fd10ab",
"pids": [],
"md5": "dfc927036369e68e77feeb937e12695a"
},
{
"yara": [],
"sha1": "d142ad98ef7fe06fe635e9d50cdabb17cbbe6269",
"name": "c228dffa4fc59796_AAyH62f[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\AAyH62f[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 100x75, frames 3",
"sha256": "c228dffa4fc59796277150dfe0f4d7ea6139bb1dd5fefa5fadd73bd8d85a93f5",
"urls": [],
"crc32": "8ABCF204",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/c228dffa4fc59796_AAyH62f[1].jpg",
"ssdeep": null,
"size": 1935,
"sha512": "94d7d4f4b539bcb1d1fc45f9045f17142579098155cd17d271af47b0f9f257584ae628cdc743bae1952292b87564550f6e56c6e7deb83e1d80c6cd1c4fa8c77c",
"pids": [],
"md5": "bc93eba6b06d26d4706f41b38101e76e"
},
{
"yara": [],
"sha1": "d57fdffe5e5a1b5885ed62903193bb3830157216",
"name": "1fe25de60e701887_razy.exe",
"filepath": "C:\\Program Files (x86)\\ihfqgu\\razy.exe",
"type": "PE32 executable (GUI) Intel 80386, for MS Windows",
"sha256": "1fe25de60e70188767d6724749f3a11c5365175598b986d70b530fa51e92d834",
"urls": [],
"crc32": "7D7615D9",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/1fe25de60e701887_razy.exe",
"ssdeep": null,
"size": 1922560,
"sha512": "82322ff57d5581991ff3fc9dec92029e22729032de7f3c23b59a8730927aef26334ad750d5667ff050fae69883a63622f91b99641752274e87e4678a3dad5b7e",
"pids": [
816,
2628
],
"md5": "c8252037564c01cf45185ad0bbf58b91"
},
{
"yara": [],
"sha1": "d825f63d813286735f31258aa08db99c4a5ea0a6",
"name": "580791d2702d9fc9_B10EA6E071F884F477118DC8A00E82FC8DE58639",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B10EA6E071F884F477118DC8A00E82FC8DE58639",
"type": "gzip compressed data, from FAT filesystem (MS-DOS, OS\/2, NT)",
"sha256": "580791d2702d9fc9b5347fa659298826edfbaff2ee8884523c212cc0b929d7ba",
"urls": [
"https:\/\/www.gstatic.com\/og\/_\/js\/k=og.og2.en_US.hAkhwdR_wSU.O\/rt=j\/m=def\/exm=in"
],
"crc32": "01D26210",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/580791d2702d9fc9_B10EA6E071F884F477118DC8A00E82FC8DE58639",
"ssdeep": null,
"size": 57499,
"sha512": "c4b2c0c0fbec07f29398077975c343059b2f705ab6d02901267393a9d8834332562a4d7c1a0d00be5a0322641612b94f58430edce3e0f192d231f504758aacfd",
"pids": [],
"md5": "ba6a953e843613b31e4cbb020a23d4f8"
},
{
"yara": [],
"sha1": "c2d5650a94b2e3f9ae2ff95123d6737cfb9df0c9",
"name": "6723869a5b5f297e_AAyGwc2[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\AAyGwc2[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 100x75, frames 3",
"sha256": "6723869a5b5f297eced4db94c21d9201d11f3cc5bddabc66b32d31cbc9f81e3c",
"urls": [],
"crc32": "144BF1C8",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/6723869a5b5f297e_AAyGwc2[1].jpg",
"ssdeep": null,
"size": 2169,
"sha512": "3bcf0d35291c7723f73b4149a5a2cd733abac557808dadcded976c449cbc5f5ed83ce4b4e1fdf723a3b0d0a5b01f7487ddfef34ca5ea024313887c4b12f0bbdb",
"pids": [],
"md5": "67c95dc3e3fcb476b40464b76da3626a"
},
{
"yara": [],
"sha1": "fa52f823b821155cf0ec527d52ce9b1390ec615e",
"name": "2842973d15a14323_desktop.ini",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\desktop.ini",
"type": "Windows desktop.ini, ASCII text, with CRLF line terminators",
"sha256": "2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38",
"urls": [],
"crc32": "6C4EDE16",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/2842973d15a14323_desktop.ini",
"ssdeep": null,
"size": 67,
"sha512": "34d1a29c9142fc5a875733c49886ad52a077045831aaa79239712bcd0f312637ba86882a71d37d9d68789ef53e30be5d3470f56d03377cd1eeded98af898ff80",
"pids": [],
"md5": "4a3deb274bb5f0212c2419d3d8d08612"
},
{
"yara": [],
"sha1": "e8bc69bffdb168f87327eefaf72f738a2b04b977",
"name": "8c65d9b04c06555a_AAyHbA2[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\AAyHbA2[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames 3",
"sha256": "8c65d9b04c06555a79e7f6e6d234bb0948cc665b01c4f9a8d1f532e682895169",
"urls": [],
"crc32": "4B66723F",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/8c65d9b04c06555a_AAyHbA2[1].jpg",
"ssdeep": null,
"size": 11675,
"sha512": "daf40f170c1482af5d00381f14426c094b6fd51ba6a4bf1b7c032a8fa9864e8d3b9f0c246bc25e0eb107ab9e4984b62a861b712a4e2b524fc974f8a954e15fbb",
"pids": [],
"md5": "67fb9f6f6adade238db9aaa8de217138"
},
{
"yara": [],
"sha1": "a9acffbd9fc6893b59e881b26ed8b6164eaac1df",
"name": "b60fcc6fd1dc7a22_AAyGsMl[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\AAyGsMl[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x194, frames 3",
"sha256": "b60fcc6fd1dc7a229cd7ddd9e5c3739328aec84ca267a175166827a66edcd0ed",
"urls": [],
"crc32": "2A2FB628",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/b60fcc6fd1dc7a22_AAyGsMl[1].jpg",
"ssdeep": null,
"size": 14869,
"sha512": "a1c18465a81ebbae9502738468f3f31a2f8d0fff7c31fbe13df23ccca51936d4fc57bc4fec0daa9494eb408507bf4c9b39b90dba494216728ca72db0cf561888",
"pids": [],
"md5": "590da48f97d1dcef4f6f6215306ae33c"
},
{
"yara": [],
"sha1": "b7a7529a33c38c183b6894616bef2b80be2bfe54",
"name": "b8af5df4588d2d0a_E59C4C731883450D84A0BAE7FDD94546BBC8DE04",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\E59C4C731883450D84A0BAE7FDD94546BBC8DE04",
"type": "gzip compressed data, from Unix",
"sha256": "b8af5df4588d2d0a0d3ba6cd068284b30ac1f85bb2656c9ca45465c261967045",
"urls": [
"https:\/\/normandy-cloudfront.cdn.mozilla.net\/",
"https:\/\/normandy-cloudfront.cdn.mozilla.net\/api\/v1\/action\/opt-out-study\/implementation\/sha384-Po6f87p9WDsUs4q7a-bBLzmdHv3K3CwGypB3XDe0cCyd2euw6b5oaOBMJ_ORYAjH\/"
],
"crc32": "84E86BE6",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/b8af5df4588d2d0a_E59C4C731883450D84A0BAE7FDD94546BBC8DE04",
"ssdeep": null,
"size": 10497,
"sha512": "2526c843ee7877195507642431d219caee148980f725b61bddef11cdc35a2d7f917142253aa5d7af7639a8108b4a1e62df3275029fc18361db31c24a85b015ef",
"pids": [],
"md5": "6e53d93afc00e9b52804ad95af8737ec"
},
{
"yara": [],
"sha1": "4520cf1e8cea1e3f05e1fc88d977acfeaba385e2",
"name": "6ef46631968cc6db_AA5Pgkt[1].png",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\AA5Pgkt[1].png",
"type": "PNG image data, 16 x 16, 8-bit\/color RGBA, non-interlaced",
"sha256": "6ef46631968cc6dbaec863fe6424cc78eb69ad897a8dd5146b86db9309e990ea",
"urls": [],
"crc32": "955BFC4D",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/6ef46631968cc6db_AA5Pgkt[1].png",
"ssdeep": null,
"size": 344,
"sha512": "5f75dbe72f145892ee0ab93089421f4dcddc3bd11c54a552dad66626f7796c0e19c61b2fb77f8f39dbebddc58abd1a7e3648c75be62d28a80f413459659ce2f2",
"pids": [],
"md5": "901be80c80a167ece9ef32b78b82461c"
},
{
"yara": [],
"sha1": "47a88897c2fd6b2a66c29c4c12b5ce1d2ca67f3e",
"name": "0ccfdd3983ebfd23_AAyGg2N[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\AAyGg2N[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 300x194, frames 3",
"sha256": "0ccfdd3983ebfd23ff18765bc0eea21e086199d0744e47d5088026e516c4607e",
"urls": [],
"crc32": "182B037E",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/0ccfdd3983ebfd23_AAyGg2N[1].jpg",
"ssdeep": null,
"size": 10837,
"sha512": "dae6d4736b120cb0bbe0c45d5650c2dba5aaec9a5b42a2d9aad827252abc90ca1530a7b88f6bc0388c9982bb3798bd44b0b511f312485b3a3a2786b26fbf77f7",
"pids": [],
"md5": "1b5a743bc61e4c7d411fecf34c3b5199"
},
{
"yara": [],
"sha1": "49973622822f4e2146f6bc453d78d9b668169fcf",
"name": "d92cb392b6ae7875_AAyGCxD[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\AAyGCxD[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames 3",
"sha256": "d92cb392b6ae787594d6af6e9d016e257d9ee8914e52bda6bb13654721752782",
"urls": [],
"crc32": "8275CDCE",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/d92cb392b6ae7875_AAyGCxD[1].jpg",
"ssdeep": null,
"size": 10381,
"sha512": "772b04409bf41909bb697d9394ff6cb470036c02fced26e2763d0d3df368951e5ea6a77bc39db6e69ea923f083ab57e24c87a11c1e2a909757a2008963916b55",
"pids": [],
"md5": "4dd9f12db1180ae583e90aebae4f84e0"
},
{
"yara": [],
"sha1": "8f6d4c272a84ce1dd6e0537bbb54b62216a839c2",
"name": "5164b79a8c5bb7fe_firefox_new_common.2a164989aaa0[1].css",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\firefox_new_common.2a164989aaa0[1].css",
"type": "ASCII text, with very long lines, with no line terminators",
"sha256": "5164b79a8c5bb7fe34ded33cb8ed87772bbae2b365958a5f939dacf8a44d0ce5",
"urls": [],
"crc32": "91B2E114",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/5164b79a8c5bb7fe_firefox_new_common.2a164989aaa0[1].css",
"ssdeep": null,
"size": 5254,
"sha512": "4e883e56032f4b1faf24a03c538d21bf2730396a2cf8bfd6dea8f8761eb8a35ef832ff1949fa4ab9b20cd4828609f2deb2d9035e3f9c42c3d4efe58e976bd70e",
"pids": [],
"md5": "cc2941ff43b96ab78f91d89e15fcfdb6"
},
{
"yara": [],
"sha1": "68041e8f1eeb7ae6f08933bb87172a7330a4e67c",
"name": "5efff29e1084097e_A698B6CF98F43F9B0EE1C1DAF3F2CB9BFF09A47C",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\A698B6CF98F43F9B0EE1C1DAF3F2CB9BFF09A47C",
"type": "PNG image data, 189 x 189, 8-bit colormap, non-interlaced",
"sha256": "5efff29e1084097e9e4001d876bbd02a055ca8cb28a45b95439a4d63c2981995",
"urls": [
"https:\/\/www.mozilla.org\/media\/img\/logos\/firefox\/logo-quantum.9c5e96634f92.png",
"https:\/\/report-uri.cloudflare.com\/cdn-cgi\/beacon\/expect-ct"
],
"crc32": "1EEC94FE",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/5efff29e1084097e_A698B6CF98F43F9B0EE1C1DAF3F2CB9BFF09A47C",
"ssdeep": null,
"size": 18713,
"sha512": "687c322be4fbd0f976fff14e87ba14296242ad9dfe885c17d5108e6d24313401869f1662779d402991f775a912629333de810991e74719b7ac26a451ddf3b12d",
"pids": [],
"md5": "364e62cd924fb3db70302bb94bb6ebae"
},
{
"yara": [],
"sha1": "72be12ac2f198c768a92456c84fdbc5bd8753e1b",
"name": "4dd18939eb0a5d85_icon-private.d692fe1edf7f[1].svg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\icon-private.d692fe1edf7f[1].svg",
"type": "ASCII text, with very long lines",
"sha256": "4dd18939eb0a5d85e17497f4aae8d0057b8ba9f7c79fd95a2c5eba0a07327f2e",
"urls": [],
"crc32": "D025BBCF",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/4dd18939eb0a5d85_icon-private.d692fe1edf7f[1].svg",
"ssdeep": null,
"size": 1401,
"sha512": "11f5a9c662d3dcc05b16e21f82fda5d3baaba629647350acc7dd77b2c73046376b53c31c479fff3c6e91593e8e97422d0b5d910adcee196e004757aae6db4a0a",
"pids": [],
"md5": "d692fe1edf7f663e97b8771c3934725b"
},
{
"yara": [],
"sha1": "02f4e5eb975c4adf0b2135c590f97b36ec8eb767",
"name": "8a52e4757dd7e9b5_654562[1].eot",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\654562[1].eot",
"type": "Embedded OpenType (EOT)",
"sha256": "8a52e4757dd7e9b5bef608a78529f43b71e3e3d67cebb259cfb874d260a5b064",
"urls": [],
"crc32": "72654562",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/8a52e4757dd7e9b5_654562[1].eot",
"ssdeep": null,
"size": 38918,
"sha512": "e466af3956d8f1702d99d6436a37f8fda67c99a730f695d81917f03284d59897f0ac89509fe2973e28140957dc35a03ae0c2d557063960151d88afdd51cacf68",
"pids": [],
"md5": "a12b6b19542b022e40d5a7e82822832a"
},
{
"yara": [],
"sha1": "4fcfb9f9650be4b3f1c080b8b529d40a7ed10ea4",
"name": "55c9e0f6e1bb2cd3_A41FBA22DC5012AD425DF960BDD5033BAB7C7CB6",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\A41FBA22DC5012AD425DF960BDD5033BAB7C7CB6",
"type": "JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 600x314, frames 3",
"sha256": "55c9e0f6e1bb2cd376c045239a8d6c650bf7dd663368ba6dc340480c857d65b6",
"urls": [
"https:\/\/pbs.twimg.com\/card_img\/1007216334986346496\/KYm1Iaek?format=jpg"
],
"crc32": "BD8E36A0",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/55c9e0f6e1bb2cd3_A41FBA22DC5012AD425DF960BDD5033BAB7C7CB6",
"ssdeep": null,
"size": 37028,
"sha512": "e3afcf76581d14a2af51c752fc82d8537c6ba84afb7864857672fc9125417766009c6eecccdb276d82171a322e0b00c3452670eaef96cbebe025ab5bd6541782",
"pids": [],
"md5": "25f9ea6e9e9c5193bd51dc99403506b4"
},
{
"yara": [],
"sha1": "6ef0c5eaf2e78bd5497ebb9501b7d25d63f9e5bb",
"name": "19772ce8b227c547_D8779A474EF9F188508C00F92B9CE49A7892A0AD",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D8779A474EF9F188508C00F92B9CE49A7892A0AD",
"type": "gzip compressed data, from Unix",
"sha256": "19772ce8b227c547201f74b539c677e5942543b1255e9db8613beb0aab250ec2",
"urls": [
"https:\/\/www.mozilla.org\/media\/js\/BUNDLES\/firefox-update-notification.de3e9caf3097.js",
"https:\/\/report-uri.cloudflare.com\/cdn-cgi\/beacon\/expect-ct"
],
"crc32": "1EF44721",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/19772ce8b227c547_D8779A474EF9F188508C00F92B9CE49A7892A0AD",
"ssdeep": null,
"size": 11701,
"sha512": "1cf1079663b183023a481dae159ef576d496b2df45f5b3630422eb20749713c9dc472ac4e464af1b197c3d5b749b207eceb02b7234bef2ff770f7e67ac1c5c66",
"pids": [],
"md5": "c63e340c0fc4475677aff0a50375176a"
},
{
"yara": [],
"sha1": "b87793a22e1909b3d96a00042d3d62736f5befc6",
"name": "32866fd0081f6717_mwfmdl2-v2.77[1].eot",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\mwfmdl2-v2.77[1].eot",
"type": "Embedded OpenType (EOT)",
"sha256": "32866fd0081f671792a34f3348d0bc535f63e8bb0189c8cd18776907a640fb52",
"urls": [],
"crc32": "F5ACF5B2",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/32866fd0081f6717_mwfmdl2-v2.77[1].eot",
"ssdeep": null,
"size": 17069,
"sha512": "27bcdcf9e36ce1614ea0b4560aa2dc44d2fef3b5538fc26428e0e2a070414397d94f412d93c52142797b1b39a661136f3cc32c0620136a7f242b05f37ce3c6f5",
"pids": [],
"md5": "4c97e0a257097f404d98b33350c4d5f4"
},
{
"yara": [],
"sha1": "5a40c7a76a49d85fb292c3322bdc3da1fc5e5b44",
"name": "d0cd8598fc041279_AAyGEJ3[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\AAyGEJ3[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 100x75, frames 3",
"sha256": "d0cd8598fc041279bcaa4a8bf92c2282fffa426d804d951833f124792c78a04f",
"urls": [],
"crc32": "D8667B74",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/d0cd8598fc041279_AAyGEJ3[1].jpg",
"ssdeep": null,
"size": 2463,
"sha512": "9e62f981435f4eb8fd6a8c215a99bf24339ba74b5abd9f835903baab8b3237a12f398b395f9f2dea90c557dcec3c9980e484549922970ec4bca4b1a4ead392a9",
"pids": [],
"md5": "505297076b3a9edca6402e00ad207723"
},
{
"yara": [],
"sha1": "be93b5f189d6c9540b76a4655a40a19511bb41b4",
"name": "6db3ab40c14d1d8c_796EA7DED8F33BFD4F2F0CD98C76865D063E1FE1",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\796EA7DED8F33BFD4F2F0CD98C76865D063E1FE1",
"type": "data",
"sha256": "6db3ab40c14d1d8c0690772d2cc2f14bec5195a6db963e4bdbdf883968eb0422",
"urls": [
"https:\/\/www.google.com\/complete\/search?client=firefox"
],
"crc32": "D1D3D3B6",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/6db3ab40c14d1d8c_796EA7DED8F33BFD4F2F0CD98C76865D063E1FE1",
"ssdeep": null,
"size": 7029,
"sha512": "1f78fabc7b24158b2f08a19692790386503059ac27694a9443a210d1124bf052aba592cc44c7a90b682d4bc48627532030bdc9f7757b49f5e307000c7d34eefc",
"pids": [],
"md5": "7ec1561d56fda1561840dd67c77a51e4"
},
{
"yara": [],
"sha1": "f26ae90e222bea572b6aaadabd889154b7743980",
"name": "ca7574844c8793b9_A3031C2052A395A7FE246EFE1783C6205B841295",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\A3031C2052A395A7FE246EFE1783C6205B841295",
"type": "gzip compressed data, from Unix",
"sha256": "ca7574844c8793b91cbe0e88d90199167d2675bce9e171b00cc221476784d3e9",
"urls": [
"https:\/\/report-uri.cloudflare.com\/cdn-cgi\/beacon\/expect-ct",
"https:\/\/www.mozilla.org\/media\/js\/BUNDLES\/common.945cfb8770ab.js"
],
"crc32": "8E09CCFA",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/ca7574844c8793b9_A3031C2052A395A7FE246EFE1783C6205B841295",
"ssdeep": null,
"size": 48392,
"sha512": "33631b89a9f25064229d54f3a4ad76da3bf00ce0b42bd493f2adcbc250ba893a6666cb38d441575529ec3400569ffeaf2eeef5c728707476c2e9c754f8114733",
"pids": [],
"md5": "773eee00804fdc1bff88ee3a779eab2e"
},
{
"yara": [],
"sha1": "ed99c752a1bf7064dad1622b481cec3c595b8a2d",
"name": "0aa066de164bdbb3_AAyGPjb[2].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\AAyGPjb[2].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 310x166, frames 3",
"sha256": "0aa066de164bdbb3b54797fccf8fe289b61e3c451c2d630550f059b14b5ca254",
"urls": [],
"crc32": "30221936",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/0aa066de164bdbb3_AAyGPjb[2].jpg",
"ssdeep": null,
"size": 12371,
"sha512": "05ec48c1936a1f23a8b1093a9498b5299628d73cb27fd0612925ec6d6d60d595b0de825371d381fb7654d9499b3e272fc8c5b666580afa0c9ec6ddd6cc3566d4",
"pids": [],
"md5": "a7968cec08c97884641d1aba62bc1d65"
},
{
"yara": [],
"sha1": "c0b6cf048c5485ccb49f54445e70f2027a0a0489",
"name": "060787a1774df3e7_AAyGaSM[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\AAyGaSM[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 300x194, frames 3",
"sha256": "060787a1774df3e7830b4fbde077d9ad0cfa49e2d3ec92e6fa13d3278980101a",
"urls": [],
"crc32": "3E9595AD",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/060787a1774df3e7_AAyGaSM[1].jpg",
"ssdeep": null,
"size": 9467,
"sha512": "1de898f7edfc91542b98f23964d8d02a323381809510bbbf8f1284bd063f6b941083402a9d326fb2a898ebbe73124b04126c6a630b60f570c3897ffa5d6f842a",
"pids": [],
"md5": "b702371413012275829077e6d64355a2"
},
{
"yara": [],
"sha1": "7ca1b5994684a7fe37a61bc350a1fa8a89bf91da",
"name": "34395085da32c8b4_test-trackwhite-simple.sbstore",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-trackwhite-simple.sbstore",
"type": "data",
"sha256": "34395085da32c8b4efe9959e3b0d756b43ffed17694d66f39b966cd331bd9a94",
"urls": [],
"crc32": "321EA964",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/34395085da32c8b4_test-trackwhite-simple.sbstore",
"ssdeep": null,
"size": 232,
"sha512": "55b09573c235876d0cb4e6c20070cd1954cf1eb94f513a94985896237a350e48fcd47c88d5ec9632ab9d0aed4a59c250e69f59a59ed88f2a0aeb6734302744a9",
"pids": [],
"md5": "65e942614eee70680464ac4be75019fc"
},
{
"yara": [],
"sha1": "c98d5442c3ab644135e14f7b0cd9dc68cbee34da",
"name": "a3865ecdda2fdc34_MAWeccbS.dll",
"filepath": "C:\\Windows\\gaABPi\\MAWeccbS.dll",
"type": "PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, PECompact2 compressed",
"sha256": "a3865ecdda2fdc348f24786ad86f3fac7eb2a3efa48d602eb174aa92aae38b71",
"urls": [],
"crc32": "C481EB26",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/a3865ecdda2fdc34_MAWeccbS.dll",
"ssdeep": null,
"size": 915456,
"sha512": "c6a881ff89177dc9775cc4143d390b9d2705836c536e635381d5cf941a63fae716d274170a4ee49a7fa24a55b570dc0c48f34da34b64f34191d1990529a806b2",
"pids": [
2628
],
"md5": "69d991e0c61d85d72b59922a13e765af"
},
{
"yara": [],
"sha1": "811a7c4629aae0b5e931a85b8faf9d0572861e8b",
"name": "d9fa94c9a9e5488d_34D9B2F464DD8C129F58DFEE470B079556A7A3F9",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\34D9B2F464DD8C129F58DFEE470B079556A7A3F9",
"type": "gzip compressed data, from Unix",
"sha256": "d9fa94c9a9e5488d10eb33b23802081a5d96140fe337cd43295e82d6f6cb7191",
"urls": [
"http:\/\/bit.ly\/getsizebug1",
"https:\/\/www.python.org\/static\/js\/libs\/masonry.pkgd.min.js"
],
"crc32": "695AFE84",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/d9fa94c9a9e5488d_34D9B2F464DD8C129F58DFEE470B079556A7A3F9",
"ssdeep": null,
"size": 129660,
"sha512": "7838b370f694dcd3f23839b2b89ca42fad476696168530e68690055828a0a780cdc3a7403f66c8e58ccacfabe7296063379b16f498ef66ffd50e36475c47b17a",
"pids": [],
"md5": "e7c07892e2a07e81066bccf826324be7"
},
{
"yara": [],
"sha1": "117c992c47cf1967984fe465af27806ff9398318",
"name": "8f03da5796330e1b_4FA5EE242D6F5B358CE45D291E80054726F198AC",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4FA5EE242D6F5B358CE45D291E80054726F198AC",
"type": "data",
"sha256": "8f03da5796330e1b30ed7b3c01ea676f3bd81a0d10132dca73b6e06629501406",
"urls": [
"https:\/\/www.google.com\/complete\/search?client=firefox"
],
"crc32": "5D73BFB7",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/8f03da5796330e1b_4FA5EE242D6F5B358CE45D291E80054726F198AC",
"ssdeep": null,
"size": 7005,
"sha512": "dc9cde57ada1e9aa6d409ad29a6bdac5c9dd0800c4d26d1927508affb45d6ff6044d9ef52aa805ef250a3eef8b12ae36c097cee1ac1fbf5e4c4234ead1887b47",
"pids": [],
"md5": "b1daf1a526a69d77874149ddfec2d219"
},
{
"yara": [],
"sha1": "f08ab2f3eb0928ce76fd27e73ddd1a3cfa9551a9",
"name": "2644ccde1c80f7eb_AAyI7qy[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\AAyI7qy[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 311x333, frames 3",
"sha256": "2644ccde1c80f7ebfde11ffdb7dddab4d034eca2f9d0afbb6547cfa4414b3af7",
"urls": [],
"crc32": "71000DB5",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/2644ccde1c80f7eb_AAyI7qy[1].jpg",
"ssdeep": null,
"size": 9046,
"sha512": "a237bc20d5601538ecce118231baa4b6f7bf5e10e2b41edf30c8ea42c5c2cda43bea584e76050fe47ed83e0f686913f31db4aa202a27bb79c2dce5c8da4e8fb9",
"pids": [],
"md5": "7890055bd2d84cb58e1bb2ed71795dac"
},
{
"yara": [],
"sha1": "c83b43a0e4f25c98d208b7b95c7218b84b196937",
"name": "55f43a10f7209ed0_88A3A91F296EB21A832CB76FA4FDB06CCDE147B9",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\88A3A91F296EB21A832CB76FA4FDB06CCDE147B9",
"type": "data",
"sha256": "55f43a10f7209ed06f73f9281b9490df44efaceebf79db0a432780159d201a0f",
"urls": [
"https:\/\/www.google.com\/gen_204?atyp=csi"
],
"crc32": "598D9D3F",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/55f43a10f7209ed0_88A3A91F296EB21A832CB76FA4FDB06CCDE147B9",
"ssdeep": null,
"size": 7066,
"sha512": "5317780f4a5222351955b3fc509028e7dde7177e599f83802333bd9574faba5b68b68f6e6f0ccd7accc851d9c55e3fc28bc1282cc27add0448a8352af75f4f1c",
"pids": [],
"md5": "3b3852bf93bc16c204850f4d8af11830"
},
{
"yara": [],
"sha1": "e04554725d25af5e44d8b6aa2c582a6720008710",
"name": "a60491d29d9a0387_BBqpxNn[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\BBqpxNn[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 100x75, frames 3",
"sha256": "a60491d29d9a03878de8bab1444c15ed9bdc4ff4a99bf0c00e0fbb98a8f017b1",
"urls": [],
"crc32": "DA374A33",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/a60491d29d9a0387_BBqpxNn[1].jpg",
"ssdeep": null,
"size": 2870,
"sha512": "0025dc2e9712a44d6c40cae4094035a25272398648ad7b3c5b7c9da3e432b79c77d0ed49134a2ce2938bd073b5a034a2861a440e906ad41f2152946a2771bf82",
"pids": [],
"md5": "06a5bc16613e25c05c9ca4d8bdff04ff"
},
{
"yara": [],
"sha1": "b0f151a5292d4b796668b242bf896fdbb5a24b67",
"name": "042a22b8681d7546_test-unwanted-simple.sbstore",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-unwanted-simple.sbstore",
"type": "data",
"sha256": "042a22b8681d754671d2018ba109b31a53ee3728d48c6379043f8e3394e7fbad",
"urls": [],
"crc32": "7D90B6A7",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/042a22b8681d7546_test-unwanted-simple.sbstore",
"ssdeep": null,
"size": 232,
"sha512": "c09f56e91b41d01375c458a6ccc3fc0cedc18696aec5d7a2520c51905f4d9bc660f3ad28e69d64b3814aeb3279afc686794c986f0fa6212463f3aac850d40019",
"pids": [],
"md5": "a5695cc64d77967232b0c1344c6e72b3"
},
{
"yara": [],
"sha1": "4dc3e997eec8b5653037ea6bd940726312c7bacd",
"name": "3429325f6be28293_thanks[1].htm",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\thanks[1].htm",
"type": "HTML document, UTF-8 Unicode text, with very long lines",
"sha256": "3429325f6be2829344ecd952d979149543061ad96f5aa8467d43b5b9044dabd0",
"urls": [
"https:\/\/www.youtube.com\/firefoxchannel",
"https:\/\/donate.mozilla.org\/en-US\/?presets=50",
"https:\/\/itunes.apple.com\/us\/app\/apple-store\/id989804926?pt=373246",
"https:\/\/download.mozilla.org\/?product=firefox-stub",
"https:\/\/twitter.com\/mozilla",
"https:\/\/bugzilla.mozilla.org\/show_bug.cgi?id=1122305",
"https:\/\/github.com\/mozilla\/bedrock\/tree\/master\/bedrock\/firefox\/templates\/firefox\/new\/scene2.html",
"https:\/\/careers.mozilla.org",
"https:\/\/www.instagram.com\/mozilla\/",
"https:\/\/wiki.mozilla.org\/Webdev\/GetInvolved\/mozilla.org",
"https:\/\/support.mozilla.org\/kb\/firefox-osx",
"https:\/\/support.mozilla.org\/kb\/install-firefox-linux",
"https:\/\/blog.mozilla.org\/",
"https:\/\/ad.doubleclick.net\/ddm\/activity\/src=6417015",
"https:\/\/mozilla.org\/set_hsts.gif",
"https:\/\/www.mozilla.org\/en-US\/firefox\/new\/",
"https:\/\/www.mozilla.org\/contribute",
"https:\/\/play.google.com\/store\/apps\/details?id=cn.mozilla.firefox",
"https:\/\/download.mozilla.org\/?product=firefox-latest-ssl",
"https:\/\/www.mozilla.org\/media\/img\/firefox\/template\/page-image.4b108ed0b8d8.png",
"https:\/\/twitter.com\/firefox",
"https:\/\/play.google.com\/store\/apps\/details?id=org.mozilla.firefox"
],
"crc32": "8FCFE79A",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/3429325f6be28293_thanks[1].htm",
"ssdeep": null,
"size": 28013,
"sha512": "f0425f3868c66e0248b309d27923eda7a05981ca6aa74525369bf688768b2252210f19224f163ddf1f4da11446a420ee0e46a5926641bc5a398c494954d79e7c",
"pids": [],
"md5": "2b80f60712481b147da2a97b53d98e74"
},
{
"yara": [],
"sha1": "c89a584090cc6999797614c6d5a86ba5f948c8cf",
"name": "d8b439309f3cc63c_AA5P5kF[1].png",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\AA5P5kF[1].png",
"type": "PNG image data, 16 x 16, 8-bit\/color RGBA, non-interlaced",
"sha256": "d8b439309f3cc63cf219a455f027eb9a75e5cc8ed83d94aca5e71884854896f5",
"urls": [],
"crc32": "56B49FDD",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/d8b439309f3cc63c_AA5P5kF[1].png",
"ssdeep": null,
"size": 998,
"sha512": "1e8ca180d177fdfb86dde3884976517094c45907b254bc4cd2ce4f1dc00bf76dc8e25f87a91690886e3b35499ddc650c95d943ff66430ac72e1ad662ed0683fb",
"pids": [],
"md5": "a2c09396fd25d0ac5af80fca0900fe7b"
},
{
"yara": [],
"sha1": "705d2e5c9a0170e41b4ce24900dfb78026d8aeae",
"name": "3c0081ae6de8812d_03C2D63D520038594126B6B542E92CB503EF60B6",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\03C2D63D520038594126B6B542E92CB503EF60B6",
"type": "data",
"sha256": "3c0081ae6de8812d5cf3ccd93eb021924a73e4d0126944d235f44837dfd920bd",
"urls": [
"https:\/\/www.google.com",
"https:\/\/www.google.se\/domainless\/read?igu=1"
],
"crc32": "0EECA1F9",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/3c0081ae6de8812d_03C2D63D520038594126B6B542E92CB503EF60B6",
"ssdeep": null,
"size": 7949,
"sha512": "cd71e8398aa6ffd36592ed6d47f2416e3df375010f056752c6e706a2f9f15ef9fa69de2d7a647fb117eb924941b291e9a8f53d02bf243e899d97d514bef06d36",
"pids": [],
"md5": "490a76b68003796df0799a219913aa1c"
},
{
"yara": [],
"sha1": "68259f1e2ceb9207ee608f95500cdac6c044da58",
"name": "7e5413647c4baecb_AAyD6MB[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\AAyD6MB[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 100x75, frames 3",
"sha256": "7e5413647c4baecb688e0499134a6af971ccb491d142146180b4faa0b7b87a57",
"urls": [],
"crc32": "1546A427",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/7e5413647c4baecb_AAyD6MB[1].jpg",
"ssdeep": null,
"size": 2285,
"sha512": "b045ba650b8f2703df180e132dd5acdbe3a8a36a1e789379ce2911d24b8b97a30cb332ae4d27a808954b2d1fb74eedd208ba98a767b6a28f6a3e576c272f35cc",
"pids": [],
"md5": "3c15bf7273e1481352b66577f2db160f"
},
{
"yara": [],
"sha1": "52d3a5237f67ad11bf1d632cd7109e20cec385fb",
"name": "793eb3f85edd8f62_8366CD083751DA973B30F80B11D910A45A6D920D",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\8366CD083751DA973B30F80B11D910A45A6D920D",
"type": "gzip compressed data, from FAT filesystem (MS-DOS, OS\/2, NT)",
"sha256": "793eb3f85edd8f62c96bc9de5166f2db2e7342b37e1e42e580ee420b7ab416cf",
"urls": [
"https:\/\/twitter.com",
"https:\/\/ton.twimg.com\/tfw\/css\/syndication_bundle_v1_b6ca60da9b93228ca492958b7d1b0b6a37402f5e.css"
],
"crc32": "EC2473DE",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/793eb3f85edd8f62_8366CD083751DA973B30F80B11D910A45A6D920D",
"ssdeep": null,
"size": 16142,
"sha512": "8eca7fd62e9031aa8ee25cd3e786f479cce81d5c2fc4d693328577495accfe32c3ba8bda18893ed0f453e1a681882ef3d176883e638180fed0bf32a6e0b4b635",
"pids": [],
"md5": "8672a9480c4cda87e227f282dac99baf"
},
{
"yara": [],
"sha1": "413790eb2232b693872c0e7c7495292a9e87f99e",
"name": "c49fe774bd839ad0_2DDBF58F5F7BF1E52CD38B42B90ABC8A4B082461",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2DDBF58F5F7BF1E52CD38B42B90ABC8A4B082461",
"type": "data",
"sha256": "c49fe774bd839ad04ac47a6b18d3edc2073d97793ef10d05206eec2ddb4b5cdf",
"urls": [
"https:\/\/python.org\/"
],
"crc32": "29A3681D",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/c49fe774bd839ad0_2DDBF58F5F7BF1E52CD38B42B90ABC8A4B082461",
"ssdeep": null,
"size": 97,
"sha512": "70380b7842e28af76fbfbeffd07192acfb76adca32aa67d1c57d52e422e8403e7018531ea2405ac7a28df3b7cf4a211b38a56095e7e0bdb273556cef615ec80d",
"pids": [],
"md5": "7cd262b486cd8fe0e3cc3b79425f5214"
},
{
"yara": [],
"sha1": "06cdfdb2e9a42b01b1bb794263e96fa13edd61fe",
"name": "0c7ff694bf565b7f_F2BD0701B9399ABF52C338C39C42391FD12832D2",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F2BD0701B9399ABF52C338C39C42391FD12832D2",
"type": "Web Open Font Format, flavor 65536, length 29105, version 0.0",
"sha256": "0c7ff694bf565b7fccb55e99295b5776043d53d732e578e205983858e6b9e629",
"urls": [
"https:\/\/www.python.org\/static\/fonts\/FluxBold.woff"
],
"crc32": "FCE4A85B",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/0c7ff694bf565b7f_F2BD0701B9399ABF52C338C39C42391FD12832D2",
"ssdeep": null,
"size": 39261,
"sha512": "b2541674573acb9158797cac160e47e081dcbefb591c2ab29a96e7b14d33c0997b3283809690d9a971ac148cad6e66af9d9754428f9ea790c5514a3eee428b32",
"pids": [],
"md5": "74ed9f60bea5762a0e807dfaac00e6b4"
},
{
"yara": [],
"sha1": "d69c94e7219bd7702253fc4282ee761d775a22c0",
"name": "922c12d8030983c3_startupCache.4.little",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\startupCache.4.little",
"type": "Zip archive data, at least v2.0 to extract",
"sha256": "922c12d8030983c34025a0ced50e93cb252a06cc84b3cecdfddda69e714eda61",
"urls": [],
"crc32": "9D61D940",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/922c12d8030983c3_startupCache.4.little",
"ssdeep": null,
"size": 3894231,
"sha512": "151b0d4175eb694b8738d1b8e897b119876d94a30665525c611270961e045ff526c89940b2b758ebfd5fe2df464c13d46b21a1c640d555ec312ae5702fcfd987",
"pids": [],
"md5": "e380ede3cf6662d77a889d36b679d695"
},
{
"yara": [],
"sha1": "34a0fd4b1c5e54c811771c203c76aa0251e405e3",
"name": "463f99c55edbab7a_2E51A9404F7D0D33DB132CAF4A9C7B8FA64549AA",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2E51A9404F7D0D33DB132CAF4A9C7B8FA64549AA",
"type": "data",
"sha256": "463f99c55edbab7a6934e05b1aaedd4e93b24ac14b9e74375f1b74e802bafa33",
"urls": [
"https:\/\/www.google.com\/gen_204?atyp=i"
],
"crc32": "6F5F68E7",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/463f99c55edbab7a_2E51A9404F7D0D33DB132CAF4A9C7B8FA64549AA",
"ssdeep": null,
"size": 6894,
"sha512": "92b3234d0e5e82c375e666399a82c88e44316cf95622221b08ff337e9149161671e7957a28fdb5d36902dcefcfb9028501c06c9704eb70343413a921b29f7440",
"pids": [],
"md5": "9cf81cd1b7618cced43583df9d96d6c6"
},
{
"yara": [],
"sha1": "4dc96d30df220103e42094620a2604e394846034",
"name": "2113da9cf59d63ba_6C9B846926C287B15F67D64CE91F1CFA7D812660",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\6C9B846926C287B15F67D64CE91F1CFA7D812660",
"type": "PNG image data, 167 x 410, 8-bit\/color RGBA, non-interlaced",
"sha256": "2113da9cf59d63ba007c95b1f9008e2ae7536def00d3b125582b03213d05fc95",
"urls": [
"https:\/\/www.google.com\/images\/nav_logo242.png"
],
"crc32": "AF53F1D1",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/2113da9cf59d63ba_6C9B846926C287B15F67D64CE91F1CFA7D812660",
"ssdeep": null,
"size": 23660,
"sha512": "3f9b1ada29dff712bd4818cde0f2cc0fb7a4432f5914dadbd5ffe2fea69a0174c81b2d9747568e768249c8c1b4ed4771a9a8751bf28d5504000217ddc892d744",
"pids": [],
"md5": "b5baab14f13fc4bb6d5dd2946a646d80"
},
{
"yara": [],
"sha1": "bcbd231c98e9ed97b8e02e1fc2bff8fe278cee4b",
"name": "88fe6868ce396bd4_BBru1ZR[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\BBru1ZR[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x194, frames 3",
"sha256": "88fe6868ce396bd45e30a1cc3ec835bbb7e0906ee915e2d90670bee384fd9877",
"urls": [],
"crc32": "F749FB01",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/88fe6868ce396bd4_BBru1ZR[1].jpg",
"ssdeep": null,
"size": 13037,
"sha512": "65d31a33739b40883fa448d618eff4ea3a32badc9e557e1f9e238e6d6e103abab6b8ce4be301be710b2c03bea289dbfe3a2c1df32ecc72cc36ff95f97f5df971",
"pids": [],
"md5": "1df24879ce62f12572fb865a0e3621e1"
},
{
"yara": [],
"sha1": "f7e589fc5974b3f8901cbd76ed1705cd4d7f53e1",
"name": "488114873d401216_AAyFB3T[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\AAyFB3T[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x194, frames 3",
"sha256": "488114873d401216d792599423ac285044549eecc7f61a7d2aaf5dede1503453",
"urls": [],
"crc32": "4D6773D9",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/488114873d401216_AAyFB3T[1].jpg",
"ssdeep": null,
"size": 14588,
"sha512": "0c40d746eb00c0e6cda2508fb04423c37215a91e15e2e8c316d577dd4016dea9152ac840c0c42223bf30d2774796dcd89c61998fbfd173d64546f9d64f6968b4",
"pids": [],
"md5": "5912eee2cec2a85864926888f56838ff"
},
{
"yara": [],
"sha1": "3e0050f2d5cb1bc850e59c4058383ac7dbb76b08",
"name": "b407093b86befa70_C664ABAE6A070392F60C7BFF721450AA0CF7DBA0",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\C664ABAE6A070392F60C7BFF721450AA0CF7DBA0",
"type": "data",
"sha256": "b407093b86befa70ed00ba6ccb4202b22504e6174b4296ee5374de03392ef8f6",
"urls": [
"https:\/\/www.mozilla.org\/en-US\/firefox\/stub_attribution_code\/?referrer=",
"https:\/\/report-uri.cloudflare.com\/cdn-cgi\/beacon\/expect-ct"
],
"crc32": "2712E175",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/b407093b86befa70_C664ABAE6A070392F60C7BFF721450AA0CF7DBA0",
"ssdeep": null,
"size": 12866,
"sha512": "dd8a82390ad00486ec3ab026f7f44aab02548ef313faa78124f9de0d559d6233e98d78c7bb13bc2dd540564ca949c862106fc87f3bc654d1aed8e29cbe698abb",
"pids": [],
"md5": "e1c19db19a2e043d27bde7e94f1aeacb"
},
{
"yara": [],
"sha1": "591e8907e714cf3abb40b2f134c36b6457521e23",
"name": "0cbd18beabf0af6b_BB5SfLo[1].png",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\BB5SfLo[1].png",
"type": "PNG image data, 16 x 16, 8-bit\/color RGBA, non-interlaced",
"sha256": "0cbd18beabf0af6b73df211aea892c8933b9055b67f0301323b45ad7cc6222e5",
"urls": [],
"crc32": "536AC0FD",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/0cbd18beabf0af6b_BB5SfLo[1].png",
"ssdeep": null,
"size": 790,
"sha512": "6004701e62fa85643d6d52b3c3fc3fd3ac04d75e890a69cbc65f3be2f15b54ad512a92cd61adb27868b0f6eefb30012dd046737f915b99c9c65ff76a3de289ca",
"pids": [],
"md5": "d9a2337767eba62aa1b37e581d589ade"
},
{
"yara": [],
"sha1": "00eaeb828362fd8277f7379ef35f42e5da7741da",
"name": "87d04bb1cc5f7f2b_BF13DDDC114B55CF8532A4CD90403A99233AEC0E",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\BF13DDDC114B55CF8532A4CD90403A99233AEC0E",
"type": "gzip compressed data, max compression",
"sha256": "87d04bb1cc5f7f2b1467798796dc0228f0fe498c8940fabe6dfbe90e96a44ab4",
"urls": [
"https:\/\/www.google.com\/images\/branding\/product\/ico\/googleg_lodp.ico"
],
"crc32": "CC98CEB0",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/87d04bb1cc5f7f2b_BF13DDDC114B55CF8532A4CD90403A99233AEC0E",
"ssdeep": null,
"size": 8473,
"sha512": "2310d9150e941100ef02b5e42009432e223af2391c778dbbd19cb33842468b1b68d628d67585364ffc9e7a4d72113b6934f8410502b931b11ef8f589c16b9211",
"pids": [],
"md5": "eeb805f2e6a7d7ff022bb1aa7e661d5a"
},
{
"yara": [],
"sha1": "72e9d116acf5f41601db87428521053448f7cd56",
"name": "6dc3cc33317bc081_8763F97414AC5D93807FCCBC67DBAAAEE2972A52",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\8763F97414AC5D93807FCCBC67DBAAAEE2972A52",
"type": "data",
"sha256": "6dc3cc33317bc0815ed105d7312df9b6f91c3d33524c4910b5c3f0e7938cbf5f",
"urls": [
"http:\/\/ocsp.digicert.com\/"
],
"crc32": "02D74F67",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/6dc3cc33317bc081_8763F97414AC5D93807FCCBC67DBAAAEE2972A52",
"ssdeep": null,
"size": 1304,
"sha512": "2bdc9b3b00feab27846d356c51af815c90b63a7780cc5752e867ea9b1c4ab858f1b9830e67fac8447a191e86760f7452e01dfb87da73afea81b7bd86095f70af",
"pids": [],
"md5": "d63a4014d14d4978eefdce19b4683adc"
},
{
"yara": [],
"sha1": "5fc94f5f2f2f7e480380c800e1904a212f916063",
"name": "a02bc5561fcd5788_E910D1FCE8BF27F5536B88567A4DC32624377CC3",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\E910D1FCE8BF27F5536B88567A4DC32624377CC3",
"type": "data",
"sha256": "a02bc5561fcd57887e500d1e30a0564b08a778b362158e2c67446550af9a8e28",
"urls": [
"https:\/\/support.mozilla.org\/kb\/advanced-settings-browsing-network-updates-encryption",
"https:\/\/www.mozilla.org\/zh-CN\/privacy\/firefox\/",
"https:\/\/www.mozilla.org\/media\/js\/BUNDLES\/common.945cfb8770ab.js",
"https:\/\/report-uri.cloudflare.com\/cdn-cgi\/beacon\/expect-ct",
"https:\/\/support.mozilla.org\/kb\/firefox-osx",
"https:\/\/www.google.com\/privacy\/lsf.html",
"https:\/\/www.mozilla.org\/ro\/privacy\/firefox\/",
"https:\/\/hacks.mozilla.org\/?utm_source=www.mozilla.org",
"https:\/\/www.mozilla.org\/cs\/privacy\/firefox\/",
"https:\/\/mozilla.org\/set_hsts.gif",
"https:\/\/www.mozilla.org\/media\/img\/logos\/social\/social-icon-sprite.bf2ae0cd0f01.svg",
"https:\/\/www.google.com\/policies\/privacy\/",
"https:\/\/support.mozilla.org\/kb\/how-stop-firefox-making-automatic-connections",
"https:\/\/www.mozilla.org\/hr\/privacy\/firefox\/",
"https:\/\/support.mozilla.org\/kb\/install-firefox-linux",
"https:\/\/www.mozilla.org\/media\/img\/mozorg\/mozilla-256.4720741d4108.jpg",
"https:\/\/www.mozilla.org\/es-ES\/privacy\/firefox\/",
"https:\/\/support.mozilla.org\/kb\/secure-website-certificate",
"https:\/\/addons.mozilla.org\/firefox\/?utm_source=www.mozilla.org",
"https:\/\/www.mozilla.org\/media\/fonts\/opensans-regular.668362de763a.woff2",
"https:\/\/www.mozilla.org\/pl\/privacy\/firefox\/",
"https:\/\/support.mozilla.org\/kb\/use-popular-search-suggestions-firefox-search-bar",
"https:\/\/www.mozilla.org\/ta\/privacy\/firefox\/",
"https:\/\/support.mozilla.org\/kb\/how-stop-firefox-automatically-making-connections",
"https:\/\/www.mozilla.org\/fr\/privacy\/firefox\/",
"https:\/\/www.youtube.com\/firefoxchannel",
"https:\/\/support.mozilla.org\/kb\/how-do-i-set-sync-my-computer",
"https:\/\/www.mozilla.org\/media\/js\/BUNDLES\/firefox-update-notification.de3e9caf3097.js",
"https:\/\/www.mozilla.org\/media\/img\/privacy\/arrowhead-up-16.7aa7b4730363.svg",
"https:\/\/www.mozilla.org\/en-US\/privacy\/firefox\/",
"https:\/\/firefox-source-docs.mozilla.org\/mobile\/android\/fennec\/adjust.html",
"https:\/\/developer.mozilla.org\/?utm_source=www.mozilla.org",
"https:\/\/www.googletagmanager.com\/gtm.js?id=GTM-MW3R8V",
"https:\/\/www.mozilla.org\/el\/privacy\/firefox\/",
"https:\/\/www.marketingcloud.com\/privacy-policy\/website-privacy-statement\/",
"https:\/\/support.mozilla.org\/kb\/change-your-default-search-settings-firefox",
"https:\/\/www.google-analytics.com\/analytics.js",
"https:\/\/wiki.mozilla.org\/Webdev\/GetInvolved\/mozilla.org",
"https:\/\/www.leanplum.com\/privacy\/",
"https:\/\/twitter.com\/mozilla",
"https:\/\/www.mozilla.org\/media\/img\/pebbles\/moz-wordmark-light-reverse.cb1bdf6d1de6.svg",
"https:\/\/games.mozilla.org\/?utm_source=www.mozilla.org",
"https:\/\/github.com\/mozilla-mobile\/firefox-ios\/wiki\/Telemetry",
"https:\/\/firefox-source-docs.mozilla.org\/mobile\/android\/fennec\/index.html",
"https:\/\/firefox-source-docs.mozilla.org\/toolkit\/components\/telemetry\/telemetry\/index.html",
"https:\/\/blog.mozilla.org\/",
"https:\/\/support.mozilla.org\/kb\/desktop-privacy",
"https:\/\/support.mozilla.org\/kb\/send-anonymous-usage-data-firefox-mobile-devices",
"https:\/\/www.mozilla.org\/media\/js\/BUNDLES\/gtm-snippet.9f9cf2026c5f.js",
"https:\/\/abouthome-snippets-service.readthedocs.io\/en\/latest\/data_collection.html",
"https:\/\/blog.mozilla.org\/firefox\/?utm_source=www.mozilla.org",
"https:\/\/research.mozilla.org\/?utm_source=www.mozilla.org",
"https:\/\/www.mozilla.org\/media\/fonts\/opensans-bold.5cf854f3d1c0.woff2",
"https:\/\/firefox-source-docs.mozilla.org\/mobile\/android\/fennec\/mma.html",
"https:\/\/download.mozilla.org\/?product=firefox-latest-ssl",
"https:\/\/www.mozilla.org\/media\/js\/BUNDLES\/stub-attribution.157168bbb235.js",
"https:\/\/www.mozilla.org\/bn-IN\/privacy\/firefox\/",
"https:\/\/firefox-source-docs.mozilla.org\/toolkit\/components\/telemetry\/telemetry\/data\/environment.html",
"https:\/\/www.mozilla.org\/media\/css\/BUNDLES\/privacy_quantum.eec7721f2d86.css",
"https:\/\/www.google-analytics.com\/plugins\/ua\/linkid.js",
"https:\/\/www.mozilla.org\/mk\/privacy\/firefox\/",
"https:\/\/donate.mozilla.org\/en-US\/?presets=50",
"https:\/\/www.mozilla.org\/bn-BD\/privacy\/firefox\/",
"https:\/\/itunes.apple.com\/us\/app\/apple-store\/id989804926?pt=373246",
"https:\/\/download.mozilla.org\/?product=firefox-stub",
"https:\/\/blog.mozilla.org\/?utm_source=www.mozilla.org",
"https:\/\/bugzilla.mozilla.org\/show_bug.cgi?id=1122305",
"https:\/\/www.mozilla.org\/media\/img\/favicon\/favicon-196x196.c80e6abe0767.png",
"https:\/\/github.com\/mozilla\/fxa-auth-server\/blob\/master\/docs\/metrics-events.md",
"https:\/\/www.mozilla.org\/media\/img\/nav\/subnav-expand.023729cb5b3a.svg",
"https:\/\/github.com\/mozilla\/bedrock\/tree\/master\/bedrock\/privacy\/templates\/privacy\/notices\/firefox-quantum.html",
"https:\/\/wiki.mozilla.org\/Firefox\/Screenshots\/FAQs",
"https:\/\/www.mozilla.org\/id\/privacy\/firefox\/",
"https:\/\/www.mozilla.org\/zh-TW\/privacy\/firefox\/",
"https:\/\/www.mozilla.org\/it\/privacy\/firefox\/",
"https:\/\/vr.mozilla.org\/?utm_source=www.mozilla.org",
"https:\/\/www.mozilla.org\/media\/img\/privacy\/privacy-header.f4fcc601faeb.png",
"https:\/\/github.com\/mozilla-services\/screenshots\/blob\/master\/docs\/METRICS.md",
"https:\/\/support.mozilla.org\/kb\/how-does-phishing-and-malware-protection-work",
"https:\/\/support.mozilla.org\/?utm_source=www.mozilla.org",
"https:\/\/play.google.com\/store\/apps\/details?id=org.mozilla.firefox",
"https:\/\/www.mozilla.org\/media\/img\/privacy\/arrowhead-down-16.a9ade046c8d5.svg",
"https:\/\/support.mozilla.org\/kb\/how-do-i-delete-my-firefox-account",
"https:\/\/www.mozilla.org\/hu\/privacy\/firefox\/",
"https:\/\/www.instagram.com\/mozilla\/",
"https:\/\/help.getpocket.com\/article\/1142-firefox-new-tab-recommendations",
"https:\/\/www.mozilla.org\/ja\/privacy\/firefox\/",
"https:\/\/www.mozilla.org\/de\/privacy\/firefox\/",
"https:\/\/www.mozilla.org\/pt-BR\/privacy\/firefox\/",
"https:\/\/firefox-source-docs.mozilla.org\/toolkit\/crashreporter\/crashreporter\/index.html",
"https:\/\/www.adjust.com\/privacy_policy\/",
"https:\/\/www.mozilla.org\/media\/js\/BUNDLES\/site.8391e739b374.js",
"https:\/\/careers.mozilla.org\/?utm_source=www.mozilla.org",
"https:\/\/support.mozilla.org\/kb\/push-notifications-firefox",
"https:\/\/mozilla-push-service.readthedocs.io\/en\/latest\/",
"https:\/\/www.mozilla.org\/media\/img\/logos\/firefox\/logo-quantum.9c5e96634f92.png",
"https:\/\/careers.mozilla.org",
"https:\/\/www.mozilla.org\/ru\/privacy\/firefox\/",
"https:\/\/www.mozilla.org\/media\/js\/BUNDLES\/privacy_quantum_firefox.39f7169f2efb.js",
"https:\/\/www.mozilla.org\/sr\/privacy\/firefox\/",
"https:\/\/support.mozilla.org\/kb\/send-performance-data-improve-firefox",
"https:\/\/www.mozilla.org\/hi\/privacy\/firefox\/",
"https:\/\/moz-services-docs.readthedocs.io\/en\/latest\/sync\/",
"https:\/\/firefox-source-docs.mozilla.org\/toolkit\/components\/telemetry\/telemetry\/data\/sync-ping.html",
"https:\/\/www.mozilla.org\/media\/css\/BUNDLES\/pebbles.03d45fb8fff9.css",
"https:\/\/github.com\/mozilla-mobile\/firefox-ios\/blob\/master\/MMA.md",
"https:\/\/twitter.com\/firefox",
"https:\/\/support.mozilla.org\/kb\/access-mozilla-services-firefox-accounts",
"https:\/\/www.mozilla.org\/contribute",
"https:\/\/getpocket.com\/?utm_source=www.mozilla.org",
"http:\/\/schema.org\/Article",
"https:\/\/www.mozilla.org\/es-MX\/privacy\/firefox\/"
],
"crc32": "215C0715",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/a02bc5561fcd5788_E910D1FCE8BF27F5536B88567A4DC32624377CC3",
"ssdeep": null,
"size": 73583,
"sha512": "94e525a4267784de4616e0ed3e8f2390b329be14ffb173d4c609c98d8cce3a8174a78d4c1abee15ca1c381d9fc52dec0fadcb2012042e5f131579d41c3441832",
"pids": [],
"md5": "e271ccf39bfeb3d67211fd445c829466"
},
{
"yara": [],
"sha1": "836d750e13fd444c16b15f1989091f3313bc9a5b",
"name": "0960572134837130_3105ECE5A1F29E3F4D2F5EDF3C6DC5FE4443FD4A",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\3105ECE5A1F29E3F4D2F5EDF3C6DC5FE4443FD4A",
"type": "data",
"sha256": "0960572134837130e56ba577e3744729abba2d2d14eb4788126f9b13caabedd6",
"urls": [
"http:\/\/ocsp.pki.goog\/GTSGIAG3"
],
"crc32": "45E50514",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/0960572134837130_3105ECE5A1F29E3F4D2F5EDF3C6DC5FE4443FD4A",
"ssdeep": null,
"size": 1152,
"sha512": "32b88808b6d18623a81571b1bfd301f9539143cc025e79472a41b3778fda333575f66213c2b1bdea7bb79a33102aa5c279181fd27cb271f97ce8d120e1e6f7fa",
"pids": [],
"md5": "1aea49544874626b44d68cd8d3578e6c"
},
{
"yara": [],
"sha1": "6cdaf6d3b97fed560b13121da4b084614e1d64eb",
"name": "03c46bed56cf7a63_5DE23E815D1A97B1F4BEA115D8FEE9A592A6F071",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\5DE23E815D1A97B1F4BEA115D8FEE9A592A6F071",
"type": "gzip compressed data, from FAT filesystem (MS-DOS, OS\/2, NT)",
"sha256": "03c46bed56cf7a6357fda0a9b4dfbd5bd5968e9896e22cf91ab1b4fa0635edec",
"urls": [
"https:\/\/www.google.com\/xjs\/_\/js\/k=xjs.s.sv.3oxjWSK98FA.O\/m=sx"
],
"crc32": "EC025A28",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/03c46bed56cf7a63_5DE23E815D1A97B1F4BEA115D8FEE9A592A6F071",
"ssdeep": null,
"size": 149505,
"sha512": "c0ecdafe7a26df96460079ded22d22bf2fd2519f79389b73ee32621d1e771951f86aba2c492b38886d46e4cee1b5092485af43b7ca5e885f002bd8e456087bee",
"pids": [],
"md5": "2a85d93c74139363e99c0941f09a9ea1"
},
{
"yara": [],
"sha1": "40d65d73bb4468dd65ed57343cfa4b8cd0acd808",
"name": "2d055d4efcbbd563_AAyH0lB[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\AAyH0lB[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 100x75, frames 3",
"sha256": "2d055d4efcbbd56394ca14e8b8056d1b1e918526771c52749ac9bd99930847b1",
"urls": [],
"crc32": "35F110A2",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/2d055d4efcbbd563_AAyH0lB[1].jpg",
"ssdeep": null,
"size": 1750,
"sha512": "a049f0cac0d4320986d05bfdfba3475000b93c85a5f98fbc32c4affb7033da32d757522c465e6f17161a9e8ba2869f219594dc2baba9d26b56626b541f8e9d89",
"pids": [],
"md5": "cc37d936415f853608675e1eedfcb37f"
},
{
"yara": [],
"sha1": "4da1cc69ea6a8021db8e3cab5a02d9772f09bce5",
"name": "09c46d66f9dc8c36_cuck@www.bing[1].txt",
"filepath": "C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\cuck@www.bing[1].txt",
"type": "ASCII text",
"sha256": "09c46d66f9dc8c369ee5bfaa36aaa8ee0818e68678229c7dc498bcc5ddd1f718",
"urls": [],
"crc32": "F6C19FF9",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/09c46d66f9dc8c36_cuck@www.bing[1].txt",
"ssdeep": null,
"size": 100,
"sha512": "1ff2cf764f1d1d31c5ad389a532c35260b661603c3ad444ab9aba02dd46b3d159efadcb66153458a5bf5803f6859618c882637fe8af2491360dd24681051c148",
"pids": [],
"md5": "f3660c6d1f94bc8ee8c598a88214d272"
},
{
"yara": [],
"sha1": "a8f006e110aa9bd08a71c33e7b7c189bd4bc8935",
"name": "c82fe96f619df032_common-ie8.1a18bf9598c9[1].js",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\common-ie8.1a18bf9598c9[1].js",
"type": "ASCII text, with very long lines, with no line terminators",
"sha256": "c82fe96f619df032189e56ab6b7937fbfe65cf46cf2ca147526ddc04856a5839",
"urls": [
"https:\/\/www.youtube"
],
"crc32": "27643461",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/c82fe96f619df032_common-ie8.1a18bf9598c9[1].js",
"ssdeep": null,
"size": 104418,
"sha512": "ab08188e01384f6d8fbf7f52e8e76c77188044d7accc39e8fb017268f96da7582fbd50d0285cb4a3f91bdab9cda72a8c9b4008a4b3d1720ce4586689b7fe0b71",
"pids": [],
"md5": "1a18bf9598c9a4feb7487b0f6c5a926b"
},
{
"yara": [],
"sha1": "5549cfc87d53b2236e528e1f6546e825ff521213",
"name": "e47ac75dfe2ece2b_BBKtzto[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\BBKtzto[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 100x75, frames 3",
"sha256": "e47ac75dfe2ece2b4f75550334ea5e91cf2d1820e2cd164a534cfb2007c89daf",
"urls": [],
"crc32": "1411654D",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/e47ac75dfe2ece2b_BBKtzto[1].jpg",
"ssdeep": null,
"size": 1256,
"sha512": "6ae088e191dbb98d51ef845f033ed79847ae87247334227f7d3c5e363019d002890023e7f9f63e9c0384f73fb30a914a9559fdd68fb92e668439188a01ad0c7e",
"pids": [],
"md5": "b0cec2b824b95dc61b0bdda5c1e99894"
},
{
"yara": [],
"sha1": "c10b226c6a8f4472e12043dfe57e03a962e5deca",
"name": "efc854582e97d686_BBHs1Sb[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\BBHs1Sb[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 300x194, frames 3",
"sha256": "efc854582e97d68691bd643aaeb554b4c9612def8ce7932a52ad0b7cfe256bfa",
"urls": [],
"crc32": "BAF8842E",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/efc854582e97d686_BBHs1Sb[1].jpg",
"ssdeep": null,
"size": 10410,
"sha512": "4ab91eba4944db1f0d6cff6dd28c4cad223480e1a3bd50de17e80df9e9348d2a8a0dc9a8c6b61bbeb8f6969ce943d79e6f82618bd1b9ecfae012f0f70d581699",
"pids": [],
"md5": "96e745e2955944698f52a217b643a7c3"
},
{
"yara": [],
"sha1": "331ed5bf4df76c43eb5333dd7b4700c394d6b5f2",
"name": "cb95cdff756be616_ad5a4453bea49203135688a7b8db842d.png",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\thumbnails\\ad5a4453bea49203135688a7b8db842d.png",
"type": "PNG image data, 448 x 235, 8-bit\/color RGBA, non-interlaced",
"sha256": "cb95cdff756be616be7eee9ed5bbba3181edc938e04388ede5b26f717643c2dd",
"urls": [],
"crc32": "10FAA85E",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/cb95cdff756be616_ad5a4453bea49203135688a7b8db842d.png",
"ssdeep": null,
"size": 89717,
"sha512": "69042143013c4c352d2f7722f5a1d8c8317977f4f3c8eefd9aec042828025bfc51bf2e5d6bd3fd1ba71fd792ef1bbd5c7dc073191652f545d5c95f6f970c7c83",
"pids": [],
"md5": "5c5ed1f7fe4ffafe1e9667355b096d9d"
},
{
"yara": [],
"sha1": "e5009675b4abe35a2c58cfd7c714ccec5c613db3",
"name": "09e8b647b4acdd47_AAni8qk[1].png",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\AAni8qk[1].png",
"type": "PNG image data, 16 x 16, 8-bit\/color RGBA, non-interlaced",
"sha256": "09e8b647b4acdd47714f4229c38bab65ddf5fe1f85839c093caf39a347bb29c6",
"urls": [],
"crc32": "E1BF05AC",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/09e8b647b4acdd47_AAni8qk[1].png",
"ssdeep": null,
"size": 913,
"sha512": "664a4f54466b12aa492da8855660970afd87a1a4ff9549c4528ece1c45f9a3b5b002106daa9d2511f049c5a98184e8911add5a9f35dd8eff0a6a5e9d5902b390",
"pids": [],
"md5": "2a1b22823103e09a4af2cc5ea329c251"
},
{
"yara": [],
"sha1": "8b5317780ffcdd08ea9cd498f1c0cadda4f9627f",
"name": "76e96b46fe01ff23_75E50D054B90189E74DAB0C86F5E8680BE580C29",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\75E50D054B90189E74DAB0C86F5E8680BE580C29",
"type": "data",
"sha256": "76e96b46fe01ff232f3fcd3d1f7211e62a0cc6199e0fd07f69e2bf6d352ce185",
"urls": [
"https:\/\/www.python.org",
"https:\/\/status.python.org",
"https:\/\/2p66nmmycsj3.statuspage.io\/api\/v2\/status.json"
],
"crc32": "A001F68E",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/76e96b46fe01ff23_75E50D054B90189E74DAB0C86F5E8680BE580C29",
"ssdeep": null,
"size": 9930,
"sha512": "ed515ebc51904aea00789d6e765f6a1b19a0c8a7d6dbe1ee5bd092e46621575b78254e53e5a640b5a4bd4414257a625e4b70db04d79a07d89fc54918d56d7938",
"pids": [],
"md5": "0f7658846918d5dd2acd9f6d9b736163"
},
{
"yara": [],
"sha1": "cc0d6df74758a4518030a984e0a75e79878db465",
"name": "a04b3a6550845601_B2D65EE14ED1EB19E1A3B4C871D8C24A13F52918",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B2D65EE14ED1EB19E1A3B4C871D8C24A13F52918",
"type": "data",
"sha256": "a04b3a655084560159357869d312ec54cdf1924ea8895af887f4c830b1e284f1",
"urls": [
"https:\/\/syndication.twitter.com\/"
],
"crc32": "52B82B14",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/a04b3a6550845601_B2D65EE14ED1EB19E1A3B4C871D8C24A13F52918",
"ssdeep": null,
"size": 110,
"sha512": "eea03cbd257b08bb2893e7e7572aeca0d02f319e2669ed307131a9af9b5c69628b272feeaab437792d205cd8517f4ee5a054080d47a4e1ba68dabc4e0391fc86",
"pids": [],
"md5": "2f77ffc2283f09e76e2a352c459fb92a"
},
{
"yara": [],
"sha1": "3c0659e9507e9772ab42c80fa52fc7c82abb799e",
"name": "d80fab1719746447_C03DE41C9476F437402F1B6C64B0E4AB01A863E0",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\C03DE41C9476F437402F1B6C64B0E4AB01A863E0",
"type": "gzip compressed data, from Unix",
"sha256": "d80fab1719746447473c312b2bbcbe31575e548f8c96a6f81e2a3b9cc5f63cd5",
"urls": [
"https:\/\/accounts.firefox.com",
"https:\/\/accounts-static.cdn.mozilla.net\/styles\/4b9df841.main.css"
],
"crc32": "0E2DA1B7",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/d80fab1719746447_C03DE41C9476F437402F1B6C64B0E4AB01A863E0",
"ssdeep": null,
"size": 26080,
"sha512": "6d28e6923f92cb509a9a252750eff300a1c4580aaa2ed914ce460fa706ac1a344922f3d8aa6c93c11192c5da2f295810e0814eeed9f9d80670c1f837a2183463",
"pids": [],
"md5": "2ded568b69ac9bc70df153032b12b463"
},
{
"yara": [],
"sha1": "f88487f5b00f2370a4f5a5e3c4f67ce66083e93f",
"name": "d973a6f7c106c16c_12C5797F729FEAC529B8B47C188D14EB02D8CB76",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\12C5797F729FEAC529B8B47C188D14EB02D8CB76",
"type": "gzip compressed data, from Unix",
"sha256": "d973a6f7c106c16cc763d79a355e95743bcb2988e206218756949f91b6dc3b3a",
"urls": [
"https:\/\/report-uri.cloudflare.com\/cdn-cgi\/beacon\/expect-ct",
"https:\/\/www.mozilla.org\/media\/img\/logos\/social\/social-icon-sprite.bf2ae0cd0f01.svg"
],
"crc32": "6C1FEFD0",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/d973a6f7c106c16c_12C5797F729FEAC529B8B47C188D14EB02D8CB76",
"ssdeep": null,
"size": 11645,
"sha512": "db0cbc139f792521beadabda1845e95fea37fe9aaf716aba9c62bc993096b0039cf0d486ab66ced0cecbef414eb937c93acfc7a3b8ec533c4699e60706741e41",
"pids": [],
"md5": "cb55e2b1088ebca4b27e56107adf1f70"
},
{
"yara": [],
"sha1": "5e72894b51f1e9b4d61cb86300f4d9fe92f8c352",
"name": "720019de9382a0f4_BBFlpYy[1].png",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\BBFlpYy[1].png",
"type": "PNG image data, 100 x 75, 8-bit\/color RGBA, non-interlaced",
"sha256": "720019de9382a0f401a577297db4c7ca5f1bb12abef18b5582e9e8aa3e0fb060",
"urls": [],
"crc32": "DCCE0153",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/720019de9382a0f4_BBFlpYy[1].png",
"ssdeep": null,
"size": 21358,
"sha512": "f4e67a1a68f072870db638d3517946fed742706c3cd33ab89cfe44a85d55cbc4927d12816bb02090b917aaab85759f3b8372b6e71b99a0db666c5ace8ae21355",
"pids": [],
"md5": "30aa975d74b82f139d63f1fdae6e754d"
},
{
"yara": [],
"sha1": "a20a853b26557b03b77d12a36dbdb6072138a1a4",
"name": "70a3ffcf6e921dd6_cuck@msn[2].txt",
"filepath": "C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\cuck@msn[2].txt",
"type": "ASCII text",
"sha256": "70a3ffcf6e921dd6c601aa0e6200ac44be75e20e115d6b5479a56c65acdf5bc8",
"urls": [],
"crc32": "6ED75763",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/70a3ffcf6e921dd6_cuck@msn[2].txt",
"ssdeep": null,
"size": 204,
"sha512": "dcda888051691f988cc0a50d6f7331d895d660e240b49124b84c1c23cd5390b69f85b551420091f7e15c4f42d07362e24c0309a69b1212ff31bfe61e627b9fed",
"pids": [],
"md5": "a138998a80d67ef5baf12b790f0d5622"
},
{
"yara": [],
"sha1": "96ca7c943193d74faba1d411d6ca125a0201baf1",
"name": "f62fec89f890cf51_D1B90B03F8D7A2BA6BA1E9251F8101DECDB2CBEC",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D1B90B03F8D7A2BA6BA1E9251F8101DECDB2CBEC",
"type": "data",
"sha256": "f62fec89f890cf5169e60f3a86f458070b4ee06d2e37536e88bc172f51fdcff4",
"urls": [
"https:\/\/search.services.mozilla.com\/1\/firefox\/60.0.2\/release\/sv-SE\/SE\/default\/default"
],
"crc32": "BBF97A90",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/f62fec89f890cf51_D1B90B03F8D7A2BA6BA1E9251F8101DECDB2CBEC",
"ssdeep": null,
"size": 7316,
"sha512": "a0eac093d968f2ce28319b05a9fa12f2f56a249c4af70b0e0e76afebc759609a69b2bdf3a0d345108d64b27fd98feb7850a1062bfbc168620fa88fdd046fd53f",
"pids": [],
"md5": "5725700bc2f83cf46cca6a727a46bba3"
},
{
"yara": [],
"sha1": "02bc6d1e0eb468327ddca0236cf72f28e09c05d8",
"name": "23ad299ddb6713fc_BBHnZrx[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\BBHnZrx[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 100x75, frames 3",
"sha256": "23ad299ddb6713fcb5ff44327ebc6d3a32e3f403a3bf1d274d5f7301e966f28e",
"urls": [],
"crc32": "93164DA0",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/23ad299ddb6713fc_BBHnZrx[1].jpg",
"ssdeep": null,
"size": 2468,
"sha512": "3219e14dc07d17f1396ad6ec213c28575c6b2baf447c481bd45828d830a35d88ab5a2128beff75b770f7b45441b0785f033a6070123d255dbec5fb728d6ab4c8",
"pids": [],
"md5": "0d5841855e37f0697690809ddb8d62d2"
},
{
"yara": [],
"sha1": "f651f36dbb027d1722b7e3a7f470a7e95d18932f",
"name": "300e160b9ed0d85e_DC933A410E769DFD115C892EAF014A6E15ED59CE",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\DC933A410E769DFD115C892EAF014A6E15ED59CE",
"type": "data",
"sha256": "300e160b9ed0d85e1402feb6119be591c494ddd22b1939747e601b18fda58949",
"urls": [
"https:\/\/tiles.services.mozilla.com\/v3\/links\/ping-centre"
],
"crc32": "6486FE20",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/300e160b9ed0d85e_DC933A410E769DFD115C892EAF014A6E15ED59CE",
"ssdeep": null,
"size": 7567,
"sha512": "b68758c3456fc4814f360adbd5d76ed68a75a6a44d6876f402202f87a6a1930b633244922a4c9ef74f15d6e53b16ef0f2c3e5589763552768c5e2f15190e5684",
"pids": [],
"md5": "fffeeeb5603e6c8219766952e1abe626"
},
{
"yara": [],
"sha1": "5cf867b20833ac872c3368e3aed5250b3c4ef478",
"name": "96a7a7c8b1ed0008_AAxlHiU[1].png",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\AAxlHiU[1].png",
"type": "PNG image data, 16 x 16, 8-bit\/color RGBA, non-interlaced",
"sha256": "96a7a7c8b1ed0008d6ff429d32fed5177f5673bdfc88648364bdd1133ef989ec",
"urls": [],
"crc32": "8E60C1B3",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/96a7a7c8b1ed0008_AAxlHiU[1].png",
"ssdeep": null,
"size": 494,
"sha512": "708ee5b25ec4b813b5051190d1b0aa1f06aa84acd254665d157ac3c1c6de15a7d6486ae79eb419a34f88527a89d03058437548fac2412e1941a870dafc7869c3",
"pids": [],
"md5": "3fbf58875cddc3f5976f60b7ae443cda"
},
{
"yara": [],
"sha1": "7a7d73f192f813a8872520dd2c569ece3b4e66c5",
"name": "1217098c6261478c_search[1].htm",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\search[1].htm",
"type": "HTML document, UTF-8 Unicode text, with very long lines, with CRLF, LF line terminators",
"sha256": "1217098c6261478c72b7e2249ac213ca7fc0ac4215f9ce82ce60cbab777f5036",
"urls": [
"https:\/\/en.foxload.com",
"http:\/\/www.microsofttranslator.com\/bv.aspx?ref=SERP",
"https:\/\/en.foxload.com\/",
"https:\/\/support.mozilla.org\/en-US\/products\/firefox",
"http:\/\/cc.bingj.com\/cache.aspx?q=firefox",
"https:\/\/login.live.com\/login.srf?wa=wsignin1.0",
"https:\/\/support.mozilla.org\/en-US\/questions\/firefox",
"https:\/\/173031793.r.bat.bing.com\/?ld=d3xEj_VMkeVorno1488G3MxjVUCUxvIuNtalWhOiPOwnB2kvsBjka9HourO6t--OPMo77q1CReqm8bB7uI-2LkzzPU1skl6KF3No9o42ADDkSp4eAP5zvR05TGKDp4m2xDTW3NoOd-3yzerKXlUF80pULPfbo",
"https:\/\/www.mozilla.org\/sv-SE\/firefox\/",
"https:\/\/ccm.net\/download\/",
"https:\/\/ccm.net\/download\/internet-3",
"http:\/\/loadion.com\/en\/Browser_1868.html",
"http:\/\/schemas.live.com\/Web\/",
"https:\/\/storage.live.com\/users\/0x",
"https:\/\/privacy.microsoft.com\/SV-SE\/privacystatement\/",
"https:\/\/support.mozilla.org\/questions\/1054838",
"https:\/\/business.bing.com\/api\/v2\/search\/download?DocumentType=ContactPhoto",
"https:\/\/www.mozilla.org\/sv-SE\/",
"https:\/\/firefox-64-bit.en.softonic.com\/",
"http:\/\/loadion.com\/en\/Firefox_106534.html",
"https:\/\/blog.mozilla.org\/futurereleases\/2015\/12\/15\/",
"https:\/\/ccm.net\/download\/web-30",
"https:\/\/mozilla-firefox.en.softonic.com\/",
"https:\/\/www.mozilla.org\/en-US\/firefox\/new\/",
"https:\/\/ccm.net\/download\/browser-59",
"https:\/\/en.softonic.com\/windows\/web-browsers",
"http:\/\/loadion.com\/en\/Internet-Online-Web_1184.html",
"http:\/\/loadion.com\/en\/",
"https:\/\/support.mozilla.org\/en-US\/products\/",
"https:\/\/blog.mozilla.org\/futurereleases\/2015\/12\/15\/firefox-64-bit-for-windows-available\/",
"https:\/\/en.softonic.com\/windows\/browsers",
"http:\/\/help.bing.microsoft.com\/",
"https:\/\/www.mozilla.org\/sv-SE\/firefox\/new\/",
"https:\/\/support.mozilla.org\/en-US\/questions",
"https:\/\/www.mozilla.org\/sv-SE\/firefox\/download\/thanks\/?scene=2",
"https:\/\/ccm.net\/download\/download-32-mozilla-firefox",
"https:\/\/support.mozilla.org\/en-US\/",
"https:\/\/mozilla-firefox.en.softonic.com\/download"
],
"crc32": "A1D3EF9D",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/1217098c6261478c_search[1].htm",
"ssdeep": null,
"size": 109475,
"sha512": "37b3bd2fb887c4efa2a6770d5d30e08c885ffee8f501cc0888258261a4555fb8f1c58e8f5799994794d8bd340fb59ed0a0a00beccdb8fdbc88778944d7549dc5",
"pids": [],
"md5": "e54d8b498c68bbb10168c5cc1fcce18a"
},
{
"yara": [],
"sha1": "16c56f8086309b13feea953bd3f6fa7a675c88b6",
"name": "078414e2a1be8b08_BBGFWil[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\BBGFWil[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 100x75, frames 3",
"sha256": "078414e2a1be8b08dea1903acba5d6d4e1e71b4ee88eb507a253048bcef01521",
"urls": [],
"crc32": "781C724D",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/078414e2a1be8b08_BBGFWil[1].jpg",
"ssdeep": null,
"size": 2302,
"sha512": "a8e8c28ad1e44a88eef23fbe8735b05f6c867e8130955119c6efd6f844bf400a7e1e943294f17db184a9b779f799f04691e83eb77595f5b80948339b7ce90dd0",
"pids": [],
"md5": "3a76f583288c97781eb730a50a7309c7"
},
{
"yara": [],
"sha1": "c42979fdf648b64fd87ff8a3ae2e46999d890563",
"name": "f303cbaca81b0080_235A8ED310BFD65966E1EE36D0FD4BE498C8B73C",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\235A8ED310BFD65966E1EE36D0FD4BE498C8B73C",
"type": "PNG image data, 48 x 48, 8-bit\/color RGBA, non-interlaced",
"sha256": "f303cbaca81b008080da6efb28e2afbb257d4ae74280e7f2b34327d26cf2ff71",
"urls": [
"https:\/\/pbs.twimg.com\/profile_images\/439154912719413248\/pUBY5pVj_normal.png"
],
"crc32": "3E33F979",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/f303cbaca81b0080_235A8ED310BFD65966E1EE36D0FD4BE498C8B73C",
"ssdeep": null,
"size": 13023,
"sha512": "4d5bd7514a4f44bba57ec6bc8ddfafdd843fd9813ef4766b439f14d6a78cb93c3f395d939d0af947a3b4ef8f5bd517de7d154a0cca2a395fe4fb30d8bdaae1ae",
"pids": [],
"md5": "ef48915f9ba59c2d29cce07a2099a090"
},
{
"yara": [],
"sha1": "641b84dd8071d2b8ac000af7ce8024958ea98d0c",
"name": "a78b1397c2ba2fa4_AAyHLXo[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\AAyHLXo[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 310x166, frames 3",
"sha256": "a78b1397c2ba2fa4166d073d97a98c68b23cd86ab4d3de8b7dfdd31c7ec8bacf",
"urls": [],
"crc32": "E913ABED",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/a78b1397c2ba2fa4_AAyHLXo[1].jpg",
"ssdeep": null,
"size": 7386,
"sha512": "d6c001b039d5f2a9757d7cf610dd2fb996c3a3727d99bbdf8615e842b2b0f3c22d6d8e4d2eba82e6aa84acf64d8432582b8fa0f3e45c1d06adac22b00de30710",
"pids": [],
"md5": "017771326d8e05cd032606832f8645fc"
},
{
"yara": [],
"sha1": "83080c35b2e37a0fb75f4a9e1e8462632467c6cc",
"name": "fec8e38e4b23706f_AAyHp3I[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\AAyHp3I[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 310x166, frames 3",
"sha256": "fec8e38e4b23706f50f5c7322947ccbedea584aa002783f0d170f5c792110a8d",
"urls": [],
"crc32": "FAE5C653",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/fec8e38e4b23706f_AAyHp3I[1].jpg",
"ssdeep": null,
"size": 8963,
"sha512": "8eae6387ee20976a8321b5a46f57472546f6bd5d87b0a90a8deafe94564cf1ca0638c7c654a59f366ca58902c09ede7c9d268c91e26635a45c4ee2b7f5769740",
"pids": [],
"md5": "535859ca69929ed53e49d2be95727472"
},
{
"yara": [],
"sha1": "9a0a7e5788904d5bdd3931fb886b5903e0f7ebc7",
"name": "762d1bc01f89a8a0_89DBE1DF558BB8439E2062ECC3272086F2E3FF1F",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\89DBE1DF558BB8439E2062ECC3272086F2E3FF1F",
"type": "GIF image data, version 89a, 1 x 1",
"sha256": "762d1bc01f89a8a05322368b068ac75723966f09d48744a2e3503cfe5c847558",
"urls": [
"https:\/\/mozilla.org\/set_hsts.gif"
],
"crc32": "04249A55",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/762d1bc01f89a8a0_89DBE1DF558BB8439E2062ECC3272086F2E3FF1F",
"ssdeep": null,
"size": 9407,
"sha512": "c339c717861e65d1254b97592abc670e1dadff53c3bfcceb22fbdfe7175255cc49155e4cb632aeac54146bb6a257969df70dcafa1c9db38c5034adfbddb97d7e",
"pids": [],
"md5": "7c00544c32961ad7d0241d6680e62c62"
},
{
"yara": [],
"sha1": "4fbe0563917d6f6289e4e1b4a0a8758e4e43bda9",
"name": "91222f96f34735eb_jquery-1.11.1.min[1].js",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\jquery-1.11.1.min[1].js",
"type": "ASCII text, with very long lines, with CRLF line terminators",
"sha256": "91222f96f34735ebc88df208017e54d4329b9202e3e52367fb8b149698a1a5ef",
"urls": [],
"crc32": "4C59FA2C",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/91222f96f34735eb_jquery-1.11.1.min[1].js",
"ssdeep": null,
"size": 95790,
"sha512": "6fbec4785a21520fa623d1a151c6c8b64baa1321ac6918a127bcfc22e49ec2e3bcd161af9c237bd5c70bc4046eb12cf434563f86cbdc9876eb67fb2dea87034b",
"pids": [],
"md5": "4dc834d16a0d219d5c2b8a5b814569e4"
},
{
"yara": [],
"sha1": "e3de4079746b20cdbd9ac42560113d22cd1227a4",
"name": "00b52467aae2193e_mscc-0.4.0.min[2].css",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\mscc-0.4.0.min[2].css",
"type": "ASCII text, with very long lines, with no line terminators",
"sha256": "00b52467aae2193efa641e788a4f9a31f95ed2138deedaba02f07c43f9351539",
"urls": [],
"crc32": "C4BA10BA",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/00b52467aae2193e_mscc-0.4.0.min[2].css",
"ssdeep": null,
"size": 1335,
"sha512": "9bde49e8ad96e8cd2519ee80527dbc5168c790b16edb7f8899345d17e4294f043c6f55dafc3758f1b84a262ab538ebafd198b7046460ab69d45cec6571cb2708",
"pids": [],
"md5": "6f1221d31deee48ade02c373423feec9"
},
{
"yara": [],
"sha1": "00dddef899107b43a5e99fce4c1c32c298923885",
"name": "615448c3f8e4d20c_68B1EB9E09D4BD74CA7A9C1BB118BE821BD39E93",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\68B1EB9E09D4BD74CA7A9C1BB118BE821BD39E93",
"type": "gzip compressed data, from Unix",
"sha256": "615448c3f8e4d20c9094e8a78278472ce8523698026753a54da23f2713426488",
"urls": [
"https:\/\/www.mozilla.org\/media\/css\/BUNDLES\/firefox_firstrun_quantum.377f6df2a79c.css",
"https:\/\/report-uri.cloudflare.com\/cdn-cgi\/beacon\/expect-ct"
],
"crc32": "E8672765",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/615448c3f8e4d20c_68B1EB9E09D4BD74CA7A9C1BB118BE821BD39E93",
"ssdeep": null,
"size": 11407,
"sha512": "944896125ca90e8595d0fa813bb4d229e485cfc03fb48a2abc3e34b713764f62b14574ccfa1926358dd48b79a68f7413661ab70064324adea16817f3525c322d",
"pids": [],
"md5": "5b5477a6dbb0c4227c3dcb3ad5d8fcf3"
},
{
"yara": [],
"sha1": "95569699e5a85f7adf1e3e4bc36a4f36a8a44bba",
"name": "ae050cd9bf107414_mwf-west-european-default.min[1].css",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\mwf-west-european-default.min[1].css",
"type": "UTF-8 Unicode text, with very long lines, with CRLF line terminators",
"sha256": "ae050cd9bf1074140ba700742545103aab1562cd05ef92664e1adb95766bba40",
"urls": [
"https:\/\/www.microsoft.com\/mwf\/_h\/v1.17.3\/mwf.app\/fonts\/mwfmdl2-v1.17.3.ttf",
"https:\/\/www.microsoft.com\/mwf\/_h\/v1.17.3\/mwf.app\/fonts\/mwfmdl2-v1.17.3.woff",
"https:\/\/www.microsoft.com\/mwf\/_h\/v1.17.3\/mwf.app\/fonts\/mwfmdl2-v1.17.3.woff2",
"https:\/\/www.microsoft.com\/mwf\/_h\/v1.17.3\/mwf.app\/fonts\/mwfmdl2-v1.17.3.svg"
],
"crc32": "A4031FAF",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/ae050cd9bf107414_mwf-west-european-default.min[1].css",
"ssdeep": null,
"size": 680869,
"sha512": "b51d950340205d4647b39fd101eb6add86447940fac0e45b5468fc827ece77be110defa11a806b1aa53b2dbcf6af8977031991477977b441aea9b0e9db591dbb",
"pids": [],
"md5": "7e19d76ef0ceda9d83feafb37192db25"
},
{
"yara": [],
"sha1": "3e07fea2092d0b2a3f466ebfb1231192626746a1",
"name": "3bda38dcea947005_AAyHtqr[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\AAyHtqr[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames 3",
"sha256": "3bda38dcea94700505747ebb96fd3ba8065213f7afbd8ac35f8b56bd95e8b8e6",
"urls": [],
"crc32": "D4A19E04",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/3bda38dcea947005_AAyHtqr[1].jpg",
"ssdeep": null,
"size": 8826,
"sha512": "d8e26d04bdcb8d147ff4331eab32056040315d8c9f3213a132fdbfee37cc90d009d1bc136335351b3428db736abe2cf010ef89bacfdf25526765051783c11541",
"pids": [],
"md5": "c16384480803628b811a9407abc66ea2"
},
{
"yara": [],
"sha1": "fd9b3b3c6a540d53f97f731a8765305861c07438",
"name": "f5c678160411b27b_D3AEF13BE0B76F1272C2F5536D4AF952DE6D2579",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D3AEF13BE0B76F1272C2F5536D4AF952DE6D2579",
"type": "PNG image data, 290 x 82, 8-bit\/color RGBA, non-interlaced",
"sha256": "f5c678160411b27b8dabe488f0761be9b01d50ee04ed27316ebdf27cb8b2782a",
"urls": [
"https:\/\/www.python.org\/static\/img\/python-logo.png"
],
"crc32": "3D8204EF",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/f5c678160411b27b_D3AEF13BE0B76F1272C2F5536D4AF952DE6D2579",
"ssdeep": null,
"size": 20253,
"sha512": "3930d92b275ce8cf17249a771d13823d10b7649b5c277cccd0281aa7d032c0b696cc5bfbb5bf53c0e2a2fca6b8dd2acbaf5ae8902f66aaaabafd9438f812fe0d",
"pids": [],
"md5": "6cb233605ac6f40b3126adb736a1f228"
},
{
"yara": [],
"sha1": "57ce8cbfd857ad0b031cc9960512aad6616b95c1",
"name": "86492ebebfee0013_XQENWVVw.dll",
"filepath": "C:\\Windows\\gaABPi\\XQENWVVw.dll",
"type": "ASCII text, with no line terminators",
"sha256": "86492ebebfee00131d0201f702ebc1b18a1725cb5975388c7d0e9a5fb3159ea2",
"urls": [],
"crc32": "7E8A36FC",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/86492ebebfee0013_XQENWVVw.dll",
"ssdeep": null,
"size": 10,
"sha512": "5552aa8e01f727bb0d856c8a76e1bce590d3618fbe1e4e42fe9a188e2bb630dd198156dd833b7f8461d67d95c549ee112e1bd3d0de4c2d57358ffb4764f9c88d",
"pids": [
2628
],
"md5": "6266052192a59cc3b8f5dc92042b480b"
},
{
"yara": [],
"sha1": "ff7068bd9aec25101a8dd0ec8ed6063da229c7e3",
"name": "9797f80e0429c725_AAyG0Ti[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\AAyG0Ti[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 100x75, frames 3",
"sha256": "9797f80e0429c725d29567bf43b54a343ca17b3399e2729bc40c8cc63cc74321",
"urls": [],
"crc32": "5EE9261F",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/9797f80e0429c725_AAyG0Ti[1].jpg",
"ssdeep": null,
"size": 2228,
"sha512": "6f956d649efbd7cf45aa6924ec050a5549e8634cc74e83b198e9868b2e8fa564298d75ce11e04873ab7b124781d0dbfcd235ceeb7d2cee53fc4e67b6dd44e1ab",
"pids": [],
"md5": "fc7589e39259ee9ec3e9dfa102e6d417"
},
{
"yara": [],
"sha1": "f09a93aaa69d59cca450c364a2893e7750fd58f6",
"name": "6c52c89597d4023f_AAyHa0Z[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\AAyHa0Z[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 310x166, frames 3",
"sha256": "6c52c89597d4023ff78632cb278d2f3b1ffdfb7ddde92bd835a3f714cad1a59b",
"urls": [],
"crc32": "E267EA3C",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/6c52c89597d4023f_AAyHa0Z[1].jpg",
"ssdeep": null,
"size": 5661,
"sha512": "1fc406351243647cce35da638b728d3c3c6aceda11955d2dba47ae909b8aeedb8d0b21a1f2d69a3e344be0e3f53d2e83ca5e9b47e024ed4d67fac7c3a6e64154",
"pids": [],
"md5": "90f76e1a63c0090f7172e626caa7fdbc"
},
{
"yara": [],
"sha1": "71241d738385ab1afcd4c6101b2d9cfea8637e08",
"name": "50c6e24e809a2390_AAyx8m7[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\AAyx8m7[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 100x75, frames 3",
"sha256": "50c6e24e809a239088b1fff4caffdb2ba918d33d0d7ea43269409feda15cc4b3",
"urls": [],
"crc32": "FE6FD5F9",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/50c6e24e809a2390_AAyx8m7[1].jpg",
"ssdeep": null,
"size": 1829,
"sha512": "3bc57db2272fc2d1806e5054fcc46b7711a427c02bdb38e5fa0fddb5bffce171f074b75fb17a36bee6f9ddb917bc13b3391b69e2daaea82a7d99a94eea2f67f8",
"pids": [],
"md5": "f72cbebf87d05e9c7e2694c768fd6c5f"
},
{
"yara": [],
"sha1": "31f0c565dbc773fbd2414d746cb8597819c4f2ec",
"name": "349c969f18a91c3a_F10983A15DD515D828BE4E816299B9E87852132A",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F10983A15DD515D828BE4E816299B9E87852132A",
"type": "data",
"sha256": "349c969f18a91c3acaaef92ef9a49efbbaa2923152700bd162886641d8753828",
"urls": [
"http:\/\/ocsp.pki.goog\/GTSGIAG3"
],
"crc32": "4368C3D1",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/349c969f18a91c3a_F10983A15DD515D828BE4E816299B9E87852132A",
"ssdeep": null,
"size": 1150,
"sha512": "5ade5f6eb28933bb002b0ee95643eaea4d58c2a88ae408dbfcbd700d39ea322846279d4da848c99cde6e8157aa61916c885e8ae0603b29c7f547be120411f527",
"pids": [],
"md5": "8eee5d10a02580978a9f922c62d5e771"
},
{
"yara": [],
"sha1": "5e6a0bef7aefff9c26ff110969061ef817072c14",
"name": "b0d8e62e9e0641ca_css[1].txt",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\css[1].txt",
"type": "UTF-8 Unicode text, with very long lines, with no line terminators",
"sha256": "b0d8e62e9e0641ca55518b6915d4a399fc31f9f8a52d51386e47b872a1312290",
"urls": [],
"crc32": "F744C0CF",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/b0d8e62e9e0641ca_css[1].txt",
"ssdeep": null,
"size": 144776,
"sha512": "6b1b3342ace2aebffd9183fdbdb03efdf79d40ad1d4b9be17ed9ab5c7c022f6aae9137c73123f8a4768f38743e0044ef24378694c6ef35664e568c11b38b92a6",
"pids": [],
"md5": "4a36db1002ef835956a4dc533f90c515"
},
{
"yara": [],
"sha1": "67bffe253fb4572fa3a9690a599dcc0d3ed41ec2",
"name": "aff1adf29d29f910_AAyFhTm[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\AAyFhTm[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 300x194, frames 3",
"sha256": "aff1adf29d29f910cf580b0245ca4a5135a55a2674c8ca74510f748e049ca8ff",
"urls": [],
"crc32": "845762CC",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/aff1adf29d29f910_AAyFhTm[1].jpg",
"ssdeep": null,
"size": 5173,
"sha512": "f53181991c1043b8cf09bb6d663217d569c4a44b45f6781e5ae97af76664994e325e3873763bc0f702e772f2495ea94c5c770cb9712425d2c749f73a31647b4c",
"pids": [],
"md5": "a79ad31d916c0d78eb7784827d184e99"
},
{
"yara": [],
"sha1": "8aa169030622462524e19f360cf386b6d77d655f",
"name": "5e442e413c3e1f1b_moz-wordmark-light-reverse.cb1bdf6d1de6[1].svg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\moz-wordmark-light-reverse.cb1bdf6d1de6[1].svg",
"type": "HTML document, ASCII text, with very long lines",
"sha256": "5e442e413c3e1f1be64ae04f8db1110fae8ef5b22c95a32c863880949cde899e",
"urls": [],
"crc32": "D44AA702",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/5e442e413c3e1f1b_moz-wordmark-light-reverse.cb1bdf6d1de6[1].svg",
"ssdeep": null,
"size": 1464,
"sha512": "9b434020006e6d2f706f197bb41fdeafbf6fd19b2d520c9ff88cfc14d43ed6d8dbc8bbf5eadbad5751b41985c7fccc3643b1fde7b25a4a9a55936b737b2fcf86",
"pids": [],
"md5": "cb1bdf6d1de6e0f180a4f36d1fd4c833"
},
{
"yara": [],
"sha1": "18d17a25a5ff288f8de4b5901c960c8c30446524",
"name": "2cf42774f62275ff_08F6935A08DB711CA491DE732807CFAEAB3E4D3B",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\08F6935A08DB711CA491DE732807CFAEAB3E4D3B",
"type": "data",
"sha256": "2cf42774f62275ff80b7b0f8e31f9f83dbe01934daf2688151e98ad26ef3a507",
"urls": [
"https:\/\/www.google.com\/gen_204?s=webaft"
],
"crc32": "B806DBB1",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/2cf42774f62275ff_08F6935A08DB711CA491DE732807CFAEAB3E4D3B",
"ssdeep": null,
"size": 6873,
"sha512": "9077e82967a6503f61f52f539a96f5c3828bb8e2b2ec047cf2b489eedb7553ac479f43a05962b6ef352da8e3254c7c8340a0fa50396985dfce7711b2fba13af5",
"pids": [],
"md5": "0cf79cb52e68c558f26f4e55443d4039"
},
{
"yara": [],
"sha1": "494cb4c993849e9b66a415627ddc0f628e6ae32c",
"name": "d664fa226151b6da_F6C3C960F259CC3B54FF1DAD70E2F2E9E5020CA6",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F6C3C960F259CC3B54FF1DAD70E2F2E9E5020CA6",
"type": "data",
"sha256": "d664fa226151b6dafff2516a825d1f34a5c11e5ad38138e870be3a017fcd1099",
"urls": [
"http:\/\/ocsp.digicert.com\/"
],
"crc32": "B20708D9",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/d664fa226151b6da_F6C3C960F259CC3B54FF1DAD70E2F2E9E5020CA6",
"ssdeep": null,
"size": 1304,
"sha512": "3605177436cf567f2f3cce8f5aad3287aa5d9578b11a1abbd61c1900d3d95536973336379a0c7baa5da4cdea1551faa4ebf6a18302eb94b6d9e64a80521e6120",
"pids": [],
"md5": "5f1ad1f09ca39ad98f67e7e8c0b0891f"
},
{
"yara": [],
"sha1": "dd02595142c92fdf345f43bd0dbb0c689366b8fa",
"name": "e1542226293d6ed6_AAyDBq2[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\AAyDBq2[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 300x194, frames 3",
"sha256": "e1542226293d6ed6b3e4989ec937f6a9a9bbde6d8d5f2c4db9fdfe7e32ed8d13",
"urls": [],
"crc32": "B50D9EF5",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/e1542226293d6ed6_AAyDBq2[1].jpg",
"ssdeep": null,
"size": 8887,
"sha512": "f08b5052744b46b533f1736c613688939fecf6e10f31818121ebde93f6295766d3cd63efa602f43c11940bc515b646d0bcb032d8473973dd9dd4110e50a67aa0",
"pids": [],
"md5": "e927a13303d3c6158007e10e7f2789a3"
},
{
"yara": [],
"sha1": "f8d7c0592522552d4001f7b5ef5efe4b151ffadd",
"name": "8fda52daeafdfc4c_AAyGbHz[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\AAyGbHz[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 100x75, frames 3",
"sha256": "8fda52daeafdfc4c87c9ac7ff9a4de9dc3aef61c3ad514af6a4cf20c3bd1a823",
"urls": [],
"crc32": "0D8E5C86",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/8fda52daeafdfc4c_AAyGbHz[1].jpg",
"ssdeep": null,
"size": 2591,
"sha512": "1b0adc23e816e9d5f6b1b09b382a6f474018c5e2ab09841025829612c5feb7cd87a1d2c0a0aea0255ce932b3c2102cf784f0c50cf20dee5ed373192239a4446d",
"pids": [],
"md5": "e0f8e27f8db6ff047b70b22d959ae3b0"
},
{
"yara": [],
"sha1": "fcda0cbde8c48ef874927665f219a5f820a1a9a2",
"name": "c8f73ad1d2d3bb39_9B10ECC55593004CB6F9763CF9201C09433055FD",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\9B10ECC55593004CB6F9763CF9201C09433055FD",
"type": "gzip compressed data, max compression",
"sha256": "c8f73ad1d2d3bb39a05672a19e9ed23bbb4c90749aee456ee1b93ece5d704851",
"urls": [
"https:\/\/ajax.googleapis.com\/ajax\/libs\/jquery\/1.8.2\/jquery.min.js"
],
"crc32": "429A4CBE",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/c8f73ad1d2d3bb39_9B10ECC55593004CB6F9763CF9201C09433055FD",
"ssdeep": null,
"size": 377287,
"sha512": "fb25dd645fc972442a64654e6cdba9023e3a6636d2f18ce2b721a941474a1f641e113bc58521b3f8dac5db3382f102e7a76d69c5f4e6b199114c7a011a22d9e6",
"pids": [],
"md5": "d33597e7d23149a6c1117ba1e5b0f4fb"
},
{
"yara": [],
"sha1": "8931b305a4a3e9254adb20e055c3a574231f6e63",
"name": "f2650b42e7b7193f_7ADD52E257AB16553D632B8F4B6830030878A19E",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\7ADD52E257AB16553D632B8F4B6830030878A19E",
"type": "gzip compressed data, from Unix",
"sha256": "f2650b42e7b7193f3838ea5e8f08d547f0f25dd4c472577a4cd52f9bd227304b",
"urls": [
"https:\/\/www.python.org\/static\/stylesheets\/mq.css"
],
"crc32": "29635129",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/f2650b42e7b7193f_7ADD52E257AB16553D632B8F4B6830030878A19E",
"ssdeep": null,
"size": 19220,
"sha512": "f17e0702efdcf89b7dbcf6f935901eb68a8b2282876750b0f1052a145fac4aa0b8ace39ccb0756143862e0e5b30d0f5070adb616646df6d42cc5954007e51b5b",
"pids": [],
"md5": "0d82f4091fca21ef57213f81ab70f69e"
},
{
"yara": [],
"sha1": "ae0f4c7a839a7cf4366ca6c7c83b231671ce9cfa",
"name": "ebe1d7325ffb10d8_AAyHnHS[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\AAyHnHS[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 100x75, frames 3",
"sha256": "ebe1d7325ffb10d87e7b7c51b043fda6ab187a3a3a8a095b62a45dad69986deb",
"urls": [],
"crc32": "B64CE05C",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/ebe1d7325ffb10d8_AAyHnHS[1].jpg",
"ssdeep": null,
"size": 1510,
"sha512": "d488f8062a7d18993bc4eeec3176eceb31e4438d991b5d3cab960ee9405bd676366179ef4871129283839c8d7526aac0f64b1fbe21d68992c64b32c5c31be31b",
"pids": [],
"md5": "1285256323b4e91308e9531136e7688b"
},
{
"yara": [],
"sha1": "4777761354f3b612baaf95829314fddd3164a238",
"name": "7b22eedb9aeb927c_AA43a4z[1].png",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\AA43a4z[1].png",
"type": "PNG image data, 16 x 16, 8-bit\/color RGBA, non-interlaced",
"sha256": "7b22eedb9aeb927c2ec0c230592848f6ab44068f76866e96db4d5ece3bd7d7a1",
"urls": [],
"crc32": "6534C959",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/7b22eedb9aeb927c_AA43a4z[1].png",
"ssdeep": null,
"size": 712,
"sha512": "3c138c7c1a8e12d56f18d7fd793739db22255f715b316624ef1125be34a25ac9c1ba785f522c43f04c2a11c8a1e852359729b6f48dbe4974f51f9a61551545fc",
"pids": [],
"md5": "482028da0a37d85fe6cb8724cd0c79cb"
},
{
"yara": [],
"sha1": "bbdcb1fcf199d0feea71e48819fc93e8facb45e0",
"name": "122ff423f02532fd_AAyGd9q[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\AAyGd9q[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x194, frames 3",
"sha256": "122ff423f02532fd7db90de85358095986fd0d98097d6046c4f22793dc417ebd",
"urls": [],
"crc32": "AA4C823E",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/122ff423f02532fd_AAyGd9q[1].jpg",
"ssdeep": null,
"size": 10298,
"sha512": "55633cd5c0d6e2660eac9d8247402f8b7c63a0f3b19a2c702c672169a8c9f533610c2837e651c512a0c34510464c5b1e63d1cbc807292f7ec265b6c8d52326b7",
"pids": [],
"md5": "427f3a47d222ed11194e8f515e70839e"
},
{
"yara": [],
"sha1": "4ad4435b0d11204c235931924adf43c908b72e58",
"name": "83d76668d0e305c8_AAiEMTy[1].png",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\AAiEMTy[1].png",
"type": "PNG image data, 16 x 16, 8-bit\/color RGBA, non-interlaced",
"sha256": "83d76668d0e305c8a9b05acfa7912f823dd64a06bf0d1b166b5fe28e78dbfb5a",
"urls": [],
"crc32": "978F0B63",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/83d76668d0e305c8_AAiEMTy[1].png",
"ssdeep": null,
"size": 245,
"sha512": "96bbf39f3c8dccda5ae7fa6416d85aaa47c9d190cc4bb45bf3345bff6bcc211d26690f1976cab63679de3f535b1bd2f7af1bbd1096d390142a34517859bdc14b",
"pids": [],
"md5": "f58590a3a8cda08576ac217c895fa726"
},
{
"yara": [],
"sha1": "42eef3db13857512a6d32d62972df3899976912f",
"name": "a46e6061ff3e67e0_E600EF8778C4BFEC40D87FF56E5C46E3377094F0",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\E600EF8778C4BFEC40D87FF56E5C46E3377094F0",
"type": "data",
"sha256": "a46e6061ff3e67e03b3a84f19351d5672a8acc282c493c2dc3040812e005841f",
"urls": [
"http:\/\/ocsp.digicert.com\/"
],
"crc32": "60480EB0",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/a46e6061ff3e67e0_E600EF8778C4BFEC40D87FF56E5C46E3377094F0",
"ssdeep": null,
"size": 1304,
"sha512": "5fd3ed813bbce1b23971eeb6d01d85bead501802cdae073b0aaf9a5d1cf929943b45d28d479073bd037982c23c63abc743f719a53d52797199f806cd5250c2d8",
"pids": [],
"md5": "408fee5abdf91f5999a67ebe4850ed3c"
},
{
"yara": [],
"sha1": "39654fa171cdee3dc892ad12afd459593e987ed6",
"name": "e8c553fd53f8d8ec_AAyGmAd[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\AAyGmAd[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 100x75, frames 3",
"sha256": "e8c553fd53f8d8eca8f5acaf91f15f20a8e2acda7259faa8c3f0c6c3adf28f07",
"urls": [],
"crc32": "770487A5",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/e8c553fd53f8d8ec_AAyGmAd[1].jpg",
"ssdeep": null,
"size": 1686,
"sha512": "d5924c0c284d4fc6f4d535f3063540879b4cd0a85d58fff71818b297aca3714a938aac7df93ce1cf74c15fbd744a234ff34489e50a52a9dd1b979d3980479c2a",
"pids": [],
"md5": "d7f5845c53f52eacdd313492567feb8d"
},
{
"yara": [],
"sha1": "f81f7ede77baeb51d397df96e337677e4957db7b",
"name": "576a0d2c3ad8d66b_base-track-digest256.sbstore",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\base-track-digest256.sbstore",
"type": "data",
"sha256": "576a0d2c3ad8d66bb202439b18f9fd563f92d9ddd9582a3c4cce0ecafd4f0908",
"urls": [],
"crc32": "B6F39532",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/576a0d2c3ad8d66b_base-track-digest256.sbstore",
"ssdeep": null,
"size": 64888,
"sha512": "2ae3b849c601b9614fa26c77fd63b9c022a5871e0a4322929dd3589f14f5aa4e4a368c41fc2bf732cd861b1db9542d889172812c2cd2242006562fc24e78f7e7",
"pids": [],
"md5": "cd82f4495eafe523b9b6b938c828611b"
},
{
"yara": [],
"sha1": "2446fc460c624c4f3c95e02a69a79e3a8de5e510",
"name": "ff15f701a0682d8c_crazy.exe",
"filepath": "C:\\xfpl\\crazy.exe",
"type": "PE32 executable (GUI) Intel 80386, for MS Windows",
"sha256": "ff15f701a0682d8c9389a0233a4586847650e1e5348f35c36e49e0fe6109e1b5",
"urls": [],
"crc32": "250D0C43",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/ff15f701a0682d8c_crazy.exe",
"ssdeep": null,
"size": 1922560,
"sha512": "2770a09ba554d7a9d6ec03ec41e598453c2e85b156986b89ff646006332b7a183998f1fb3525351eec634c6dcc4a15cf911fab35d141d6374392d0e02992047e",
"pids": [
2460
],
"md5": "76db6ee77e9b08290c21c10c90028ada"
},
{
"yara": [],
"sha1": "0722492515aaa94d2c42af7af3b02506f89cf151",
"name": "0b9388c949357d02_BBIMpSV[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\BBIMpSV[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 100x75, frames 3",
"sha256": "0b9388c949357d023e5164f38a0f00e22f57c50c255114836a9777a061fbe94c",
"urls": [],
"crc32": "917DE461",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/0b9388c949357d02_BBIMpSV[1].jpg",
"ssdeep": null,
"size": 2359,
"sha512": "832405807b561ec52f5664b96a65e109f00f38b908e415958814c0aec93c059c9517c37de8747ebd74d1a42ce9b34e96b6d66ede36c572352ef17ed965402db8",
"pids": [],
"md5": "be52adca684fb9e88de82c863a2e3743"
},
{
"yara": [],
"sha1": "7bb85907cdc4db29fc77cdee3b8e5dfde8e24567",
"name": "bf4aa56840cd21f7_53A3BB8B513161BF46CD7ED76BE06E8E633BE492",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\53A3BB8B513161BF46CD7ED76BE06E8E633BE492",
"type": "data",
"sha256": "bf4aa56840cd21f70e35196181a941e617801b991f89ae6b63452ea55551b6b6",
"urls": [
"https:\/\/ton.twimg.com\/",
"https:\/\/syndication.twitter.com\/",
"https:\/\/ajax.googleapis.com\/",
"https:\/\/platform.twitter.com\/",
"https:\/\/www.python.org\/",
"https:\/\/ssl.google-analytics.com\/",
"https:\/\/cdn.syndication.twimg.com\/"
],
"crc32": "289C3C95",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/bf4aa56840cd21f7_53A3BB8B513161BF46CD7ED76BE06E8E633BE492",
"ssdeep": null,
"size": 554,
"sha512": "d5edcc7684bbb049548255cae1c07b6ac7ee3fbbb8d51efdae5ea5e8e114f4ceb1ab2a90ced7695ffd5c4d8649dea26a4027f9f1a41cf91a9f53b16862582569",
"pids": [],
"md5": "6af8d0643ca3cb4839199bab0bd7a691"
},
{
"yara": [],
"sha1": "cee3c783f979d267f4ae2248726ac9116540a50b",
"name": "309ea1bf22d412fb_AAxeXbc[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\AAxeXbc[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 300x194, frames 3",
"sha256": "309ea1bf22d412fb45bc82ff63d46ab86786266df3e9336e2d061c4628a18195",
"urls": [],
"crc32": "168CF593",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/309ea1bf22d412fb_AAxeXbc[1].jpg",
"ssdeep": null,
"size": 12711,
"sha512": "e88b888b709b79dd1cad80455ae7ac2e684e5035a225e9d215d4007675e2a3fbdb4208b3cc1890b3f0db08823feb180bc0a6035b12037c757b19c450c07ba2bf",
"pids": [],
"md5": "bd8f657aa96b96433c7a6e471ce59828"
},
{
"yara": [],
"sha1": "6e10793c4a97e000f4816621752bc1446ea60948",
"name": "9a739390162b9945_AAyGwT5[1].png",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\AAyGwT5[1].png",
"type": "PNG image data, 100 x 75, 8-bit\/color RGBA, non-interlaced",
"sha256": "9a739390162b9945df603c4ccdf81d00e36c574f99dc35baa5ce538cccaac414",
"urls": [],
"crc32": "F4AA5A65",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/9a739390162b9945_AAyGwT5[1].png",
"ssdeep": null,
"size": 18244,
"sha512": "75ec7b8bca360a4598f64da0b090f2fd70839800c3f5b472d0d10e2eed7d0505a3bccb1acc19ceaf95b232a2471c3999d081e8f93635832ebfa2ad860d45c47f",
"pids": [],
"md5": "9fb377e7ab32fd28e884604a0081c424"
},
{
"yara": [],
"sha1": "93934646cea07055b07128c66036ca97e88fb945",
"name": "3196d52d1eda85aa_AAyDx8u[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\AAyDx8u[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 100x75, frames 3",
"sha256": "3196d52d1eda85aaced587e25f84bb89b5b68206a1958a8c584aa6107a92d4b6",
"urls": [],
"crc32": "5551DAA9",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/3196d52d1eda85aa_AAyDx8u[1].jpg",
"ssdeep": null,
"size": 1706,
"sha512": "35bc6ba512ef8f89c7536d831a86994ca0f03df55b7fcb475b83300092bbee355ef8ceed491de56e1998dbd3903c349c6fe5dd49ac480302e52d178f4f68b945",
"pids": [],
"md5": "007f3860d673ec1bc9b69a868501ee1e"
},
{
"yara": [],
"sha1": "67315f4d8e3543f6efb601cfe53aade66e8b48b9",
"name": "b14565386efc4aa3_AAmTtWR[1].png",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\AAmTtWR[1].png",
"type": "PNG image data, 16 x 16, 8-bit\/color RGBA, non-interlaced",
"sha256": "b14565386efc4aa35f83b5f5bd5dcfe3131f64d9a5d5094769fb1bdcd6b4901c",
"urls": [],
"crc32": "E267A041",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/b14565386efc4aa3_AAmTtWR[1].png",
"ssdeep": null,
"size": 702,
"sha512": "77b6884c968a0614fc7a050235768a8cdd388796fe15f87da871462935b0e24ff5ba9da5044f4614a098bfdafec1fa1c445573613593df861fa21afb866539b8",
"pids": [],
"md5": "538f1b5517c02367cb1d50d1da9b021c"
},
{
"yara": [],
"sha1": "31682afce628850b8cb31faa8e9c4c5ec9ebb957",
"name": "8b4d85985e62c264_f1d86b5a[1].js",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\f1d86b5a[1].js",
"type": "ASCII text, with no line terminators",
"sha256": "8b4d85985e62c264c03c88b31e68dbabdcc9bd42f40032a43800902261ff373f",
"urls": [],
"crc32": "7D985EDF",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/8b4d85985e62c264_f1d86b5a[1].js",
"ssdeep": null,
"size": 226,
"sha512": "e70f996b09e9fa94ba32f83b7aa348dc3a912146f21f9f7a7b5deea0f68cf81723ab4fedf1ba12b46aa4591758339f752a4eba11539beb16e0e34ad7ec946763",
"pids": [],
"md5": "a5363c37b617d36dfd6d25bfb89ca56b"
},
{
"yara": [],
"sha1": "fa2e95ee8a307be7b318352ba5af9a8cccd4a367",
"name": "499e9a5dd1738b60_2F0CC71C57B06F9DEA5A4A190CC4CF489D97C1F4",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2F0CC71C57B06F9DEA5A4A190CC4CF489D97C1F4",
"type": "data",
"sha256": "499e9a5dd1738b6080749107b2a23c36c5cf3b347d9294a7a1a59f3c4d52d1bf",
"urls": [
"http:\/\/ocsp.pki.goog\/GTSGIAG3"
],
"crc32": "C1B57EBB",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/499e9a5dd1738b60_2F0CC71C57B06F9DEA5A4A190CC4CF489D97C1F4",
"ssdeep": null,
"size": 1150,
"sha512": "69546ba3d968a9e45541e2c248b8447b87ca0585f52e155502bf130a598c53838d8c2d7a37f5c932fe96aae39ac7bff88f265e8e3f4456f240b6674335e6a0f5",
"pids": [],
"md5": "bd3adc75906e0c8782de9a16b6512289"
},
{
"yara": [],
"sha1": "c7a941d517d1a15b008ecc33b71abc46515e4f95",
"name": "7eff52e88143f92f_AAyzFYA[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\AAyzFYA[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 100x75, frames 3",
"sha256": "7eff52e88143f92fc52c2ecfc71bb44283748a94af6793f4c6363570d7a5621b",
"urls": [],
"crc32": "2EDB0914",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/7eff52e88143f92f_AAyzFYA[1].jpg",
"ssdeep": null,
"size": 1767,
"sha512": "a3ff679c7567ec808f78d453327e7e326acab766469563eac20f01c14e5a115c4a778c750d617700f18a643b90e10a49b819b2d10e1b853df90f69cea55f2e75",
"pids": [],
"md5": "8dad989410079cf02332fee3f7083e73"
},
{
"yara": [],
"sha1": "6bc966fcd804b7bfa66e5981a7b5cae051619489",
"name": "e082e9f4c1033a3a_goog-malware-proto.pset",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-malware-proto.pset",
"type": "data",
"sha256": "e082e9f4c1033a3af4564416904e244d4892f53d05ade940f091ed50a3dcb236",
"urls": [],
"crc32": "B62CA6D9",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/e082e9f4c1033a3a_goog-malware-proto.pset",
"ssdeep": null,
"size": 647406,
"sha512": "5cfaa13c4c3295c99f5d940b87432182559bc0dcf8cfd9fee960904e9beec75338215929c17ccac0f7efb90a8de265046018f7a51b90cec680989e9e08a0d2d6",
"pids": [],
"md5": "90e45e83128819fa0f3306e6d691702b"
},
{
"yara": [],
"sha1": "8df9eb8884c64a1d7db4f2ae28f0196ecd55b04a",
"name": "6a0ab3620b781861_70F12FE0F788181112B9AEE541D1E9E7E0FAEDE3",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\70F12FE0F788181112B9AEE541D1E9E7E0FAEDE3",
"type": "data",
"sha256": "6a0ab3620b7818612f55e51cfc308e37f2d50b245c1e0ffe4666846fff2161de",
"urls": [
"http:\/\/ocsp.digicert.com\/"
],
"crc32": "734C53EE",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/6a0ab3620b781861_70F12FE0F788181112B9AEE541D1E9E7E0FAEDE3",
"ssdeep": null,
"size": 1304,
"sha512": "8ea68d23fbefd1db1ec635d07d00a03d071ce9e8e6830af558017ebf5fb08ed32ed49ff9a11101606f709328b71e6a3a86f523a73e911c12a90df89515ab019c",
"pids": [],
"md5": "398edbceffd449a6d3179836ec6903c0"
},
{
"yara": [],
"sha1": "86543789e338f57df2eda2318b430752ed5150b7",
"name": "bd9d66d625cc1c19_AAyDG2i[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\AAyDG2i[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 100x75, frames 3",
"sha256": "bd9d66d625cc1c19fa53b29f9448bfb37ce458116a40eaf4af99c4bf35b4511c",
"urls": [],
"crc32": "F3F48858",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/bd9d66d625cc1c19_AAyDG2i[1].jpg",
"ssdeep": null,
"size": 1776,
"sha512": "073681d722c076ee8afa91e0af83fc2d47d22a42d8ad97642dc0d8f806e01bd26f7eb7199aafc9372f1f6f87712f41ef4bffb948c49d88a2de02f54801c3e56d",
"pids": [],
"md5": "fe5db106b3da8b697193de14f7ce5b03"
},
{
"yara": [],
"sha1": "756b05c9230a652badec15a1e2ba6f0a9c6d10a4",
"name": "b1bcfff2a37c5931_4AFCE23AA61A96885DF21D2DE2FFB502C41EBD3C",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4AFCE23AA61A96885DF21D2DE2FFB502C41EBD3C",
"type": "gzip compressed data, last modified: Thu Jun 14 20:33:29 2018, from Unix",
"sha256": "b1bcfff2a37c5931b3b900d075b6d12937c1e92cad80ed920fba80c4b43e2d8a",
"urls": [
"https:\/\/platform.twitter.com\/css\/timeline.36dc7e02c4fc04be0f4abdb82ed477c1.light.ltr.css"
],
"crc32": "F5DA1F55",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/b1bcfff2a37c5931_4AFCE23AA61A96885DF21D2DE2FFB502C41EBD3C",
"ssdeep": null,
"size": 22402,
"sha512": "857c8d91c670a63ddc6eadf988458efdf3b753304e654df84055c1e6168a854e3f7005d1f55cd46fafb3698d5ed2a94e5eb664ef019517d82a2276fd568d5e56",
"pids": [],
"md5": "ab82fbdcd5fcfde47e65043462548dfb"
},
{
"yara": [],
"sha1": "428145cde56317d6df50fc5c27bc4f1805785f56",
"name": "0e408bb3d1eed50c_AAxiu7M[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\AAxiu7M[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 300x194, frames 3",
"sha256": "0e408bb3d1eed50c6336b8eda2540f0db347d0b6ca60b65bc0d90aea4c2c2120",
"urls": [],
"crc32": "34C8D910",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/0e408bb3d1eed50c_AAxiu7M[1].jpg",
"ssdeep": null,
"size": 5533,
"sha512": "dcf3dd274064402bcf199651b40f1cc12e6629be103b3e067a7e02b372c2d462d45602019701dd74ff0ac315e544d9445e1a477f8290f462e1eb4e7ec38e02b1",
"pids": [],
"md5": "87485f535c16ce28227a43ed399b667e"
},
{
"yara": [],
"sha1": "f4667417dfa40d77bce402bbfb7035a34cb445fe",
"name": "f661f30996b427f8_AAy5vpm[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\AAy5vpm[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 100x75, frames 3",
"sha256": "f661f30996b427f8f0adf76e6747c550b7e38891b590ff852a4b973be8ae8623",
"urls": [],
"crc32": "3FB79A44",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/f661f30996b427f8_AAy5vpm[1].jpg",
"ssdeep": null,
"size": 1977,
"sha512": "13031e18fda2d9e66c361e30353d81d30e1b7403225112845f61b42659131f735265312319c3806c5cd59ceeb7b3e5058732b72b4cdfb53e0df31e6120fc700c",
"pids": [],
"md5": "85a935a192d24260b9016970f7c91411"
},
{
"yara": [],
"sha1": "8296082da9d32b25336dbd7e3f8f0f906d81e78e",
"name": "2ed76b7bbab3f5e9_D381FB47D731C2651FB103E2F7BC18AF380F7B1F",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D381FB47D731C2651FB103E2F7BC18AF380F7B1F",
"type": "gzip compressed data, from Unix",
"sha256": "2ed76b7bbab3f5e9cd8b8d1107b99b07731e2cfc60b8817f096ec9e11c194314",
"urls": [
"https:\/\/report-uri.cloudflare.com\/cdn-cgi\/beacon\/expect-ct",
"https:\/\/www.mozilla.org\/media\/img\/nav\/subnav-expand.023729cb5b3a.svg"
],
"crc32": "D1F53F16",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/2ed76b7bbab3f5e9_D381FB47D731C2651FB103E2F7BC18AF380F7B1F",
"ssdeep": null,
"size": 10252,
"sha512": "867593a1af49595444a221b4af3ceb415ed6c6bfdae55d691cda9349b0e2fa45dba23d055dbf0aa9aa0c3355ca94a57db368a2ad7282eaf853c707a0056689fa",
"pids": [],
"md5": "2bfaa1d42ba2ab28145fc201b4514b1b"
},
{
"yara": [],
"sha1": "e83d07251a434cea3aa5d2fbbf71b2b70bb0c933",
"name": "67cf71ad5eef6a92_E771454BB360CA5F7AA169E5416B493549BC2F59",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\E771454BB360CA5F7AA169E5416B493549BC2F59",
"type": "gzip compressed data, from Unix",
"sha256": "67cf71ad5eef6a92c94675260e63a02e9648b0e9adedc98a9dcc1f8f83b0f48f",
"urls": [
"https:\/\/normandy.cdn.mozilla.net\/api\/v1\/recipe\/signed\/?enabled=true",
"https:\/\/normandy-cloudfront.cdn.mozilla.net\/"
],
"crc32": "6A69A4CA",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/67cf71ad5eef6a92_E771454BB360CA5F7AA169E5416B493549BC2F59",
"ssdeep": null,
"size": 21047,
"sha512": "13e14cad55695121f1adc242416143e0fc9b2f972c422b4ffc5163ad35e210067b7f5deac195334893487c6832ef724f8ab2ce99fa6f72275366e2276b731934",
"pids": [],
"md5": "9c44c87d83065e73c42b5381e3676b2a"
},
{
"yara": [],
"sha1": "078cde9de2e684c9d8a0c9041b91068c9778ca7a",
"name": "0357210da45a6173_63F48F4F7F1BC3195F5AB831F9794F3DBA2D30E1",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\63F48F4F7F1BC3195F5AB831F9794F3DBA2D30E1",
"type": "gzip compressed data, from Unix",
"sha256": "0357210da45a6173434994041014bd1d9a67450fc38692a50a8fecdd5cf5b8eb",
"urls": [
"https:\/\/normandy-cloudfront.cdn.mozilla.net\/",
"https:\/\/normandy.cdn.mozilla.net\/api\/v1\/"
],
"crc32": "E36831A0",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/0357210da45a6173_63F48F4F7F1BC3195F5AB831F9794F3DBA2D30E1",
"ssdeep": null,
"size": 9148,
"sha512": "451e25cb87d453d985bdd47e0a741f7fee54966e82728ec43ec88bf4be248bcf9cae87512281d5c5f9a667519fea4401e3f3a0349081a8a00ec4b14365802a42",
"pids": [],
"md5": "f60f92e93c56e6f093da17c620928548"
},
{
"yara": [],
"sha1": "d4c660437f375bbca8958d910bcb7fdd5a0ca05e",
"name": "958d225cd06b0007_AAyGojW[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\AAyGojW[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 800x800, segment length 16, baseline, precision 8, 310x166, frames 3",
"sha256": "958d225cd06b0007d0667ff082d181a24b6da4dd92027217aa71d76f8a2dbe7d",
"urls": [],
"crc32": "2BF33DE2",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/958d225cd06b0007_AAyGojW[1].jpg",
"ssdeep": null,
"size": 6962,
"sha512": "b87679d8bc782baeb988da7b680612e441e0502a2212cb36aa1b75ab09bcbc5cf28ead4a3426e8e0901a60782cd58d4cc78d148d6b4c336ae0e972d2702395fc",
"pids": [],
"md5": "e086c4b95febfbfa699847e7435a0ecd"
},
{
"yara": [],
"sha1": "be1093d0f4da04c3411c90a3844d6db59b1c8921",
"name": "69e6f25b92e24800_53DAE4B1D7BFF6744CCAF7207DE631267F9883DC",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\53DAE4B1D7BFF6744CCAF7207DE631267F9883DC",
"type": "PNG image data, 528 x 68, 8-bit\/color RGBA, non-interlaced",
"sha256": "69e6f25b92e248003dbb23573fe0de3d1ea1959711362ff4d29dc07ce100a635",
"urls": [
"https:\/\/ssl.gstatic.com\/gb\/images\/i1_1967ca6a.png"
],
"crc32": "8F0A3653",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/69e6f25b92e24800_53DAE4B1D7BFF6744CCAF7207DE631267F9883DC",
"ssdeep": null,
"size": 16816,
"sha512": "0b89d3c48b14f0ddfbb7ba944b285c2001144f663c2d097dab48a8ccc9c1827124f11b85394c38fa8fe913be6f8f0cf824d66b97f51fe815034c1adab9d2ecc8",
"pids": [],
"md5": "427146a275aba7300effcb71e60091d9"
},
{
"yara": [],
"sha1": "aa30411542afdad1937bef790d057a24ad63e526",
"name": "7cfe88a8e79a0b00_AAyHI2X[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\AAyHI2X[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 310x166, frames 3",
"sha256": "7cfe88a8e79a0b009f9ac583ed9aa1a3dc23b91f86a32f71f5f171b9cc52343d",
"urls": [],
"crc32": "7BF5CDE5",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/7cfe88a8e79a0b00_AAyHI2X[1].jpg",
"ssdeep": null,
"size": 6148,
"sha512": "57288c4a4ddd2ef3c656ac9775593915ba34650016f0704f8e2058fbe7566ee46ad1daf13d1c0f33d1e4defc3d1e46e195deabb77ccc8f1a088d202839be5d07",
"pids": [],
"md5": "7305ac324bc4f1651a0280a0158eabe7"
},
{
"yara": [],
"sha1": "9fcef491899f850c324f202f25af6cb2340c9ebd",
"name": "3407bf7a66cb388a_AAyHdfM[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\AAyHdfM[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 311x333, frames 3",
"sha256": "3407bf7a66cb388a99068067917116801d7bc3120dbab3f3a9d25cb3bd6e0e8f",
"urls": [],
"crc32": "8DE37FDB",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/3407bf7a66cb388a_AAyHdfM[1].jpg",
"ssdeep": null,
"size": 14066,
"sha512": "8e8a8b533b7dc6d682125191e027f8fa7b3d8d5c8fef99f721cc92717d8c3306593e6751f299d25ef9b5a37f6f3c241094ab3d7ed34cd779ad27aa867b16fe50",
"pids": [],
"md5": "3f5fa0f0b0a2c0134d0daf308c0ea9d4"
},
{
"yara": [],
"sha1": "c8f6956fa86f4e9cf71599b735e28860245ae4b5",
"name": "66d1c00c04d86e31_except-flashsubdoc-digest256.sbstore",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flashsubdoc-digest256.sbstore",
"type": "data",
"sha256": "66d1c00c04d86e313e9a02775cdf906b1be8d4cd6bef423a1b9e21cc4e9f50c1",
"urls": [],
"crc32": "4BD3414C",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/66d1c00c04d86e31_except-flashsubdoc-digest256.sbstore",
"ssdeep": null,
"size": 304,
"sha512": "582d7f28f41e6a7a5f882d15ec1f48d0be57dc63e1a0d6e6a8bbd442a3ac27e38e0c3fdb3e1c30f416c41649391afde61f8079844b61a4995e0ab34d6cc8e745",
"pids": [],
"md5": "ba0009932844173bc8f9af264229df24"
},
{
"yara": [],
"sha1": "bc33c17a65bb4f1f8f17de50f3cb541a9c82be8f",
"name": "f3d99dd904a6b9da_AAwGw6j[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\AAwGw6j[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 311x333, frames 3",
"sha256": "f3d99dd904a6b9dac7351288eae3e69956ee954fbb3764dcf8806608071b9da5",
"urls": [],
"crc32": "9927704F",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/f3d99dd904a6b9da_AAwGw6j[1].jpg",
"ssdeep": null,
"size": 15180,
"sha512": "791938ad2eb5291a83d49b40088e937994a34f25225c814dd0819a7d3acc2fc41ced3f56ce92a6bc51bcf17498bd71720151c7dc6a6cfb5d742db9dfaa77b4e3",
"pids": [],
"md5": "effbb059470e702c3f1548fef6ca31b9"
},
{
"yara": [],
"sha1": "f8e4bd154174f0894c0c61156f1b00fc79369ab1",
"name": "51b12939c8beaf5c_BBz3ebk[1].png",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\BBz3ebk[1].png",
"type": "PNG image data, 16 x 16, 8-bit\/color RGBA, non-interlaced",
"sha256": "51b12939c8beaf5c83119168b3e57dce0eb7335d2c5d330604ece21733f4c67b",
"urls": [],
"crc32": "B11F73A1",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/51b12939c8beaf5c_BBz3ebk[1].png",
"ssdeep": null,
"size": 876,
"sha512": "5c7cc45df659fd58564a28f5f1d7b7101fa3e16de2f3d581cf14a5e40b7966e78d536d97f90abedd3566262b6407cb103f216f3ca1ffd75c4c1222249d39bd2b",
"pids": [],
"md5": "75012c47c002d55b49315ee3d3c18ccf"
},
{
"yara": [],
"sha1": "bafb941e2a6898aad4a43d7a09369a39e35ce327",
"name": "ff6dba4db494d9f7_7129FF815464CD6B0D2D26BA6F4172DEB37EEEAD",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\7129FF815464CD6B0D2D26BA6F4172DEB37EEEAD",
"type": "data",
"sha256": "ff6dba4db494d9f7ef1b9146bc324ed1f13157b21d5216f8b0c1e221b02aa178",
"urls": [
"https:\/\/www.google.com\/complete\/search?client=firefox"
],
"crc32": "1E24B9D4",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/ff6dba4db494d9f7_7129FF815464CD6B0D2D26BA6F4172DEB37EEEAD",
"ssdeep": null,
"size": 7018,
"sha512": "0c41510e5182d77e4234cd4271ca42109bd52367ef5f4c83f60f7c3fa9d4b52395fb29e24cd9feadeacfe393f5eea8eec73d3ad08a4e78e0ebba8c8c02a88d84",
"pids": [],
"md5": "196e04ac224e54749c09e733a62c6f0d"
},
{
"yara": [],
"sha1": "17f4098d5421bf2fc5a949cedde150c678743c21",
"name": "12513f06d87360b6_AAyDNV6[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\AAyDNV6[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 100x75, frames 3",
"sha256": "12513f06d87360b6cab47b1c655c20581696315a9a83810baea449e9d37ef259",
"urls": [],
"crc32": "24B3C481",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/12513f06d87360b6_AAyDNV6[1].jpg",
"ssdeep": null,
"size": 2509,
"sha512": "69854770da2ead3f69a147375830df6d7da01c394c8e1defcbb21010d9ae3b40051a648874d2c3b8dbab31818f9fb1ffb963035dc0039b5f33614ff6f4297ebd",
"pids": [],
"md5": "c19a062ed988fd86dbe48581c946b84c"
},
{
"yara": [],
"sha1": "02a8cd9881bf7d6b0b2ee61df514d60511becad1",
"name": "f73fd83d2ea6eaf5_AAyG7xi[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\AAyG7xi[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 300x194, frames 3",
"sha256": "f73fd83d2ea6eaf5be516bd59666feb9f99b79c90b64e17ea714a0274155c059",
"urls": [],
"crc32": "E6348106",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/f73fd83d2ea6eaf5_AAyG7xi[1].jpg",
"ssdeep": null,
"size": 9741,
"sha512": "c01e89ac12bbd06bce73304d1d01ad9842acdd04b0cbd3b80d04b172ac4d3898c1ff4358b5b9c2a1e8cabbffe6571ef5508db2305ce2d4859c117d47d8161701",
"pids": [],
"md5": "8401957a810aef62908f89779bfe72e5"
},
{
"yara": [],
"sha1": "6127d10341032934c8520ac1fcbc2fd7b789e6a6",
"name": "c2c434c2c319e794_AAiEGxc[1].png",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\AAiEGxc[1].png",
"type": "PNG image data, 16 x 16, 8-bit\/color RGBA, non-interlaced",
"sha256": "c2c434c2c319e79480bbd5a67f92598fcca27cd8634d63dbb9b6a8181689e9e7",
"urls": [],
"crc32": "E5CF5BC6",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/c2c434c2c319e794_AAiEGxc[1].png",
"ssdeep": null,
"size": 877,
"sha512": "9421ec56dfa4f329d660674c2044b7d834cc4721850cdfc4d9b48919c1431f7975a739f6826a9ec9c77519689a34fe1bc5bfca9afc7d5c027e9fe7637ea48cf4",
"pids": [],
"md5": "8a5f83c1bf66b41a12d448edcbc7b490"
},
{
"yara": [],
"sha1": "8ee63fa6e0de06e4f44e210456b098cac34eb1ba",
"name": "76b2fea9f4ce5a33_AAyGdpn[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\AAyGdpn[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 310x166, frames 3",
"sha256": "76b2fea9f4ce5a33e216149218861837df8f4b11af08bfd2d9831b2f707207c0",
"urls": [],
"crc32": "33A0A1BA",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/76b2fea9f4ce5a33_AAyGdpn[1].jpg",
"ssdeep": null,
"size": 7555,
"sha512": "588f432ac60d73741656aeae53fc6e7732800c600e0825b8ab41ece94575cdc0463358176e8d4331fd3d52d5ed18815ff71d3b3ecd80d168fc703f01a4d8a75f",
"pids": [],
"md5": "5d0be5db7f5fe8da38d8af112f84bf72"
},
{
"yara": [],
"sha1": "233fcdfa319ec31c8d0d96241fdc323309c065b0",
"name": "37865555281df8de_AAyGjmK[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\AAyGjmK[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 100x75, frames 3",
"sha256": "37865555281df8de3f3c46b6d2db668f0bdb8f549c480c89cfd37b555391bb3d",
"urls": [],
"crc32": "116C5F73",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/37865555281df8de_AAyGjmK[1].jpg",
"ssdeep": null,
"size": 2430,
"sha512": "15e5f04ded8ed446ab789d7b7102421d047fcc782179abec6028713db1cb622054664baa2e0616adcd65d23fb6075497b9e8202c420166d32e5e67428cbdd32d",
"pids": [],
"md5": "1889f0285b6bce56a1eb75d6d082f3e2"
},
{
"yara": [],
"sha1": "3a85e01028c713e231e4864dde526a09b0cb8e7e",
"name": "ed6cfea479c1d536_48d809c9[1].js",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\48d809c9[1].js",
"type": "ASCII text, with very long lines, with no line terminators",
"sha256": "ed6cfea479c1d536b10665eb902fac36380b4cc7932ccae18596841ceb06d805",
"urls": [],
"crc32": "ACA215D6",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/ed6cfea479c1d536_48d809c9[1].js",
"ssdeep": null,
"size": 12583,
"sha512": "ca542032068511937debb9b4071dc54c256ebc8390fa705c6abb824cc5afb509c5f3e8549113b3d6164dede28090430dda713b7dad9c670a8bd3a486810fc781",
"pids": [],
"md5": "7ab47b1372167595988ba51716099d21"
},
{
"yara": [],
"sha1": "2e06305f05829c170a2196979fdb67f9dcd1007c",
"name": "e7034abba07c9eb4_BBoqF0J[1].png",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\BBoqF0J[1].png",
"type": "PNG image data, 16 x 16, 8-bit\/color RGBA, non-interlaced",
"sha256": "e7034abba07c9eb4548b8eb07d7f2b1a69e599dadc199966e58061512123957d",
"urls": [],
"crc32": "7DE3A9D4",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/e7034abba07c9eb4_BBoqF0J[1].png",
"ssdeep": null,
"size": 560,
"sha512": "ec8daad5b176599c7ee99896311e1918aa975cd2917e18b0fe0efe2d3a4e42a544e9798b2c11e44358fad9f237401a668be15c4b1fb15c7311eb498460376105",
"pids": [],
"md5": "01372bcdde3a82bacfd4adc70bdf8a09"
},
{
"yara": [],
"sha1": "cf95a34a5f2e42257d893c482098ff781701cdb4",
"name": "5a84a9b6d628baa5_PpSTkvuT.dll",
"filepath": "C:\\Program Files (x86)\\oFLcWER\\PpSTkvuT.dll",
"type": "PE32 executable (DLL) (GUI) Intel 80386, for MS Windows",
"sha256": "5a84a9b6d628baa5f4eecc6a06cd2113514f8292eb98761fad0afc2076ba3475",
"urls": [],
"crc32": "040CF87B",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/5a84a9b6d628baa5_PpSTkvuT.dll",
"ssdeep": null,
"size": 7824,
"sha512": "00c143904c8a346ab0dbe04dd23b29b9eb5111409135317a37ff607e71892d35349fd0ccadabe19a809cafe3fc22e068d1edf36423ff7acf715f5a6032c3f053",
"pids": [
2628
],
"md5": "372217f855daef28deb54975c9001014"
},
{
"yara": [],
"sha1": "c4f5a9bff830a4144b0054c92c47de2dda959149",
"name": "600a737094ad98a6_2361C75DF0C4148925BB777DAFEA1BF4F9552B47",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2361C75DF0C4148925BB777DAFEA1BF4F9552B47",
"type": "gzip compressed data, from Unix",
"sha256": "600a737094ad98a66bd1bab7e36fff0745b78f159d4e33d0504d104990ef4a57",
"urls": [
"https:\/\/accounts-static.cdn.mozilla.net\/bundle-7ca432f78deff0314215bd9383f78d6bf4618498\/appDependencies.bundle.js",
"https:\/\/accounts.firefox.com"
],
"crc32": "0CE7AD26",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/600a737094ad98a6_2361C75DF0C4148925BB777DAFEA1BF4F9552B47",
"ssdeep": null,
"size": 84640,
"sha512": "0d3b8118a6cdf08ef93ae66c081d4ed0a26468ad68997cab39b126591b69df68c7dc26a4619b0ff3a64deffdb4a122a7fe356a7d0f41e42fc97d5db826cc4a66",
"pids": [],
"md5": "1de99f990fa5d2035b0505335c88472b"
},
{
"yara": [],
"sha1": "06702745fb69bf87c37c2022221211a62ad01955",
"name": "5ccb644507f4af84_AAbmT59[1].png",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\AAbmT59[1].png",
"type": "PNG image data, 16 x 16, 8-bit\/color RGBA, non-interlaced",
"sha256": "5ccb644507f4af84e223435fc2cc8a7d3c6a026146cd1d8091bef262840df2eb",
"urls": [],
"crc32": "95A9199A",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/5ccb644507f4af84_AAbmT59[1].png",
"ssdeep": null,
"size": 657,
"sha512": "cc79015acfd075dd2d936783bfce7aa7e2344cc2692749fbbfb1ab85e7763a0979968917db5a011c71ddc1f03a1fcc91d94a16cc029fb10b54c7fd627bcb62a8",
"pids": [],
"md5": "466ae6d70a0db0c9264228ec49894a18"
},
{
"yara": [],
"sha1": "79e5847d13d757c057d001a9ca0772616a5d7f02",
"name": "2ab9ad67f3887af1_AAyH4gY[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\AAyH4gY[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 800x800, segment length 16, baseline, precision 8, 100x75, frames 3",
"sha256": "2ab9ad67f3887af1b2f733adf61e5968c67abc4225301218e2d473339336e003",
"urls": [],
"crc32": "835C8D10",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/2ab9ad67f3887af1_AAyH4gY[1].jpg",
"ssdeep": null,
"size": 2274,
"sha512": "a5edffeeca1b14b1432f3b388f969cb63158d93c5ce269ebea752a958e84fd5a801157ecda533283f228d0e344e8c72223f7ba1fe3e6ee73858840c58bc1e8dc",
"pids": [],
"md5": "2660243986f8ea5eb04a0dc9d3e63e50"
},
{
"yara": [],
"sha1": "f665b947027b0b1da6dc3aa2b00e0cf8139d4917",
"name": "b0568340083c1ada_BFF1B70350A6A2E0FDC6CD336ADB9119D951BACD",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\BFF1B70350A6A2E0FDC6CD336ADB9119D951BACD",
"type": "gzip compressed data, from Unix",
"sha256": "b0568340083c1adaaaca95440c41de97f25731d7b692ed668dcb1ea5612f9158",
"urls": [
"https:\/\/report-uri.cloudflare.com\/cdn-cgi\/beacon\/expect-ct",
"https:\/\/www.mozilla.org\/media\/css\/BUNDLES\/pebbles.03d45fb8fff9.css"
],
"crc32": "17898BE4",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/b0568340083c1ada_BFF1B70350A6A2E0FDC6CD336ADB9119D951BACD",
"ssdeep": null,
"size": 17348,
"sha512": "c429d29e1999ee9af71fe876a1510d0d04d0cabd48801516f52260d260eaa3d95396206564b7481294714d9bfaa9955c512f7abc38e1b75cd1e1ef4d06701ebe",
"pids": [],
"md5": "cb208929882088e6790a7ef789aa4c8f"
},
{
"yara": [],
"sha1": "b54b14b8a9daa2e1c372e7218e72c6f748775085",
"name": "78e6d92516787ae0_8C98F893C7DC5F2C401AD1482A81572B54197408",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\8C98F893C7DC5F2C401AD1482A81572B54197408",
"type": "PNG image data, 19 x 11, 8-bit\/color RGBA, non-interlaced",
"sha256": "78e6d92516787ae05ccae500375c64df3d38aa4395210ac0658c30d2a0dc68e1",
"urls": [
"https:\/\/www.gstatic.com\/inputtools\/images\/tia.png"
],
"crc32": "DC8A6651",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/78e6d92516787ae0_8C98F893C7DC5F2C401AD1482A81572B54197408",
"ssdeep": null,
"size": 9638,
"sha512": "4392ed372aa432909a67c593342cb17a5b37ecb95a068616759e66d88e306102eb4e575db0ce36c2cb2b0f7e8acdbf63e1bc2c4ed6fde3cc2d4001ea14c4507b",
"pids": [],
"md5": "59c6c0fe00c7332779f2c00f7b4bfe70"
},
{
"yara": [],
"sha1": "538613044bc1c3a70e01b7521f965d7a4e53b762",
"name": "fd227cc58fa34f0f_D5E6BECED2D69F7DA21EFD7B80D6C386F459CAF3",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D5E6BECED2D69F7DA21EFD7B80D6C386F459CAF3",
"type": "data",
"sha256": "fd227cc58fa34f0fcddd49e68082f41e53097d0ced47aa93ca1ba4e89d8fcec5",
"urls": [
"https:\/\/www.python.org\/dev\/peps\/peps.rss\/",
"https:\/\/www.python.org\/favicon.ico",
"http:\/\/browsehappy.com\/",
"https:\/\/www.python.org\/psf\/codeofconduct\/",
"https:\/\/ssl",
"https:\/\/www.python.org\/static\/opengraph-icon-200x200.png",
"https:\/\/feeds.feedburner.com\/PythonSoftwareFoundationNews",
"https:\/\/github.com\/python\/pythondotorg\/issues",
"https:\/\/devguide.python.org\/",
"http:\/\/pyfound.blogspot.com\/",
"http:\/\/planetpython.org\/",
"http:\/\/plus.google.com\/",
"https:\/\/wiki.python.org\/moin\/PythonBooks",
"https:\/\/mail.python.org\/mailman\/listinfo\/python-dev",
"http:\/\/www.google.com\/chromeframe\/?redirect=true",
"https:\/\/www.python.org\/",
"https:\/\/docs.python.org\/3\/license.html",
"http:\/\/www",
"https:\/\/wiki.python.org\/moin\/BeginnersGuide",
"http:\/\/www.facebook.com\/pythonlang?fref=ts",
"https:\/\/pypi.python.org\/",
"https:\/\/docs.python.org",
"http:\/\/pycon.blogspot.com\/",
"http:\/\/python.org\/dev\/peps\/",
"http:\/\/twitter.com\/ThePSF",
"https:\/\/www.python.org\/search\/?q=",
"https:\/\/wiki.python.org\/moin\/PythonEventsCalendar",
"https:\/\/bugs.python.org\/",
"https:\/\/docs.python.org\/faq\/",
"https:\/\/www.python.org\/jobs\/feed\/rss\/",
"http:\/\/wiki.python.org\/moin\/Languages",
"https:\/\/status.python.org\/",
"https:\/\/feeds.feedburner.com\/PythonInsider",
"http:\/\/schema.org",
"http:\/\/legacy.python.org\/favicon.ico",
"http:\/\/www.ie6countdown.com\/",
"https:\/\/wiki.python.org\/moin\/",
"http:\/\/brochure.getpython.info\/"
],
"crc32": "98F6A7F1",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/fd227cc58fa34f0f_D5E6BECED2D69F7DA21EFD7B80D6C386F459CAF3",
"ssdeep": null,
"size": 42990,
"sha512": "3da30226ff9d0761e84d0bb1699e6aab6164c3654c7b0e0807561a27e5cc062b757b0bf872a40b3372891dfab34eccfe7c641bfaca2766af4c5f42f6d7321d27",
"pids": [],
"md5": "80b76b5c0432178681d7cd989f5f5d49"
},
{
"yara": [],
"sha1": "47e9da919b56a1a7f88242a0bad87939d1ace28d",
"name": "1fbda29a238fb696_AAmV9I7[1].png",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\AAmV9I7[1].png",
"type": "PNG image data, 16 x 16, 8-bit\/color RGBA, non-interlaced",
"sha256": "1fbda29a238fb69641f3d3fae652b761b933420d42d61ae9d057f18acc262126",
"urls": [],
"crc32": "19AF2ABC",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/1fbda29a238fb696_AAmV9I7[1].png",
"ssdeep": null,
"size": 660,
"sha512": "bfcbab9d01a5665fa367c853f252f74adebfeeca9494d224207371ede381392409b3bf7abe1345f24ccc3ac0a3540d2a3c733af3e707dfa123538d157ff4b7b9",
"pids": [],
"md5": "d28e0b05b575cd45ec362232fbc1a862"
},
{
"yara": [],
"sha1": "3a4f7d067116674f85d749483ca020d751bebac5",
"name": "95b9781944fc911e_53B7A8254D12E292946E4514B3D598C1E6539AE8",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\53B7A8254D12E292946E4514B3D598C1E6539AE8",
"type": "data",
"sha256": "95b9781944fc911e85f25a4aeab12ead69b87e10b444e7f5045dee1a9fb69926",
"urls": [
"https:\/\/www.google.com\/gen_204?atyp=i"
],
"crc32": "46D9BD08",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/95b9781944fc911e_53B7A8254D12E292946E4514B3D598C1E6539AE8",
"ssdeep": null,
"size": 6899,
"sha512": "31792c9e90d59fc9397d241c50e0f140d74563b7761a30e477d7fa2a380abeba83b6e79e7b9104fdfe49cfe2eaef00eff8dd7e46816d223f18197bd1641e4710",
"pids": [],
"md5": "e1f2bf44b61dda53c5d7d035c2278db5"
},
{
"yara": [],
"sha1": "59d0bf7a4e70f82117332718d682c4279bdb8436",
"name": "c5405782fa7c382a_AAtg4eQ[1].png",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\AAtg4eQ[1].png",
"type": "PNG image data, 300 x 194, 8-bit\/color RGBA, non-interlaced",
"sha256": "c5405782fa7c382a0136f25777e5ab75675a86faeb6638f783506a6273cf5f04",
"urls": [],
"crc32": "592102FE",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/c5405782fa7c382a_AAtg4eQ[1].png",
"ssdeep": null,
"size": 82193,
"sha512": "8f6ab5bdf54154b1316f4d134688db1ec79bd3007aa9f68a06c9b98cca3cd27a221e77ab14239579d186fb0c6859a254576624514faa7c79e0333c2ca73ba2b2",
"pids": [],
"md5": "0e69141b31f2943712bfb72d915c68f0"
},
{
"yara": [],
"sha1": "57dc6c70b0f85e78c87dbc2d1f215292ef327b96",
"name": "a776c2740c98f36d_9548F9611999ED8CA357720E12017816424CFB6F",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\9548F9611999ED8CA357720E12017816424CFB6F",
"type": "gzip compressed data, from Unix",
"sha256": "a776c2740c98f36d2b691670f7f11ed2b5f6034172bf0de7a15b4a00d54ac80f",
"urls": [
"https:\/\/normandy-cloudfront.cdn.mozilla.net\/api\/v1\/action\/preference-experiment\/implementation\/sha384-LHdF9eVsBLvCCBfyE4FzxQrmNVL0R-U3zNHArO_GHuxW8L8O9btaUPJlVccvntoX\/",
"https:\/\/normandy-cloudfront.cdn.mozilla.net\/"
],
"crc32": "64542608",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/a776c2740c98f36d_9548F9611999ED8CA357720E12017816424CFB6F",
"ssdeep": null,
"size": 10704,
"sha512": "899b8f904543ff089adf4a80d1752bb691ed07b03b0ef529c93dcb476555a33859b9e816f4d06240801e68f8ae999f4364931567ea835db068a2ae02ca913b79",
"pids": [],
"md5": "db313d8313f4e930b09e0c8684a626b0"
},
{
"yara": [],
"sha1": "2d2bebf848d1a80c7018602f1b47c4fb6e36f35e",
"name": "264d68279c196e87_4945586D32183A203E85FAFFD463A7684FD62668",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4945586D32183A203E85FAFFD463A7684FD62668",
"type": "data",
"sha256": "264d68279c196e874eab9fbf82b3fbda716aece2bb259593495cfc40901c47b5",
"urls": [
"http:\/\/ocsp.pki.goog\/GTSGIAG3"
],
"crc32": "B2D57A22",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/264d68279c196e87_4945586D32183A203E85FAFFD463A7684FD62668",
"ssdeep": null,
"size": 1150,
"sha512": "13b70eaf48f82b181501f3207b5595d0c41f26ec652510bd7a750bee47c2a8c658967a50f3140abdbf3ab76cbbb23b44693fff8be481bc79b1ca206b1ca757bd",
"pids": [],
"md5": "a7e362db6363fd20c43bee92eee8d3e0"
},
{
"yara": [],
"sha1": "ab3ff780af5432d43bdfb40beddc1ad379053967",
"name": "792d5f39058851b4_hloaliqvg.dll",
"filepath": "c:\\windows\\gaabpi\\hloaliqvg.dll",
"type": "PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, UPX compressed",
"sha256": "792d5f39058851b4cc8633f343ab20a0c314f741160841f0cfd87762fb938b91",
"urls": [],
"crc32": "FF9EB300",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/792d5f39058851b4_hloaliqvg.dll",
"ssdeep": null,
"size": 486400,
"sha512": "75fa5191369d205e780b6842a2c5c3bb22ab32a5d5aa25df71da4abd0c782de0037530ebb44174fe15cc71b07eaebdefdfbf4f514bcc5784f637720e65fbdc7a",
"pids": [
2628
],
"md5": "1f98bf83f5d2d2f2aefde27dd93cbf24"
},
{
"yara": [],
"sha1": "f99f5a6072653c14cc6c13986e8a0b0413f94bba",
"name": "269120e4f17eb6f8_AAyGdND[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\AAyGdND[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 100x75, frames 3",
"sha256": "269120e4f17eb6f86e835fd0b1e24e0b786ace0ea582e69d51ff03e6881b3abd",
"urls": [],
"crc32": "F77CAB70",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/269120e4f17eb6f8_AAyGdND[1].jpg",
"ssdeep": null,
"size": 2346,
"sha512": "04d2dc12bfec545b6dc45f03939d31f614e59a314709d82c8f5d96f3ba0073a7f051d82b557e41c71a0fa3fd40ad0af1c7aa0c2bc053bd77b12dadd68fdb5193",
"pids": [],
"md5": "06ad8e9dfeaf6aeb22b6f6435eb96d11"
},
{
"yara": [],
"sha1": "d2e0c4bed8da0cd3dba8683a35f6845048d75da6",
"name": "2f40fb5beb536ab5_oldIE-pebbles.b7e68dca9b65[1].css",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\oldIE-pebbles.b7e68dca9b65[1].css",
"type": "ASCII text, with very long lines, with no line terminators",
"sha256": "2f40fb5beb536ab50fe42e66c9337853f75beca37d570f6cc10ad7018e50beda",
"urls": [],
"crc32": "62032564",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/2f40fb5beb536ab5_oldIE-pebbles.b7e68dca9b65[1].css",
"ssdeep": null,
"size": 15004,
"sha512": "7abe30e114dabd4c99cb4b1e8dc2f0e7f1c4d8bd2e26f5b01e68a58eed13f1394835c9c7a9b6a188456185f8337fe5f7b4221ea689948134cb8209a2b14aa858",
"pids": [],
"md5": "b7e68dca9b65e52b1377daf4bd488118"
},
{
"yara": [],
"sha1": "2aeee71031d6e66bc40a1348082eac8bf523fa9d",
"name": "7b8bdcaf82014c60_AAyHgQO[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\AAyHgQO[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 310x166, frames 3",
"sha256": "7b8bdcaf82014c60829d584fa4aac6a714923cfed971b30ae9634d2a761cf7d9",
"urls": [],
"crc32": "6239E8C6",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/7b8bdcaf82014c60_AAyHgQO[1].jpg",
"ssdeep": null,
"size": 5819,
"sha512": "282e9c62ccc6be1c98dc1e6725414a5d57b52fb8308acb2539b64fd6bceda6427528c0410adfc0da613d1d56e0ed0a4d9f1900ca972331db660207720e81ccea",
"pids": [],
"md5": "2357d645a346d6cdcbcf91b1b8b3765a"
},
{
"yara": [],
"sha1": "95c40d7db6696f4e6d833b07003368f14990a297",
"name": "8fa616d435971441_en-US[1].htm",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\en-US[1].htm",
"type": "HTML document, UTF-8 Unicode text, with very long lines",
"sha256": "8fa616d43597144128357886b122f2d70f15415255c6597e1593d46611cd4e9b",
"urls": [
"https:\/\/www.mozilla.org\/pt-BR\/",
"https:\/\/www.mozilla.org\/mr\/",
"https:\/\/www.mozilla.org\/bg\/",
"https:\/\/download.mozilla.org\/?product=firefox-stub",
"https:\/\/www.mozilla.org\/tr\/",
"https:\/\/hacks.mozilla.org\/?utm_source=www.mozilla.org",
"https:\/\/www.mozilla.org\/zh-TW\/",
"https:\/\/www.mozilla.org\/sv-SE\/",
"https:\/\/www.mozilla.org\/nb-NO\/",
"https:\/\/www.mozilla.org\/ar\/",
"https:\/\/www.mozilla.org\/sk\/",
"https:\/\/github.com\/mozilla\/bedrock\/tree\/master\/bedrock\/mozorg\/templates\/mozorg\/home\/home-en.html",
"https:\/\/mozilla.org\/set_hsts.gif",
"https:\/\/www.mozilla.org\/ml\/",
"https:\/\/www.mozilla.org\/ta\/",
"https:\/\/www.mozilla.org\/ms\/",
"https:\/\/www.mozilla.org\/nl\/",
"https:\/\/www.mozilla.org\/media\/img\/mozorg\/mozilla-256.4720741d4108.jpg",
"https:\/\/getpocket.com\/",
"https:\/\/www.mozilla.org\/rm\/",
"https:\/\/addons.mozilla.org\/firefox\/?utm_source=www.mozilla.org",
"https:\/\/www.mozilla.org\/ka\/",
"https:\/\/bugzilla.mozilla.org\/show_bug.cgi?id=1122305",
"https:\/\/www.mozilla.org\/ia\/",
"https:\/\/www.mozilla.org\/sq\/",
"https:\/\/www.theverge.com\/2018\/4\/15\/17239548\/firefox-chrome-safari-competition",
"https:\/\/www.youtube.com\/firefoxchannel",
"https:\/\/blog.mozilla.org\/internetcitizen\/2018\/04\/25\/orlando-del-aguila\/?utm_source=www.mozilla.org",
"https:\/\/www.mozilla.org\/fa\/",
"https:\/\/www.mozilla.org\/cs\/",
"https:\/\/www.mozilla.org\/th\/",
"https:\/\/developer.mozilla.org\/?utm_source=www.mozilla.org",
"https:\/\/www.mozilla.org\/hu\/",
"https:\/\/www.mozilla.org\/ru\/",
"https:\/\/www.mozilla.org\/de\/",
"https:\/\/wiki.mozilla.org\/Webdev\/GetInvolved\/mozilla.org",
"https:\/\/twitter.com\/mozilla",
"https:\/\/games.mozilla.org\/?utm_source=www.mozilla.org",
"https:\/\/www.mozilla.org\/az\/",
"https:\/\/blog.mozilla.org\/",
"https:\/\/qz.com\/1287675\/china-is-exporting-facial-recognition-to-africa-ensuring-ai-dominance-through-diversity\/",
"https:\/\/blog.mozilla.org\/internetcitizen\/2018\/03\/23\/rebecca-ricks-documenting-corporate-surveillance\/?utm_source=www.mozilla.org",
"https:\/\/internethealthreport.org\/2018\/?utm_source=www.mozilla.org",
"https:\/\/blog.mozilla.org\/firefox\/?utm_source=www.mozilla.org",
"https:\/\/www.mozilla.org\/it\/",
"https:\/\/research.mozilla.org\/?utm_source=www.mozilla.org",
"https:\/\/www.mozilla.org\/ro\/",
"https:\/\/blog.mozilla.org\/internetcitizen\/2018\/04\/13\/we-need-to-talk-about-the-internet\/?utm_source=www.mozilla.org",
"https:\/\/blog.mozilla.org\/blog\/2018\/04\/17\/an-open-call-to-storytellers-make-something-amazing-with-virtual-reality-and-the-open-web\/?utm_source=www.mozilla.org",
"https:\/\/www.mozilla.org\/fi\/",
"https:\/\/www.mozilla.org\/hi-IN\/",
"https:\/\/www.mozilla.org\/en-GB\/",
"https:\/\/donate.mozilla.org\/en-US\/?presets=50",
"https:\/\/itunes.apple.com\/us\/app\/apple-store\/id989804926?pt=373246",
"https:\/\/support.mozilla.org\/kb\/firefox-osx",
"https:\/\/blog.mozilla.org\/?utm_source=www.mozilla.org",
"https:\/\/www.mozilla.org\/es-AR\/",
"https:\/\/www.mozilla.org\/ja\/",
"https:\/\/www.mozilla.org\/id\/",
"https:\/\/www.mozilla.org\/ca\/",
"https:\/\/www.mozilla.org\/pt-PT\/",
"https:\/\/www.wired.com\/story\/darpa-total-informatio-awareness\/",
"https:\/\/www.mozilla.org\/es-ES\/",
"https:\/\/blog.mozilla.org\/blog\/2018\/05\/08\/we-asked-people-how-they-feel-about-facebook-heres-what-they-said\/?utm_source=www.mozilla.org",
"https:\/\/www.mozilla.org\/et\/",
"https:\/\/blog.mozilla.org\/blog\/2018\/04\/12\/latest-firefox-for-ios-now-available-with-tracking-protection-by-default\/?utm_source=www.mozilla.org",
"https:\/\/www.mozilla.org\/contribute",
"https:\/\/support.mozilla.org\/?utm_source=www.mozilla.org",
"https:\/\/blog.mozilla.org\/blog\/2018\/04\/26\/enabling-social-experiences-using-mixed-reality-and-the-open-web\/?utm_source=www.mozilla.org",
"https:\/\/blog.mozilla.org\/blog\/2018\/06\/04\/mozilla-announces-225000-for-art-and-advocacy-exploring-artificial-intelligence\/?utm_source=www.mozilla.org",
"https:\/\/blog.mozilla.org\/internetcitizen\/2018\/05\/23\/gdpr-mozilla\/?utm_source=www.mozilla.org",
"https:\/\/www.mozilla.org\/an\/",
"https:\/\/irlpodcast.org\/episode14\/?utm_source=www.mozilla.org",
"https:\/\/www.mozilla.org\/fr\/",
"https:\/\/play.google.com\/store\/apps\/details?id=org.mozilla.firefox",
"https:\/\/www.mozilla.org\/cy\/",
"https:\/\/www.mozilla.org\/gu-IN\/",
"https:\/\/www.mozilla.org\/bs\/",
"https:\/\/www.mozilla.org\/eu\/",
"https:\/\/foundation.mozilla.org\/?utm_source=www.mozilla.org",
"https:\/\/www.mozilla.org\/ko\/",
"https:\/\/www.mozilla.org\/pl\/",
"https:\/\/vr.mozilla.org\/?utm_source=www.mozilla.org",
"https:\/\/careers.mozilla.org\/?utm_source=www.mozilla.org",
"https:\/\/blog.mozilla.org\/internetcitizen\/2018\/04\/11\/linet-kwamboka\/?utm_source=www.mozilla.org",
"https:\/\/www.mozilla.org\/hy-AM\/",
"https:\/\/www.mozilla.org\/sl\/",
"https:\/\/www.mozilla.org\/es-MX\/",
"https:\/\/www.mozilla.org\/da\/",
"https:\/\/careers.mozilla.org",
"https:\/\/www.mozilla.org\/gn\/",
"https:\/\/www.instagram.com\/mozilla\/",
"https:\/\/www.mozilla.org\/nn-NO\/",
"https:\/\/www.mozilla.org\/lt\/",
"https:\/\/blog.mozvr.com\/the-design-of-firefox-reality\/?utm_source=www.mozilla.org",
"https:\/\/blog.mozilla.org\/internetcitizen\/2018\/03\/05\/irl-holding-social-algorithms-accountable\/?utm_source=www.mozilla.org",
"https:\/\/support.mozilla.org\/kb\/install-firefox-linux",
"https:\/\/www.mozilla.org\/eo\/",
"https:\/\/blog.mozilla.org\/internetcitizen\/2018\/05\/11\/amanda-palmer-net-neutrality\/?utm_source=www.mozilla.org",
"https:\/\/www.fastcompany.com\/40572214\/why-mozillas-mitchell-baker-rejects-conventional-wisdom-on-data-and-privacy",
"https:\/\/download.mozilla.org\/?product=firefox-latest-ssl",
"https:\/\/www.mozilla.org\/sr\/",
"https:\/\/twitter.com\/firefox",
"https:\/\/getpocket.com\/?utm_source=www.mozilla.org",
"https:\/\/www.mozilla.org\/en-CA\/",
"https:\/\/www.mozilla.org\/uk\/",
"https:\/\/www.mozilla.org\/fy-NL\/",
"https:\/\/blog.mozilla.org\/firefox\/working-for-good-metalwood-salvage\/?utm_source=www.mozilla.org",
"https:\/\/www.mozilla.org\/es-CL\/",
"https:\/\/blog.mozilla.org\/internetcitizen\/2018\/06\/06\/the-today-show-mozilla-firefox-facebook-container\/?utm_source=www.mozilla.org",
"https:\/\/www.mozilla.org\/en-US\/",
"https:\/\/www.recode.net\/2018\/5\/30\/17385116\/mary-meeker-slides-internet-trends-code-conference-2018"
],
"crc32": "D3E55DC1",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/8fa616d435971441_en-US[1].htm",
"ssdeep": null,
"size": 122756,
"sha512": "f0d1e031c04ef38faf9595d6e797da3c3defd2033a57394899ee05324d9f0c61f44e8dd38a706061e5757823674dc21311c38485aa0529b19e21ef6c8422b2a7",
"pids": [],
"md5": "002aaf1bce2055431637d1b361cb3019"
},
{
"yara": [],
"sha1": "478fe1055631950e54317c33e4519b3b1811a5d6",
"name": "0fa34000859e9658_10822A86FA4EA4E601152426CBC79395A1336DF4",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\10822A86FA4EA4E601152426CBC79395A1336DF4",
"type": "data",
"sha256": "0fa34000859e9658a1ec06f815d82ec82a1ef671afb76e9aaeeb7b7b6131456e",
"urls": [
"https:\/\/www.google.com\/complete\/search?client=firefox"
],
"crc32": "71B300CA",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/0fa34000859e9658_10822A86FA4EA4E601152426CBC79395A1336DF4",
"ssdeep": null,
"size": 7020,
"sha512": "67f9f16f127fb1dc5cd886635efa06ed8dcba0b0a3d49592aa837af034bf70614e56ed91bbf604895b0943b69734392d1c9530f7ec4ef9f55110d6d618d6dd47",
"pids": [],
"md5": "58cbb0926d47401968ee2d24517ff2b5"
},
{
"yara": [],
"sha1": "d9dbb7bfde4c751b24606e9bd5037b10808f5b19",
"name": "875d93f0a8e0015a_fb2f644bcf6b36d8862a33041d87ddf0.png",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\thumbnails\\fb2f644bcf6b36d8862a33041d87ddf0.png",
"type": "PNG image data, 280 x 190, 8-bit\/color RGBA, non-interlaced",
"sha256": "875d93f0a8e0015a588effa355c19b3b1942aa845776faa16567d9309b47c418",
"urls": [],
"crc32": "6B19FE0F",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/875d93f0a8e0015a_fb2f644bcf6b36d8862a33041d87ddf0.png",
"ssdeep": null,
"size": 15044,
"sha512": "4a362132d42b996c26164900cf4a5fb400064926bca752ca65758fda181a72a7d170cb4b7d2a08e0e29a523d4c1e1656ac0229bd382a891f261a2a8839cfd0a5",
"pids": [],
"md5": "39801f77bbe9526602c670f382e96644"
},
{
"yara": [],
"sha1": "c2d7c256d7e51f4eee70acf7ce25b23199316bd7",
"name": "285b8646a4fd1389_745D8B14DE6A12F1FAB4E03C1DDDB18AADB91107",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\745D8B14DE6A12F1FAB4E03C1DDDB18AADB91107",
"type": "gzip compressed data, from Unix",
"sha256": "285b8646a4fd1389906a0b125713cd3761ad36931b59095a7324fdf5c0cb5b92",
"urls": [
"https:\/\/accounts-static.cdn.mozilla.net\/bundle-7ca432f78deff0314215bd9383f78d6bf4618498\/fxaClient.bundle.js",
"https:\/\/accounts.firefox.com"
],
"crc32": "1E0B85F5",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/285b8646a4fd1389_745D8B14DE6A12F1FAB4E03C1DDDB18AADB91107",
"ssdeep": null,
"size": 22767,
"sha512": "de0656841d0adc94b07ca3d7cfce0625e925455e90e87be848cf6c342cad7fe820db4ee056f14d7b5b862eff5a2dfe0e3912e9777a637ec40b4dee9be441a301",
"pids": [],
"md5": "7230b0ae479aaf77d238741919e5e3a3"
},
{
"yara": [],
"sha1": "e490faba758b55a04aa36dc469105ef81a1a1e80",
"name": "0c192cd3c1eed9ce_AAyHwI4[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\AAyHwI4[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 310x166, frames 3",
"sha256": "0c192cd3c1eed9ceedd74435c3eb4938846106e60643be383f3454c0e3b7f3db",
"urls": [],
"crc32": "043A586E",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/0c192cd3c1eed9ce_AAyHwI4[1].jpg",
"ssdeep": null,
"size": 9886,
"sha512": "2e598a61c87c24999c9d214442a7b226b4ba15814205a0a661cc50e7bb693438e73353c3a8e2517f6e1dff1012479af33397ccd15d325a07edb2875ee20f404e",
"pids": [],
"md5": "63ee8aa028d884bd62621a09962fef07"
},
{
"yara": [],
"sha1": "5e1335ba1d05c86e3d6c6838329770c3a5b6b1c7",
"name": "12ec28b2970610c2_AA8qzDM[1].png",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\AA8qzDM[1].png",
"type": "PNG image data, 16 x 16, 8-bit\/color RGBA, non-interlaced",
"sha256": "12ec28b2970610c25c46c0dd43cb23faedff6605b1ca913e3ff17a6393d2d959",
"urls": [],
"crc32": "41E5A85D",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/12ec28b2970610c2_AA8qzDM[1].png",
"ssdeep": null,
"size": 836,
"sha512": "ab13f5ac4e95d6357b165e97909ab9851046846a10f093666fad8d242326434bcce4a9d42748dccb6e74505df07ed39c296e5efaadf94e0b38ba30d298c66448",
"pids": [],
"md5": "229c7a66741ceca0ecbe1abd1aaf6c71"
},
{
"yara": [],
"sha1": "190f3bc536c9489c707ae31da32bf86947ea5d78",
"name": "2b124d4026850a3c_block-flash-digest256.sbstore",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\block-flash-digest256.sbstore",
"type": "data",
"sha256": "2b124d4026850a3cffd28dbacb58aec28f7dcd4d40bc14e52bbe96d60ce4e749",
"urls": [],
"crc32": "B946F265",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/2b124d4026850a3c_block-flash-digest256.sbstore",
"ssdeep": null,
"size": 7648,
"sha512": "0af17bd91464f26072f42bacfbb6ba72e68fa07b9d5801a92b14624cc51ebd00ab127272cecd8df6fe650fe07bf170fd6422d70c2e8cd8f9ad94bc11548446bd",
"pids": [],
"md5": "0e8fe60ccd7e9b4c32589a5743a95302"
},
{
"yara": [],
"sha1": "936ff1b461e2f0b1926d8b437e4d444680e3bf6a",
"name": "f59b8a1a4904e44b_6D0B804EDDF9F0A04ED44C3E1673404FC2EF042D",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\6D0B804EDDF9F0A04ED44C3E1673404FC2EF042D",
"type": "Web Open Font Format, flavor 65536, length 26392, version 1.0",
"sha256": "f59b8a1a4904e44b38bf69d8a28a93b518443234f43afba57fb6bd61b86c4d80",
"urls": [
"https:\/\/www.python.org\/static\/fonts\/SourceSansPro-Regular-webfont.woff"
],
"crc32": "7B870A44",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/f59b8a1a4904e44b_6D0B804EDDF9F0A04ED44C3E1673404FC2EF042D",
"ssdeep": null,
"size": 36567,
"sha512": "cec325b998b1598d79ad93898ec6546302a917e2a58c9469536c301d7aaf6519ad5ab5bd9b3506582460ec0306cb64fc11c5ac11c8691082485bc63b934da9df",
"pids": [],
"md5": "b2cb9d3e58b63a289048f6c139ac0934"
},
{
"yara": [],
"sha1": "ad7588d7ea519755c3ad6ab25362a5ee9bb057c8",
"name": "11e8a9b8968fb2aa_AAyH8rV[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\AAyH8rV[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 311x333, frames 3",
"sha256": "11e8a9b8968fb2aa47cf1d87501286910866efc6dde0579337fd7415e1d05901",
"urls": [],
"crc32": "158A4798",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/11e8a9b8968fb2aa_AAyH8rV[1].jpg",
"ssdeep": null,
"size": 11542,
"sha512": "49043a53c6cb1fe45b893f723cfd2286ebddc91b08c87b942e88a32799e1b9eafb4b2369298264aa91f16f5537a10dac2a19d38b95747460fc5ec2ce84aeb577",
"pids": [],
"md5": "4b4e5f77809855967b36bc4cb8e59a14"
},
{
"yara": [],
"sha1": "cac95fd2e7444c0d2e96b809afc4cda2df328145",
"name": "8bb56655ae9ead8f_AAa5VT3[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\AAa5VT3[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 100x75, frames 3",
"sha256": "8bb56655ae9ead8f5944dddf71be1358881914a7b357c9ee1400a7e67e3b4b27",
"urls": [],
"crc32": "D9D07B52",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/8bb56655ae9ead8f_AAa5VT3[1].jpg",
"ssdeep": null,
"size": 2768,
"sha512": "0acb85fe50b032ad7ef294ad46573ecdf374ec6eff066a0214f77a228120f41ba80a060c551e22ba02999db1dc310b0d7d2b350a56307d55cc1256d88dba7eff",
"pids": [],
"md5": "bad25d8c99abca349aab1bfe74ea6251"
},
{
"yara": [],
"sha1": "e2d5c61f2049e88c18ed162235a83b80a5384f11",
"name": "5799645bbece8899_AAyGuB1[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\AAyGuB1[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 100x75, frames 3",
"sha256": "5799645bbece8899b13a52054f84a32828be4f762cbfc305d4686069f9705bbc",
"urls": [],
"crc32": "86CBB7E1",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/5799645bbece8899_AAyGuB1[1].jpg",
"ssdeep": null,
"size": 2536,
"sha512": "ddbebb0cce069fa4c0e912f67323bcea15ceb4273087d0c544a2f9cc9a9af14f1c974f27256172e96cc07b02d76b9d1f2c3d4edcaa69e95592ef727e1acb6eda",
"pids": [],
"md5": "0a7cbb45709f01215e3459d7fdc60f81"
},
{
"yara": [],
"sha1": "4df430b4d63605e41855dbcb3837a189d4cc7604",
"name": "c0b3bc9b3dc507ab_except-flashallow-digest256.sbstore",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flashallow-digest256.sbstore",
"type": "data",
"sha256": "c0b3bc9b3dc507ab654caf72d13c3aefa58c9b13b1e4d14dd8816712d80a7e54",
"urls": [],
"crc32": "04D7CD3E",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/c0b3bc9b3dc507ab_except-flashallow-digest256.sbstore",
"ssdeep": null,
"size": 232,
"sha512": "ae7688d501a1f59d4c247ed57ba0547f6376748af57f554ba1b6de0ef358ed5868721886baf94813979b3a9968ec330ce11c41767e4af42db413efc9556c2e22",
"pids": [],
"md5": "6f85bc4b2ecb49e26b0bd83a821065d0"
},
{
"yara": [],
"sha1": "4ec5f325fff59a9367e5a7d666f955fa2efe392e",
"name": "2ea4e648eaffc254_BBnDMqr[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\BBnDMqr[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 311x333, frames 3",
"sha256": "2ea4e648eaffc254131655d295f0d8e55c36864640af979e78d8cdb750415e1d",
"urls": [],
"crc32": "3FE5CCD5",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/2ea4e648eaffc254_BBnDMqr[1].jpg",
"ssdeep": null,
"size": 9920,
"sha512": "fceea3eabb9f8977812c1deedb20ff7af54e530c184b52b4c98be5cc68b8dbcfc2ba6f4e21064dc47fde8650fa900736b03bc15bcb34e485329b9d9110bae840",
"pids": [],
"md5": "2d2319a2352a7cd53c6e910ee7722e85"
},
{
"yara": [],
"sha1": "ac3a6ea0aad5a2cd7912ace4e115bbb37b01b3fa",
"name": "abc26a771e79c3d5_2FD2E2A71F89E3A92F68CB796207228217259289",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2FD2E2A71F89E3A92F68CB796207228217259289",
"type": "data",
"sha256": "abc26a771e79c3d57e43156e1d11b249e7bfacf0fac139de4993b15f9de0e406",
"urls": [
"https:\/\/report-uri.cloudflare.com\/cdn-cgi\/beacon\/expect-ct",
"https:\/\/www.mozilla.org\/media\/fonts\/opensans-regular.668362de763a.woff2"
],
"crc32": "8806F046",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/abc26a771e79c3d5_2FD2E2A71F89E3A92F68CB796207228217259289",
"ssdeep": null,
"size": 57082,
"sha512": "2c83f0b6f23911ae07e055b8e005e687c47e4a280c52d193a519dbdc9b5370ffabbc43d811841b7288a34e1e949d710d81c66ca7c26d48e84a83e65fda52dc9a",
"pids": [],
"md5": "806cd6cbbf332e992ef873d277fdded5"
},
{
"yara": [],
"sha1": "a848deceb80f059b95541e2bdc7425763d4bae0e",
"name": "5b34333608aa7f00_AAyHqxT[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\AAyHqxT[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 300x194, frames 3",
"sha256": "5b34333608aa7f0089037dafa82fe2aba145c79f09f9e017b8275d47aaeb0257",
"urls": [],
"crc32": "9C2FB72E",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/5b34333608aa7f00_AAyHqxT[1].jpg",
"ssdeep": null,
"size": 8738,
"sha512": "515ba1e84cc0bdc6a153932fa49e8f9523a83d852d664a0173da5fa5b5b228700ee53c00c982da5be3fbc17e84dc29b3ccb76dd3dc7bd1305b78272d406a949b",
"pids": [],
"md5": "33f80cb38c227262055fe0eb010fe5f5"
},
{
"yara": [],
"sha1": "cff41abb0160a29d41b42c57115009a28c860388",
"name": "42096360ec350ba8_AAyEhUL[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\AAyEhUL[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 100x75, frames 3",
"sha256": "42096360ec350ba8f49c172b4396603c8a3f5e8273f9cc0f660f859c5915d9fe",
"urls": [],
"crc32": "5293FC29",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/42096360ec350ba8_AAyEhUL[1].jpg",
"ssdeep": null,
"size": 2129,
"sha512": "7163902d04d7e1a51c239ac1c1c8a8d1fed19af5298ae813ae05bd37a4a4425d26e04cc25109489758d8a2264700136513f4307273c2dda0977a5ebb7a4832bf",
"pids": [],
"md5": "35e0e4792deb61bbc0a4cad2148c484e"
},
{
"yara": [],
"sha1": "1a2e9d857f57c4cddd867a2a67eb1d46b2081b43",
"name": "5d099419861fa45c_AAyHa0Z[1].png",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\AAyHa0Z[1].png",
"type": "PNG image data, 100 x 75, 8-bit\/color RGBA, non-interlaced",
"sha256": "5d099419861fa45c8ec706ec98fe6a4a367e1dc4847a54c5ed6804cb89f4d8c6",
"urls": [],
"crc32": "7105847F",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/5d099419861fa45c_AAyHa0Z[1].png",
"ssdeep": null,
"size": 15975,
"sha512": "53cff3ae682e40122955bdb5eea37e650d831a09f6bd83c46f7fb1cce3b718c1d41b5f55244e4be1d05f69304596defdc69e74e96c27fee46ee7985e2ed26aa0",
"pids": [],
"md5": "c7bbd516d51e51d4ab63ae07e82c037b"
},
{
"yara": [],
"sha1": "bdecb51fed41f111cfb19c30e377aa165c0dd7e3",
"name": "8408968dae85e51e_mozstd-trackwhite-digest256.sbstore",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\mozstd-trackwhite-digest256.sbstore",
"type": "data",
"sha256": "8408968dae85e51ea6b0ca7123b0ddfd7425d3013ba311bb1cbe135fff0e5bda",
"urls": [],
"crc32": "D26AA5B7",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/8408968dae85e51e_mozstd-trackwhite-digest256.sbstore",
"ssdeep": null,
"size": 326032,
"sha512": "acda5c6344cc51e0921c116cb03395f8027f0e1077d5027ca4b6b33e2c1ab663c319eeab22d7ecf968702324bedc882f518bde7711cb140a059d7997580054cf",
"pids": [],
"md5": "bdaa2a3b4259ebf8dd87e5769b1bf3f4"
},
{
"yara": [],
"sha1": "bb69fd603b8aa18c7f36b1f741bcec5bb552f4fb",
"name": "1033942f45e5ee87_499B8F86D3D7ACD12153BFF4E7D9C21E20E57862",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\499B8F86D3D7ACD12153BFF4E7D9C21E20E57862",
"type": "gzip compressed data, from Unix",
"sha256": "1033942f45e5ee87b6427572a125888df4a314c0457104c5425026daafc1c83b",
"urls": [
"https:\/\/normandy.cdn.mozilla.net\/api\/v1\/action\/signed\/",
"https:\/\/normandy-cloudfront.cdn.mozilla.net\/"
],
"crc32": "CD81CAB8",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/1033942f45e5ee87_499B8F86D3D7ACD12153BFF4E7D9C21E20E57862",
"ssdeep": null,
"size": 11878,
"sha512": "aeaa91807c9056e881a5f1c38c030faf7d68e4017c9e049935ce390dac1057092e9e133d6f4d9a946666ff259465178b076c2be580ff0d3838b32f2aa435ae23",
"pids": [],
"md5": "c8acaff54a2ad11f07c7ad295442ad2b"
},
{
"yara": [],
"sha1": "b42c846fc1a53d35666eb8f7ae1eb178f53c5979",
"name": "b7b8201f58af95df_btn-google-play.77bdbc935c58[1].png",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\btn-google-play.77bdbc935c58[1].png",
"type": "PNG image data, 152 x 45, 8-bit colormap, non-interlaced",
"sha256": "b7b8201f58af95dfc8d37861c3d950a32db3412db70ac22c8d7aff0450fcfdfe",
"urls": [],
"crc32": "7DD8B567",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/b7b8201f58af95df_btn-google-play.77bdbc935c58[1].png",
"ssdeep": null,
"size": 2688,
"sha512": "59858e900dc07c3694714d80617a33b44efc7635fd525df24153e13d3a52f662b0ddbb4adbeb4801bf65fe52318a04ecad4660bfbd4a19235c0c9f8df22de9ae",
"pids": [],
"md5": "77bdbc935c583f6353bf55a29ee51fa6"
},
{
"yara": [],
"sha1": "55f1f304ba728ba7cd76aea5b1ea932fcc2bc15b",
"name": "0dfec11e648d2ed6_AA109EF5680522CB655C98111C00F5A6B7B092B2",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\AA109EF5680522CB655C98111C00F5A6B7B092B2",
"type": "HTML document, UTF-8 Unicode text, with very long lines, with CRLF, LF line terminators",
"sha256": "0dfec11e648d2ed6caeba5dc5ca5f6d58cbe65ce490cd8fb04018ebdfbe0aec8",
"urls": [
"http:\/\/docs.python.org\/",
"http:\/\/www.google.com\/chromeframe\/?redirect=true",
"http:\/\/browsehappy.com\/",
"http:\/\/hg.python.org\/cpython\/raw-file\/v2.3.2\/Misc\/NEWS",
"https:\/\/www.python.org\/psf\/codeofconduct\/",
"http:\/\/hg.python.org\/cpython\/raw-file\/v3.1.1\/Misc\/NEWS",
"http:\/\/hg.python.org\/cpython\/raw-file\/v3.1.5\/Misc\/NEWS",
"http:\/\/hg.python.org\/cpython\/raw-file\/v2.6\/Misc\/NEWS",
"http:\/\/pypi.python.org\/pypi",
"https:\/\/feeds.feedburner.com\/PythonSoftwareFoundationNews",
"https:\/\/github.com\/python\/pythondotorg\/issues",
"https:\/\/mail.python.org\/mailman\/listinfo\/python-dev",
"http:\/\/bugs.python.org",
"http:\/\/hg.python.org\/cpython\/raw-file\/v2.4.3\/Misc\/NEWS",
"http:\/\/hg.python.org\/cpython\/raw-file\/v2.3.6\/Misc\/NEWS",
"http:\/\/docs.python.org\/3\/license.html",
"http:\/\/hg.python.org\/cpython\/raw-file\/v2.5.4\/Misc\/NEWS",
"http:\/\/hg.python.org\/cpython\/raw-file\/v3.1\/Misc\/NEWS",
"http:\/\/hg.python.org\/cpython\/raw-file\/v2.7.8\/Misc\/NEWS",
"http:\/\/hg.python.org\/cpython\/raw-file\/v2.6.3\/Misc\/NEWS",
"http:\/\/hg.python.org\/cpython\/raw-file\/v2.5\/Misc\/NEWS",
"http:\/\/python.org\/dev\/peps\/",
"http:\/\/hg.python.org\/cpython\/raw-file\/v2.4.6\/Misc\/NEWS",
"http:\/\/hg.python.org\/cpython\/raw-file\/v2.2.1\/Misc\/NEWS",
"https:\/\/www.python.org\/dev\/peps\/pep-0478\/",
"http:\/\/wiki.python.org\/moin\/Languages",
"https:\/\/www.python.org\/ftp\/python\/2.7.15\/Python-2.7.15.tar.xz",
"https:\/\/hg.python.org\/cpython\/raw-file\/v2.7.12\/Misc\/NEWS",
"http:\/\/hg.python.org\/cpython\/raw-file\/v2.4.2\/Misc\/NEWS",
"https:\/\/hg.python.org\/cpython\/raw-file\/15c95b7d81dc\/Misc\/NEWS",
"https:\/\/wiki.python.org\/moin\/",
"http:\/\/hg.python.org\/cpython\/raw-file\/v3.2.2\/Misc\/NEWS",
"http:\/\/hg.python.org\/cpython\/raw-file\/v2.6.1\/Misc\/NEWS",
"http:\/\/hg.python.org\/cpython\/raw-file\/v2.4.5\/Misc\/NEWS",
"https:\/\/www.python.org\/static\/img\/landing-downloads.png?1414305901",
"http:\/\/www.opensource.org\/",
"http:\/\/www.facebook.com\/pythonlang?fref=ts",
"https:\/\/docs.python.org\/release\/3.3.1\/whatsnew\/changelog.html",
"https:\/\/www.python.org\/ftp\/python\/3.6.5\/python-3.6.5-macosx10.6.pkg",
"https:\/\/docs.python.org\/3.4\/whatsnew\/changelog.html",
"https:\/\/ssl",
"https:\/\/www.python.org\/static\/opengraph-icon-200x200.png",
"http:\/\/hg.python.org\/cpython\/raw-file\/v2.7.3\/Misc\/NEWS",
"https:\/\/www.python.org\/dev\/peps\/pep-0537\/",
"https:\/\/docs.python.org\/release\/3.3.7\/whatsnew\/changelog.html",
"https:\/\/www.python.org\/",
"http:\/\/hg.python.org\/cpython\/raw-file\/v2.6.5\/Misc\/NEWS",
"http:\/\/pycon.blogspot.com\/",
"https:\/\/docs.python.org\/release\/3.3.5\/whatsnew\/changelog.html",
"http:\/\/hg.python.org\/cpython\/raw-file\/v3.1.3\/Misc\/NEWS",
"https:\/\/hg.python.org\/cpython\/raw-file\/53d30ab403f1\/Misc\/NEWS",
"http:\/\/docs.python.org\/3\/download.html",
"http:\/\/hg.python.org\/cpython\/raw-file\/v2.6.9\/Misc\/NEWS",
"http:\/\/hg.python.org\/cpython\/raw-file\/v2.7.5\/Misc\/NEWS",
"https:\/\/docs.python.org",
"http:\/\/hg.python.org\/cpython\/raw-file\/v3.0\/Misc\/NEWS",
"http:\/\/hg.python.org\/cpython\/raw-file\/v2.7\/Misc\/NEWS",
"http:\/\/hg.python.org\/cpython\/raw-file\/v2.5.1\/Misc\/NEWS",
"http:\/\/twitter.com\/ThePSF",
"http:\/\/hg.python.org\/cpython\/raw-file\/v2.3.4\/Misc\/NEWS",
"http:\/\/hg.python.org\/cpython\/raw-file\/v2.5.3\/Misc\/NEWS",
"https:\/\/bugs.python.org\/",
"https:\/\/docs.python.org\/faq\/",
"https:\/\/www.python.org\/jobs\/feed\/rss\/",
"http:\/\/hg.python.org\/cpython\/raw-file\/v3.1.2\/Misc\/NEWS",
"http:\/\/hg.python.org\/cpython\/raw-file\/v2.7.1\/Misc\/NEWS",
"http:\/\/schema.org",
"https:\/\/www.python.org\/ftp\/python\/3.6.5\/python-3.6.5.exe",
"https:\/\/ssl.google-analytics.com\/ga.js",
"http:\/\/hg.python.org\/cpython\/raw-file\/v2.3.1\/Misc\/NEWS",
"https:\/\/www.python.org\/dev\/peps\/peps.rss\/",
"http:\/\/hg.python.org\/cpython\/raw-file\/v2.5.2\/Misc\/NEWS",
"http:\/\/hg.python.org\/cpython\/raw-file\/v2.6.2\/Misc\/NEWS",
"http:\/\/hg.python.org\/cpython\/raw-file\/v2.1.3\/Misc\/NEWS",
"http:\/\/hg.python.org\/cpython\/raw-file\/v2.7.7\/Misc\/NEWS",
"http:\/\/hg.python.org\/cpython\/raw-file\/v3.3.0\/Misc\/NEWS",
"https:\/\/www.python.org\/static\/js\/libs\/masonry.pkgd.min.js",
"http:\/\/hg.python.org\/cpython\/raw-file\/v3.2.3\/Misc\/NEWS",
"http:\/\/planetpython.org\/",
"http:\/\/plus.google.com\/",
"https:\/\/www.python.org\/dev\/peps\/pep-0429\/",
"http:\/\/hg.python.org\/cpython\/raw-file\/v2.3.5\/Misc\/NEWS",
"http:\/\/hg.python.org\/cpython\/raw-file\/v2.6.8\/Misc\/NEWS",
"http:\/\/hg.python.org\/cpython\/raw-file\/v2.6.7\/Misc\/NEWS",
"https:\/\/docs.python.org\/3\/license.html",
"https:\/\/wiki.python.org\/moin\/BeginnersGuide",
"http:\/\/hg.python.org\/cpython\/raw-file\/v3.2.5\/Misc\/NEWS",
"http:\/\/hg.python.org\/cpython\/raw-file\/v2.6.4\/Misc\/NEWS",
"http:\/\/hg.python.org\/cpython\/raw-file\/v2.5.5\/Misc\/NEWS",
"http:\/\/hg.python.org\/cpython\/raw-file\/v3.2\/Misc\/NEWS",
"http:\/\/hg.python.org\/cpython\/raw-file\/v3.0.1\/Misc\/NEWS",
"http:\/\/hg.python.org\/cpython\/raw-file\/v2.3.3\/Misc\/NEWS",
"https:\/\/wiki.python.org\/moin\/PythonEventsCalendar",
"http:\/\/hg.python.org\/cpython\/raw-file\/v2.6.6\/Misc\/NEWS",
"https:\/\/www.python.org\/static\/stylesheets\/mq.css",
"http:\/\/hg.python.org\/cpython\/raw-file\/v2.2.2\/Misc\/NEWS",
"https:\/\/status.python.org\/",
"http:\/\/hg.python.org\/cpython\/raw-file\/v2.4.4\/Misc\/NEWS",
"https:\/\/hg.python.org\/cpython\/file\/v3.3.6\/Misc\/NEWS",
"http:\/\/hg.python.org\/cpython\/raw-file\/v3.2.1\/Misc\/NEWS",
"http:\/\/www.gnupg.org\/",
"https:\/\/www.python.org\/static\/js\/main-min.js",
"https:\/\/www.python.org\/downloads\/",
"https:\/\/raw.githubusercontent.com\/python\/cpython\/84471935ed2f62b8c5758fd544c7d37076fe0fa5\/Misc\/NEWS",
"https:\/\/ajax.googleapis.com\/ajax\/libs\/jquery\/1.8.2\/jquery.min.js",
"http:\/\/hg.python.org\/cpython\/raw-file\/v2.5.6\/Misc\/NEWS",
"https:\/\/docs.python.org\/release\/3.3.3\/whatsnew\/changelog.html",
"https:\/\/docs.python.org\/release\/3.3.4\/whatsnew\/changelog.html",
"https:\/\/www.python.org\/static\/js\/libs\/modernizr.js",
"https:\/\/hg.python.org\/cpython\/file\/v3.2.6\/Misc\/NEWS",
"http:\/\/hg.python.org\/cpython\/raw-file\/v2.4.1\/Misc\/NEWS",
"http:\/\/hg.python.org\/cpython\/raw-file\/v2.7.4\/Misc\/NEWS",
"http:\/\/hg.python.org\/cpython\/raw-file\/15fc83c505e3\/Misc\/NEWS",
"https:\/\/devguide.python.org\/",
"http:\/\/pyfound.blogspot.com\/",
"http:\/\/hg.python.org\/cpython\/raw-file\/v2.2\/Misc\/NEWS",
"https:\/\/wiki.python.org\/moin\/PythonBooks",
"https:\/\/wiki.python.org\/moin\/EmacsEditor",
"http:\/\/www",
"https:\/\/pgp.mit.edu\/pks\/lookup?op=get",
"http:\/\/hg.python.org\/cpython\/raw-file\/v2.2.3\/Misc\/NEWS",
"https:\/\/github.com\/python\/pythondotorg\/issues\/1070",
"http:\/\/hg.python.org\/cpython\/raw-file\/v2.4\/Misc\/NEWS",
"https:\/\/hg.python.org\/cpython\/raw-file\/v2.7.13\/Misc\/NEWS",
"https:\/\/pypi.python.org\/",
"http:\/\/hg.python.org\/cpython\/raw-file\/v2.7.6\/Misc\/NEWS",
"http:\/\/hg.python.org\/cpython\/raw-file\/v3.2.4\/Misc\/NEWS",
"https:\/\/docs.python.org\/3.5\/whatsnew\/changelog.html",
"https:\/\/www.python.org\/search\/?q=",
"http:\/\/hg.python.org\/cpython\/raw-file\/v2.0.1\/Misc\/NEWS",
"http:\/\/hg.python.org\/cpython\/raw-file\/v2.3.7\/Misc\/NEWS",
"https:\/\/www.dcl.hpi.uni-potsdam.de\/people\/loewis\/mvl.asc",
"https:\/\/www.python.org\/dev\/peps\/pep-0373\/",
"http:\/\/hg.python.org\/cpython\/raw-file\/v3.1.4\/Misc\/NEWS",
"http:\/\/barry.warsaw.us\/barrypub-gpg.asc",
"https:\/\/docs.python.org\/3.6\/whatsnew\/changelog.html",
"https:\/\/feeds.feedburner.com\/PythonInsider",
"http:\/\/brochure.getpython.info\/",
"https:\/\/www.python.org\/ftp\/python\/3.6.5\/Python-3.6.5.tar.xz",
"http:\/\/www.ie6countdown.com\/",
"https:\/\/www.python.org\/dev\/peps\/pep-0494\/",
"https:\/\/www.python.org\/static\/stylesheets\/style.css",
"http:\/\/hg.python.org\/cpython\/raw-file\/v2.7.2\/Misc\/NEWS",
"https:\/\/docs.python.org\/release\/3.3.2\/whatsnew\/changelog.html",
"https:\/\/hg.python.org\/cpython\/raw-file\/v2.7.9\/Misc\/NEWS"
],
"crc32": "844A463D",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/0dfec11e648d2ed6_AA109EF5680522CB655C98111C00F5A6B7B092B2",
"ssdeep": null,
"size": 113990,
"sha512": "29b0e9a66b6768d4d9a7417cbccce3fade11a7f7f39d91f74be0b6b92e42897739c493617d7a53fb7ab2ae1db92647d591669f5b6731c89cca231fdb12865a1e",
"pids": [],
"md5": "52c22706219de2749a63d0882fb2e2a9"
},
{
"yara": [],
"sha1": "e0d98bc13e13a9d8746f19a3fad51264af95ae11",
"name": "6b7edfbfcd5f21a9_40e1b425[1].js",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\40e1b425[1].js",
"type": "UTF-8 Unicode text, with very long lines, with no line terminators",
"sha256": "6b7edfbfcd5f21a9db2a481d0fc00059dc4125a57b835f6987953f065b6b7bdb",
"urls": [],
"crc32": "E06D75F1",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/6b7edfbfcd5f21a9_40e1b425[1].js",
"ssdeep": null,
"size": 1566,
"sha512": "cd441b4a5b442d950bef422e1409ed3ac0f70466de6ffbfde7f2755ea0e3e47cebccfbfcea29671a7f6e073098f6071fe45cecf569f8f9a315264a7d19972c40",
"pids": [],
"md5": "8aa44a43984d65ffc6df173e6e7b5aa7"
},
{
"yara": [],
"sha1": "d743fcce1cbea63b952257199a5d97b0b899bb6f",
"name": "796db5be7271acdc_25FCAA86CF448D2943B56A5788C3C21E5EA8DBC4",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\25FCAA86CF448D2943B56A5788C3C21E5EA8DBC4",
"type": "gzip compressed data, from Unix",
"sha256": "796db5be7271acdc1538de356f6fa3c1d791e4f2c528e179c27669c63aabd84f",
"urls": [
"https:\/\/www.mozilla.org\/media\/js\/BUNDLES\/firefox_firstrun_quantum.d1700ebe473a.js",
"https:\/\/report-uri.cloudflare.com\/cdn-cgi\/beacon\/expect-ct"
],
"crc32": "2DC198A1",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/796db5be7271acdc_25FCAA86CF448D2943B56A5788C3C21E5EA8DBC4",
"ssdeep": null,
"size": 12415,
"sha512": "f6161fe2e72f1f0b10aa0dadbc3255f9d489019dfe02e691c7d3fcac498515884ec649a821dc895408297b6d419d61ffd35da2a4ece4b1dc7540e45833b78518",
"pids": [],
"md5": "dbcdb30b70bab6249335f318b95279fb"
},
{
"yara": [],
"sha1": "0a5df08ecc1d2540555776868e9672762fcc0575",
"name": "662aa553a97adc55_mscc-0.4.0.min[1].js",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\mscc-0.4.0.min[1].js",
"type": "ASCII text, with very long lines, with no line terminators",
"sha256": "662aa553a97adc55c999df1d21afcc6799f1f316baf979b352ae48cc10c5375d",
"urls": [
"https:\/\/uhf.microsoft.com\/_log"
],
"crc32": "4EF09425",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/662aa553a97adc55_mscc-0.4.0.min[1].js",
"ssdeep": null,
"size": 3487,
"sha512": "875d5928de87d56cc139a2a5a54a367d44d189bc7b1fa9db7d67f5255efedef87753c08f71f5063316cdc12c54e511e76a1ea62f7ebc9ac7c3ab13c42087f4a6",
"pids": [],
"md5": "2a57dd83e776de01d8ff1590604b872f"
},
{
"yara": [],
"sha1": "802b66248904baeb03e6c7e1bd989ef7ea9ff036",
"name": "1cb1d87c2469e443_AAyHeQv[1].png",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\AAyHeQv[1].png",
"type": "PNG image data, 300 x 194, 8-bit\/color RGBA, non-interlaced",
"sha256": "1cb1d87c2469e443c07ed5536d911853ae65ed4d341fd5dcd39d88bcd1acd125",
"urls": [],
"crc32": "4647E2E0",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/1cb1d87c2469e443_AAyHeQv[1].png",
"ssdeep": null,
"size": 123743,
"sha512": "202738984df49a18845ecfb2ac0c8b4bd968c9ab815a12a5d2e5a727a3378339e47bc796c0c7cf74f46ec98992593fdf54c07b588883b6b7c7d1671fa57f8409",
"pids": [],
"md5": "531fc4df00210e396844f323dad7c0dd"
},
{
"yara": [],
"sha1": "fe4c574e20c31723a30908b10bb8b5f68a4f0839",
"name": "067a6f2f724002ec_oujrebqo.txt",
"filepath": "C:\\ouJrEbQO.txt",
"type": "ISO-8859 text, with CRLF line terminators",
"sha256": "067a6f2f724002ecede396ba3c8f1e8f3c947d11ddcf7accc0493eedf3b939d7",
"urls": [
"https:\/\/www.baidu.com\/index.php?tn=02049043_50_pg"
],
"crc32": "74E3EB4A",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/067a6f2f724002ec_oujrebqo.txt",
"ssdeep": null,
"size": 1494,
"sha512": "f48f6efb9b64c1b6b1e1a4a00e91e26b20f203097da9b683e61786f7e3e907f6f2000020d6f2fcd587edb0574e30b77a92e71feaf3c01258cdde23f4af7164b5",
"pids": [
2628
],
"md5": "b4bb958922f9d042e10ec36ff348db4b"
},
{
"yara": [],
"sha1": "c3c601d88876ac9253cff3b69d76d562e0e2e2e1",
"name": "003d9ae6b4f91b22_0FEBD8BDBFAC8B82791945DC7E04F675419B2F42",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\0FEBD8BDBFAC8B82791945DC7E04F675419B2F42",
"type": "PNG image data, 36 x 36, 8-bit\/color RGBA, non-interlaced",
"sha256": "003d9ae6b4f91b22aa7968a475529d799e41a4888637459298543a4a738a2355",
"urls": [
"http:\/\/ns.adobe.com\/xap\/1.0\/sType\/ResourceEvent",
"https:\/\/accounts-static.cdn.mozilla.net\/images\/f865d0ab.spinnerlight.png",
"http:\/\/purl.org\/dc\/elements\/1.1\/",
"http:\/\/ns.adobe.com\/photoshop\/1.0\/",
"http:\/\/ns.adobe.com\/xap\/1.0\/mm\/",
"http:\/\/ns.adobe.com\/exif\/1.0\/",
"http:\/\/ns.adobe.com\/tiff\/1.0\/",
"http:\/\/ns.adobe.com\/xap\/1.0\/"
],
"crc32": "8C950088",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/003d9ae6b4f91b22_0FEBD8BDBFAC8B82791945DC7E04F675419B2F42",
"ssdeep": null,
"size": 23312,
"sha512": "8ce502d523685bbe0e68494703416fdb6bba31e756baf8e3915c931da7ba164c3c9730e68771cc86673a1ed5c84deeca853a80f8797a680e077102f7da0ecc60",
"pids": [],
"md5": "db20b251b62f8c29eed9f350637c107a"
},
{
"yara": [],
"sha1": "e7ec9a1e452976c0e11bd911c4ec76a3876d5f91",
"name": "7c9bb06d075a5d50_2B0BB856207559EBA5FC5511DF6FF5F51DFB5146",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2B0BB856207559EBA5FC5511DF6FF5F51DFB5146",
"type": "data",
"sha256": "7c9bb06d075a5d50e059872fdd5cc55ba19f6dba265d3663664386effb1eda7a",
"urls": [
"https:\/\/www.google.com\/gen_204?s=webaft"
],
"crc32": "8BCC7614",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/7c9bb06d075a5d50_2B0BB856207559EBA5FC5511DF6FF5F51DFB5146",
"ssdeep": null,
"size": 6874,
"sha512": "c57dfa15481a3ee02d11cdad58c80fca4bafb7431639b0d5d8c4bb64d706e88cab70ab6f17584f8fb7e4bd6e33dc59cf29f73f8096ff00899504d80f77e3d0ad",
"pids": [],
"md5": "ad0ce8bc6f8b8ac724329ec305e138c9"
},
{
"yara": [],
"sha1": "f0c01af7b5dbbf62b567fb8fc33250b70c5a6342",
"name": "fa2be19b3791550c_billboard-open-minds.11da5ba9e1e9[1].png",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\billboard-open-minds.11da5ba9e1e9[1].png",
"type": "PNG image data, 346 x 346, 8-bit colormap, non-interlaced",
"sha256": "fa2be19b3791550ca2d273e18db4e30bb2ef472147823d229da9b4e70b332cff",
"urls": [],
"crc32": "2BD13B57",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/fa2be19b3791550c_billboard-open-minds.11da5ba9e1e9[1].png",
"ssdeep": null,
"size": 31732,
"sha512": "cd42c7b66f90f4cdf8545a21395c680cae23c8b79192e374506dae77c4b09d0bdf855341a97ebf1f74c2336904d61a9f1d4a6588be1700e82883e67a9f9de258",
"pids": [],
"md5": "11da5ba9e1e9a04fa39fed82d26f5037"
},
{
"yara": [],
"sha1": "7af300faefc2aa73a021d7327de2df85510ade50",
"name": "e083db6b6bfec668_AAyGCD1[1].png",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\AAyGCD1[1].png",
"type": "PNG image data, 100 x 75, 8-bit\/color RGBA, non-interlaced",
"sha256": "e083db6b6bfec668753e99cd15feac065a2248ad9ece8494d338b6a2f2189e34",
"urls": [],
"crc32": "077450E0",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/e083db6b6bfec668_AAyGCD1[1].png",
"ssdeep": null,
"size": 16820,
"sha512": "74bc767b4c2652663cf0aecb17f470832becb594bc22a2690ed52d770b6792a170fa0fcbc07e31ef8facb86332713b261c4338456d235696ab3b360bd83aa457",
"pids": [],
"md5": "b5818f539765af048f4059045d801dbc"
},
{
"yara": [],
"sha1": "6265bb1203101270fdf7cb28a3013f864a283635",
"name": "d270cd80e32c2a99_AAyDNXs[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\AAyDNXs[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 100x75, frames 3",
"sha256": "d270cd80e32c2a99319569bae2a8c0ba9c5aa03de8252e878391d781a2d1581c",
"urls": [],
"crc32": "58D36F19",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/d270cd80e32c2a99_AAyDNXs[1].jpg",
"ssdeep": null,
"size": 2618,
"sha512": "c2e0d8d11831840b06356c8a121f880feb1eae301f1f7ce5c61219d526fef3e6995c06b090e0b86b75ae52f69f31761816ad0fb4915f3e499e152104ef427fc1",
"pids": [],
"md5": "0b8c1b2d7518aae15990b66b3b0bbdbf"
},
{
"yara": [],
"sha1": "bb845983a5b3b342e400d24c0039105c8bd8e488",
"name": "e098a1e6f61e8e33_BBrHbUZ[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\BBrHbUZ[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x194, frames 3",
"sha256": "e098a1e6f61e8e333245e27e2b301e0a3025b8ba57d6563acc65131defc195e7",
"urls": [],
"crc32": "2A1F8DF5",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/e098a1e6f61e8e33_BBrHbUZ[1].jpg",
"ssdeep": null,
"size": 12846,
"sha512": "536ba7a1653f09fd110caedb0a50b088010f1f864153fad061beb4347d29e1ac45f20a20fc726e12792a6fc730a2e3894abe73c9e0d4ccefe38d8191e3580344",
"pids": [],
"md5": "afd1ba6608f70d0349720669544b801d"
},
{
"yara": [],
"sha1": "fe4c80aeed89c88a085488180e823caf10d61fac",
"name": "270793675dfc4b36_AAyGc2M[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\AAyGc2M[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 100x75, frames 3",
"sha256": "270793675dfc4b3606caabd1792607927ae5ce7e877a6107c881b201036a29c5",
"urls": [],
"crc32": "B02DE51D",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/270793675dfc4b36_AAyGc2M[1].jpg",
"ssdeep": null,
"size": 2495,
"sha512": "d58a580248e10fe814fad0b06099a11c62dbd123209afe7d52489ed513d64f624da502d3029c6058dfd3e26fa9e50a1720ee1c52921e5861501ea529e34a7e7a",
"pids": [],
"md5": "3db6b5dfc9aed04156aa74cb0fde902e"
},
{
"yara": [],
"sha1": "68bb387fcea4ef3d3cd675998ba1f911bba59456",
"name": "f6184c504b8869d3_goog-phish-proto.pset",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-phish-proto.pset",
"type": "data",
"sha256": "f6184c504b8869d300d965005f0304d7773781087d8b5512b4602a5c56c8a424",
"urls": [],
"crc32": "A08274E8",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/f6184c504b8869d3_goog-phish-proto.pset",
"ssdeep": null,
"size": 3233838,
"sha512": "770a4d8df2b026c53bcbfa803a42c9878c7dafd5636d48c23c78e18e4aa2ce94cd1a9c9941eb87ccc2b55c437f1e85e13f70cc7d9afcb69e5cec37cf381d8669",
"pids": [],
"md5": "cc9b11e15e09c3ba23eb1a054cb61210"
},
{
"yara": [],
"sha1": "027fb9b187112050d753532e008c32c5800af55b",
"name": "57ff68b8130a8ff0_AAyEqbc[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\AAyEqbc[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 100x75, frames 3",
"sha256": "57ff68b8130a8ff011353ca15171a4f6a3bc09d0b5a81a872111a20cc95814e1",
"urls": [],
"crc32": "E29627C5",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/57ff68b8130a8ff0_AAyEqbc[1].jpg",
"ssdeep": null,
"size": 2144,
"sha512": "5367a37cd74ee132ea32573749eee5332c55149432be8d7c63b8d9405a64a29847c1bbab74f77b4a4dafb11ee51be32ec5bb1d8edc57b3f457e33b695d43ea0e",
"pids": [],
"md5": "c556a5d8fbf23442ec5a83eccbaac922"
},
{
"yara": [],
"sha1": "271a02df3ea9974f289182895d336c02ad061b38",
"name": "dcde1fc4cdc68269_14C9FC10F03F11BB6CBD75EA217AB33E64DCC1D8",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\14C9FC10F03F11BB6CBD75EA217AB33E64DCC1D8",
"type": "data",
"sha256": "dcde1fc4cdc68269b84c456111d2fe822cf944abd87db7c761a2c972f7295a51",
"urls": [
"http:\/\/ocsp.digicert.com\/"
],
"crc32": "616B5EF5",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/dcde1fc4cdc68269_14C9FC10F03F11BB6CBD75EA217AB33E64DCC1D8",
"ssdeep": null,
"size": 1306,
"sha512": "deb8fb1d382d8c653289a01dacd0cdb063ade71ec8e74472bf326959afdf929c7aceb667fe14a03ade1a78dc46c385f4c2d95e8c83b2648d5d90c4583e1e9099",
"pids": [],
"md5": "db07da98243ee6f679d29acf931e860c"
},
{
"yara": [],
"sha1": "6f3e6eb1fe9cc616abd3cabccf35b758975c9eb8",
"name": "da59c26b09f97aca_AAyHK37[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\AAyHK37[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames 3",
"sha256": "da59c26b09f97acaeb4d7db96559bd52afb177e1fab147dc14c14ef5828c0861",
"urls": [],
"crc32": "77580D30",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/da59c26b09f97aca_AAyHK37[1].jpg",
"ssdeep": null,
"size": 13921,
"sha512": "8a8e11c89df1d1e63d3387eb61c8e136b22115b92b7b95c551c08a69669ac62d4c078295c6a5ddee49f8f0a6c4672e217cee545abf2d904f3cdaa336b84d1587",
"pids": [],
"md5": "71b87bfd76641749c2e90ea6f6291f93"
},
{
"yara": [],
"sha1": "198cbf0ee5f3211b95bd5f89fc6b3aa7155d251d",
"name": "da17caf83972b74e_icon-newsletter.77592a9f8e1f[1].svg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\icon-newsletter.77592a9f8e1f[1].svg",
"type": "ASCII text, with very long lines",
"sha256": "da17caf83972b74e523f611f26d0ad215e717d9ce992430d652cd19dd518e663",
"urls": [],
"crc32": "06F09352",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/da17caf83972b74e_icon-newsletter.77592a9f8e1f[1].svg",
"ssdeep": null,
"size": 5156,
"sha512": "36f6d71718dd899b9cd6b8e6b271636a8ec2cd9a241bc845eae66b8fb715a0ae6b712e16c35fa5510a576529e53440fd7fd805838416509c694ef4efac5659fe",
"pids": [],
"md5": "77592a9f8e1f4552094423476744d696"
},
{
"yara": [],
"sha1": "bf9127697e5c7bc025d632757e79d3e5dba4a460",
"name": "cd935bfd396980a7_698AC159A6BCBA0D13FE6F10F1A38E498F826F33",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\698AC159A6BCBA0D13FE6F10F1A38E498F826F33",
"type": "gzip compressed data, max compression",
"sha256": "cd935bfd396980a79ab5c22d8888569180a8e4a0529cad8da7fcc27dafc6c8bc",
"urls": [
"http:\/\/www.googletagmanager.com",
"https:\/\/www.googletagmanager.com\/gtm.js?id=GTM-MW3R8V"
],
"crc32": "6450E19C",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/cd935bfd396980a7_698AC159A6BCBA0D13FE6F10F1A38E498F826F33",
"ssdeep": null,
"size": 54284,
"sha512": "5aeb53ff25c85caa8d17cd4aaaa54db7637377306b6b06c230d9f117accb12df87789a5028ede32fb3a8c5d2a0cbc9a28424022ab59c705b53746d952cf3f138",
"pids": [],
"md5": "9b0454cb971e019d6279475a46bed81b"
},
{
"yara": [],
"sha1": "b0a95c1e543190c2af554ed865c89b01dd2864e3",
"name": "78a0d4283e916d74_05582FF5C196A4485F189490FEC9ECEA0890DA32",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\05582FF5C196A4485F189490FEC9ECEA0890DA32",
"type": "PNG image data, 196 x 196, 8-bit\/color RGBA, non-interlaced",
"sha256": "78a0d4283e916d7482dfeb2f58980ce2d6bd22fe9bdbee9db2dbd837cb8e4384",
"urls": [
"https:\/\/report-uri.cloudflare.com\/cdn-cgi\/beacon\/expect-ct",
"http:\/\/ns.adobe.com\/xap\/1.0\/mm\/",
"http:\/\/ns.adobe.com\/xap\/1.0\/sType\/ResourceRef",
"http:\/\/ns.adobe.com\/xap\/1.0\/",
"https:\/\/www.mozilla.org\/media\/img\/firefox\/favicon-196.c6d9abffb769.png"
],
"crc32": "09A8540D",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/78a0d4283e916d74_05582FF5C196A4485F189490FEC9ECEA0890DA32",
"ssdeep": null,
"size": 42603,
"sha512": "34cdfeada93efc5aa6299f6ad276891f09fa0784e21c1da27df4dbdc2ab63adc967031f0a3ec23e1ccbe59c6a5ef7320161a94316f5a74b58558ceb28e8873b2",
"pids": [],
"md5": "81de39db72699f36abdf2a8872021a10"
},
{
"yara": [],
"sha1": "8da6248359ab3627bc99ac8facfe5c557b598c30",
"name": "ea138a41c73fe199_D88DC229735F2EE8DFE494C6D1F37FA7BB2227CE",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D88DC229735F2EE8DFE494C6D1F37FA7BB2227CE",
"type": "data",
"sha256": "ea138a41c73fe1996ba3c1cf2841c197038c1ba69e8f6b806793c8111b089321",
"urls": [
"http:\/\/ocsp.pki.goog\/GTSGIAG3"
],
"crc32": "70929552",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/ea138a41c73fe199_D88DC229735F2EE8DFE494C6D1F37FA7BB2227CE",
"ssdeep": null,
"size": 1150,
"sha512": "7c9d125113cb5ddb6721a8cafbecb4fafd682a6fba9294209e6bd308d38b308078e5905af2876923e8138b9bc2fc7e5d9cd717db7f086159f7e8940a7371c9c7",
"pids": [],
"md5": "b5b4fa7bc88f2c9e89f746f069a71c4c"
},
{
"yara": [],
"sha1": "c01e09587067f87f6560c9bc2cf747035af6855c",
"name": "61583b7c2eb9ab89_XQENWVVw.dll",
"filepath": "C:\\Windows\\gaABPi\\XQENWVVw.dll",
"type": "ASCII text, with no line terminators",
"sha256": "61583b7c2eb9ab89423b6d702630ab40fc41fa8b24aa4cdd00d82239ff46ac3f",
"urls": [],
"crc32": "A37E225F",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/61583b7c2eb9ab89_XQENWVVw.dll",
"ssdeep": null,
"size": 10,
"sha512": "1341f24b60b297b9e8a4d4bb95d43e4c247295b77cdabd1821339fb399074f95d7328f15325583ae986b16a569ee3504975f714be13fd6d5d7f282f46aedb4ab",
"pids": [
2628
],
"md5": "014823062f270707c0f27336169b6ba8"
},
{
"yara": [],
"sha1": "5e98918449358f4fe1a4da6230d39abd90db3b48",
"name": "5259c13055d35450_B3F357E619352C003E94A8CF5A48F89305F38330",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B3F357E619352C003E94A8CF5A48F89305F38330",
"type": "JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 144x144, frames 3",
"sha256": "5259c13055d35450bdff91e5d47f59a7ba20be42de726ecc95c71caedd64bc40",
"urls": [
"https:\/\/pbs.twimg.com\/card_img\/1007337261950644224\/mDR9A8Cu?format=jpg"
],
"crc32": "D8D85A3B",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/5259c13055d35450_B3F357E619352C003E94A8CF5A48F89305F38330",
"ssdeep": null,
"size": 13241,
"sha512": "2fb18e1bf29566b808c0055d84ae0f1001cb6e36ea8a6a72be13649a56e1c40218ac78937944d1380b3f2a1478ba6bae4b846085c30380ce0267c2d84512909e",
"pids": [],
"md5": "72d090a6df2e99a164c34d8ce7d2e0c0"
},
{
"yara": [],
"sha1": "d4f1fe00ec9757c8aa08b97c0225b531b0627d96",
"name": "5116cfd5745e6a60_24C085D72E4DC34C183B0875733BBC71612D9696",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\24C085D72E4DC34C183B0875733BBC71612D9696",
"type": "data",
"sha256": "5116cfd5745e6a60eeef6cb43caef2c55947f938aa58f731275373ba87f815ce",
"urls": [
"http:\/\/ocsp.digicert.com\/"
],
"crc32": "F3AB9AD1",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/5116cfd5745e6a60_24C085D72E4DC34C183B0875733BBC71612D9696",
"ssdeep": null,
"size": 1304,
"sha512": "ecb960e53b50b701fd83abfe2e9d1db435ba6110a3f7023199f0a512f8e2ce95dc5e8ced84a7e5cb82f7a5c689c93c4af75b7ab28ad71a29403f52e214bae5bd",
"pids": [],
"md5": "fc318d090f924bfcc663acc07f5ed31b"
},
{
"yara": [],
"sha1": "aa40f69200717cd9c359d039e12829e39deca667",
"name": "86de98d36ef4e637_BBzUQnp[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\BBzUQnp[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 100x75, frames 3",
"sha256": "86de98d36ef4e6372f2f6d3a37ee469713fb709c1f90fb5c1c72f2879d32072f",
"urls": [],
"crc32": "7FDF22CD",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/86de98d36ef4e637_BBzUQnp[1].jpg",
"ssdeep": null,
"size": 1537,
"sha512": "f8cacb7931be1fa8f3debb96c98b6cf0ebaaac6bb29d5039d6051a5e0f346b1918fdb2f2ab072c481f8ae047e556507ac12f39fef5e686da0286289a53bdbbbb",
"pids": [],
"md5": "a98555644354387574aa83438a2d137c"
},
{
"yara": [],
"sha1": "48fffc669c4b1381c38f69a30b3ee08c5dfdd6cb",
"name": "fc17147c7f1f26d8_1F3A3A34BAF218785600EB46E9182918B9928898",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\1F3A3A34BAF218785600EB46E9182918B9928898",
"type": "JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 144x144, frames 3",
"sha256": "fc17147c7f1f26d8bb04c4b92b68a957cbde51005dd7a9a8068cce1e49d10903",
"urls": [
"https:\/\/pbs.twimg.com\/card_img\/1006627246742867968\/glWguyoF?format=jpg"
],
"crc32": "E43EE65E",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/fc17147c7f1f26d8_1F3A3A34BAF218785600EB46E9182918B9928898",
"ssdeep": null,
"size": 12993,
"sha512": "205a3af4635907d95cba6b6b0050cd23c0da5daa69db9174b7f5a278ba1983098d91cd9c42bdb3716ffbddc83a41e61358d2ecf714ff6c98dcde97e1050bed61",
"pids": [],
"md5": "acbba689badfdf586b5c17ff46ce46a7"
},
{
"yara": [],
"sha1": "53fdc713435221ec0ea21f356cf8712e4431ed54",
"name": "65cc57e3fc3a9043_AAmAjxE[1].png",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\AAmAjxE[1].png",
"type": "PNG image data, 16 x 16, 8-bit\/color RGBA, non-interlaced",
"sha256": "65cc57e3fc3a9043c335217dfd72b7182020f7a7c774b95ff7ce93dfe0db0be6",
"urls": [],
"crc32": "39C2F745",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/65cc57e3fc3a9043_AAmAjxE[1].png",
"ssdeep": null,
"size": 910,
"sha512": "2713f454a2f4ff4617d44a6a45dbb0add6893c12f1426a9681e87b5285eb69e48b5a457420a195c7e2ad20d8930ebb1cef274c93f83f118d76032d0b1a26d5c8",
"pids": [],
"md5": "405be22f8179d43b449fd7de90a0913c"
},
{
"yara": [],
"sha1": "c1fafc1a0c7fb09d81e6aec8ff45f671cf1a8ea5",
"name": "65f1ef3b169deec5_AAyEGHA[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\AAyEGHA[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 100x75, frames 3",
"sha256": "65f1ef3b169deec54435837e48cbbe29001de7a53f62c95d0f148011e5b771db",
"urls": [],
"crc32": "F8FA3D6B",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/65f1ef3b169deec5_AAyEGHA[1].jpg",
"ssdeep": null,
"size": 2615,
"sha512": "cba8ad0120322dc46b3fa7426eee089ca73a2b7d1b8108d30af99ae53d36f693d51ee8feafb4d406fed53b0156013b6ec67aed4ea44b6eb089ecb6d8a62b90ce",
"pids": [],
"md5": "c3d77341ee259c03e74d1a26db334d82"
},
{
"yara": [],
"sha1": "20f631093c8339cea7b6a62bf18def52cefc6fc1",
"name": "a1bdaafc87bb558b_4DE8480C465A21C0F01AA2B6F4E13E551F78BBB1",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4DE8480C465A21C0F01AA2B6F4E13E551F78BBB1",
"type": "gzip compressed data, from Unix",
"sha256": "a1bdaafc87bb558b535a47060830ada42a0540094ea4616f6f93f45cccb0739c",
"urls": [
"https:\/\/report-uri.cloudflare.com\/cdn-cgi\/beacon\/expect-ct",
"https:\/\/www.mozilla.org\/media\/img\/privacy\/arrowhead-down-16.a9ade046c8d5.svg"
],
"crc32": "46962AFC",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/a1bdaafc87bb558b_4DE8480C465A21C0F01AA2B6F4E13E551F78BBB1",
"ssdeep": null,
"size": 10203,
"sha512": "8f78b72b4bc48111dd0d6478ba8cd8046b549045e05ebfb56ed1e3488f0ff3f6e7a385d4d28ab4832d6535e6ca4935d4af6af8181425e35555703a8d6ecf87dd",
"pids": [],
"md5": "85d59750416e9bf1598ec7cd142dbc5f"
},
{
"yara": [],
"sha1": "92c73e0833c6ba109211bd66c1a5e4379a3f6396",
"name": "2eddc89089af50ad_icon-faster.71c685e66ffb[1].svg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\icon-faster.71c685e66ffb[1].svg",
"type": "ASCII text, with very long lines",
"sha256": "2eddc89089af50adea3a6c08a041da3f4da7bb4c2d606e59ccff7be1d6acc005",
"urls": [],
"crc32": "759B9942",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/2eddc89089af50ad_icon-faster.71c685e66ffb[1].svg",
"ssdeep": null,
"size": 2221,
"sha512": "27a993d057e5ad04537673374f71dd78396f6b79aca659ba17d790990575cece862c0ce762f96e7981dd5ff39b55760a6d522cc4afcd8bae239cb4e46f32faca",
"pids": [],
"md5": "71c685e66ffbf8a3684d13e4086fc055"
},
{
"yara": [],
"sha1": "c8316bfa9b38577f8b3c540d0be41de14ee156de",
"name": "eda394f912543c5a_AAyFSlO[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\AAyFSlO[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 100x75, frames 3",
"sha256": "eda394f912543c5a26b78bfc9ff50f2fe54a70ede0aafa84c9141f9c87a8e022",
"urls": [],
"crc32": "32AAD117",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/eda394f912543c5a_AAyFSlO[1].jpg",
"ssdeep": null,
"size": 2108,
"sha512": "5b7c1f745bb3e60fd406dddd24819459c70144057c2229d3ec03d3465272f4ba64e0df0e78696884c4749e8a7211bb2d303e110647e591e418255b045036b716",
"pids": [],
"md5": "eeedc510eec5405051d98d349d0a58a3"
},
{
"yara": [],
"sha1": "f0ac1259c2f545a71687c2279b97401badc37460",
"name": "bcf40cb6515c7e63_AA5ND4b[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\AA5ND4b[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 100x75, frames 3",
"sha256": "bcf40cb6515c7e636c6aff92c93ddea8dc9de0d8535347bf8f6c936f2b160335",
"urls": [],
"crc32": "34E3E2A5",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/bcf40cb6515c7e63_AA5ND4b[1].jpg",
"ssdeep": null,
"size": 1788,
"sha512": "a5670e2bd207ec3d415c141bf4200171e6eb0712485a388c63e282a78eb0d6eea8f05b1afc7af5de314fc27cfda0908ea230bd537b2c8c1b3ede52cca4a37a95",
"pids": [],
"md5": "5357f3f127ee5eb33f1e417d89a0e09c"
},
{
"yara": [],
"sha1": "16af7ecb7aacb6efe068057b9eb47c42a298d343",
"name": "c7ca3fda74fc7467_goog-malware-proto.metadata",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-malware-proto.metadata",
"type": "data",
"sha256": "c7ca3fda74fc746751635905d18c7ddc55d1e79c011dd0312fa5b05ae964af1a",
"urls": [],
"crc32": "E2AA4C43",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/c7ca3fda74fc7467_goog-malware-proto.metadata",
"ssdeep": null,
"size": 67,
"sha512": "cfe487dcd2c9fd897c95d5131f7ace2eabfeaa73dcbaa9329a20641ffa27489e64b66602103e7fed36100d6cb20789507e2879b54df445c8f1055046535d371b",
"pids": [],
"md5": "e92e6238bb1f94e1b6ef729356867a68"
},
{
"yara": [],
"sha1": "ce9ee9d3b25f63e11dba88af097f14cdc768eb88",
"name": "2d70f5fa75540b3c_scriptCache-child-current.bin",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\scriptCache-child-current.bin",
"type": "data",
"sha256": "2d70f5fa75540b3c005ddc14ab657aabac2fdaaa9823da9183aefc44732248ec",
"urls": [
"http:\/\/www.mozilla.org\/keymaster\/gatekeeper\/there.is.only.xul"
],
"crc32": "8A391E67",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/2d70f5fa75540b3c_scriptCache-child-current.bin",
"ssdeep": null,
"size": 1521676,
"sha512": "44a7b6470a1422f24607d8e2c89c99864c70333c6be7f35e1ea0e4c840b745c1adb8795117ad49ad40bb2295c5e863dd528729655c7bb7df05c73b04ea3447fc",
"pids": [],
"md5": "184e3ed0f75a643828d3549706a06bd4"
},
{
"yara": [],
"sha1": "b65be8583a1c12f4a1dcb057445b6a2d4a039a0f",
"name": "6867277083095711_new[1].htm",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\new[1].htm",
"type": "HTML document, UTF-8 Unicode text, with very long lines",
"sha256": "68672770830957113ff630a4636de5dfc0fbc033a314b599b494657384c6d436",
"urls": [
"https:\/\/www.mozilla.org\/ko\/firefox\/new\/",
"https:\/\/www.mozilla.org\/gu-IN\/firefox\/new\/",
"https:\/\/www.mozilla.org\/nb-NO\/firefox\/new\/",
"https:\/\/www.mozilla.org\/th\/firefox\/new\/",
"https:\/\/www.mozilla.org\/fy-NL\/firefox\/new\/",
"https:\/\/www.mozilla.org\/de\/firefox\/new\/",
"https:\/\/www.mozilla.org\/ms\/firefox\/new\/",
"https:\/\/support.mozilla.org\/products\/?utm_source=mozilla.org",
"https:\/\/www.mozilla.org\/en-CA\/firefox\/new\/",
"https:\/\/www.mozilla.org\/az\/firefox\/new\/",
"https:\/\/www.mozilla.org\/cy\/firefox\/new\/",
"https:\/\/www.mozilla.org\/es-MX\/firefox\/new\/",
"https:\/\/www.mozilla.org\/zh-CN\/firefox\/new\/",
"https:\/\/www.mozilla.org\/hu\/firefox\/new\/",
"https:\/\/support.mozilla.org\/kb\/update-latest-version-firefox-android",
"https:\/\/www.mozilla.org\/it\/firefox\/new\/",
"https:\/\/www.mozilla.org\/en-US\/firefox\/new\/",
"https:\/\/www.mozilla.org\/ca\/firefox\/new\/",
"https:\/\/www.mozilla.org\/fi\/firefox\/new\/",
"https:\/\/www.mozilla.org\/hy-AM\/firefox\/new\/",
"https:\/\/www.mozilla.org\/mr\/firefox\/new\/",
"https:\/\/www.mozilla.org\/ta\/firefox\/new\/",
"https:\/\/blog.mozilla.org\/",
"https:\/\/www.youtube.com\/firefoxchannel",
"https:\/\/www.mozilla.org\/pt-BR\/firefox\/new\/",
"http:\/\/schema.org\/Organization",
"https:\/\/www.mozilla.org\/media\/img\/firefox\/template\/page-image.4b108ed0b8d8.png",
"https:\/\/www.mozilla.org\/pa-IN\/firefox\/new\/",
"https:\/\/www.mozilla.org\/pt-PT\/firefox\/new\/",
"https:\/\/www.mozilla.org\/id\/firefox\/new\/",
"https:\/\/www.mozilla.org\/ia\/firefox\/new\/",
"https:\/\/support.mozilla.org\/products\/mobile\/?utm_source=mozilla.org",
"https:\/\/wiki.mozilla.org\/Webdev\/GetInvolved\/mozilla.org",
"https:\/\/twitter.com\/mozilla",
"https:\/\/github.com\/mozilla\/bedrock\/tree\/master\/bedrock\/firefox\/templates\/firefox\/new\/scene1.html",
"https:\/\/www.mozilla.org\/sl\/firefox\/new\/",
"https:\/\/support.mozilla.org\/kb\/refresh-firefox-reset-add-ons-and-settings?utm_source=mozilla.org",
"https:\/\/www.mozilla.org\/lt\/firefox\/new\/",
"https:\/\/www.mozilla.org\/tr\/firefox\/new\/",
"https:\/\/play.google.com\/store\/apps\/details?id=cn.mozilla.firefox",
"https:\/\/www.mozilla.org\/bs\/firefox\/new\/",
"https:\/\/www.mozilla.org\/es-ES\/firefox\/new\/",
"https:\/\/support.mozilla.org\/products\/ios\/?utm_source=mozilla.org",
"https:\/\/download.mozilla.org\/?product=firefox-latest-ssl",
"https:\/\/www.mozilla.org\/es-CL\/firefox\/new\/",
"https:\/\/www.mozilla.org\/an\/firefox\/new\/",
"https:\/\/www.mozilla.org\/en-GB\/firefox\/new\/",
"https:\/\/donate.mozilla.org\/en-US\/?presets=50",
"https:\/\/itunes.apple.com\/us\/app\/apple-store\/id989804926?pt=373246",
"https:\/\/download.mozilla.org\/?product=firefox-stub",
"https:\/\/bugzilla.mozilla.org\/show_bug.cgi?id=1122305",
"https:\/\/www.mozilla.org\/eo\/firefox\/new\/",
"https:\/\/www.mozilla.org\/gn\/firefox\/new\/",
"https:\/\/www.mozilla.org\/firefox\/new\/",
"https:\/\/www.mozilla.org\/ro\/firefox\/new\/",
"https:\/\/www.mozilla.org\/ru\/firefox\/new\/",
"https:\/\/www.mozilla.org\/da\/firefox\/new\/",
"http:\/\/schema.org\/SoftwareApplication",
"https:\/\/www.mozilla.org\/contribute",
"https:\/\/www.mozilla.org\/cs\/firefox\/new\/",
"https:\/\/www.mozilla.org\/sk\/firefox\/new\/",
"https:\/\/www.mozilla.org\/es-AR\/firefox\/new\/",
"https:\/\/play.google.com\/store\/apps\/details?id=org.mozilla.firefox",
"https:\/\/www.mozilla.org\/sr\/firefox\/new\/",
"https:\/\/www.mozilla.org\/sv-SE\/firefox\/new\/",
"https:\/\/support.mozilla.org\/kb\/update-firefox-latest-version",
"https:\/\/www.mozilla.org\/hi-IN\/firefox\/new\/",
"http:\/\/schema.org\/Offer",
"https:\/\/www.mozilla.org\/sq\/firefox\/new\/",
"http:\/\/schema.org\/Product",
"https:\/\/www.mozilla.org\/firefox\/60.0.2\/releasenotes\/",
"https:\/\/www.mozilla.org\/nl\/firefox\/new\/",
"https:\/\/www.mozilla.org\/pl\/firefox\/new\/",
"https:\/\/www.mozilla.org\/nn-NO\/firefox\/new\/",
"https:\/\/www.mozilla.org\/et\/firefox\/new\/",
"https:\/\/www.mozilla.org\/fr\/firefox\/new\/",
"https:\/\/careers.mozilla.org",
"https:\/\/www.instagram.com\/mozilla\/",
"https:\/\/www.mozilla.org\/ml\/firefox\/new\/",
"https:\/\/www.mozilla.org\/eu\/firefox\/new\/",
"https:\/\/support.mozilla.org\/kb\/firefox-osx",
"https:\/\/www.mozilla.org\/ka\/firefox\/new\/",
"https:\/\/www.mozilla.org\/rm\/firefox\/new\/",
"https:\/\/mozilla.org\/set_hsts.gif",
"https:\/\/support.mozilla.org\/kb\/install-firefox-linux",
"https:\/\/www.mozilla.org\/ja\/firefox\/new\/",
"https:\/\/www.mozilla.org\/bg\/firefox\/new\/",
"https:\/\/www.mozilla.org\/uk\/firefox\/new\/",
"https:\/\/www.mozilla.org\/fa\/firefox\/new\/",
"https:\/\/twitter.com\/firefox",
"https:\/\/www.mozilla.org\/zh-TW\/firefox\/new\/",
"https:\/\/www.mozilla.org\/ar\/firefox\/new\/"
],
"crc32": "0FFC7E2D",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/6867277083095711_new[1].htm",
"ssdeep": null,
"size": 66386,
"sha512": "ee6b32639a8e9926137a98b6750c5d871137d2e8c6cf7dfebf7aa781a7a86d8b5cace1a007ade7a360a69648b768a4058068b0156d09e3e9a81a32de28334a36",
"pids": [],
"md5": "ba3a08bb0fe2205e11ca6d303a271676"
},
{
"yara": [],
"sha1": "5b176450b91ba865d469ebbea6f86bea8b4c62ee",
"name": "e4a1b6f7d545abb3_AAyHX0C[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\AAyHX0C[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 310x166, frames 3",
"sha256": "e4a1b6f7d545abb3ed998d3c3749597f7afd4414cd1d63787020521297294fe0",
"urls": [],
"crc32": "9AAEA245",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/e4a1b6f7d545abb3_AAyHX0C[1].jpg",
"ssdeep": null,
"size": 6770,
"sha512": "7d821b82e2329f1f70ed9f9a15e69eacdb7fa6f7df41b50ab8d4fbc1e315a5cd49687ad5ba1be00a1d13fcd87256198651d18482cfd22c1f1181fdcd8c69af10",
"pids": [],
"md5": "eec12f347ed7c4d6f4cc361e2c4e7647"
},
{
"yara": [],
"sha1": "1d6de95f95a5d42f7e4430e4141433411a0ac37b",
"name": "1caddbb14a56b49d_override[1].css",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\override[1].css",
"type": "ASCII text, with CRLF line terminators",
"sha256": "1caddbb14a56b49d3aa8111b0c21445d6e1d93b3ec904e79504c8f154f1ea34b",
"urls": [],
"crc32": "E6F86E25",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/1caddbb14a56b49d_override[1].css",
"ssdeep": null,
"size": 420,
"sha512": "a70724334c7dd9c87b1e2dbf46212838467124836ac80b60a3204caf3dbcc084c51e746ab45a6f84109aa7179fc6686096472f8a62ba82b8716a2edae6b12c74",
"pids": [],
"md5": "158afac1feea498df747b3d74f47423c"
},
{
"yara": [],
"sha1": "2c7ad9d9d93cf129b24823977f13198b92741dac",
"name": "349e4a87842e7763_AAyArFi[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\AAyArFi[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 299x299, segment length 16, baseline, precision 8, 300x194, frames 3",
"sha256": "349e4a87842e7763febc43f9300c785f0f6846a70018c30ae5692a9299e43f9a",
"urls": [],
"crc32": "EAA0D7C7",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/349e4a87842e7763_AAyArFi[1].jpg",
"ssdeep": null,
"size": 9835,
"sha512": "02a474ce9cb6e9303fede9b0131e49d91558fa0f3fd08c704f991d2cd8b62ee7b7ab535d3cc4dc1657814b2e2044a566ab666faa518a497e25bc64492bcb2365",
"pids": [],
"md5": "e046c651a4636cc61512d7fd2322b2da"
},
{
"yara": [],
"sha1": "353a6068106d29b3c78833c7c82fc4e319173c61",
"name": "aebcf88ae7a7ef8d_logo-quantum-wordmark-white.bd1944395fb6[1].png",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\logo-quantum-wordmark-white.bd1944395fb6[1].png",
"type": "PNG image data, 200 x 75, 8-bit\/color RGBA, non-interlaced",
"sha256": "aebcf88ae7a7ef8d27d900b9352762913869c91be1d58ce2f989048f20f4fdb0",
"urls": [],
"crc32": "873B1FF8",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/aebcf88ae7a7ef8d_logo-quantum-wordmark-white.bd1944395fb6[1].png",
"ssdeep": null,
"size": 9109,
"sha512": "ef4f1dfc1fa19cfe35c8d472ac6c80c750dd3001eb11d7c68479557b56f32ef8ccef20ba86d843782005110fd0d2a9f7203820b3b9b4473834c06a9ab5fe8a56",
"pids": [],
"md5": "bd1944395fb61433e4befe05a0620357"
},
{
"yara": [],
"sha1": "3d642b5eec128187c8b3e98c604c2713166d90fe",
"name": "a9fb5e64937a53e5_7F2254AA2A8BC4A627A43E0A537084540A1E884B",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\7F2254AA2A8BC4A627A43E0A537084540A1E884B",
"type": "gzip compressed data, from FAT filesystem (MS-DOS, OS\/2, NT)",
"sha256": "a9fb5e64937a53e5ac1ec59d23286544ea486fbdb522acf92895142c293fd78f",
"urls": [
"https:\/\/www.google.com\/xjs\/_\/js\/k=xjs.s.sv.3oxjWSK98FA.O\/m=aa"
],
"crc32": "7CB1A564",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/a9fb5e64937a53e5_7F2254AA2A8BC4A627A43E0A537084540A1E884B",
"ssdeep": null,
"size": 69849,
"sha512": "7836c702892b8df0e39e24fcf7814a67be02af55077df2acd138c4c52a3d409bd484117adc9a546ec0e5855dce9f9f296f2d8debb3cea53def2e86946a973280",
"pids": [],
"md5": "c7ed5c8be5fcce18bb0f630ea4748f35"
},
{
"yara": [],
"sha1": "76071d0e68ae24a53e30595376fe5afc269844c1",
"name": "357c277d19f8d33f_AAipTdr[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\AAipTdr[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 100x75, frames 3",
"sha256": "357c277d19f8d33f48601229fe22cc7fcdd8f000888b9448a3f522c563bf8024",
"urls": [],
"crc32": "42BCF125",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/357c277d19f8d33f_AAipTdr[1].jpg",
"ssdeep": null,
"size": 2276,
"sha512": "8df476f2caffebfae7b776a1a08c527ea2341661f544bf601463d300594c47ea761cc5971d51c9ed57c99eefc0296b250fde948e766d5c64c8e1c8fe0a860f59",
"pids": [],
"md5": "05c487a2feea18ecaa5d5f679df9f8fb"
},
{
"yara": [],
"sha1": "12aa9ffec4efe08b7d1813a0773dbc95fba34978",
"name": "ea0befc7cd8d9705_79AEB0050B19F23A061AD4C2045261954485EF33",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\79AEB0050B19F23A061AD4C2045261954485EF33",
"type": "PNG image data, 240 x 88, 8-bit\/color RGBA, non-interlaced",
"sha256": "ea0befc7cd8d9705a94be0adaad435aea4f0532c18ecb7991da9a7e8edee7682",
"urls": [
"https:\/\/www.google.com\/images\/branding\/googlelogo\/2x\/googlelogo_color_120x44dp.png"
],
"crc32": "C16B3D70",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/ea0befc7cd8d9705_79AEB0050B19F23A061AD4C2045261954485EF33",
"ssdeep": null,
"size": 11996,
"sha512": "1c1630d1ad3725fca6882ce4d6152d598aeeb80ce25017ecd4a1004203c16460400b95722c6feb7f0d48fcb6a3462aaf72b054072d8e4038c56108fe51eb30b2",
"pids": [],
"md5": "af214c4cd6e3fb14cd81544a399296d9"
},
{
"yara": [],
"sha1": "9acd7b4ea20acc87a2ad7141adc2fb372d5ef056",
"name": "7950d3067f198aec_cuck@www.mozilla[2].txt",
"filepath": "C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\cuck@www.mozilla[2].txt",
"type": "ASCII text",
"sha256": "7950d3067f198aec8f5bf94fe5cf7badeaeea4deaeef11e220aba44220b58b80",
"urls": [],
"crc32": "D0E0AB1E",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/7950d3067f198aec_cuck@www.mozilla[2].txt",
"ssdeep": null,
"size": 369,
"sha512": "d060c1344458a2591f1f50f3ac076c05e25db7586c908f70175f3cd169c3c2dbde70860b819135141258c641c4c81967ffe2b5f690360d054c20757fdacb3f73",
"pids": [],
"md5": "7a0a04d63ea584330c8e054daded7d21"
},
{
"yara": [],
"sha1": "36c096a80aec7014bcda59fb491979055e8070e6",
"name": "9d8a0d1208bd1de2_719CE0C009C49A27AA9874570F196BC7E8FB4270",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\719CE0C009C49A27AA9874570F196BC7E8FB4270",
"type": "data",
"sha256": "9d8a0d1208bd1de281be8082d652acc30b57d1f299b69bab4425d5c8e3905ff1",
"urls": [
"https:\/\/www.google.com\/gen_204?atyp=csi"
],
"crc32": "856CE3AC",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/9d8a0d1208bd1de2_719CE0C009C49A27AA9874570F196BC7E8FB4270",
"ssdeep": null,
"size": 7070,
"sha512": "feff3cb4ddfca9e753baf4cb5f2c42bdca306e0365da7fea8196f1d4eb259101cb95991a58c377a5f6d146b9adc0934f18fb666907b9635b2504c0dc196d1927",
"pids": [],
"md5": "74b8407ebba07d23261e6d34ae519208"
},
{
"yara": [],
"sha1": "3e06efcf715138b845335fb7ff46494d79900348",
"name": "36fc09822c647042_AAyHp3I[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\AAyHp3I[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 300x194, frames 3",
"sha256": "36fc09822c64704201e0ca7819b1f17f0c2ceeeb98962c1dc10f877ee971bbb1",
"urls": [],
"crc32": "FC9B0B45",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/36fc09822c647042_AAyHp3I[1].jpg",
"ssdeep": null,
"size": 10308,
"sha512": "f299abdcc3caa05fad851e56a9d859777c60a8b53948f0743248236242907f39edcdfe8c634e14c613712d97e2c59bb8be8769fe024d939c159dc93e54b6679a",
"pids": [],
"md5": "25c6d7f259eb02aac5b1729d7d9eb7c3"
},
{
"yara": [],
"sha1": "1e2a1595d0b344e38f7bcc583244a50e7e40a887",
"name": "673072beb5c123f3_C57B57965CBA09581E320B5AA0337D210F8F93D2",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\C57B57965CBA09581E320B5AA0337D210F8F93D2",
"type": "data",
"sha256": "673072beb5c123f3280674262054b0f592fca947fb205e0c227a2deb0cb37597",
"urls": [
"https:\/\/www.google.com\/velog\/onb?atyp=i"
],
"crc32": "DF357B88",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/673072beb5c123f3_C57B57965CBA09581E320B5AA0337D210F8F93D2",
"ssdeep": null,
"size": 7204,
"sha512": "fb1d24a963ff682f9cb30c779e43ebd031cb21abeeeb68b67d1c463e00defef2a08020469b7b862b59092f251aea9781ce55ef9ee36a19098f339adf9f3106f6",
"pids": [],
"md5": "d7c34cf4429bcc8a2b549eb2240b5eae"
},
{
"yara": [],
"sha1": "f628f7b76997259518f5f897de5e7796bce4e354",
"name": "e91f32ceee90f7e2_AAtnxhd[1].png",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\AAtnxhd[1].png",
"type": "PNG image data, 16 x 16, 8-bit\/color RGBA, non-interlaced",
"sha256": "e91f32ceee90f7e2fedd824036da51055437a470827e52f041aaac95c882c9bf",
"urls": [],
"crc32": "9578ACBA",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/e91f32ceee90f7e2_AAtnxhd[1].png",
"ssdeep": null,
"size": 266,
"sha512": "ea805d81f2ede8ac0a3f6046b43c175cb0d6c0691a10f0ff5095c80920aef9e9624191388930757e73b1f7cda5bd8d49ef5fc5e8a56ceda79498f68de312bcfa",
"pids": [],
"md5": "cd8493bbc106e2685913da3693d6ac7d"
},
{
"yara": [],
"sha1": "905bad18279c5f2be25b714b2848da81a4c6168a",
"name": "86b49a758e6bf325_AAyHysz[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\AAyHysz[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 311x333, frames 3",
"sha256": "86b49a758e6bf32504672ccdeb47b555b60395f29256ce9ccc371cc9216d324e",
"urls": [],
"crc32": "7AC02024",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/86b49a758e6bf325_AAyHysz[1].jpg",
"ssdeep": null,
"size": 17580,
"sha512": "d34f2ff3c9e484ba530c6d5214dbabcfd1b5afd16dcb430c74b6a3af1eb152bc28f1c666e84c1ccccdbf2ec1eecc4dc4672dde790c2ee2dc84f82617254d46d3",
"pids": [],
"md5": "e7b992b30334be95aae39ef7f0ddd586"
},
{
"yara": [],
"sha1": "ad8ed4dfe2b7c9f93191ba28b972535ae22d28b1",
"name": "d29b38cf52326308_481A82674A6B66F0DE510C9A714F8CD8C49CECDC",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\481A82674A6B66F0DE510C9A714F8CD8C49CECDC",
"type": "data",
"sha256": "d29b38cf523263080c004cb895affc0b817e2fd0e2cf9104a6aa48d733a2b0ff",
"urls": [
"https:\/\/www.google.com\/complete\/search?client=firefox"
],
"crc32": "7CBA4562",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/d29b38cf52326308_481A82674A6B66F0DE510C9A714F8CD8C49CECDC",
"ssdeep": null,
"size": 7022,
"sha512": "c4ef52a6a188a49afe458a1c342fbb118500a424feefcfe8dfe177e8539c1fc8fa1ca9e6423c0ce681d096895168dad7fc9dc386c5d89bd1ea7b923a3f887d1a",
"pids": [],
"md5": "7de50df3eca22bd11f804e30802c5ca1"
},
{
"yara": [],
"sha1": "eec3db4fe85deb68f4a575e8478a0b63e56c3458",
"name": "b28c34115f738bc7_8322BC5E83D3D80175E749D29197F9800286F253",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\8322BC5E83D3D80175E749D29197F9800286F253",
"type": "data",
"sha256": "b28c34115f738bc7ce2b0890a76e67a3544391b120d687aca2f06d9313bd5f5e",
"urls": [
"http:\/\/ocsp.pki.goog\/GTSGIAG3"
],
"crc32": "802D488E",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/b28c34115f738bc7_8322BC5E83D3D80175E749D29197F9800286F253",
"ssdeep": null,
"size": 1150,
"sha512": "5a28c6751789b9d1abebbbac8962c1afa7981098eebde1a952a84fa0539479e273aa486202153f00f49a88293eeb62a5e4defb591803f455885a08b2d0c62159",
"pids": [],
"md5": "5a9def2de27b995cbf7fb090e9e6d137"
},
{
"yara": [],
"sha1": "297b22509fdae09803c5aef2e41e1cb6352f6aff",
"name": "6f547d1118c4dfc0_BBFznKu[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\BBFznKu[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 622x368, frames 3",
"sha256": "6f547d1118c4dfc0cbd795690aa31fc1ae8c6480590fe3f7a9b859c60b024989",
"urls": [],
"crc32": "0C90CB1C",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/6f547d1118c4dfc0_BBFznKu[1].jpg",
"ssdeep": null,
"size": 15544,
"sha512": "340ea0c160217c9a9248cdf55bdfe6f21b3b092a41d62a65e1dae14c37611c845b5e49f991e2c14613dd8e6e59813e36bdef4015d42cef21bc07e8e6ed79619c",
"pids": [],
"md5": "3185762a0d3b57b405d612d60696f952"
},
{
"yara": [],
"sha1": "90348457e50ce9221114fb9891fffc0eafcc7c8a",
"name": "945e1733e9668a78_goog-badbinurl-proto.pset",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-badbinurl-proto.pset",
"type": "data",
"sha256": "945e1733e9668a7882424218b924d71cc636472e7091039a924f37d20e72a3e6",
"urls": [],
"crc32": "13E58FF0",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/945e1733e9668a78_goog-badbinurl-proto.pset",
"ssdeep": null,
"size": 186536,
"sha512": "92053e43baf90dabd609ea6e8649c3d10bba35af2a11a0ab80b6e3137968f4a1a56fd8ec0e330990057becbec2a90e2f295da80afc51ecfba1ca3bc52e804620",
"pids": [],
"md5": "12971aeeaa03f0c87662d0a34e2e54e8"
},
{
"yara": [
{
"meta": {
"description": "Matched shellcode byte patterns",
"author": "nex"
},
"name": "shellcode",
"offsets": {
"shell2": [
[
209466,
0
]
]
},
"strings": [
"ZKEw"
]
}
],
"sha1": "b7dea002605e9c421b3472e504d4badc62df6a12",
"name": "c2790188e00356b9_goog-unwanted-proto.pset",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-unwanted-proto.pset",
"type": "data",
"sha256": "c2790188e00356b98e715badb4324008dda5aac6d369bb930beb5096bb6190fe",
"urls": [],
"crc32": "A3E41C74",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/c2790188e00356b9_goog-unwanted-proto.pset",
"ssdeep": null,
"size": 331028,
"sha512": "46b7be548221188a9c1980cc1a868b0d8786e91652c729d9e10a4fe56e6618ed8af5a22f798fcdeab4752832ce7149a0005e1de66bc3dbecfc327a5736960e2e",
"pids": [],
"md5": "20fc99dc00383cc09c45d8798a2bf21a"
},
{
"yara": [],
"sha1": "5133ed303d94b0f105ec9d6f02d6e1e2b446cb3a",
"name": "0579fc653b8b653a_AAyGZCX[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\AAyGZCX[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 310x166, frames 3",
"sha256": "0579fc653b8b653ab2896f3c5edeaf98bd934aeba45be5be2a3c84b4cceadc16",
"urls": [],
"crc32": "DD274F00",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/0579fc653b8b653a_AAyGZCX[1].jpg",
"ssdeep": null,
"size": 6716,
"sha512": "edb0a1bdbcee0c0409f049dac9b62b8ab4053b6771c2290d3e86ee680bba8a26ff58b702d77fe8cde5a92d383a605a91188c8b84e50d6c67ab7d234a95230258",
"pids": [],
"md5": "8e52e328f7fb507c617ebc37dee87f77"
},
{
"yara": [],
"sha1": "0abeeea88f855217b8eca53caf605f2a0a1e49fc",
"name": "a22d8d3bca8631ad_AAyGL2U[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\AAyGL2U[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 300x194, frames 3",
"sha256": "a22d8d3bca8631ad0b3a7ebd7e2b90fdd4d7b0efb9a40170156493e57b322ff7",
"urls": [],
"crc32": "9FFFDDAD",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/a22d8d3bca8631ad_AAyGL2U[1].jpg",
"ssdeep": null,
"size": 12956,
"sha512": "e2cdd551f44450d6de312e03cbce94338fe8765ec8c874c07a1ed92f4972a1fcfcf472143ddcafc59406ca8498cdfef2e13455507271fa1aa43e2aa6bc206c7c",
"pids": [],
"md5": "683c6aa713f2b172d4b2a778780893a2"
},
{
"yara": [],
"sha1": "3381352b7c4c7a14dea252319e4e6451b308a33f",
"name": "5de19f0fae585db9_E8F333B9BE75EC8017017DAE4ACE9DCC6677A983",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\E8F333B9BE75EC8017017DAE4ACE9DCC6677A983",
"type": "gzip compressed data, last modified: Thu Jun 14 20:33:30 2018, from Unix",
"sha256": "5de19f0fae585db97f0fa671401f02bbd7ac111e214c1214f80f0de719b51546",
"urls": [
"https:\/\/platform.twitter.com\/js\/timeline.ea273fcd1d9c409019d7fd379c944daa.js"
],
"crc32": "151858C6",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/5de19f0fae585db9_E8F333B9BE75EC8017017DAE4ACE9DCC6677A983",
"ssdeep": null,
"size": 17604,
"sha512": "316b3b3b092a148cdd6951a07b5e8f97900113c8204ac320e1c2a572f91e793946f904fe5259268600c870bdbdfa6b70750e88120828427895ec1e493c0809e7",
"pids": [],
"md5": "2711335cbc135dff5cc7ece38ff8bce8"
},
{
"yara": [],
"sha1": "57f5225eb48d541c7dc3dd05b4a232a655e7c365",
"name": "38c465c88d1e42d4_AAyG9NB[1].jpg",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\AAyG9NB[1].jpg",
"type": "JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 100x75, frames 3",
"sha256": "38c465c88d1e42d42083939f6e329169591f5082164c7510abda25f968dfd128",
"urls": [],
"crc32": "33B16C87",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/38c465c88d1e42d4_AAyG9NB[1].jpg",
"ssdeep": null,
"size": 1732,
"sha512": "941d6d918d7184efbc8438126eaa10154fd9da6c7df71fe38e007233ada1ac8a5f573876839137f11915e3585a32c5ba942d9b674fda0de42566a927591d7f85",
"pids": [],
"md5": "3bed9ad0e849500595b1253b38d12dcf"
},
{
"yara": [],
"sha1": "4d67f58235f8b6b0bfa022c27e473a03602116b1",
"name": "1915cb755b5d9801_Passport[1].htm",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\Passport[1].htm",
"type": "HTML document, ASCII text",
"sha256": "1915cb755b5d98010425c3fedba14e8d0ad08da3ca24f3248ab159bbdfc6ed32",
"urls": [],
"crc32": "676CBD96",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/1915cb755b5d9801_Passport[1].htm",
"ssdeep": null,
"size": 320,
"sha512": "b3a985db5b37574089f966bbd011384e038a3da0a87f34532768a03fce03b7619865358d51ed2f355e3073a289b339cdd65f263e006c29fb3249749255d50a16",
"pids": [],
"md5": "232461ac46abfbe06a8a64325f27e147"
},
{
"yara": [],
"sha1": "c3e62f02602a778491b089225ab00c62be8c7221",
"name": "2ae6b2dcbbb80e30_5E4954707B44E5A4B4ACF5F22B52219A1DCA477F",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\5E4954707B44E5A4B4ACF5F22B52219A1DCA477F",
"type": "gzip compressed data, max compression",
"sha256": "2ae6b2dcbbb80e30f018c5e92a2b103fe8a90c17333e3a977d071d35ddb36257",
"urls": [
"https:\/\/www.google-analytics.com\/analytics.js"
],
"crc32": "14E25C81",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/2ae6b2dcbbb80e30_5E4954707B44E5A4B4ACF5F22B52219A1DCA477F",
"ssdeep": null,
"size": 22522,
"sha512": "4847a08040adde6f85cc226f2a1c669f8f78c7a4ee407217dfef92a44b2e401e23f4d3b41789e158ff0331349e7c7fbe08c7bcf7be9ee858d0ebe17862582e01",
"pids": [],
"md5": "ff8cf770e13b30d5d9c1e5a6a3d83ae8"
},
{
"yara": [],
"sha1": "40889686ecf9e446497dba160cc012fc15860a4e",
"name": "2819c41bac855df9_EFE71EF03AD3DD79AAEBAA0A3F9596521CBA2FFE",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\EFE71EF03AD3DD79AAEBAA0A3F9596521CBA2FFE",
"type": "gzip compressed data, from Unix",
"sha256": "2819c41bac855df92bc69c4cdf2d316f4227244dedae0350161e47e1e8addce9",
"urls": [
"https:\/\/accounts.firefox.com",
"https:\/\/accounts-static.cdn.mozilla.net\/bundle-7ca432f78deff0314215bd9383f78d6bf4618498\/app.bundle.sv_SE.js"
],
"crc32": "E66A8BEF",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/2819c41bac855df9_EFE71EF03AD3DD79AAEBAA0A3F9596521CBA2FFE",
"ssdeep": null,
"size": 129084,
"sha512": "01de5b3c5c5f22c373f0f8024e55bc14fc0092efde64f79618b1189ea875ff08e9f42f98dc548aa26e633c931f3ded8211b7ca24c5d92db445134e0da632d004",
"pids": [],
"md5": "60c0647fadfda08fa5a05b7559a9ea7a"
},
{
"yara": [],
"sha1": "d7f0547a91d6469cc7c369c29ff87b36811ef3d5",
"name": "277a74e020a68b3f_EiYsuQ.dll",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\FwFQmYtW\\EiYsuQ.dll",
"type": "ASCII text, with no line terminators",
"sha256": "277a74e020a68b3f122991453837ca6ad01ef4f38e652e149491c0b3a90d1c49",
"urls": [],
"crc32": "26F689A5",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/277a74e020a68b3f_EiYsuQ.dll",
"ssdeep": null,
"size": 11,
"sha512": "843a128b8504f07bf1d1d016edca38e7eb290eb8db9f98851089e09d0aea7464a3a72fee7b96059c30293ec46c5da406177301f4a94c840549d22eeb26decc23",
"pids": [
2628
],
"md5": "8dfa629e9e036d64451f33cfaae6a161"
},
{
"yara": [],
"sha1": "0ec63b140374ba704a58fa0c743cb357683313dd",
"name": "3eb10792d1f0c7e0_placeholder.71a50dbba44c[1].png",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\placeholder.71a50dbba44c[1].png",
"type": "PNG image data, 1 x 1, 1-bit colormap, non-interlaced",
"sha256": "3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517",
"urls": [],
"crc32": "F949417A",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/3eb10792d1f0c7e0_placeholder.71a50dbba44c[1].png",
"ssdeep": null,
"size": 95,
"sha512": "6ad523f5b65487369d305613366b9f68dcdeee225291766e3b25faf45439ca069f614030c08ca54c714fdbf7a944fac489b1515a8bf9e0d3191e1bcbbfe6a9df",
"pids": [],
"md5": "71a50dbba44c78128b221b7df7bb51f1"
},
{
"yara": [],
"sha1": "3dd9cf3aee4e6f83645f1ea6d1946a680dd605f8",
"name": "072925f4d81b8ce2_25BA5C2B3FD98507850409FC3A4FD981B4B57A95",
"filepath": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\25BA5C2B3FD98507850409FC3A4FD981B4B57A95",
"type": "gzip compressed data, last modified: Thu Jun 14 20:42:58 2018, from Unix",
"sha256": "072925f4d81b8ce2d3a6e3a9a71f363b0cb4d525f3ee594ff73c988802f52114",
"urls": [
"https:\/\/platform.twitter.com\/widgets.js"
],
"crc32": "1328F88B",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8901\/files\/072925f4d81b8ce2_25BA5C2B3FD98507850409FC3A4FD981B4B57A95",
"ssdeep": null,
"size": 44298,
"sha512": "aa558de676aa84faf5eae8c642034b5b1c4a55d079ff51c019bc9ec8818840ed794305560cd6f7e58b5ef238a93589a93dafb33f484dc25f015de580815e6956",
"pids": [],
"md5": "7d76481dd9d218d34e1c7bd0301aa0c7"
}
]Generic
[
{
"process_path": "C:\\xfpl\\crazy.exe",
"process_name": "crazy.exe",
"pid": 816,
"summary": {
"file_created": [
"C:\\Windows\\YRFEtcu.dll"
],
"directory_created": [
"C:\\Users\\cuck\\AppData\\Roaming\\JsWAfQ\\",
"C:\\Windows\\ApdTSiWT\\",
"C:\\Program Files (x86)\\ihfqgu\\"
],
"dll_loaded": [
"rpcrt4.dll",
"IPHLPAPI.DLL",
"NTDLL",
"API-MS-Win-Core-LocalRegistry-L1-1-0.dll",
"ws2_32",
"shell32.dll",
"kernel32.dll",
"IMAGEHLP.DLL",
"oleaut32.dll",
"API-MS-Win-Security-LSALookup-L1-1-0.dll",
"advapi32.dll",
"ntdll.dll",
"SETUPAPI.dll",
"user32.dll",
"wsock32.dll"
],
"file_opened": [
"C:\\Program Files (x86)\\ihfqgu\\razy.exe",
"C:\\xfpl\\crazy.exe"
],
"file_copied": [
[
"C:\\xfpl\\crazy.exe",
"C:\\Program Files (x86)\\ihfqgu\\razy.exe"
]
],
"regkey_opened": [
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{3f5cc1b5-70f9-11e8-b07b-806e6f6e6963}\\",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion",
"HKEY_LOCAL_MACHINE\\Software\\Borland\\Locales",
"HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows NT\\Rpc",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Setup",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Rpc",
"HKEY_CURRENT_USER\\Software\\Borland\\Locales",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{3f5cc1b6-70f9-11e8-b07b-806e6f6e6963}\\",
"HKEY_CURRENT_USER\\Software\\Borland\\Delphi\\Locales"
],
"file_written": [
"C:\\Windows\\YRFEtcu.dll",
"C:\\Program Files (x86)\\ihfqgu\\razy.exe"
],
"file_deleted": [
"C:\\Windows\\YRFEtcu.dll"
],
"file_exists": [
"C:\\Windows\\SysWOW64\\",
"C:\\Windows\\",
"C:\\Windows\\YRFEtcu.dll",
"C:\\Windows\\ApdTSiWT\\"
],
"command_line": [
"C:\\Program Files (x86)\\ihfqgu\\razy.exe"
],
"file_read": [
"C:\\Program Files (x86)\\ihfqgu\\razy.exe",
"C:\\xfpl\\crazy.exe"
],
"regkey_read": [
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\SourcePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\DevicePath",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{3f5cc1b5-70f9-11e8-b07b-806e6f6e6963}\\Generation",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en-US",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{3f5cc1b6-70f9-11e8-b07b-806e6f6e6963}\\Data",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Rpc\\MaxRpcSize",
"HKEY_LOCAL_MACHINE\\SYSTEM\\Setup\\SystemSetupInProgress",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{3f5cc1b5-70f9-11e8-b07b-806e6f6e6963}\\Data",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{3f5cc1b6-70f9-11e8-b07b-806e6f6e6963}\\Generation",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize\\DisableMetaFiles",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SQMClient\\Windows\\CEIPEnable",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en-US",
"HKEY_LOCAL_MACHINE\\SYSTEM\\Setup\\OOBEInProgress",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\ComputerName\\ActiveComputerName\\ComputerName"
]
},
"first_seen": 1597290787.109375,
"ppid": 2460
},
{
"process_path": "C:\\Program Files (x86)\\ihfqgu\\razy.exe",
"process_name": "razy.exe",
"pid": 2628,
"summary": {
"file_created": [
"C:\\Windows\\gaABPi\\nLAuwsOD.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\FwFQmYtW\\ojPwIJFk.dll",
"C:\\Windows\\ACxtDalw.dll",
"C:\\ouJrEbQO.txt",
"C:\\Windows\\gaABPi\\XQENWVVw.dll",
"C:\\Windows\\SysWOW64\\I6vMf7Hi8Py.sys",
"C:\\Windows\\gaABPi\\MAWeccbS.dll",
"C:\\Windows\\System32\\GroupPolicy\\gpt.ini",
"C:\\Windows\\GLDmfsVFY\\wilogon.exe",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\desktop.ini",
"C:\\Windows\\System32\\GroupPolicy\\Machine\\Registry.pol",
"C:\\Windows\\gaABPi\\MYAPRNiT.dll",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\FwFQmYtW\\EiYsuQ.dll",
"C:\\Program Files (x86)\\oFLcWER\\pptxDO.dll",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\desktop.ini",
"C:\\Program Files (x86)\\oFLcWER\\PpSTkvuT.dll",
"C:\\Windows\\gaABPi\\pguxrPnk.exe"
],
"file_recreated": [
"C:\\Windows\\gaABPi\\XQENWVVw.dll",
"\\??\\I6vMf7Hi8P",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Firefox.lnk",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Launch Internet Explorer Browser.lnk",
"\\??\\{EF381EA0-4D07-418D-A490-68AF67CE948B}",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Internet Explorer.lnk",
"C:\\Windows\\gaABPi\\MAWeccbS.dll",
"C:\\Windows\\gaABPi\\pguxrPnk.exe"
],
"directory_created": [
"C:\\Windows\\GLDmfsVFY\\",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\FwFQmYtW\\",
"C:\\Program Files (x86)\\oFLcWER\\",
"C:\\Windows\\System32\\GroupPolicy\\User",
"C:\\Windows\\System32\\GroupPolicy\\Machine",
"C:\\Windows\\gaABPi\\"
],
"dll_loaded": [
"C:\\Windows\\system32\\ntshrui.dll",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\FwFQmYtW\\ojPwIJFk.dll",
"C:\\Windows\\system32\\pnrpnsp.dll",
"kernel32",
"API-MS-Win-Security-LSALookup-L1-1-0.dll",
"apphelp.dll",
"LINKINFO.dll",
"DNSAPI.dll",
"kernel32.dll",
"UxTheme.dll",
"netutils.dll",
"oleaut32.dll",
"ntdll.dll",
"C:\\Windows\\WinSxS\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\\gdiplus.dll",
"C:\\Windows\\system32\\napinsp.dll",
"URLMON.DLL",
"WS2_32.DLL",
"PROPSYS.dll",
"KERNEL32.DLL",
"fwpuclnt.dll",
"API-MS-Win-Core-LocalRegistry-L1-1-0.dll",
"user32",
"advapi32.dll",
"ole32.dll",
"C:\\Windows\\gaABPi\\MAWeccbS.dll",
"API-MS-Win-Security-SDDL-L1-1-0.dll",
"olepro32.dll",
"IPHLPAPI.DLL",
"ADVAPI32.dll",
"wsock32.dll",
"C:\\Windows\\System32\\mswsock.dll",
"SHELL32.dll",
"C:\\Windows\\System32\\winrnr.dll",
"C:\\Program Files (x86)\\oFLcWER\\PpSTkvuT.dll",
"comctl32.dll",
"C:\\Windows\\system32\\shell32.dll",
"C:\\Windows\\system32\\NLAapi.dll",
"IMAGEHLP.DLL",
"NTDLL",
"ws2_32",
"C:\\Windows\\gaABPi\\MYAPRNiT.dll",
"shell32.dll",
"rpcrt4.dll",
"SETUPAPI.dll",
"WS2_32.dll",
"user32.dll"
],
"file_opened": [
"C:\\Users\\cuck\\Local Settings\\Temporary Internet Files",
"C:\\Windows\\AppPatch\\sysmain.sdb",
"C:\\",
"C:\\Users\\cuck\\AppData",
"C:\\Windows\\System32\\",
"C:\\Users\\cuck\\Local Settings\\Temporary Internet Files\\desktop.ini",
"C:\\Windows\\System32\\drivers\\etc\\hosts",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB",
"C:\\Windows\\System32\\en-US\\ntshrui.dll.mui",
"C:\\Program Files\\Windows Media Player\\wmpnetwk.exe",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Explorer.lnk",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\index.dat",
"C:\\Windows\\System32\\GroupPolicy\\gpt.ini",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\desktop.ini",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY",
"C:\\Windows\\System32\\cmd.exe",
"C:\\Windows\\System32\\SearchIndexer.exe",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Virtualized",
"C:\\Program Files (x86)\\Internet Explorer",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\OfflineCache",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\desktop.ini",
"C:\\Python27\\python.exe",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\desktop.ini",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries",
"C:\\Users\\cuck\\AppData\\Roaming",
"C:\\Users",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows",
"C:\\Windows\\gaABPi\\MAWeccbS.dll",
"C:\\Windows\\System32\\SearchProtocolHost.exe",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\desktop.ini",
"C:\\Windows\\gaABPi\\MYAPRNiT.dll",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\desktop.ini",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\thumbnails",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\",
"C:\\Users\\desktop.ini",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla",
"C:\\Program Files (x86)\\ihfqgu\\razy.exe",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Firefox.lnk",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\",
"C:\\Users\\cuck",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\index.dat",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\doomed",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles",
"C:\\Users\\cuck\\AppData\\Local",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Media Player.lnk",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\desktop.ini",
"C:\\Windows\\System32\\ntshrui.dll",
"C:\\Windows\\System32\\oleaccrc.dll",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Internet Explorer.lnk",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Shows Desktop.lnk",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2",
"C:\\Program Files (x86)\\Mozilla Firefox",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Window Switcher.lnk",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox",
"C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe",
"C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Launch Internet Explorer Browser.lnk",
"C:\\Windows\\System32\\SearchFilterHost.exe",
"C:\\Program Files (x86)\\desktop.ini",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\jumpListCache"
],
"file_copied": [
[
"C:\\Windows\\SysWOW64\\sort.exe",
"C:\\Program Files (x86)\\ihfqgu\\razy.exe"
]
],
"regkey_opened": [
"HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows NT\\DnsClient",
"HKEY_CLASSES_ROOT\\.eot",
"HKEY_CLASSES_ROOT\\.eot\\OpenWithProgids",
"HKEY_CLASSES_ROOT\\Directory",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\jpegfile\\BrowseInPlace",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.js",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\PropertySystem\\PropertyHandlers\\.sbstore",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.htm\\ShellEx\\IconHandler",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\PropertySystem\\PropertyHandlers\\.little",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.txt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\JSFile\\DocObject",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\feedplat",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Content",
"HKEY_CLASSES_ROOT\\Drive\\shellex\\FolderExtensions",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.htm",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\User Agent",
"HKEY_CLASSES_ROOT\\.js",
"HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\User Agent",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.sbstore\\OpenWithProgids",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.dat",
"HKEY_CLASSES_ROOT\\.",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.png\\BrowseInPlace",
"HKEY_CLASSES_ROOT\\*",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\pngfile\\BrowseInPlace",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.sbstore",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Blocked",
"HKEY_CLASSES_ROOT\\SystemFileAssociations\\.gif",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.bin\\ShellEx\\IconHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\ShellEx\\{2F711B17-773C-41D4-93FA-7F23EDCECB66}",
"HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.ico\\ShellEx\\IconHandler",
"HKEY_CLASSES_ROOT\\.gif\\OpenWithProgids",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\inifile\\ShellEx\\IconHandler",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.jpg\\(Default)",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",
"HKEY_CLASSES_ROOT\\.sqlite",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.txt\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\image\\DocObject",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe\\ShellEx\\LinkHandler",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\JSFile\\ShellEx\\IconHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\text\\ShellEx\\IconHandler",
"HKEY_CURRENT_USER\\Software\\Policies",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\giffile\\CurVer",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\txtfile\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\DocObject",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\inifile\\Clsid",
"HKEY_CLASSES_ROOT\\Directory\\shellex\\CopyHookHandlers",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{3080F90E-D7AD-11D9-BD98-0000947B0257}\\ShellFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\icofile\\CurVer",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Objects\\{3080F90D-D7AD-11D9-BD98-0000947B0257}",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.gif",
"HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows NT\\Rpc",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\icofile\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.jpg\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\ShellEx\\PropertyHandler",
"HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.png\\OpenWithProgids",
"HKEY_CLASSES_ROOT\\.little\\OpenWithProgids",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-20",
"HKEY_CLASSES_ROOT\\.png\\OpenWithProgids",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\jpegfile\\CurVer",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.\\OpenWithProgids",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\MSHist012019040920190410",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\ietld",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\App Paths\\razy.exe",
"HKEY_CLASSES_ROOT\\.lz4",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\PROFILELIST",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CSSfile\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\pngfile\\ShellEx\\IconHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Unknown\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{7BD29E01-76C1-11CF-9DD0-00A0C9034933}\\ShellFolder",
"HKEY_CLASSES_ROOT\\.json\\OpenWithProgids",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\icofile\\ShellEx\\IconHandler",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.bin",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\User Agent",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer",
"HKEY_CLASSES_ROOT\\.svg",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.ico\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.png\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\JSFile\\BrowseInPlace",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Group Policy Objects\\{CFF62D5F-1329-40E2-BFDF-2CCA7911EF1A}Machine\\Software",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.gif\\DocObject",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{7BD29E01-76C1-11CF-9DD0-00A0C9034933}\\ShellFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\jpegfile\\ShellEx\\IconHandler",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.jpg",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.gif\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.ini\\OpenWithProgids",
"HKEY_CLASSES_ROOT\\CLSID\\{7BD29E01-76C1-11CF-9DD0-00A0C9034933}\\shell",
"HKEY_CLASSES_ROOT\\.png",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.exe",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CSSfile\\Clsid",
"HKEY_CLASSES_ROOT\\SystemFileAssociations\\.sqlite",
"HKEY_CURRENT_USER\\FirefoxHTML-E7CF176E110C211B\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\image\\BrowseInPlace",
"HKEY_CURRENT_USER\\Software\\Borland\\Delphi\\Locales",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\inifile\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.eot\\OpenWithProgids",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\giffile\\DocObject",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\Tcpip\\Parameters",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.txt\\Clsid",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.jpg\\ShellEx\\IconHandler",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\User Agent\\Post Platform",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.js\\OpenWithProgids",
"HKEY_CLASSES_ROOT\\SystemFileAssociations\\.dat",
"HKEY_CLASSES_ROOT\\SystemFileAssociations\\image",
"HKEY_CLASSES_ROOT\\.htm",
"HKEY_CLASSES_ROOT\\.little",
"HKEY_CLASSES_ROOT\\.txt",
"HKEY_CLASSES_ROOT\\.txt\\OpenWithProgids",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.ini",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.ico\\DocObject",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\jpegfile\\DocObject",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.svg\\OpenWithProgids",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\Clsid",
"HKEY_LOCAL_MACHINE\\Software",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Unknown\\ShellEx\\PropertyHandler",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.ico\\OpenWithProgids",
"HKEY_CLASSES_ROOT\\SystemFileAssociations\\.sbstore",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\text\\ShellEx\\PropertyHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CSSfile\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\icofile\\DocObject",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\ShellEx\\PropertyHandler",
"HKEY_CLASSES_ROOT\\.svg\\OpenWithProgids",
"HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\Explorer",
"HKEY_CLASSES_ROOT\\.js\\OpenWithProgids",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Group Policy Objects\\{CFF62D5F-1329-40E2-BFDF-2CCA7911EF1A}Machine",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\services\\RwyCltDrv",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\DnsCache\\Parameters",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.little\\OpenWithProgids",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\ShellEx\\PropertyHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\pngfile\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{7BD29E01-76C1-11CF-9DD0-00A0C9034933}\\ShellEx\\IconHandler",
"HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\User Agent",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\User Agent\\Pre Platform",
"HKEY_CURRENT_USER\\FirefoxHTML-E7CF176E110C211B\\ShellEx\\IconHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\shell\\OpenHomePage\\Command",
"HKEY_CLASSES_ROOT\\.bin\\OpenWithProgids",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CSSfile\\ShellEx\\IconHandler",
"HKEY_CLASSES_ROOT\\SystemFileAssociations\\text",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\giffile\\ShellEx\\IconHandler",
"HKEY_CLASSES_ROOT\\.css\\OpenWithProgids",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Objects\\{40DD6E20-7C17-11CE-A804-00AA003CA9F6}",
"HKEY_CLASSES_ROOT\\.lz4\\OpenWithProgids",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CSSfile\\DocObject",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\jpegfile\\(Default)",
"HKEY_CLASSES_ROOT\\.css",
"HKEY_CLASSES_ROOT\\SystemFileAssociations\\.eot",
"HKEY_CLASSES_ROOT\\txtfile",
"HKEY_CLASSES_ROOT\\jpegfile",
"HKEY_CLASSES_ROOT\\.sqlite\\OpenWithProgids",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{3f5cc1b6-70f9-11e8-b07b-806e6f6e6963}\\",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Cookies",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\App Paths\\razy.exe",
"HKEY_CLASSES_ROOT\\CLSID\\{7BD29E01-76C1-11CF-9DD0-00A0C9034933}\\ShellFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-699399860-4089948139-3198924279-1001",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\shellex\\CopyHookHandlers\\Sharing",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.htm\\DocObject",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\PropertySystem\\PropertyHandlers\\.",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.metadata",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\BrowseInPlace",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{3080F90D-D7AD-11D9-BD98-0000947B0257}\\ShellFolder",
"HKEY_CLASSES_ROOT\\SystemFileAssociations\\document",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Setup",
"HKEY_CLASSES_ROOT\\.ini\\OpenWithProgids",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\inifile\\DocObject",
"HKEY_CLASSES_ROOT\\Drive\\shellex\\FolderExtensions\\{fbeb8a05-beee-4442-804e-409d6c4515e9}",
"HKEY_CLASSES_ROOT\\.ico",
"HKEY_CURRENT_USER\\FirefoxHTML-E7CF176E110C211B\\BrowseInPlace",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.dat\\OpenWithProgids",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.ico\\BrowseInPlace",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.pset",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_BROWSER_EMULATION",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\txtfile\\Clsid",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.ini\\UserChoice",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\ShellEx\\IconHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\text\\DocObject",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.htm\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\PropertySystem\\PropertyHandlers\\.ico",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\User Agent",
"HKEY_CLASSES_ROOT\\JSFile",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\inifile\\BrowseInPlace",
"HKEY_CLASSES_ROOT\\CSSfile",
"HKEY_CLASSES_ROOT\\CLSID\\{7BD29E01-76C1-11CF-9DD0-00A0C9034933}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{7BD29E01-76C1-11CF-9DD0-00A0C9034933}\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Sharing",
"HKEY_CLASSES_ROOT\\CLSID\\{3080F90E-D7AD-11D9-BD98-0000947B0257}\\ShellFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\*\\ShellEx\\PropertyHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.dat\\Clsid",
"HKEY_LOCAL_MACHINE\\Software\\Policies",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\inifile\\CurVer",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{3080F90D-D7AD-11D9-BD98-0000947B0257}\\ShellFolder",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.gif\\UserChoice",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Group Policy Objects\\{CFF62D5F-1329-40E2-BFDF-2CCA7911EF1A}Machine\\Software\\Policies\\Google",
"HKEY_CLASSES_ROOT\\SystemFileAssociations\\.json",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\CurVer",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\User Agent\\Post Platform",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.exe\\OpenWithProgids",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\ShellEx\\{2F711B17-773C-41D4-93FA-7F23EDCECB66}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\txtfile\\ShellEx\\IconHandler",
"HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\System",
"HKEY_CLASSES_ROOT\\SystemFileAssociations\\.jpg",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\DOMStore",
"HKEY_CLASSES_ROOT\\SystemFileAssociations\\.svg",
"HKEY_CLASSES_ROOT\\SystemFileAssociations\\.little",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.json",
"HKEY_CLASSES_ROOT\\pngfile",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Unknown\\ShellEx\\IconHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.ico\\Clsid",
"HKEY_CLASSES_ROOT\\exefile",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\PropertySystem\\PropertyHandlers\\.lz4",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.dat\\BrowseInPlace",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Group Policy Objects\\{CFF62D5F-1329-40E2-BFDF-2CCA7911EF1A}Machine\\Software\\Policies",
"HKEY_CLASSES_ROOT\\FirefoxHTML-E7CF176E110C211B",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\jpegfile\\Clsid",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{3f5cc1b5-70f9-11e8-b07b-806e6f6e6963}\\",
"HKEY_CLASSES_ROOT\\.dat",
"HKEY_CLASSES_ROOT\\ExplorerCLSIDFlags\\{A38B883C-1682-497E-97B0-0A3A9E801682}",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.pset\\OpenWithProgids",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\image\\Clsid",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\Clsid",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.little",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.bin\\Clsid",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced",
"HKEY_CLASSES_ROOT\\icofile",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\PropertySystem\\PropertyHandlers\\.metadata",
"HKEY_CLASSES_ROOT\\SystemFileAssociations\\.metadata",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\pngfile\\CurVer",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.lz4\\OpenWithProgids",
"HKEY_CLASSES_ROOT\\SystemFileAssociations\\.ico",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Cached",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume",
"HKEY_CURRENT_USER\\Software\\Borland\\Locales",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\ShellEx\\IconHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Unknown\\Clsid",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\JSFile\\CurVer",
"HKEY_CLASSES_ROOT\\CLSID\\{40DD6E20-7C17-11CE-A804-00AA003CA9F6}\\InProcServer32",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.lz4",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.css\\OpenWithProgids",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\PropertySystem\\PropertyHandlers\\.ini",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.txt\\DocObject",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\LanmanServer\\DefaultSecurity",
"HKEY_CLASSES_ROOT\\CLSID\\{3080F90E-D7AD-11D9-BD98-0000947B0257}",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.eot",
"HKEY_CLASSES_ROOT\\CLSID\\{A38B883C-1682-497E-97B0-0A3A9E801682}\\OverrideFileSystemProperties",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\giffile\\Clsid",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\Associations\\UrlAssociations\\Directory",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe\\Clsid",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.ini\\ShellEx\\PropertyHandler",
"HKEY_CLASSES_ROOT\\Unknown",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.htm\\OpenWithProgids",
"HKEY_CLASSES_ROOT\\.\\OpenWithProgids",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.json\\OpenWithProgids",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Unknown\\BrowseInPlace",
"HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\PropertySystem\\PropertyHandlers\\.sqlite",
"HKEY_CLASSES_ROOT\\SystemFileAssociations\\.lz4",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.exe\\(Default)",
"HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\System\\DNSClient",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\icofile\\Clsid",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\image\\ShellEx\\IconHandler",
"HKEY_CLASSES_ROOT\\.metadata\\OpenWithProgids",
"HKEY_CLASSES_ROOT\\SystemFileAssociations\\.ini",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\shellex\\CopyHookHandlers\\FileSystem",
"HKEY_CLASSES_ROOT\\.exe\\OpenWithProgids",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{3080F90E-D7AD-11D9-BD98-0000947B0257}\\ShellFolder",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.sqlite",
"HKEY_CLASSES_ROOT\\giffile",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\ShellEx\\{2F711B17-773C-41D4-93FA-7F23EDCECB66}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\text\\Clsid",
"HKEY_CLASSES_ROOT\\Folder",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.jpg\\OpenWithProgids",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.txt\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\History",
"HKEY_CLASSES_ROOT\\.gif",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\User Agent\\Pre Platform",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.txt\\OpenWithProgids",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.ini\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.\\UserChoice",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Objects\\{3080F90E-D7AD-11D9-BD98-0000947B0257}",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.css",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main",
"HKEY_CLASSES_ROOT\\.pset\\OpenWithProgids",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\text\\BrowseInPlace",
"HKEY_CLASSES_ROOT\\SystemFileAssociations\\.exe",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.sqlite\\OpenWithProgids",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.png\\DocObject",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Objects\\{7BD29E01-76C1-11CF-9DD0-00A0C9034933}",
"HKEY_CLASSES_ROOT\\CLSID\\{A38B883C-1682-497E-97B0-0A3A9E801682}",
"HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.bin\\OpenWithProgids",
"HKEY_CURRENT_USER\\Software",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Diagnostics",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\ShellEx\\LinkHandler",
"HKEY_CLASSES_ROOT\\.json",
"HKEY_CLASSES_ROOT\\.bin",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache",
"HKEY_CLASSES_ROOT\\.jpg",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\pngfile\\DocObject",
"HKEY_CLASSES_ROOT\\.dat\\OpenWithProgids",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum",
"HKEY_CLASSES_ROOT\\.exe",
"HKEY_CLASSES_ROOT\\AllFilesystemObjects",
"HKEY_CLASSES_ROOT\\SystemFileAssociations\\.htm",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\ShellEx\\LinkHandler",
"HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.exe\\UserChoice",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.bin\\DocObject",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.metadata\\OpenWithProgids",
"HKEY_CLASSES_ROOT\\.htm\\OpenWithProgids",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Group Policy Objects\\{CFF62D5F-1329-40E2-BFDF-2CCA7911EF1A}User",
"HKEY_CURRENT_USER\\FirefoxHTML-E7CF176E110C211B\\CurVer",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe\\ShellEx\\IconHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{7BD29E01-76C1-11CF-9DD0-00A0C9034933}\\DocObject",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.gif\\OpenWithProgids",
"HKEY_CLASSES_ROOT\\SystemFileAssociations\\.",
"HKEY_CLASSES_ROOT\\.sbstore",
"HKEY_CLASSES_ROOT\\SystemFileAssociations\\.bin",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\History",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\User Agent\\Pre Platform",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe\\DocObject",
"HKEY_CLASSES_ROOT\\SystemFileAssociations\\.pset",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Content",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.txt\\UserChoice",
"HKEY_CLASSES_ROOT\\.ico\\OpenWithProgids",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Rpc",
"HKEY_CLASSES_ROOT\\CLSID\\{25336920-03F9-11cf-8FD0-00AA00686F13}\\Implemented Categories\\{00021490-0000-0000-C000-000000000046}",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.htm\\UserChoice",
"HKEY_CURRENT_USER\\FirefoxHTML-E7CF176E110C211B\\DocObject",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Group Policy Objects\\{CFF62D5F-1329-40E2-BFDF-2CCA7911EF1A}Machine\\Software\\Policies\\Google\\Chrome",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\txtfile\\CurVer",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.jpg\\DocObject",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.css\\UserChoice",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\icofile\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\giffile\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CSSfile\\CurVer",
"HKEY_CLASSES_ROOT\\.ini",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.gif\\ShellEx\\IconHandler",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.svg",
"HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\User Agent",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\TabbedBrowsing",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\JSFile\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.png\\UserChoice",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.png\\ShellEx\\IconHandler",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",
"HKEY_CLASSES_ROOT\\.pset",
"HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\Explorer",
"HKEY_CLASSES_ROOT\\SystemFileAssociations\\.js",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\txtfile\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Unknown\\DocObject",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Unknown\\CurVer",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\BrowseInPlace",
"HKEY_CLASSES_ROOT\\inifile",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.jpg\\UserChoice",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.exe\\ShellEx\\LinkHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.bin\\ShellEx\\PropertyHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\CurVer",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.htm\\(Default)",
"HKEY_CLASSES_ROOT\\SystemFileAssociations\\.txt",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\PropertySystem\\PropertyHandlers\\.bin",
"HKEY_CLASSES_ROOT\\.metadata",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\DocObject",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.dat\\ShellEx\\PropertyHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.dat\\ShellEx\\IconHandler",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\Shell\\RegisteredApplications\\UrlAssociations\\Directory\\OpenWithProgids",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\JSFile\\Clsid",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\txtfile\\DocObject",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\User Agent\\Post Platform",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Cookies",
"HKEY_CLASSES_ROOT\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.css\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\Clsid",
"HKEY_CLASSES_ROOT\\.jpg\\OpenWithProgids",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Blocked",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\PropertySystem\\PropertyHandlers\\.json",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\PropertySystem\\PropertyHandlers\\.png",
"HKEY_CLASSES_ROOT\\htmlfile",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\pngfile\\Clsid",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\User Agent\\UA Tokens",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\PropertySystem\\PropertyHandlers\\.pset",
"HKEY_CLASSES_ROOT\\CLSID\\{217FC9C0-3AEA-1069-A2DB-08002B30309D}\\InProcServer32",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.txt\\ShellEx\\IconHandler",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-18",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-19",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\ShellEx\\IconHandler",
"HKEY_CLASSES_ROOT\\CLSID\\{3080F90D-D7AD-11D9-BD98-0000947B0257}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\*\\ShellEx\\LinkHandler",
"HKEY_CLASSES_ROOT\\CLSID\\{0002DF01-0000-0000-C000-000000000046}\\LocalServer32",
"HKEY_LOCAL_MACHINE\\Software\\Borland\\Locales",
"HKEY_CLASSES_ROOT\\CLSID\\{3080F90D-D7AD-11D9-BD98-0000947B0257}\\ShellFolder",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.ico",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\crypt32",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{7BD29E01-76C1-11CF-9DD0-00A0C9034933}\\Clsid",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\PrivacIE:",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.dat\\DocObject",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.png",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\giffile\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.gif\\BrowseInPlace",
"HKEY_CLASSES_ROOT\\SystemFileAssociations\\.png",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\inifile\\ShellEx\\PropertyHandler",
"HKEY_CLASSES_ROOT\\.sbstore\\OpenWithProgids",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\PropertySystem\\PropertyHandlers\\.dat",
"HKEY_CURRENT_USER\\FirefoxHTML-E7CF176E110C211B\\Clsid",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.ico\\UserChoice",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\DocObject",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.htm\\Clsid",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.bin\\BrowseInPlace",
"HKEY_CLASSES_ROOT\\SystemFileAssociations\\.css"
],
"resolves_host": [
"cfg.jipinwan.com",
"hao.fvrarmr.xyz",
"www.52daohang.com",
"i.daohang2016.com",
"cdc.114wb.net",
"mk.hao2016.net",
"hao.360.cn",
"www.so.com",
"123.sogou.com",
"liulanqi.baidu.com",
"hao.qq.com",
"123.wbsite2016.net",
"cn.hao123.com",
"gc.wb51.com",
"index.114wb.net",
"www.hao774.com",
"www.9973.com",
"ie.wbsite2016.net",
"ie.17kanyx.cc",
"icafe.daohang2016.com",
"wb.hao2016.net",
"ffb.feihuo.com",
"hao.k6kb.xyz",
"hao.bcxrb.xyz",
"www.2345mini.com",
"www.sogou.com",
"web.daohang2016.com",
"hao.szwqw.xyz",
"udo.jxwan.com",
"www.baidu.com",
"www.2345.com",
"hao.webnav.top",
"daohang.qq.com",
"index.2345wb.com",
"nb.4335wang.cn",
"yy.netbardh.com",
"index.6-6.cn",
"index.hao2016.net",
"tsd.jxwan.com",
"www.duba.com",
"bk.957wan.com",
"cuckpc",
"dld.jxwan.com",
"hao.vrarmrm.xyz",
"web.sogou.com",
"123.k6kb.xyz",
"xiaoshuou.xyz",
"www.hao123.com"
],
"file_written": [
"C:\\Windows\\gaABPi\\nLAuwsOD.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\FwFQmYtW\\ojPwIJFk.dll",
"C:\\Windows\\ACxtDalw.dll",
"C:\\ouJrEbQO.txt",
"C:\\Windows\\gaABPi\\XQENWVVw.dll",
"C:\\Windows\\SysWOW64\\I6vMf7Hi8Py.sys",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\desktop.ini",
"C:\\Windows\\GLDmfsVFY\\wilogon.exe",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Firefox.lnk",
"C:\\Windows\\gaABPi\\MAWeccbS.dll",
"C:\\Windows\\System32\\GroupPolicy\\gpt.ini",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Launch Internet Explorer Browser.lnk",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\desktop.ini",
"C:\\Windows\\System32\\GroupPolicy\\Machine\\Registry.pol",
"C:\\Windows\\gaABPi\\MYAPRNiT.dll",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\FwFQmYtW\\EiYsuQ.dll",
"C:\\Program Files (x86)\\oFLcWER\\pptxDO.dll",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Internet Explorer.lnk",
"C:\\Program Files (x86)\\oFLcWER\\PpSTkvuT.dll",
"C:\\Windows\\gaABPi\\pguxrPnk.exe"
],
"regkey_deleted": [
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Group Policy Objects\\{CFF62D5F-1329-40E2-BFDF-2CCA7911EF1A}Machine",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Group Policy Objects\\{CFF62D5F-1329-40E2-BFDF-2CCA7911EF1A}Machine\\Software\\Policies\\Google",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Group Policy Objects",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Group Policy Objects\\{CFF62D5F-1329-40E2-BFDF-2CCA7911EF1A}Machine\\Software\\Policies",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Group Policy Objects\\{CFF62D5F-1329-40E2-BFDF-2CCA7911EF1A}Machine\\Software\\Policies\\Google\\Chrome",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Group Policy Objects\\{CFF62D5F-1329-40E2-BFDF-2CCA7911EF1A}User",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Group Policy Objects\\{CFF62D5F-1329-40E2-BFDF-2CCA7911EF1A}Machine\\Software"
],
"file_deleted": [
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\C57B57965CBA09581E320B5AA0337D210F8F93D2",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\BA3014356B4F6ECADF1B5288B6841EB407783B99",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\1FD79E550E990A5DE8BC811C9BBECF380A66A9DF",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\1F3A3A34BAF218785600EB46E9182918B9928898",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\BBKtzto[1].jpg",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-unwanted-proto.metadata",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\AAn2nbX[1].png",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\BB03D28C0A5842A9006EBFBFCDEC58959BE6B505",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\FF55B8192FB0DF5264A1A67E55A281598969EDD1",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\AAyDNXs[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\billboard-healthy-internet.4c6fc8ad55a2[1].png",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\7ADD52E257AB16553D632B8F4B6830030878A19E",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\activity-stream.tippytop.json",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\desktop.ini",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\0CDAD0FEE8D457A239E21FCEAC3C12851FD524BB",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\thumbnails\\fb2f644bcf6b36d8862a33041d87ddf0.png",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F456E8433011E699C016D5F1A2CD66D7F02F61A1",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\24AB539CB6640E15DB1604220F3951544785212C",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\AAyGytH[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\pebbles.03d45fb8fff9[1].css",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\AAyHX0C[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\AAyGEJ3[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\AAyGk1E[1].png",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\linkid[1].js",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\AAyG7xi[1].jpg",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-malware-simple.pset",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\53DAE4B1D7BFF6744CCAF7207DE631267F9883DC",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\AAyGF0V[1].jpg",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\03C2D63D520038594126B6B542E92CB503EF60B6",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\jumpListCache\\TNrpsmOw5RDPyttYNXVb1A==.ico",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\AAmTi96[1].png",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\BD75785200C0E1E894D78880C72AC03D1B02A575",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\24C085D72E4DC34C183B0875733BBC71612D9696",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\AA5Pgkt[1].png",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\8C98F893C7DC5F2C401AD1482A81572B54197408",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\AAyHSTw[1].jpg",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\80C4BD9CF4D3178043F25467076DC8E0EDCA7FA2",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\AAyGjgH[1].jpg",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\cuck@www.bing[1].txt",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\f1d86b5a[1].js",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\AAyHtCF[1].jpg",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\E600EF8778C4BFEC40D87FF56E5C46E3377094F0",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\AAyFSlO[1].jpg",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\89ACBB962943FAF1EF2F1C7CA72502C77A714625",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\moz-wordmark-light-reverse.cb1bdf6d1de6[1].svg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\analytics[1].js",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\AAyHp3I[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\AAyDG2i[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\AAmAjxE[1].png",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-phish-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\AAm2UN1[1].png",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\firefox_new_scene2.80680e44761d[1].css",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\14C9FC10F03F11BB6CBD75EA217AB33E64DCC1D8",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\AAyGdpn[1].jpg",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\32D3D40B1A49D72C523AF9C518AFE673224DF48F",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\AAvNAS3[1].jpg",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\mozplugin-block-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\social-icon-sprite.bf2ae0cd0f01[1].svg",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\505DF13F4DA2C53FEB1945E0598B23F47FDBDCC7",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\AAyGMoR[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\AAyGuU2[1].jpg",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\jumpListCache\\pV+3TL7Nu3EP5juvr_gPjg==.ico",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\mwf-main.var.min[1].js",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\mozstd-trackwhite-digest256.pset",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\7F2254AA2A8BC4A627A43E0A537084540A1E884B",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\stub_attribution_code[1]",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\AAyFYwA[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\meversion[1]",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\AAyDNV6[1].jpg",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D6BFEAEE7117A9C7FDE6A10EAB400F894E4195A8",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\64E75C732D9C3F23724ACEF48E9B6C566BC6D9BE",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\AA5P5kF[1].png",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\950506BC89C1114E4E75E993855000430CECD9D9",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B10EA6E071F884F477118DC8A00E82FC8DE58639",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\AAyH9fJ[1].jpg",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\6C9B846926C287B15F67D64CE91F1CFA7D812660",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\0EDDF8C091E2FED62E44BEDDDC1723F5BF38FE4F",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\AA44aMX[1].png",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\AAyFYwA[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\AAyvDNg[1].jpg",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4EC268BEC38CFB516EF780E0EBE4E401AF241132",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4E83181E964BD40E1FE4C41BAFED645D4BA363B1",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\AAiEGxc[1].png",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\a7-b05f22[1].txt",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\urlCache.bin",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\499B8F86D3D7ACD12153BFF4E7D9C21E20E57862",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\AAyGi8f[1].jpg",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\5014D54D3346C39B07AF70090657B2AD092771C7",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\common-ie8.1a18bf9598c9[1].js",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\AA5OV5j[1].png",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2FD2E2A71F89E3A92F68CB796207228217259289",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F10983A15DD515D828BE4E816299B9E87852132A",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\654562[1].eot",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\gtm-snippet.9f9cf2026c5f[1].js",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\AAxlHiU[1].png",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\logo-quantum-wordmark-white.bd1944395fb6[1].png",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\AAyHu89[1].jpg",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\464DAA9FB3675E2054BC44273AFC184FA46471CB",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\589D8E1EA927649272150213A47BD1143DECB82A",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\AAyzFYA[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\46045091[1].js",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\BBqpxNn[1].jpg",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\E59C4C731883450D84A0BAE7FDD94546BBC8DE04",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\AAyx8m7[1].jpg",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flash-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\AAyFB3T[1].jpg",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B2D65EE14ED1EB19E1A3B4C871D8C24A13F52918",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F18D85F52EBBBA2AB081EF739ED0D6E8A76D497C",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\AAt8NdA[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\e151e5[1].gif",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\block-flashsubdoc-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\AAyEhUL[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\AAyGwc2[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\BBFznKu[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\AAipTdr[1].jpg",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\96ABC2EA8266E6EA2ABE62F8766B67BC8CA527BD",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\AAmUOVK[1].png",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F85DD1E57E8C61DF501ABFFCE74943A8035E83A6",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\13AD07F4960A54F2D183ACF9E94C5128138B1927",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D7152E928865BCA4A03E2E2EA4F70459D0A65CA9",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\DC933A410E769DFD115C892EAF014A6E15ED59CE",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4FA5EE242D6F5B358CE45D291E80054726F198AC",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\AAyGmAd[1].jpg",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D8779A474EF9F188508C00F92B9CE49A7892A0AD",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\wordmark-dark.731d4dab7347[1].svg",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-track-simple.pset",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\1E6CC88205509B4729347C79C048D6FEE47BA702",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\AAyEE9W[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\AA70XHo[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\oldIE-pebbles.b7e68dca9b65[1].css",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\AAyH6wG[1].jpg",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-harmful-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\AAmTtWR[1].png",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\AAyHsSF[1].jpg",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\87526A8EBFB030E474085D20EF15DC8C63814072",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-unwanted-proto.pset",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\AAh3Qlh[1].jpg",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D5D7B247774E63182A9E2C82B62424AAB64C79A8",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\AAa5VT3[1].jpg",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B7DB036074231ACC212F58CA5B8AF0545A418060",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\AAxiGrh[1].jpg",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\5910B209536948818F465D83D2569E7CE0895207",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\16114BA75206B6FA4C51ADC8A73DB4C6635F6AF9",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\CA53C817FAB68ABF181745737562B15E8CCB7039",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\AAyGuB1[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\AAyGCD1[1].png",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\639DC9A240AA5E77CE1A930EDDD634BE796CBFA8",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\Passport[1].htm",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\FwFQmYtW\\ojPwIJFk.dll",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\wc-utils[1].txt",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\AAyGPjb[1].jpg",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\C03DE41C9476F437402F1B6C64B0E4AB01A863E0",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\new[1].htm",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\006309EAFFD4653F45B69F09BF6F930B6C5B394C",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\719CE0C009C49A27AA9874570F196BC7E8FB4270",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\63F48F4F7F1BC3195F5AB831F9794F3DBA2D30E1",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-badbinurl-proto.pset",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\btn-google-play.f03f6c89e1e9[1].png",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\65C9C9A27B78717F1015DE362F028E04C3945DEC",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\browser.3c7a2e55d6ed[1].png",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\1D7A050D55E3C4EE69402F8D55391DE5B50ADDB9",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\btn-google-play.77bdbc935c58[1].png",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\jumpListCache\\JmMK42Szdzg7wNmbNv8OlA==.ico",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\AC5E012C1887C7B691A8EA00C4E754025E25C235",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\AAiEMTy[1].png",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\favicon.e6bb0e59df3d[1].ico",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\58-1abe64-91cdfbc1[1].txt",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\796EA7DED8F33BFD4F2F0CD98C76865D063E1FE1",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\jumpListCache\\aYQRqY9_c25EZAuNdfxxAA==.ico",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\361B548BA913570AB336F9E5FA9152F01E567AB9",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\AAyGsMl[1].jpg",
"C:\\Program Files (x86)\\oFLcWER\\PpSTkvuT.dll",
"C:\\Windows\\gaABPi\\nLAuwsOD.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\stub-attribution.157168bbb235[1].js",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\AAs7njq[1].png",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\firefox_new_common.2a164989aaa0[1].css",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\en-US[1].htm",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\allow-flashallow-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\BBwDaSh[1].png",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\BBrEbke[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\mscc-0.4.0.min[1].js",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\AAyHLXo[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\AAyGfyg[1].jpg",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\05582FF5C196A4485F189490FEC9ECEA0890DA32",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\8763F97414AC5D93807FCCBC67DBAAAEE2972A52",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flashallow-digest256.sbstore",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\406A03EE0E91037465ACB2B4F4105250A54F282B",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F2BD0701B9399ABF52C338C39C42391FD12832D2",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\trans[2].gif",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\firefox_new_scene1.2d7b3209f26e[1].css",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2E51A9404F7D0D33DB132CAF4A9C7B8FA64549AA",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4945586D32183A203E85FAFFD463A7684FD62668",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\70F12FE0F788181112B9AEE541D1E9E7E0FAEDE3",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\AAyDBq2[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\btn-app-store.ace60becd7d2[1].svg",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\startupCache.4.little",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-downloadwhite-proto.pset",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\BA91797ACB41F0E0E1E95742571EEE322A6A70F0",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\BB5SfLo[1].png",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\E7EAFD1748127CEAA48DCDD05E7998E3CAA95B8C",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\BBAIVZe[1].png",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\AAyH8rV[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\search[1].htm",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\AAyGKvo[1].jpg",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\scriptCache-child-current.bin",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\448A2AB129B26377E2408BBC44A6B4E984B0F25D",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\AAyGc2M[1].jpg",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\911B0C61350C012E383F7D0845A33B4D64F1AD2A",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-harmful-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\favicon[1].ico",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\AAyESU1[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\site.8391e739b374[1].js",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\6052DF2D478CD99FDE4D4B2D810BB2BA580793EC",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\jumpListCache\\eLW8Bgf+jWqmmQuXh0IceA==.ico",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\BBKbRxB[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\AAyHbA2[1].jpg",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B597DA2E9B2D181DF7F2FB8D2BAEC133C8DBA0A3",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\AAyGf6j[1].jpg",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flashsubdoc-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\AAyH0lB[1].jpg",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\25D9FE4CEA5B58770648CDAF3242ACDE286A6CBF",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\196BCA845E91608F7B4CA6127A60D20AF55413AC",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\mwf-west-european-default.min[1].css",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\AC09BBF6FF451E6C03BF3FB18C85B1A52662C4FC",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\AAyHdfM[1].jpg",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-phish-proto.metadata",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\AAyHtqr[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\AAyGF76[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\58-1abe64-91cdfbc1[1].txt",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-malware-proto.metadata",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\6D0B804EDDF9F0A04ED44C3E1673404FC2EF042D",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\AAyGF0V[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\AAwzWIT[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\40e1b425[1].js",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B871BCA40A90227E35C39797525C79C94A1D99BE",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\newsletter-graphic.1048dfaedfee[1].png",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\BBFlpYy[1].png",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4E7F371E5CFBFD3AFD85C29D7EEFFFE842B3C777",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\css[1].txt",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\AAyGbHz[1].jpg",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\A41FBA22DC5012AD425DF960BDD5033BAB7C7CB6",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\AAni8qk[1].png",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\17AFA6B228D2D87514B84B53E61306EC9F76A8AE",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\88A3A91F296EB21A832CB76FA4FDB06CCDE147B9",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\BBnDMqr[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\BBGFWil[1].jpg",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D88DC229735F2EE8DFE494C6D1F37FA7BB2227CE",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4824C8FFDEE786A5D8721AF47836EA89F72B9E63",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\webext.sc.lz4",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\BBj5yEG[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\aea7e831[1].js",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\BBnHKSc[1].png",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\AAtnxhd[1].png",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4966EE335F8967FC706E89E6D02E8524E946F1B9",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\jumpListCache\\LZC28DzOldEyHYEXnv2DMQ==.ico",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\C7BCCD2D2CA294B38AE834D818CF5D5C0C7A65BE",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\9BA38CD17924C08AD334BFB3903E3E7CD5627B1B",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\AAyGsjz[1].jpg",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-block-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\BBHs1Sb[1].jpg",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\A9004750076EB06EEC33AA7B9CC6D2557CD44CF4",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\scriptCache-current.bin",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\773ADD9F62EEAF7F2246C8AD56A9F1B7BAA7B703",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\trans[1].gif",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\BFF1B70350A6A2E0FDC6CD336ADB9119D951BACD",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\EAF97F7535E2FBDA3D23E536591F7BBFE203FAC1",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\override[1].css",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\93B95B92B63A5C2327A8048A4BF57824C56B8CF1",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\68B1EB9E09D4BD74CA7A9C1BB118BE821BD39E93",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\AAxeXbc[1].jpg",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-unwanted-simple.sbstore",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\0FEBD8BDBFAC8B82791945DC7E04F675419B2F42",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\BBzUQnp[1].jpg",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\723D2D7D52AD8AD9A4B8D12D69CBCD97CB4FFC65",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D172C03F361E7325D8F391F992106A828306767D",
"C:\\Program Files (x86)\\ihfqgu\\razy.exe",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\AAyGhnZ[1].jpg",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flash-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\mscc-0.4.0.min[2].css",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\allow-flashallow-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\icon-lighter.72a7f6016d33[1].svg",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\FwFQmYtW\\EiYsuQ.dll",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\placeholder.71a50dbba44c[1].png",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\7B303216787123E2E98A2B9594CDF8211C77C0EA",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\icon-check.c3513ac1f0bf[1].svg",
"C:\\Windows\\gaABPi\\XQENWVVw.dll",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\AAyHFtw[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\BBwKMyE[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\BBC0v57[1].png",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2DDBF58F5F7BF1E52CD38B42B90ABC8A4B082461",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\9B10ECC55593004CB6F9763CF9201C09433055FD",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\AAyHa0Z[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\AAxeUzm[1].jpg",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\EE34617993BEF52E93EC1819B22D42B99366214A",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\angular-locale_en-us[1].js",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2B0BB856207559EBA5FC5511DF6FF5F51DFB5146",
"C:\\Windows\\gaABPi\\pguxrPnk.exe",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\7A140995F2B1632A4366B29F84525E129CE8019A",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\urlCache-current.bin",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2F0CC71C57B06F9DEA5A4A190CC4CF489D97C1F4",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\89DBE1DF558BB8439E2062ECC3272086F2E3FF1F",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\scriptCache-child.bin",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4AFCE23AA61A96885DF21D2DE2FFB502C41EBD3C",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\b9-b5b4e1-68ddb2ab[1]",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-unwanted-simple.pset",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\thumbnails\\698411a98f7f736e44640b8d75fc7100.png",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\AAyFI8u[1].jpg",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\7129FF815464CD6B0D2D26BA6F4172DEB37EEEAD",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\C664ABAE6A070392F60C7BFF721450AA0CF7DBA0",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D1B90B03F8D7A2BA6BA1E9251F8101DECDB2CBEC",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B028362E3889BEAC998CED49FD74BA83B106FF93",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\E2E836DA4479746F0312710A7F9EE78D7DFD4750",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\EFE71EF03AD3DD79AAEBAA0A3F9596521CBA2FFE",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\AAyGZCX[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\AAyEqbc[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\AAn16BU[1].png",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\AAwJdbf[1].jpg",
"C:\\Windows\\ACxtDalw.dll",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\AAyG0Ti[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\AAwGw6j[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\BB44T8g[1].png",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\AAxiu7M[1].jpg",
"C:\\Program Files (x86)\\oFLcWER\\pptxDO.dll",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\jslibraries[1]",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\icon-private.d692fe1edf7f[1].svg",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\ABA24AAB8A9EA0E34C3E86EFD7EE2992CE614003",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\9843E084E02CC996A82AAAF091B968B2F443AA96",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\E910D1FCE8BF27F5536B88567A4DC32624377CC3",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\html5shiv.42594ff91377[1].js",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\ae00a169[1].js",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\53A3BB8B513161BF46CD7ED76BE06E8E633BE492",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-phish-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\BBI5uP7[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\RE1Mu3b[1].png",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\AAyGCxD[1].jpg",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F17F04878A68505AE5481A71D8B733C5FFC6F285",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\AAyH62f[1].jpg",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\116C29D749EF02BBC3455756D834442785F9A388",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\AAyHysz[1].jpg",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\block-flash-digest256.sbstore",
"C:\\Windows\\GLDmfsVFY\\wilogon.exe",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\10822A86FA4EA4E601152426CBC79395A1336DF4",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\BBpDwny[1].png",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\AAbmT59[1].png",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\22C4B7AADA22F61015D43F2AC3959E959BFA7C92",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\AAyHI2X[1].jpg",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\167493A5CFB1A41265EC1B95DA06580C32BCF814",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\A2FD2AEC52AD764EF05C6E7CE3A4CE4B752EA5F0",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\AAyGjyX[1].jpg",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\thumbnails\\f8f5d529d35334f2fb264d19f656224e.png",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\AAyFhTm[1].jpg",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2732BCC97E7EB9EC9DE3E8EA8F56D7971CBDCD22",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\AAyHgQO[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\AAyGg2N[1].jpg",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\base-track-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\btn-app-store.1cfd5dba4a92[1].svg",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\235A8ED310BFD65966E1EE36D0FD4BE498C8B73C",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-malware-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\AAyDx8u[1].jpg",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\63FFF734326AB3EF836515DFE9353A5E12B66B71",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flashsubdoc-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\AAyHs9t[1].png",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\AAyHK37[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\AAyHIeD[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\AAyFQsk[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\desktop.ini",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\01B2BB0FC84221A3593CA7991D57E56AC2CAE656",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\thumbnails\\ad5a4453bea49203135688a7b8db842d.png",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\BBtjihq[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\AAyHqxT[1].jpg",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D3AEF13BE0B76F1272C2F5536D4AF952DE6D2579",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\AAyHUCN[1].jpg",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\745D8B14DE6A12F1FAB4E03C1DDDB18AADB91107",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\AAyHxtY[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\down-arrow-blue.3bcea1f6c2e8[1].svg",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2E3648501A7ACB740BAFCE7FC3EAF3D4DC4E995D",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\mozplugin-block-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\AAyGu6P[1].jpg",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\08F6935A08DB711CA491DE732807CFAEAB3E4D3B",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\BBCEEBf[1].png",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\AAyDgPJ[1].jpg",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-phish-proto.pset",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-track-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\AAyHPKF[1].jpg",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\46E3AF25E304979396708B69DA68563169275511",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flashallow-digest256.pset",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-trackwhite-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\BBpkUdu[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\set_hsts[1].gif",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\OfflineCache\\index.sqlite",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\25BA5C2B3FD98507850409FC3A4FD981B4B57A95",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\AAyGe3I[1].jpg",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\block-flash-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\AAyArFi[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\AAyAlCn[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\AAyGEJ3[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\b9-b5b4e1-68ddb2ab[1]",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\481A82674A6B66F0DE510C9A714F8CD8C49CECDC",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\8df804ba[1].js",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\BB93Uyk[1].png",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\favicon.d4f1f46b91f4[1].ico",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\AAyGo2Z[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\BBz3ebk[1].png",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\AAyHbX2[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\BByaqcs[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\AAyGojW[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\billboard-open-minds.11da5ba9e1e9[1].png",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\AAyGZCX[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\icon-faster.71c685e66ffb[1].svg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\AAyGhnZ[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\AAyHdgG[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\AAyGPjb[2].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\BBtnGyF[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\AAyEBML[1].jpg",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-badbinurl-proto.metadata",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\AAyH4gY[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\68b0925c[1].js",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-block-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\AAyI7qy[1].jpg",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\53B7A8254D12E292946E4514B3D598C1E6539AE8",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\AAyGwT5[1].png",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-downloadwhite-proto.metadata",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\AAyG9NB[1].jpg",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\79AEB0050B19F23A061AD4C2045261954485EF33",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\120B4106EC203FC932984367D86BBE11C2B9B93C",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\5E4954707B44E5A4B4ACF5F22B52219A1DCA477F",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\AAy5vpm[1].jpg",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2F8B15C93D75669CC70EBF85BF71871359837EAF",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\AAyGAU5[1].jpg",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\25FCAA86CF448D2943B56A5788C3C21E5EA8DBC4",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\AAmV9I7[1].png",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\AAyFB3T[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\BBnAbEC[1].png",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\AAyHpyj[1].png",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\wave.6e6e5026bcc9[1].svg",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\10506E8A46D6B713DA6BAF52F85CF29652AB094C",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\E771454BB360CA5F7AA169E5416B493549BC2F59",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\AAyH6ID[1].jpg",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\A9970A5D52CA09C13D9BD1531BCA7CF8B73E283E",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\9548F9611999ED8CA357720E12017816424CFB6F",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\8322BC5E83D3D80175E749D29197F9800286F253",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\AAyGiLA[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\48d809c9[1].js",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\BBKccj8[1].jpg",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B25B8C1B43CF7FBFAE6666322FAC0E83376388E2",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\AAyH8Zz[1].jpg",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2361C75DF0C4148925BB777DAFEA1BF4F9552B47",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\1AB027184D2B00AF60C1FC40EDE4333DEACDB184",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\C9BC79B1EF4DD1EF133FEDF6433E235214534AB1",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\AAyEhUL[1].jpg",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\cuck@www.mozilla[2].txt",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D5E6BECED2D69F7DA21EFD7B80D6C386F459CAF3",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\BF13DDDC114B55CF8532A4CD90403A99233AEC0E",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\6301F538B782708AB243E2D7E05058C93BB83863",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\BBru1ZR[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\BBK3ss2[1].jpg",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\6509930F4539DB79DA356F2C5D01976D46756302",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\AA8qzDM[1].png",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\66F684AF9CC570C6247262B47C769C601C2A338B",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\application[1]",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\8366CD083751DA973B30F80B11D910A45A6D920D",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\mwfmdl2-v1.17.3[1].eot",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\92B5C9352DD00CE3BC97E4D5F624D41C2B3E8A45",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\AAyGJkY[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\billboard-more-power.f83d248d8724[1].png",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\AAyHqcn[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\AAyGdND[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\AAyHwI4[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\AAyGL2U[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\AAykhnT[1].png",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\5DE23E815D1A97B1F4BEA115D8FEE9A592A6F071",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\search[1].htm",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\AAyD6MB[1].jpg",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\179F6D8969C48967D77229126C8892C5E40DBC29",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\12C5797F729FEAC529B8B47C188D14EB02D8CB76",
"C:\\Windows\\SysWOW64\\I6vMf7Hi8Py.sys",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\AAyGfks[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\AA5ND4b[1].jpg",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B3F357E619352C003E94A8CF5A48F89305F38330",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\trans[1].gif",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\block-flashsubdoc-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\AAyEGHA[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\AAyGJAI[1].jpg",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\7A8D3A9360CC37F0AD80962D4AEA72B6D0F0B2B3",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\3A472858AE5D0DD4813DF4EFC9F1037A487B1A64",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D56D07CBF04B0388B53B943F61C75FC6620FA0A9",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\BBih5H[1].png",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\EA9C51236A8D1BE9B123FE65F49772A97F2EAAEC",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\E8F333B9BE75EC8017017DAE4ACE9DCC6677A983",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\gtm[2].js",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\0C2824F70ADF87E5071FE4771AF36357A5500643",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\54EF37D18C4E81EE554527CBAE4A41871ECA817A",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\AAyG5Kq[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\BBpREyq[1].png",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\AAyGU9t[1].jpg",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\cuck@msn[2].txt",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-trackwhite-simple.pset",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D1A8E6A06938A84BEC26B6A4F8D583FB4A3E4875",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\0CB83587A5F8FCB502CB86AC361A93E2B36E861C",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\9B1007AC2F741C4FD7099C41A741D0FD35957BB8",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\34D9B2F464DD8C129F58DFEE470B079556A7A3F9",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\19AE0F43DA3528C6C3423A49A8C88E2268C93A9F",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D381FB47D731C2651FB103E2F7BC18AF380F7B1F",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\jumpListCache\\+y9kS89rNtiGKjMEHYfd8A==.ico",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\mwfmdl2-v2.77[1].eot",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\mozstd-trackwhite-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\BBIMpSV[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\AAyHeQv[1].png",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\AAyHa0Z[1].png",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\icon-newsletter.77592a9f8e1f[1].svg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\AAyHG50[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\AAmVurs[1].png",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\BBHnZrx[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\d3-dfd8d6[1]",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\AAyHebP[1].jpg",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\75E50D054B90189E74DAB0C86F5E8680BE580C29",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\AA43a4z[1].png",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\AAyGa2y[1].jpg",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\698AC159A6BCBA0D13FE6F10F1A38E498F826F33",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\cuck@mozilla[1].txt",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\3105ECE5A1F29E3F4D2F5EDF3C6DC5FE4443FD4A",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\AAtg4eQ[1].png",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\AAywSGf[1].png",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\AAyHnHS[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\AAyF1dp[1].jpg",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\cuck@bing[1].txt",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\AAyDpQn[1].jpg",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\ED89A8241905354BB4530DC06257CEF53C1580A2",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\base-track-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\AAyG7xi[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\BBrHbUZ[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\AAyGaSM[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\trans[1].gif",
"C:\\Windows\\gaABPi\\MYAPRNiT.dll",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\AAyHp3I[1].jpg",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4A7B3B12544D1B7ECC140DBCC7F13159E5C2811A",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F8AC72083E334F70A553AE68455FBDF0E65C5221",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\345843dc[1].js",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-malware-proto.pset",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\DF08D94982E136FE7C4F2C94421F9E48C2C74A77",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\AAmS5r5[1].png",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\A3031C2052A395A7FE246EFE1783C6205B841295",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B43D30F6F6BD7155ECCE1FFC98748C5FE69D8051",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\A698B6CF98F43F9B0EE1C1DAF3F2CB9BFF09A47C",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\1E1444ABF82EF1DC8EE0944028E4CDA455D636F3",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\index.dat",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\AAyHv0X[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\thanks[1].htm",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\AAmVof7[1].png",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\thanks[1].htm",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\AAyGBkP[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\new[1].htm",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\6E1FED29EBE0BFDE3E498E4192938BE957FF9246",
"C:\\Windows\\gaABPi\\MAWeccbS.dll",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\1679441B8AA7B4D31717C773CC4E86A25B37532B",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\FDC043D6190638980733E805CC7517F27A931511",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\AAyin2O[1].jpg",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\AA109EF5680522CB655C98111C00F5A6B7B092B2",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\BBoqF0J[1].png",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4DE8480C465A21C0F01AA2B6F4E13E551F78BBB1",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\AAyGd9q[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\AAyGjVk[1].jpg",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\EFC872FB5405AFC377348FFCDD26E62BBB612D81",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\CCB2BB2D87699CA64DCF0C60BDECD1E30D1D6A11",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\71E6B979E60B9BE891481CC4F4A274E2DECFFCD7",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\AAyGFxl[1].png",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\AAmTseh[1].png",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\C4FA0268E64A0AD9E2040B07A1F10F120BD4EB0C",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\jquery-1.11.1.min[1].js",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F6C3C960F259CC3B54FF1DAD70E2F2E9E5020CA6",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\AAyGjmK[1].jpg",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\AFE5FBBD40656A0DF79CF1E5D0A1DF072C6B9AE9"
],
"directory_removed": [
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\thumbnails",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\OfflineCache",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\doomed",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\jumpListCache"
],
"file_exists": [
"",
"C:\\Program Files (x86)\\ihfqgu\\%windir%\\explorer.exe",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\pebbles.03d45fb8fff9[1].css",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\BBKtzto[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\linkid[1].js",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\AAn2nbX[1].png",
"C:\\Program Files\\Windows Media Player\\wmpnetwk.exe",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\AAyDNXs[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\desktop.ini",
"C:\\Windows\\gaABPi\\",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\AAyGytH[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\AAyHX0C[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\AAyGEJ3[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\AAyGk1E[1].png",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\AAyGo2Z[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\AAyG7xi[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\AAyGF0V[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\AAyDgPJ[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\AAmTi96[1].png",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\AA5Pgkt[1].png",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\AAyHSTw[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\AAyGjgH[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\f1d86b5a[1].js",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\AAyHtCF[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\AAwzWIT[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\AAyFSlO[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\desktop.ini",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\moz-wordmark-light-reverse.cb1bdf6d1de6[1].svg",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\AAyDG2i[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\AAmAjxE[1].png",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\AAm2UN1[1].png",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\AAyGdpn[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\AAvNAS3[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\social-icon-sprite.bf2ae0cd0f01[1].svg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\AAyGMoR[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\AAyGuU2[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\FwFQmYtW\\",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\History",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\mwf-main.var.min[1].js",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\stub_attribution_code[1]",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\BB93Uyk[1].png",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\meversion[1]",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\AAyDNV6[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\AAyGPjb[2].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\AA5P5kF[1].png",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\AAyH9fJ[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\AAyFI8u[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\AAyFYwA[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\AAyvDNg[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\AAiEGxc[1].png",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\a7-b05f22[1].txt",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\BBFznKu[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\AAywSGf[1].png",
"C:\\Windows\\SysWOW64\\",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\common-ie8.1a18bf9598c9[1].js",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\AAyG5Kq[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\654562[1].eot",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\gtm-snippet.9f9cf2026c5f[1].js",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\AAxlHiU[1].png",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\AAyGe3I[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\AAyHu89[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\AAn16BU[1].png",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\billboard-healthy-internet.4c6fc8ad55a2[1].png",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\AAyzFYA[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\46045091[1].js",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\BBqpxNn[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\AAyx8m7[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\AAyFB3T[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\analytics[1].js",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\AAt8NdA[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\e151e5[1].gif",
"C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\AAyEhUL[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\AAyGwc2[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\AAipTdr[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\AAmUOVK[1].png",
"C:\\Windows\\System32\\cmd.exe",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\AAyGmAd[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\AAyGPjb[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\AAyEE9W[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\AA70XHo[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\AAyH6wG[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\AAmTtWR[1].png",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\AAyHsSF[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\AAh3Qlh[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\AAa5VT3[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\AAxiGrh[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\AAyGuB1[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\AAyGCD1[1].png",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Internet Explorer.lnk",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\AAyGBkP[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\Passport[1].htm",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\wc-utils[1].txt",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\AAyGZCX[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\new[1].htm",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\AAwGw6j[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\btn-google-play.f03f6c89e1e9[1].png",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\browser.3c7a2e55d6ed[1].png",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\btn-google-play.77bdbc935c58[1].png",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\oldIE-pebbles.b7e68dca9b65[1].css",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\AAiEMTy[1].png",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\favicon.e6bb0e59df3d[1].ico",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\58-1abe64-91cdfbc1[1].txt",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\AAmTseh[1].png",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\AAyGsMl[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\stub-attribution.157168bbb235[1].js",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\AAs7njq[1].png",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\firefox_new_common.2a164989aaa0[1].css",
"C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\BBrEbke[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\mscc-0.4.0.min[1].js",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\mwf-west-european-default.min[1].css",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\AAyGfyg[1].jpg",
"C:\\Windows\\System32\\propsys.dll",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\trans[2].gif",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\firefox_new_scene1.2d7b3209f26e[1].css",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\AAyDBq2[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\btn-app-store.ace60becd7d2[1].svg",
"C:\\Python27\\python.exe",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\BB5SfLo[1].png",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\BBAIVZe[1].png",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\AAyH8rV[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\AAxiu7M[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\AAyGKvo[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\AAyGc2M[1].jpg",
"C:\\Windows\\System32\\GroupPolicy\\User",
"C:\\Windows\\System32\\ntshrui.dll",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\AAyGhnZ[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\AAyESU1[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\site.8391e739b374[1].js",
"C:\\Windows\\SysWOW64\\drivers\\imfilter.sys",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\BBKbRxB[1].jpg",
"C:\\Windows\\SysWOW64\\UDO.EXE",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\AAyHbA2[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\AAyGf6j[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\AAyH0lB[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\AAyHLXo[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\AAyHdfM[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\AAyHtqr[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\AAyGF76[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\58-1abe64-91cdfbc1[1].txt",
"C:\\Users\\Public\\Desktop\\",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\AAyGF0V[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\40e1b425[1].js",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\newsletter-graphic.1048dfaedfee[1].png",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\BBFlpYy[1].png",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\BBj5yEG[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\css[1].txt",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\AAyGbHz[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\AAni8qk[1].png",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\wordmark-dark.731d4dab7347[1].svg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\icon-check.c3513ac1f0bf[1].svg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\BBGFWil[1].jpg",
"C:\\Windows\\System32\\GroupPolicy",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\aea7e831[1].js",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\BBnHKSc[1].png",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\AAtnxhd[1].png",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\AAyGsjz[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\trans[1].gif",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\AAy5vpm[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\override[1].css",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\BBzUQnp[1].jpg",
"C:\\Program Files (x86)\\oFLcWER\\",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\AAyGhnZ[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\mscc-0.4.0.min[2].css",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\icon-lighter.72a7f6016d33[1].svg",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\FwFQmYtW\\EiYsuQ.dll",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\placeholder.71a50dbba44c[1].png",
"C:\\Users\\cuck\\Desktop\\",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\BBnDMqr[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\AAyHFtw[1].jpg",
"C:\\Windows\\SysWOW64\\rwyNCMc.exe",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\AAyHa0Z[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\AAxeUzm[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\angular-locale_en-us[1].js",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\AAyF1dp[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\AAyHp3I[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\b9-b5b4e1-68ddb2ab[1]",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\AA44aMX[1].png",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\AAyH6ID[1].jpg",
"C:\\Windows\\explorer.exe",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\AAyEqbc[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\AAyGfks[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\AAwJdbf[1].jpg",
"C:\\Windows\\ACxtDalw.dll",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\AAyG0Ti[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\BB44T8g[1].png",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\search[1].htm",
"C:\\Program Files (x86)\\oFLcWER\\pptxDO.dll",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\index.dat",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\jslibraries[1]",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\icon-private.d692fe1edf7f[1].svg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\BBHs1Sb[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\html5shiv.42594ff91377[1].js",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\ae00a169[1].js",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\History\\desktop.ini",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\BBI5uP7[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\RE1Mu3b[1].png",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\AAyGCxD[1].jpg",
"C:\\Windows\\SysWOW64\\propsys.dll",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\AAyH62f[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\AAyHysz[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\BBnAbEC[1].png",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\AAbmT59[1].png",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\AAyDx8u[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\AAyHI2X[1].jpg",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\BBwKMyE[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\AAyGjyX[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\AAyFhTm[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\AAyHgQO[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\AAyGg2N[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\btn-app-store.1cfd5dba4a92[1].svg",
"C:\\Windows\\System32\\SearchIndexer.exe",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\AAyHK37[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\AAyHIeD[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\AAyFQsk[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\desktop.ini",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\BBpREyq[1].png",
"C:\\Program Files (x86)\\Windows Media Player\\wmplayer.exe",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\BBtjihq[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\AAyHqxT[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\AAyHUCN[1].jpg",
"C:\\Users",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\AAyHxtY[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\AAyGu6P[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\BBCEEBf[1].png",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\AAyHPKF[1].jpg",
"C:\\Windows\\System32\\GroupPolicy\\Machine",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\d3-dfd8d6[1]",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\BBpkUdu[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\set_hsts[1].gif",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\logo-quantum-wordmark-white.bd1944395fb6[1].png",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\AAyArFi[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\AAyAlCn[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\AAyGEJ3[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\b9-b5b4e1-68ddb2ab[1]",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\8df804ba[1].js",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\AAyFYwA[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\favicon.d4f1f46b91f4[1].ico",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\BBz3ebk[1].png",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\AAyHbX2[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\BByaqcs[1].jpg",
"C:\\Windows\\System32\\SearchProtocolHost.exe",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\AAyGojW[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\billboard-open-minds.11da5ba9e1e9[1].png",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\AAyGZCX[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\icon-faster.71c685e66ffb[1].svg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\favicon[1].ico",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\AAyHdgG[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\BBtnGyF[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\AAyEBML[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\AAyH4gY[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\68b0925c[1].js",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\AAyI7qy[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\AAyGwT5[1].png",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\AAyG9NB[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\BBC0v57[1].png",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\AAyGAU5[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\AAmV9I7[1].png",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\AAyFB3T[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\BBpDwny[1].png",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\AAyHpyj[1].png",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\wave.6e6e5026bcc9[1].svg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\AAyGiLA[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\48d809c9[1].js",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\BBKccj8[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\AAyH8Zz[1].jpg",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Firefox.lnk",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\AAyEhUL[1].jpg",
"C:\\Windows\\SysWOW64\\drivers\\EYPCHelper.sys",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\BBru1ZR[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\BBK3ss2[1].jpg",
"C:\\Windows\\SysWOW64\\Clsmn.exe",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\AA8qzDM[1].png",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\AAyGJAI[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\AAyGJkY[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\billboard-more-power.f83d248d8724[1].png",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\AAyHqcn[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\AAyGdND[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\AAyHwI4[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\AAyGL2U[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\AAykhnT[1].png",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\search[1].htm",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\AAyD6MB[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\AA5ND4b[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\trans[1].gif",
"C:\\Program Files (x86)\\ihfqgu\\%ProgramFiles(x86)%\\Windows Media Player\\wmplayer.exe",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\AAyEGHA[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\firefox_new_scene2.80680e44761d[1].css",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\application[1]",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\BBih5H[1].png",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\gtm[2].js",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\AA5OV5j[1].png",
"C:\\Windows\\System32\\SearchFilterHost.exe",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\AAyGU9t[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\en-US[1].htm",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\mwfmdl2-v2.77[1].eot",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\BBIMpSV[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\AAyHeQv[1].png",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\AAyHa0Z[1].png",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\icon-newsletter.77592a9f8e1f[1].svg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\AAyHG50[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\AAmVurs[1].png",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\BBHnZrx[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\AAyHebP[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\AA43a4z[1].png",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\AAyGa2y[1].jpg",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Cookies",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\AAxeXbc[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\AAtg4eQ[1].png",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\AAyGi8f[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\BBwDaSh[1].png",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\AAyDpQn[1].jpg",
"C:\\ouJrEbQO.txt",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\AAyG7xi[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\BBrHbUZ[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\AAyGaSM[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\trans[1].gif",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\AAyHp3I[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\AAyHs9t[1].png",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\down-arrow-blue.3bcea1f6c2e8[1].svg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\AAmS5r5[1].png",
"C:\\Windows\\System32\\drivers\\etc\\hosts",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\index.dat",
"C:\\Windows\\",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\AAyHv0X[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\thanks[1].htm",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\AAmVof7[1].png",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\thanks[1].htm",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\new[1].htm",
"C:\\Windows\\gaABPi\\MAWeccbS.dll",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\AAyin2O[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\BBoqF0J[1].png",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\AAyGd9q[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\AAyGjVk[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\mwfmdl2-v1.17.3[1].eot",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\AAyHnHS[1].jpg",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\AAyGFxl[1].png",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\345843dc[1].js",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\jquery-1.11.1.min[1].js",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Launch Internet Explorer Browser.lnk",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\AAyGjmK[1].jpg"
],
"mutex": [
"Global\\2745BCBE6475605501D5CB",
"Global\\9131A620-690E-0D47-06A3-1DA43840B487AD1-3A60-74D0-E096",
"Global\\E1CA99B29E722C9B83CAAD689E632DD7"
],
"file_failed": [
"C:\\Users\\cuck\\Application Data\\360se6",
"C:\\Users\\cuck\\Local Settings\\Temporary Internet Files",
"C:\\Users\\cuck\\Local Settings\\Application Data\\UCBrowser",
"C:\\Windows\\System32\\GroupPolicy\\User\\Registry.pol",
"C:\\Users\\cuck\\Local Settings\\Application Data\\liebao",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\index.dat",
"C:\\Users\\cuck\\Local Settings\\Application Data\\TheWorld6",
"C:\\Users\\cuck\\AppData\\Local\\Tencent\\QQBrowser\\User Data\\Default\\Cache",
"C:\\Users\\cuck\\Application Data\\360se",
"C:\\Windows\\System32\\GroupPolicy\\Machine\\Registry.pol",
"C:\\Users\\cuck\\Local Settings\\Application Data\\360Chrome",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Baidu",
"C:\\Users\\cuck\\Local Settings",
"C:\\Users\\cuck\\Local Settings\\Application Data\\2345Explorer",
"C:\\Users\\cuck\\AppData\\Local\\liebao\\User Data\\Default\\Cache",
"C:\\Users\\cuck\\AppData\\Local\\360Chrome\\Chrome\\User Data\\Default\\Cache",
"C:\\Users\\cuck\\Local Settings\\Application Data\\liebao\\User Data",
"C:\\Users\\cuck\\Local Settings\\Application Data\\SogouExplorer",
"C:\\Users\\cuck\\Local Settings\\Application Data",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Google",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Opera",
"C:\\Users\\cuck\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache",
"C:\\Users\\cuck\\AppData\\Roaming\\SogouExplorer\\Webkit\\Default\\Cache",
"C:\\Windows\\System32\\GroupPolicy\\GPT.INI",
"C:\\Users\\cuck\\Application Data",
"C:\\Users\\cuck\\Local Settings\\desktop.ini",
"C:\\Users\\cuck\\AppData\\Local\\liebao\\User Data\\Default\\JumpListIcons",
"C:\\Users\\cuck\\Application Data\\desktop.ini",
"C:\\Users\\cuck\\Local Settings\\Application Data\\TaoBrowser",
"C:\\Users\\cuck\\AppData\\Local\\Opera\\Opera\\Cache"
],
"guid": [
"{5762f2a7-4658-4c7a-a4ac-bdabfe154e0d}",
"{ea502723-a23d-11d1-a7d3-0000f87571e3}",
"{49f371e1-8c5c-4d9c-9a3b-54a6827f513c}",
"{a4341687-7593-47aa-9554-4b0ffc8b2214}",
"{00021401-0000-0000-c000-000000000046}",
"{ea502722-a23d-11d1-a7d3-0000f87571e3}",
"{688c934d-0c26-40f6-8d29-d56d72c76b48}",
"{9e175b6d-f52a-11d8-b9a5-505054503030}",
"{559b1911-d3af-486e-b8bc-242b24df0114}",
"{76765b11-3f95-4af2-ac9d-ea55d8994f1a}",
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}",
"{edb5f444-cb8d-445a-a523-ec5ab6ea33c7}",
"{6311429e-2f1a-4777-880f-c7289fd10169}",
"{57ced8a7-3f4a-432c-9350-30f24483f74f}",
"{00000000-0000-0000-c000-000000000046}",
"{000214ee-0000-0000-c000-000000000046}",
"{000214fc-0000-0000-c000-000000000046}",
"{72eb61e0-8672-4303-9175-f2e4c68b2e7c}",
"{b056521a-9b10-425e-b616-1fcd828db3b1}",
"{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}"
],
"file_read": [
"C:\\Windows\\System32\\SearchIndexer.exe",
"C:\\Users\\cuck\\Local Settings\\Temporary Internet Files\\desktop.ini",
"C:\\Windows\\System32\\drivers\\etc\\hosts",
"C:\\Program Files\\Windows Media Player\\wmpnetwk.exe",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Explorer.lnk",
"C:\\Windows\\System32\\GroupPolicy\\gpt.ini",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\desktop.ini",
"C:\\Windows\\System32\\cmd.exe",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\desktop.ini",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\desktop.ini",
"C:\\Python27\\python.exe",
"C:\\Windows\\gaABPi\\MAWeccbS.dll",
"C:\\Windows\\System32\\SearchProtocolHost.exe",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\desktop.ini",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\desktop.ini",
"C:\\Users\\desktop.ini",
"C:\\Program Files (x86)\\ihfqgu\\razy.exe",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Firefox.lnk",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Media Player.lnk",
"C:\\Windows\\System32\\ntshrui.dll",
"C:\\Windows\\System32\\SearchFilterHost.exe",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Internet Explorer.lnk",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Shows Desktop.lnk",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Window Switcher.lnk",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\desktop.ini",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Launch Internet Explorer Browser.lnk",
"C:\\Program Files (x86)\\desktop.ini"
],
"regkey_read": [
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CSSfile\\NeverShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.gif\\IsShortcut",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\inifile\\AlwaysShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Rpc\\MaxRpcSize",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{7BD29E01-76C1-11CF-9DD0-00A0C9034933}\\DocObject",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{7BD29E01-76C1-11CF-9DD0-00A0C9034933}\\NeverShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.js\\PerceivedType",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\MSHist012019040920190410\\CachePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.ico\\DocObject",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{3080F90D-D7AD-11D9-BD98-0000947B0257}\\ShellFolder\\MapNetDriveVerbs",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\AlwaysShowExt",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Cookies\\CacheLimit",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{3080F90E-D7AD-11D9-BD98-0000947B0257}\\ShellFolder\\WantsFORDISPLAY",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\jpegfile\\DocObject",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\jpegfile\\BrowseInPlace",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\NoFileFolderConnection",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{3080F90D-D7AD-11D9-BD98-0000947B0257}\\ShellFolder\\RestrictedAttributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{A38B883C-1682-497E-97B0-0A3A9E801682}\\DisableProcessIsolation",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.jpg\\AlwaysShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\image\\IsShortcut",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-699399860-4089948139-3198924279-1001\\ProfileImagePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Sharing\\UsersShareName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{A38B883C-1682-497E-97B0-0A3A9E801682}\\UseInProcHandlerCache",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Cookies\\PerUserItem",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\feedplat\\CacheRepair",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Unknown\\AlwaysShowExt",
"HKEY_LOCAL_MACHINE\\SYSTEM\\Setup\\SystemSetupInProgress",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.png\\NeverShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.dat\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.bin\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{3080F90D-D7AD-11D9-BD98-0000947B0257}\\ShellFolder\\NoFileFolderJunction",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{3080F90D-D7AD-11D9-BD98-0000947B0257}\\System.NamespaceCLSID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{3080F90D-D7AD-11D9-BD98-0000947B0257}\\ShellFolder\\HideFolderVerbs",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.gif\\NeverShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.png\\IsShortcut",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.ini\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe\\DocObject",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\txtfile\\DocObject",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\giffile\\IsShortcut",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{3080F90E-D7AD-11D9-BD98-0000947B0257}\\ShellFolder\\RestrictedAttributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\SourcePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.bin\\NeverShowExt",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{3f5cc1b5-70f9-11e8-b07b-806e6f6e6963}\\Generation",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.dat\\AlwaysShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{3080F90E-D7AD-11D9-BD98-0000947B0257}\\ShellFolder\\HasNavigationEnum",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\ietld\\CacheLimit",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\SyncMode5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{3080F90D-D7AD-11D9-BD98-0000947B0257}\\ShellFolder\\HideOnDesktopPerUser",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\giffile\\CLSID\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\pngfile\\IsShortcut",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{40DD6E20-7C17-11CE-A804-00AA003CA9F6}\\InProcServer32\\LoadWithoutCOM",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Tcpip\\Parameters\\Domain",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\NeverShowExt",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Language Groups\\1",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\DisableImprovedZoneCheck",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\NeverShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{3080F90E-D7AD-11D9-BD98-0000947B0257}\\ShellFolder\\WantsFORPARSING",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.ini\\Content Type",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\PrivacIE:\\CachePrefix",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Cached\\{40DD6E20-7C17-11CE-A804-00AA003CA9F6} {000214FC-0000-0000-C000-000000000046} 0xFFFF",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\PrivacIE:\\CachePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\image\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.dat\\PerceivedType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.jpg\\DocObject",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.gif\\AlwaysShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.png\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\NeverShowExt",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.htm\\UserChoice\\Progid",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\pngfile\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\pngfile\\CLSID\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\icofile\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CSSfile\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\icofile\\DocObject",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.jpg\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\text\\IsShortcut",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{3080F90E-D7AD-11D9-BD98-0000947B0257}\\ShellFolder\\MapNetDriveVerbs",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{3080F90D-D7AD-11D9-BD98-0000947B0257}\\ShellFolder\\PinToNameSpaceTree",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-19\\ProfileImagePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\PropertySystem\\PropertyHandlers\\.png\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\txtfile\\IsShortcut",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\ProgramFilesDir",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{7BD29E01-76C1-11CF-9DD0-00A0C9034933}\\ShellFolder\\PinToNameSpaceTree",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\DOMStore\\CacheRepair",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{A38B883C-1682-497E-97B0-0A3A9E801682}\\UseOutOfProcHandlerCache",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{7BD29E01-76C1-11CF-9DD0-00A0C9034933}\\ShellFolder\\NoFileFolderJunction",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{7BD29E01-76C1-11CF-9DD0-00A0C9034933}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.ico\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{7BD29E01-76C1-11CF-9DD0-00A0C9034933}\\ShellFolder\\QueryForOverlay",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.bin\\Content Type",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Cookies\\CachePrefix",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.htm\\BrowseInPlace",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Content\\PerUserItem",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\System.NamespaceCLSID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CSSfile\\DocObject",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{3080F90E-D7AD-11D9-BD98-0000947B0257}\\System.NamespaceCLSID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{3080F90E-D7AD-11D9-BD98-0000947B0257}\\ShellFolder\\HideFolderVerbs",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{3080F90E-D7AD-11D9-BD98-0000947B0257}\\ShellFolder\\QueryForOverlay",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.gif\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\shellex\\CopyHookHandlers\\Sharing\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{3080F90E-D7AD-11D9-BD98-0000947B0257}\\ShellFolder\\CallForAttributes",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\PrivacIE:\\CacheOptions",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\UserenvDebugLevel",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\inifile\\IsShortcut",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{7BD29E01-76C1-11CF-9DD0-00A0C9034933}\\ShellFolder\\WantsFORPARSING",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.exe\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\image\\DocObject",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\crypt32\\DebugHeapFlags",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\MSHist012019040920190410\\CacheRepair",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{3080F90E-D7AD-11D9-BD98-0000947B0257}\\ShellFolder\\WantsParseDisplayName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{7BD29E01-76C1-11CF-9DD0-00A0C9034933}\\ShellFolder\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.htm\\DocObject",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{3080F90D-D7AD-11D9-BD98-0000947B0257}\\ShellFolder\\QueryForInfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{3080F90D-D7AD-11D9-BD98-0000947B0257}\\ShellFolder\\WantsFORPARSING",
"HKEY_CURRENT_USER\\FirefoxHTML-E7CF176E110C211B\\IsShortcut",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.htm\\IsShortcut",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\IsShortcut",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Cookies\\PerUserItem",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Unknown\\DocObject",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Content\\PerUserItem",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{3f5cc1b6-70f9-11e8-b07b-806e6f6e6963}\\Data",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\txtfile\\NeverShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.png\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\jpegfile\\AlwaysShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\jpegfile\\NeverShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\SessionStartTimeDefaultDeltaSecs",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\icofile\\IsShortcut",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.js\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.ico\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.htm\\AlwaysShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\History\\PerUserItem",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\txtfile\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\User Agent\\Platform",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\DocObject",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{7BD29E01-76C1-11CF-9DD0-00A0C9034933}\\ShellFolder\\WantsParseDisplayName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.txt\\PerceivedType",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\feedplat\\CacheOptions",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\LanmanServer\\DefaultSecurity\\SrvsvcDefaultShareInfo",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\ietld\\CachePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{3080F90D-D7AD-11D9-BD98-0000947B0257}\\{28636AA6-953D-11D2-B5D6-00C04FD918D0} 6",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.ico\\NeverShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.jpg\\NeverShowExt",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\DOMStore\\CachePrefix",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{7BD29E01-76C1-11CF-9DD0-00A0C9034933}\\ShellFolder\\HasNavigationEnum",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\ConfirmFileDelete",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\IsShortcut",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.dat\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{40DD6E20-7C17-11CE-A804-00AA003CA9F6}\\InProcServer32\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\ietld\\CacheRepair",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\JSFile\\IsShortcut",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{3080F90D-D7AD-11D9-BD98-0000947B0257}\\ShellFolder\\CallForAttributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\AlwaysShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\PropertySystem\\PropertyHandlers\\.ico\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe\\IsShortcut",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{7BD29E01-76C1-11CF-9DD0-00A0C9034933}\\ShellFolder\\UseDropHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\User Agent\\Compatible",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{3080F90D-D7AD-11D9-BD98-0000947B0257}\\ShellFolder\\HideInWebView",
"HKEY_CURRENT_USER\\.htm\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{3080F90E-D7AD-11D9-BD98-0000947B0257}\\ShellFolder\\NoFileFolderJunction",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{7BD29E01-76C1-11CF-9DD0-00A0C9034933}\\ShellFolder\\WantsFORDISPLAY",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{3080F90D-D7AD-11D9-BD98-0000947B0257}\\ShellFolder\\QueryForOverlay",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\History\\PerUserItem",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{3080F90E-D7AD-11D9-BD98-0000947B0257}\\ShellFolder\\HideInWebView",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\giffile\\AlwaysShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.ini\\PerceivedType",
"HKEY_CURRENT_USER\\FirefoxHTML-E7CF176E110C211B\\NeverShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.txt\\NeverShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\User Agent\\Version",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\DocObject",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.jpg\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\AllowFileCLSIDJunctions",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\Advanced\\MaxUndoItems",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\feedplat\\CachePrefix",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\MaxUndoItems",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.gif\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.htm\\NeverShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\inifile\\DocObject",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\User Agent\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{7BD29E01-76C1-11CF-9DD0-00A0C9034933}\\ShellFolder\\QueryForInfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\text\\NeverShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\jpegfile\\IsShortcut",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.dat\\IsShortcut",
"HKEY_CURRENT_USER\\FirefoxHTML-E7CF176E110C211B\\AlwaysShowExt",
"HKEY_CURRENT_USER\\FirefoxHTML-E7CF176E110C211B\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.ico\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\jpegfile\\CLSID\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.txt\\DocObject",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\MSHist012019040920190410\\CacheOptions",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\icofile\\AlwaysShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\JSFile\\DocObject",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\DOMStore\\CacheOptions",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.ico\\IsShortcut",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Tcpip\\Parameters\\Hostname",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\text\\AlwaysShowExt",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\DOMStore\\CachePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.txt\\AlwaysShowExt",
"HKEY_LOCAL_MACHINE\\SYSTEM\\Setup\\OOBEInProgress",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{7BD29E01-76C1-11CF-9DD0-00A0C9034933}\\ShellFolder\\WantsAliasedNotifications",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-18\\ProfileImagePath",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\MSHist012019040920190410\\CacheLimit",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{7BD29E01-76C1-11CF-9DD0-00A0C9034933}\\ShellFolder\\HideFolderVerbs",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\{28636AA6-953D-11D2-B5D6-00C04FD918D0} 6",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{3080F90D-D7AD-11D9-BD98-0000947B0257}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{3080F90D-D7AD-11D9-BD98-0000947B0257}\\ShellFolder\\WantsFORDISPLAY",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.png\\AlwaysShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.jpg\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{3080F90E-D7AD-11D9-BD98-0000947B0257}\\ShellFolder\\WantsAliasedNotifications",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{3080F90E-D7AD-11D9-BD98-0000947B0257}\\ShellFolder\\PinToNameSpaceTree",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{3080F90D-D7AD-11D9-BD98-0000947B0257}\\ShellFolder\\WantsAliasedNotifications",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{3080F90E-D7AD-11D9-BD98-0000947B0257}\\ShellFolder\\WantsUniversalDelegate",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en-US",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{3080F90E-D7AD-11D9-BD98-0000947B0257}\\ShellFolder\\QueryForInfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.txt\\IsShortcut",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.txt\\BrowseInPlace",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Content\\CacheLimit",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\User Agent\\Platform",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{3080F90E-D7AD-11D9-BD98-0000947B0257}\\ShellFolder\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\inifile\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\User Agent\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\ietld\\CacheOptions",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\text\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{3080F90D-D7AD-11D9-BD98-0000947B0257}\\ShellFolder\\WantsUniversalDelegate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoStrCmpLogical",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\ietld\\CachePrefix",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.jpg\\IsShortcut",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\History\\CacheLimit",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.png\\DocObject",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\History\\CachePrefix",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{7BD29E01-76C1-11CF-9DD0-00A0C9034933}\\AlwaysShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{7BD29E01-76C1-11CF-9DD0-00A0C9034933}\\BrowseInPlace",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\feedplat\\CachePath",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\MSHist012019040920190410\\CachePrefix",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CSSfile\\IsShortcut",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Security_HKLM_only",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\JSFile\\BrowseInPlace",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\DOMStore\\CacheLimit",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.gif\\DocObject",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{7BD29E01-76C1-11CF-9DD0-00A0C9034933}\\IsShortcut",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\DevicePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Unknown\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\giffile\\NeverShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\AlwaysShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\txtfile\\AlwaysShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{7BD29E01-76C1-11CF-9DD0-00A0C9034933}\\ShellFolder\\HideOnDesktopPerUser",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Content\\CachePrefix",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{3f5cc1b5-70f9-11e8-b07b-806e6f6e6963}\\Data",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.css\\PerceivedType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{3080F90D-D7AD-11D9-BD98-0000947B0257}\\ShellFolder\\HasNavigationEnum",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\PrivacIE:\\CacheLimit",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{3080F90D-D7AD-11D9-BD98-0000947B0257}\\ShellFolder\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_BROWSER_EMULATION\\razy.exe",
"HKEY_CURRENT_USER\\.htm\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\image\\AlwaysShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.txt\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{7BD29E01-76C1-11CF-9DD0-00A0C9034933}\\ShellFolder\\CallForAttributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{3080F90D-D7AD-11D9-BD98-0000947B0257}\\ShellFolder\\WantsParseDisplayName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_BROWSER_EMULATION\\*",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\IsShortcut",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{3080F90D-D7AD-11D9-BD98-0000947B0257}\\ShellFolder\\UseDropHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.png\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{3080F90E-D7AD-11D9-BD98-0000947B0257}\\ShellFolder\\HideOnDesktopPerUser",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en-US",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.exe\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{A38B883C-1682-497E-97B0-0A3A9E801682}\\NoOplock",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.gif\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.dat\\NeverShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{217FC9C0-3AEA-1069-A2DB-08002B30309D}\\InProcServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\pngfile\\DocObject",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.bin\\IsShortcut",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\pngfile\\AlwaysShowExt",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\User Agent",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-20\\ProfileImagePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NormalizeLinkNetPidls",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.dat\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.ico\\AlwaysShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Drive\\shellex\\FolderExtensions\\{fbeb8a05-beee-4442-804e-409d6c4515e9}\\DriveMask",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\System\\GpSvcDebugLevel",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\pngfile\\NeverShowExt",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\feedplat\\CacheLimit",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{7BD29E01-76C1-11CF-9DD0-00A0C9034933}\\ShellFolder\\WantsUniversalDelegate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.txt\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\JSFile\\AlwaysShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe\\AlwaysShowExt",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{3f5cc1b6-70f9-11e8-b07b-806e6f6e6963}\\Generation",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.dat\\DocObject",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\image\\NeverShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{3080F90E-D7AD-11D9-BD98-0000947B0257}\\{28636AA6-953D-11D2-B5D6-00C04FD918D0} 6",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.bin\\PerceivedType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.css\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\giffile\\DocObject",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{3080F90E-D7AD-11D9-BD98-0000947B0257}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SQMClient\\Windows\\CEIPEnable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.bin\\AlwaysShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CSSfile\\AlwaysShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\shellex\\CopyHookHandlers\\FileSystem\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Unknown\\IsShortcut",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.js\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.bin\\DocObject",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\ComputerName\\ActiveComputerName\\ComputerName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Unknown\\NeverShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\icofile\\NeverShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\inifile\\NeverShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{7BD29E01-76C1-11CF-9DD0-00A0C9034933}\\ShellFolder\\MapNetDriveVerbs",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\PrivacIE:\\CacheRepair",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Locale\\00000409",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{3080F90E-D7AD-11D9-BD98-0000947B0257}\\ShellFolder\\UseDropHandler",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Signature",
"HKEY_CURRENT_USER\\Local Settings\\MuiCache\\2\\52C64B7E\\@\"%windir%\\System32\\ie4uinit.exe\",-732",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.css\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\text\\DocObject",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\DocObject",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe\\NeverShowExt",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\User Agent\\Compatible",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.bin\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\giffile\\BrowseInPlace",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\User Agent\\Version",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\MUI\\StringCacheSettings\\StringCacheGeneration",
"HKEY_CURRENT_USER\\FirefoxHTML-E7CF176E110C211B\\DocObject",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{7BD29E01-76C1-11CF-9DD0-00A0C9034933}\\ShellFolder\\HideInWebView",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders\\Cache",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{7BD29E01-76C1-11CF-9DD0-00A0C9034933}\\ShellFolder\\RestrictedAttributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\JSFile\\NeverShowExt"
],
"directory_enumerated": [
"C:\\Windows\\System32\\*.*",
"C:\\Users\\cuck\\Local Settings\\Application Data\\SogouExplorer\\Webkit",
"C:\\Users\\cuck\\Local Settings\\Application Data\\2345Explorer\\User Data",
"C:\\Users\\cuck\\AppData\\Local\\liebao",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Baidu\\BaiduBrowser",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Google\\Chrome",
"C:\\Users\\cuck\\AppData\\Local\\Google",
"C:\\Users\\cuck\\Application Data\\360se\\ie8data",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\*.lnk",
"C:\\Windows\\System32",
"C:\\Users\\Public\\Desktop\\*.url",
"C:\\Users\\cuck\\Local Settings\\Application Data\\TaoBrowser\\User Data",
"C:\\Windows\\System32\\ntshrui.dll",
"C:\\Users\\cuck\\AppData\\Local\\Tencent",
"C:\\Windows",
"C:\\Users\\cuck\\Local Settings\\Application Data\\liebao\\User Data",
"C:\\Users\\cuck\\Local Settings\\Application Data\\360Chrome\\Chrome",
"C:\\Users\\cuck\\Desktop\\*.lnk",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\*.lnk",
"C:\\Users\\cuck\\AppData\\Local\\Opera",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\*.url",
"C:\\Users\\cuck\\Local Settings\\Application Data\\Opera\\Opera",
"C:\\Users\\cuck\\Application Data\\360se6\\User Data",
"C:\\Users\\cuck\\Desktop\\*.url",
"C:\\Users\\cuck\\Local Settings\\Application Data\\TheWorld6\\User Data",
"C:\\Users\\cuck\\Local Settings\\Application Data\\UCBrowser\\User Data",
"C:\\Users\\Public\\Desktop\\*.lnk",
"C:\\Users\\cuck\\AppData\\Local\\360Chrome",
"C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe",
"C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe",
"C:\\Users\\cuck\\AppData\\Roaming\\SogouExplorer",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\*.url"
],
"regkey_written": [
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\I6vMf7Hi8P\\Devname",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Group Policy Objects\\{CFF62D5F-1329-40E2-BFDF-2CCA7911EF1A}Machine\\Software\\Policies\\Google\\Chrome\\EnableCommonNameFallbackForLocalAnchors",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\Start Page",
"HKEY_CURRENT_USER\\Local Settings\\MuiCache\\2\\52C64B7E\\LanguageList",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\Local Page"
]
},
"first_seen": 1597290787.625,
"ppid": 816
},
{
"process_path": "C:\\Users\\cuck\\AppData\\Local\\Temp\\02b3347e2bc807abd5a3c361d5d88e5013e88b169e86077d525a29f791602ea5.bin",
"process_name": "02b3347e2bc807abd5a3c361d5d88e5013e88b169e86077d525a29f791602ea5.bin",
"pid": 2460,
"summary": {
"file_created": [
"C:\\xfpl\\__tmp_rar_sfx_access_check_31297000",
"C:\\xfpl\\crazy.exe"
],
"directory_created": [
"c:\\xfpl"
],
"dll_loaded": [
"ext-ms-win-kernel32-package-current-l1-1-0",
"C:\\Windows\\system32\\riched20.dll",
"kernel32",
"gdi32.dll",
"kernel32.dll",
"UxTheme.dll",
"C:\\Windows\\system32\\rsaenh.dll",
"C:\\Windows\\system32\\ole32.dll",
"C:\\Windows\\system32\\sfc_os.dll",
"dwmapi.dll",
"C:\\Windows\\system32\\DXGIDebug.dll",
"Signatures
[
{
"markcount": 6,
"families": [],
"description": "Queries for the computername",
"severity": 1,
"marks": [
{
"call": {
"category": "misc",
"status": 1,
"stacktrace": [],
"api": "GetComputerNameA",
"return_value": 1,
"arguments": {
"computer_name": "CUCKPC"
},
"time": 1597290787.907,
"tid": 1576,
"flags": {}
},
"pid": 2628,
"type": "call",
"cid": 817
},
{
"call": {
"category": "misc",
"status": 1,
"stacktrace": [],
"api": "GetComputerNameA",
"return_value": 1,
"arguments": {
"computer_name": "CUCKPC"
},
"time": 1597290825.297,
"tid": 2408,
"flags": {}
},
"pid": 2628,
"type": "call",
"cid": 2435
},
{
"call": {
"category": "misc",
"status": 1,
"stacktrace": [],
"api": "GetComputerNameW",
"return_value": 1,
"arguments": {
"computer_name": "CUCKPC"
},
"time": 1597290400.862644,
"tid": 1828,
"flags": {}
},
"pid": 1788,
"type": "call",
"cid": 873
},
{
"call": {
"category": "misc",
"status": 1,
"stacktrace": [],
"api": "GetComputerNameW",
"return_value": 1,
"arguments": {
"computer_name": "CUCKPC"
},
"time": 1597290400.893644,
"tid": 1828,
"flags": {}
},
"pid": 1788,
"type": "call",
"cid": 884
},
{
"call": {
"category": "misc",
"status": 1,
"stacktrace": [],
"api": "GetComputerNameW",
"return_value": 1,
"arguments": {
"computer_name": "CUCKPC"
},
"time": 1597290401.127644,
"tid": 1828,
"flags": {}
},
"pid": 1788,
"type": "call",
"cid": 1154
},
{
"call": {
"category": "misc",
"status": 1,
"stacktrace": [],
"api": "GetComputerNameW",
"return_value": 1,
"arguments": {
"computer_name": "CUCKPC"
},
"time": 1597290401.159644,
"tid": 1828,
"flags": {}
},
"pid": 1788,
"type": "call",
"cid": 1164
}
],
"references": [],
"name": "antivm_queries_computername"
},
{
"markcount": 1,
"families": [],
"description": "This executable has a PDB path",
"severity": 1,
"marks": [
{
"category": "pdb_path",
"ioc": "D:\\Projects\\WinRAR\\sfx\\build\\sfxrar32\\Release\\sfxrar.pdb",
"type": "ioc",
"description": null
}
],
"references": [],
"name": "has_pdb"
},
{
"markcount": 1,
"families": [],
"description": "Tries to locate where the browsers are installed",
"severity": 1,
"marks": [
{
"category": "file",
"ioc": "C:\\Program Files (x86)\\Mozilla Firefox",
"type": "ioc",
"description": null
}
],
"references": [],
"name": "locates_browser"
},
{
"markcount": 1,
"families": [],
"description": "Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available",
"severity": 1,
"marks": [
{
"call": {
"category": "system",
"status": 1,
"stacktrace": [],
"api": "GlobalMemoryStatusEx",
"return_value": 1,
"arguments": {},
"time": 1597290787.421375,
"tid": 2256,
"flags": {}
},
"pid": 816,
"type": "call",
"cid": 685
}
],
"references": [],
"name": "antivm_memory_available"
},
{
"markcount": 1,
"families": [],
"description": "The executable contains unknown PE section names indicative of a packer (could be a false positive)",
"severity": 1,
"marks": [
{
"category": "section",
"ioc": ".gfids",
"type": "ioc",
"description": null
}
],
"references": [],
"name": "pe_features"
},
{
"markcount": 15,
"families": [],
"description": "One or more processes crashed",
"severity": 1,
"marks": [
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "r\na\nz\ny\n+\n0\nx\n1\nf\n4\na\n0\n \n@\n \n0\nx\n4\n1\nf\n4\na\n0\n\n\nr\na\nz\ny\n+\n0\nx\n1\nf\n3\ne\ne\n \n@\n \n0\nx\n4\n1\nf\n3\ne\ne\n\n\nr\na\nz\ny\n+\n0\nx\n1\nf\n3\na\nf\n \n@\n \n0\nx\n4\n1\nf\n3\na\nf\n\n\nr\na\nz\ny\n+\n0\nx\n3\n0\n8\ne\n1\n \n@\n \n0\nx\n4\n3\n0\n8\ne\n1\n\n\nr\na\nz\ny\n+\n0\nx\n3\n4\n7\n5\nb\n \n@\n \n0\nx\n4\n3\n4\n7\n5\nb\n\n\nr\na\nz\ny\n+\n0\nx\n3\n4\na\n6\n5\n \n@\n \n0\nx\n4\n3\n4\na\n6\n5\n\n\nr\na\nz\ny\n+\n0\nx\n3\n4\nc\n0\n0\n \n@\n \n0\nx\n4\n3\n4\nc\n0\n0\n\n\nr\na\nz\ny\n+\n0\nx\n3\n3\n8\nc\n9\n \n@\n \n0\nx\n4\n3\n3\n8\nc\n9\n\n\nr\na\nz\ny\n+\n0\nx\n4\n6\nd\n2\nb\n \n@\n \n0\nx\n4\n4\n6\nd\n2\nb\n\n\nr\na\nz\ny\n+\n0\nx\n1\nb\ne\n7\n7\n \n@\n \n0\nx\n4\n1\nb\ne\n7\n7\n\n\nr\na\nz\ny\n+\n0\nx\n4\n0\n0\n6\n \n@\n \n0\nx\n4\n0\n4\n0\n0\n6\n\n\nB\na\ns\ne\nT\nh\nr\ne\na\nd\nI\nn\ni\nt\nT\nh\nu\nn\nk\n+\n0\nx\n1\n2\n \nV\ne\nr\ni\nf\ny\nC\no\nn\ns\no\nl\ne\nI\no\nH\na\nn\nd\nl\ne\n-\n0\nx\nb\n3\n \nk\ne\nr\nn\ne\nl\n3\n2\n+\n0\nx\n1\n3\n3\nc\na\n \n@\n \n0\nx\n7\n5\nb\nc\n3\n3\nc\na\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n6\n3\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\na\n1\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\nd\n2\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\nd\n2\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n3\n6\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\nc\ne\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\na\n5\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\na\n5",
"registers": {
"esp": 51510356,
"edi": 51510544,
"eax": 51510356,
"ebp": 51510436,
"edx": 0,
"ebx": 4325024,
"esi": 11004,
"ecx": 7
},
"exception": {
"instruction_r": "c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b",
"symbol": "RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727",
"instruction": "leave",
"module": "KERNELBASE.dll",
"exception_code": "0xeedfade",
"offset": 46887,
"address": "0x75dbb727"
}
},
"time": 1597290790.203,
"tid": 1744,
"flags": {}
},
"pid": 2628,
"type": "call",
"cid": 1129
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "r\na\nz\ny\n+\n0\nx\n1\nf\n4\na\n0\n \n@\n \n0\nx\n4\n1\nf\n4\na\n0\n\n\nr\na\nz\ny\n+\n0\nx\n1\nf\n3\ne\ne\n \n@\n \n0\nx\n4\n1\nf\n3\ne\ne\n\n\nr\na\nz\ny\n+\n0\nx\n1\nf\n3\na\nf\n \n@\n \n0\nx\n4\n1\nf\n3\na\nf\n\n\nr\na\nz\ny\n+\n0\nx\n3\n0\n8\ne\n1\n \n@\n \n0\nx\n4\n3\n0\n8\ne\n1\n\n\nr\na\nz\ny\n+\n0\nx\n3\n4\n7\n5\nb\n \n@\n \n0\nx\n4\n3\n4\n7\n5\nb\n\n\nr\na\nz\ny\n+\n0\nx\n3\n4\na\n6\n5\n \n@\n \n0\nx\n4\n3\n4\na\n6\n5\n\n\nr\na\nz\ny\n+\n0\nx\n3\n4\nc\n0\n0\n \n@\n \n0\nx\n4\n3\n4\nc\n0\n0\n\n\nr\na\nz\ny\n+\n0\nx\n3\n3\n8\nc\n9\n \n@\n \n0\nx\n4\n3\n3\n8\nc\n9\n\n\nr\na\nz\ny\n+\n0\nx\n4\n6\nd\n2\nb\n \n@\n \n0\nx\n4\n4\n6\nd\n2\nb\n\n\nr\na\nz\ny\n+\n0\nx\n1\nb\ne\n7\n7\n \n@\n \n0\nx\n4\n1\nb\ne\n7\n7\n\n\nr\na\nz\ny\n+\n0\nx\n4\n0\n0\n6\n \n@\n \n0\nx\n4\n0\n4\n0\n0\n6\n\n\nB\na\ns\ne\nT\nh\nr\ne\na\nd\nI\nn\ni\nt\nT\nh\nu\nn\nk\n+\n0\nx\n1\n2\n \nV\ne\nr\ni\nf\ny\nC\no\nn\ns\no\nl\ne\nI\no\nH\na\nn\nd\nl\ne\n-\n0\nx\nb\n3\n \nk\ne\nr\nn\ne\nl\n3\n2\n+\n0\nx\n1\n3\n3\nc\na\n \n@\n \n0\nx\n7\n5\nb\nc\n3\n3\nc\na\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n6\n3\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\na\n1\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\nd\n2\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\nd\n2\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n3\n6\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\nc\ne\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\na\n5\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\na\n5",
"registers": {
"esp": 51510356,
"edi": 51510544,
"eax": 51510356,
"ebp": 51510436,
"edx": 0,
"ebx": 4325024,
"esi": 11004,
"ecx": 7
},
"exception": {
"instruction_r": "c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b",
"symbol": "RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727",
"instruction": "leave",
"module": "KERNELBASE.dll",
"exception_code": "0xeedfade",
"offset": 46887,
"address": "0x75dbb727"
}
},
"time": 1597290792.203,
"tid": 1744,
"flags": {}
},
"pid": 2628,
"type": "call",
"cid": 1148
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "r\na\nz\ny\n+\n0\nx\n1\nf\n4\na\n0\n \n@\n \n0\nx\n4\n1\nf\n4\na\n0\n\n\nr\na\nz\ny\n+\n0\nx\n1\nf\n3\ne\ne\n \n@\n \n0\nx\n4\n1\nf\n3\ne\ne\n\n\nr\na\nz\ny\n+\n0\nx\n1\nf\n3\na\nf\n \n@\n \n0\nx\n4\n1\nf\n3\na\nf\n\n\nr\na\nz\ny\n+\n0\nx\n3\n0\n8\ne\n1\n \n@\n \n0\nx\n4\n3\n0\n8\ne\n1\n\n\nr\na\nz\ny\n+\n0\nx\n3\n4\n7\n5\nb\n \n@\n \n0\nx\n4\n3\n4\n7\n5\nb\n\n\nr\na\nz\ny\n+\n0\nx\n3\n4\na\n6\n5\n \n@\n \n0\nx\n4\n3\n4\na\n6\n5\n\n\nr\na\nz\ny\n+\n0\nx\n3\n4\nc\n0\n0\n \n@\n \n0\nx\n4\n3\n4\nc\n0\n0\n\n\nr\na\nz\ny\n+\n0\nx\n3\n3\n8\nc\n9\n \n@\n \n0\nx\n4\n3\n3\n8\nc\n9\n\n\nr\na\nz\ny\n+\n0\nx\n4\n6\nd\n2\nb\n \n@\n \n0\nx\n4\n4\n6\nd\n2\nb\n\n\nr\na\nz\ny\n+\n0\nx\n1\nb\ne\n7\n7\n \n@\n \n0\nx\n4\n1\nb\ne\n7\n7\n\n\nr\na\nz\ny\n+\n0\nx\n4\n0\n0\n6\n \n@\n \n0\nx\n4\n0\n4\n0\n0\n6\n\n\nB\na\ns\ne\nT\nh\nr\ne\na\nd\nI\nn\ni\nt\nT\nh\nu\nn\nk\n+\n0\nx\n1\n2\n \nV\ne\nr\ni\nf\ny\nC\no\nn\ns\no\nl\ne\nI\no\nH\na\nn\nd\nl\ne\n-\n0\nx\nb\n3\n \nk\ne\nr\nn\ne\nl\n3\n2\n+\n0\nx\n1\n3\n3\nc\na\n \n@\n \n0\nx\n7\n5\nb\nc\n3\n3\nc\na\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n6\n3\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\na\n1\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\nd\n2\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\nd\n2\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n3\n6\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\nc\ne\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\na\n5\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\na\n5",
"registers": {
"esp": 51510356,
"edi": 51510544,
"eax": 51510356,
"ebp": 51510436,
"edx": 0,
"ebx": 4325024,
"esi": 11004,
"ecx": 7
},
"exception": {
"instruction_r": "c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b",
"symbol": "RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727",
"instruction": "leave",
"module": "KERNELBASE.dll",
"exception_code": "0xeedfade",
"offset": 46887,
"address": "0x75dbb727"
}
},
"time": 1597290796.485,
"tid": 1744,
"flags": {}
},
"pid": 2628,
"type": "call",
"cid": 1205
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "r\na\nz\ny\n+\n0\nx\n1\nf\n4\na\n0\n \n@\n \n0\nx\n4\n1\nf\n4\na\n0\n\n\nr\na\nz\ny\n+\n0\nx\n1\nf\n3\ne\ne\n \n@\n \n0\nx\n4\n1\nf\n3\ne\ne\n\n\nr\na\nz\ny\n+\n0\nx\n1\nf\n3\na\nf\n \n@\n \n0\nx\n4\n1\nf\n3\na\nf\n\n\nr\na\nz\ny\n+\n0\nx\n3\n0\n8\ne\n1\n \n@\n \n0\nx\n4\n3\n0\n8\ne\n1\n\n\nr\na\nz\ny\n+\n0\nx\n3\n4\n7\n5\nb\n \n@\n \n0\nx\n4\n3\n4\n7\n5\nb\n\n\nr\na\nz\ny\n+\n0\nx\n3\n4\na\n6\n5\n \n@\n \n0\nx\n4\n3\n4\na\n6\n5\n\n\nr\na\nz\ny\n+\n0\nx\n3\n4\nc\n0\n0\n \n@\n \n0\nx\n4\n3\n4\nc\n0\n0\n\n\nr\na\nz\ny\n+\n0\nx\n3\n3\n8\nc\n9\n \n@\n \n0\nx\n4\n3\n3\n8\nc\n9\n\n\nr\na\nz\ny\n+\n0\nx\n4\n6\nd\n2\nb\n \n@\n \n0\nx\n4\n4\n6\nd\n2\nb\n\n\nr\na\nz\ny\n+\n0\nx\n1\nb\ne\n7\n7\n \n@\n \n0\nx\n4\n1\nb\ne\n7\n7\n\n\nr\na\nz\ny\n+\n0\nx\n4\n0\n0\n6\n \n@\n \n0\nx\n4\n0\n4\n0\n0\n6\n\n\nB\na\ns\ne\nT\nh\nr\ne\na\nd\nI\nn\ni\nt\nT\nh\nu\nn\nk\n+\n0\nx\n1\n2\n \nV\ne\nr\ni\nf\ny\nC\no\nn\ns\no\nl\ne\nI\no\nH\na\nn\nd\nl\ne\n-\n0\nx\nb\n3\n \nk\ne\nr\nn\ne\nl\n3\n2\n+\n0\nx\n1\n3\n3\nc\na\n \n@\n \n0\nx\n7\n5\nb\nc\n3\n3\nc\na\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n6\n3\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\na\n1\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\nd\n2\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\nd\n2\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n3\n6\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\nc\ne\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\na\n5\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\na\n5",
"registers": {
"esp": 51510356,
"edi": 51510544,
"eax": 51510356,
"ebp": 51510436,
"edx": 0,
"ebx": 4325024,
"esi": 11004,
"ecx": 7
},
"exception": {
"instruction_r": "c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b",
"symbol": "RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727",
"instruction": "leave",
"module": "KERNELBASE.dll",
"exception_code": "0xeedfade",
"offset": 46887,
"address": "0x75dbb727"
}
},
"time": 1597290800.735,
"tid": 1744,
"flags": {}
},
"pid": 2628,
"type": "call",
"cid": 1222
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "r\na\nz\ny\n+\n0\nx\n1\nf\n4\na\n0\n \n@\n \n0\nx\n4\n1\nf\n4\na\n0\n\n\nr\na\nz\ny\n+\n0\nx\n1\nf\n3\ne\ne\n \n@\n \n0\nx\n4\n1\nf\n3\ne\ne\n\n\nr\na\nz\ny\n+\n0\nx\n1\nf\n3\na\nf\n \n@\n \n0\nx\n4\n1\nf\n3\na\nf\n\n\nr\na\nz\ny\n+\n0\nx\n3\n0\n8\ne\n1\n \n@\n \n0\nx\n4\n3\n0\n8\ne\n1\n\n\nr\na\nz\ny\n+\n0\nx\n3\n4\n7\n5\nb\n \n@\n \n0\nx\n4\n3\n4\n7\n5\nb\n\n\nr\na\nz\ny\n+\n0\nx\n3\n4\na\n6\n5\n \n@\n \n0\nx\n4\n3\n4\na\n6\n5\n\n\nr\na\nz\ny\n+\n0\nx\n3\n4\nc\n0\n0\n \n@\n \n0\nx\n4\n3\n4\nc\n0\n0\n\n\nr\na\nz\ny\n+\n0\nx\n3\n3\n9\n1\nf\n \n@\n \n0\nx\n4\n3\n3\n9\n1\nf\n\n\nr\na\nz\ny\n+\n0\nx\n4\n7\n6\n7\nd\n \n@\n \n0\nx\n4\n4\n7\n6\n7\nd\n\n\nr\na\nz\ny\n+\n0\nx\n1\nb\ne\n7\n7\n \n@\n \n0\nx\n4\n1\nb\ne\n7\n7\n\n\nr\na\nz\ny\n+\n0\nx\n4\n0\n0\n6\n \n@\n \n0\nx\n4\n0\n4\n0\n0\n6\n\n\nB\na\ns\ne\nT\nh\nr\ne\na\nd\nI\nn\ni\nt\nT\nh\nu\nn\nk\n+\n0\nx\n1\n2\n \nV\ne\nr\ni\nf\ny\nC\no\nn\ns\no\nl\ne\nI\no\nH\na\nn\nd\nl\ne\n-\n0\nx\nb\n3\n \nk\ne\nr\nn\ne\nl\n3\n2\n+\n0\nx\n1\n3\n3\nc\na\n \n@\n \n0\nx\n7\n5\nb\nc\n3\n3\nc\na\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n6\n3\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\na\n1\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\nd\n2\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\nd\n2\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n3\n6\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\nc\ne\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\na\n5\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\na\n5",
"registers": {
"esp": 51510316,
"edi": 51510504,
"eax": 51510316,
"ebp": 51510396,
"edx": 0,
"ebx": 4325024,
"esi": 11004,
"ecx": 7
},
"exception": {
"instruction_r": "c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b",
"symbol": "RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727",
"instruction": "leave",
"module": "KERNELBASE.dll",
"exception_code": "0xeedfade",
"offset": 46887,
"address": "0x75dbb727"
}
},
"time": 1597290807.797,
"tid": 956,
"flags": {}
},
"pid": 2628,
"type": "call",
"cid": 1267
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "r\na\nz\ny\n+\n0\nx\n1\nf\n4\na\n0\n \n@\n \n0\nx\n4\n1\nf\n4\na\n0\n\n\nr\na\nz\ny\n+\n0\nx\n1\nf\n3\ne\ne\n \n@\n \n0\nx\n4\n1\nf\n3\ne\ne\n\n\nr\na\nz\ny\n+\n0\nx\n1\nf\n3\na\nf\n \n@\n \n0\nx\n4\n1\nf\n3\na\nf\n\n\nr\na\nz\ny\n+\n0\nx\n3\n0\n8\ne\n1\n \n@\n \n0\nx\n4\n3\n0\n8\ne\n1\n\n\nr\na\nz\ny\n+\n0\nx\n3\n4\n7\n5\nb\n \n@\n \n0\nx\n4\n3\n4\n7\n5\nb\n\n\nr\na\nz\ny\n+\n0\nx\n3\n4\na\n6\n5\n \n@\n \n0\nx\n4\n3\n4\na\n6\n5\n\n\nr\na\nz\ny\n+\n0\nx\n3\n4\nc\n0\n0\n \n@\n \n0\nx\n4\n3\n4\nc\n0\n0\n\n\nr\na\nz\ny\n+\n0\nx\n3\n3\n9\n1\nf\n \n@\n \n0\nx\n4\n3\n3\n9\n1\nf\n\n\nr\na\nz\ny\n+\n0\nx\n4\n7\n6\n7\nd\n \n@\n \n0\nx\n4\n4\n7\n6\n7\nd\n\n\nr\na\nz\ny\n+\n0\nx\n1\nb\ne\n7\n7\n \n@\n \n0\nx\n4\n1\nb\ne\n7\n7\n\n\nr\na\nz\ny\n+\n0\nx\n4\n0\n0\n6\n \n@\n \n0\nx\n4\n0\n4\n0\n0\n6\n\n\nB\na\ns\ne\nT\nh\nr\ne\na\nd\nI\nn\ni\nt\nT\nh\nu\nn\nk\n+\n0\nx\n1\n2\n \nV\ne\nr\ni\nf\ny\nC\no\nn\ns\no\nl\ne\nI\no\nH\na\nn\nd\nl\ne\n-\n0\nx\nb\n3\n \nk\ne\nr\nn\ne\nl\n3\n2\n+\n0\nx\n1\n3\n3\nc\na\n \n@\n \n0\nx\n7\n5\nb\nc\n3\n3\nc\na\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n6\n3\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\na\n1\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\nd\n2\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\nd\n2\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n3\n6\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\nc\ne\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\na\n5\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\na\n5",
"registers": {
"esp": 51510316,
"edi": 51510504,
"eax": 51510316,
"ebp": 51510396,
"edx": 0,
"ebx": 4325024,
"esi": 11004,
"ecx": 7
},
"exception": {
"instruction_r": "c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b",
"symbol": "RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727",
"instruction": "leave",
"module": "KERNELBASE.dll",
"exception_code": "0xeedfade",
"offset": 46887,
"address": "0x75dbb727"
}
},
"time": 1597290811.063,
"tid": 956,
"flags": {}
},
"pid": 2628,
"type": "call",
"cid": 1288
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "r\na\nz\ny\n+\n0\nx\n1\nf\n4\na\n0\n \n@\n \n0\nx\n4\n1\nf\n4\na\n0\n\n\nr\na\nz\ny\n+\n0\nx\n1\nf\n3\ne\ne\n \n@\n \n0\nx\n4\n1\nf\n3\ne\ne\n\n\nr\na\nz\ny\n+\n0\nx\n1\nf\n3\na\nf\n \n@\n \n0\nx\n4\n1\nf\n3\na\nf\n\n\nr\na\nz\ny\n+\n0\nx\n3\n0\n8\ne\n1\n \n@\n \n0\nx\n4\n3\n0\n8\ne\n1\n\n\nr\na\nz\ny\n+\n0\nx\n3\n4\n7\n5\nb\n \n@\n \n0\nx\n4\n3\n4\n7\n5\nb\n\n\nr\na\nz\ny\n+\n0\nx\n3\n4\na\n6\n5\n \n@\n \n0\nx\n4\n3\n4\na\n6\n5\n\n\nr\na\nz\ny\n+\n0\nx\n3\n4\nc\n0\n0\n \n@\n \n0\nx\n4\n3\n4\nc\n0\n0\n\n\nr\na\nz\ny\n+\n0\nx\n3\n3\n9\n1\nf\n \n@\n \n0\nx\n4\n3\n3\n9\n1\nf\n\n\nr\na\nz\ny\n+\n0\nx\n4\n7\n6\n7\nd\n \n@\n \n0\nx\n4\n4\n7\n6\n7\nd\n\n\nr\na\nz\ny\n+\n0\nx\n1\nb\ne\n7\n7\n \n@\n \n0\nx\n4\n1\nb\ne\n7\n7\n\n\nr\na\nz\ny\n+\n0\nx\n4\n0\n0\n6\n \n@\n \n0\nx\n4\n0\n4\n0\n0\n6\n\n\nB\na\ns\ne\nT\nh\nr\ne\na\nd\nI\nn\ni\nt\nT\nh\nu\nn\nk\n+\n0\nx\n1\n2\n \nV\ne\nr\ni\nf\ny\nC\no\nn\ns\no\nl\ne\nI\no\nH\na\nn\nd\nl\ne\n-\n0\nx\nb\n3\n \nk\ne\nr\nn\ne\nl\n3\n2\n+\n0\nx\n1\n3\n3\nc\na\n \n@\n \n0\nx\n7\n5\nb\nc\n3\n3\nc\na\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n6\n3\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\na\n1\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\nd\n2\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\nd\n2\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n3\n6\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\nc\ne\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\na\n5\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\na\n5",
"registers": {
"esp": 51510316,
"edi": 51510504,
"eax": 51510316,
"ebp": 51510396,
"edx": 0,
"ebx": 4325024,
"esi": 11004,
"ecx": 7
},
"exception": {
"instruction_r": "c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b",
"symbol": "RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727",
"instruction": "leave",
"module": "KERNELBASE.dll",
"exception_code": "0xeedfade",
"offset": 46887,
"address": "0x75dbb727"
}
},
"time": 1597290814.328,
"tid": 956,
"flags": {}
},
"pid": 2628,
"type": "call",
"cid": 1344
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "r\na\nz\ny\n+\n0\nx\n1\nf\n4\na\n0\n \n@\n \n0\nx\n4\n1\nf\n4\na\n0\n\n\nr\na\nz\ny\n+\n0\nx\n1\nf\n3\ne\ne\n \n@\n \n0\nx\n4\n1\nf\n3\ne\ne\n\n\nr\na\nz\ny\n+\n0\nx\n1\nf\n3\na\nf\n \n@\n \n0\nx\n4\n1\nf\n3\na\nf\n\n\nr\na\nz\ny\n+\n0\nx\n3\n0\n8\ne\n1\n \n@\n \n0\nx\n4\n3\n0\n8\ne\n1\n\n\nr\na\nz\ny\n+\n0\nx\n3\n4\n7\n5\nb\n \n@\n \n0\nx\n4\n3\n4\n7\n5\nb\n\n\nr\na\nz\ny\n+\n0\nx\n3\n4\na\n6\n5\n \n@\n \n0\nx\n4\n3\n4\na\n6\n5\n\n\nr\na\nz\ny\n+\n0\nx\n3\n4\nc\n0\n0\n \n@\n \n0\nx\n4\n3\n4\nc\n0\n0\n\n\nr\na\nz\ny\n+\n0\nx\n3\n3\n9\n1\nf\n \n@\n \n0\nx\n4\n3\n3\n9\n1\nf\n\n\nr\na\nz\ny\n+\n0\nx\n4\n7\n6\n7\nd\n \n@\n \n0\nx\n4\n4\n7\n6\n7\nd\n\n\nr\na\nz\ny\n+\n0\nx\n1\nb\ne\n7\n7\n \n@\n \n0\nx\n4\n1\nb\ne\n7\n7\n\n\nr\na\nz\ny\n+\n0\nx\n4\n0\n0\n6\n \n@\n \n0\nx\n4\n0\n4\n0\n0\n6\n\n\nB\na\ns\ne\nT\nh\nr\ne\na\nd\nI\nn\ni\nt\nT\nh\nu\nn\nk\n+\n0\nx\n1\n2\n \nV\ne\nr\ni\nf\ny\nC\no\nn\ns\no\nl\ne\nI\no\nH\na\nn\nd\nl\ne\n-\n0\nx\nb\n3\n \nk\ne\nr\nn\ne\nl\n3\n2\n+\n0\nx\n1\n3\n3\nc\na\n \n@\n \n0\nx\n7\n5\nb\nc\n3\n3\nc\na\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n6\n3\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\na\n1\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\nd\n2\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\nd\n2\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n3\n6\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\nc\ne\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\na\n5\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\na\n5",
"registers": {
"esp": 51510316,
"edi": 51510504,
"eax": 51510316,
"ebp": 51510396,
"edx": 0,
"ebx": 4325024,
"esi": 11004,
"ecx": 7
},
"exception": {
"instruction_r": "c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b",
"symbol": "RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727",
"instruction": "leave",
"module": "KERNELBASE.dll",
"exception_code": "0xeedfade",
"offset": 46887,
"address": "0x75dbb727"
}
},
"time": 1597290817.594,
"tid": 956,
"flags": {}
},
"pid": 2628,
"type": "call",
"cid": 1365
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "r\na\nz\ny\n+\n0\nx\n1\nf\n4\na\n0\n \n@\n \n0\nx\n4\n1\nf\n4\na\n0\n\n\nr\na\nz\ny\n+\n0\nx\n1\nf\n3\ne\ne\n \n@\n \n0\nx\n4\n1\nf\n3\ne\ne\n\n\nr\na\nz\ny\n+\n0\nx\n1\nf\n3\na\nf\n \n@\n \n0\nx\n4\n1\nf\n3\na\nf\n\n\nr\na\nz\ny\n+\n0\nx\n3\n0\n8\ne\n1\n \n@\n \n0\nx\n4\n3\n0\n8\ne\n1\n\n\nr\na\nz\ny\n+\n0\nx\n3\n4\n7\n5\nb\n \n@\n \n0\nx\n4\n3\n4\n7\n5\nb\n\n\nr\na\nz\ny\n+\n0\nx\n3\n4\na\n6\n5\n \n@\n \n0\nx\n4\n3\n4\na\n6\n5\n\n\nr\na\nz\ny\n+\n0\nx\n3\n4\nc\n0\n0\n \n@\n \n0\nx\n4\n3\n4\nc\n0\n0\n\n\nr\na\nz\ny\n+\n0\nx\n3\n3\n9\n1\nf\n \n@\n \n0\nx\n4\n3\n3\n9\n1\nf\n\n\nr\na\nz\ny\n+\n0\nx\n4\n7\n6\n7\nd\n \n@\n \n0\nx\n4\n4\n7\n6\n7\nd\n\n\nr\na\nz\ny\n+\n0\nx\n1\nb\ne\n7\n7\n \n@\n \n0\nx\n4\n1\nb\ne\n7\n7\n\n\nr\na\nz\ny\n+\n0\nx\n4\n0\n0\n6\n \n@\n \n0\nx\n4\n0\n4\n0\n0\n6\n\n\nB\na\ns\ne\nT\nh\nr\ne\na\nd\nI\nn\ni\nt\nT\nh\nu\nn\nk\n+\n0\nx\n1\n2\n \nV\ne\nr\ni\nf\ny\nC\no\nn\ns\no\nl\ne\nI\no\nH\na\nn\nd\nl\ne\n-\n0\nx\nb\n3\n \nk\ne\nr\nn\ne\nl\n3\n2\n+\n0\nx\n1\n3\n3\nc\na\n \n@\n \n0\nx\n7\n5\nb\nc\n3\n3\nc\na\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n6\n3\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\na\n1\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\nd\n2\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\nd\n2\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n3\n6\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\nc\ne\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\na\n5\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\na\n5",
"registers": {
"esp": 51510316,
"edi": 51510504,
"eax": 51510316,
"ebp": 51510396,
"edx": 0,
"ebx": 4325024,
"esi": 11004,
"ecx": 7
},
"exception": {
"instruction_r": "c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b",
"symbol": "RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727",
"instruction": "leave",
"module": "KERNELBASE.dll",
"exception_code": "0xeedfade",
"offset": 46887,
"address": "0x75dbb727"
}
},
"time": 1597290820.844,
"tid": 956,
"flags": {}
},
"pid": 2628,
"type": "call",
"cid": 1387
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "r\na\nz\ny\n+\n0\nx\n1\nf\n4\na\n0\n \n@\n \n0\nx\n4\n1\nf\n4\na\n0\n\n\nr\na\nz\ny\n+\n0\nx\n1\nf\n3\ne\ne\n \n@\n \n0\nx\n4\n1\nf\n3\ne\ne\n\n\nr\na\nz\ny\n+\n0\nx\n1\nf\n3\na\nf\n \n@\n \n0\nx\n4\n1\nf\n3\na\nf\n\n\nr\na\nz\ny\n+\n0\nx\n3\n0\n8\ne\n1\n \n@\n \n0\nx\n4\n3\n0\n8\ne\n1\n\n\nr\na\nz\ny\n+\n0\nx\n3\n4\n7\n5\nb\n \n@\n \n0\nx\n4\n3\n4\n7\n5\nb\n\n\nr\na\nz\ny\n+\n0\nx\n3\n4\na\n6\n5\n \n@\n \n0\nx\n4\n3\n4\na\n6\n5\n\n\nr\na\nz\ny\n+\n0\nx\n3\n4\nc\n0\n0\n \n@\n \n0\nx\n4\n3\n4\nc\n0\n0\n\n\nr\na\nz\ny\n+\n0\nx\n3\n3\n9\n1\nf\n \n@\n \n0\nx\n4\n3\n3\n9\n1\nf\n\n\nr\na\nz\ny\n+\n0\nx\n4\n7\n6\n7\nd\n \n@\n \n0\nx\n4\n4\n7\n6\n7\nd\n\n\nr\na\nz\ny\n+\n0\nx\n1\nb\ne\n7\n7\n \n@\n \n0\nx\n4\n1\nb\ne\n7\n7\n\n\nr\na\nz\ny\n+\n0\nx\n4\n0\n0\n6\n \n@\n \n0\nx\n4\n0\n4\n0\n0\n6\n\n\nB\na\ns\ne\nT\nh\nr\ne\na\nd\nI\nn\ni\nt\nT\nh\nu\nn\nk\n+\n0\nx\n1\n2\n \nV\ne\nr\ni\nf\ny\nC\no\nn\ns\no\nl\ne\nI\no\nH\na\nn\nd\nl\ne\n-\n0\nx\nb\n3\n \nk\ne\nr\nn\ne\nl\n3\n2\n+\n0\nx\n1\n3\n3\nc\na\n \n@\n \n0\nx\n7\n5\nb\nc\n3\n3\nc\na\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n6\n3\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\na\n1\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\nd\n2\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\nd\n2\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n3\n6\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\nc\ne\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\na\n5\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\na\n5",
"registers": {
"esp": 51510316,
"edi": 51510504,
"eax": 51510316,
"ebp": 51510396,
"edx": 0,
"ebx": 4325024,
"esi": 11004,
"ecx": 7
},
"exception": {
"instruction_r": "c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b",
"symbol": "RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727",
"instruction": "leave",
"module": "KERNELBASE.dll",
"exception_code": "0xeedfade",
"offset": 46887,
"address": "0x75dbb727"
}
},
"time": 1597290824.094,
"tid": 956,
"flags": {}
},
"pid": 2628,
"type": "call",
"cid": 1408
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "L\nd\nr\nR\ne\ns\nS\ne\na\nr\nc\nh\nR\ne\ns\no\nu\nr\nc\ne\n+\n0\nx\nb\n4\nd\n \nL\nd\nr\nR\ne\ns\nF\ni\nn\nd\nR\ne\ns\no\nu\nr\nc\ne\nD\ni\nr\ne\nc\nt\no\nr\ny\n-\n0\nx\n1\n6\nc\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\nd\n8\na\n9\n \n@\n \n0\nx\n7\n7\nb\nc\nd\n8\na\n9\n\n\nL\nd\nr\nR\ne\ns\nS\ne\na\nr\nc\nh\nR\ne\ns\no\nu\nr\nc\ne\n+\n0\nx\na\n1\n0\n \nL\nd\nr\nR\ne\ns\nF\ni\nn\nd\nR\ne\ns\no\nu\nr\nc\ne\nD\ni\nr\ne\nc\nt\no\nr\ny\n-\n0\nx\n2\na\n9\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\nd\n7\n6\nc\n \n@\n \n0\nx\n7\n7\nb\nc\nd\n7\n6\nc\n\n\nL\nd\nr\nL\no\na\nd\nD\nl\nl\n+\n0\nx\n7\nb\n \n_\ns\nt\nr\nc\nm\np\ni\n-\n0\nx\n3\n0\n4\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\nc\n4\nb\n5\n \n@\n \n0\nx\n7\n7\nb\nc\nc\n4\nb\n5\n\n\nN\ne\nw\n_\nn\nt\nd\nl\nl\n_\nL\nd\nr\nL\no\na\nd\nD\nl\nl\n@\n1\n6\n+\n0\nx\n7\nc\n \nN\ne\nw\n_\nn\nt\nd\nl\nl\n_\nL\nd\nr\nU\nn\nl\no\na\nd\nD\nl\nl\n@\n4\n-\n0\nx\nb\n7\n \n@\n \n0\nx\n6\n3\nd\nd\nd\n6\n4\ne\n\n\nL\no\na\nd\nL\ni\nb\nr\na\nr\ny\nE\nx\nW\n+\n0\nx\n1\n7\n8\n \nL\no\na\nd\nL\ni\nb\nr\na\nr\ny\nE\nx\nA\n-\n0\nx\n2\na\n \nk\ne\nr\nn\ne\nl\nb\na\ns\ne\n+\n0\nx\n1\n1\nd\n2\na\n \n@\n \n0\nx\n7\n5\nd\nc\n1\nd\n2\na\n\n\nL\no\na\nd\nL\ni\nb\nr\na\nr\ny\nE\nx\nA\n+\n0\nx\n2\n6\n \nF\nr\ne\ne\nL\ni\nb\nr\na\nr\ny\n-\n0\nx\n1\n8\n \nk\ne\nr\nn\ne\nl\nb\na\ns\ne\n+\n0\nx\n1\n1\nd\n7\na\n \n@\n \n0\nx\n7\n5\nd\nc\n1\nd\n7\na\n\n\nL\no\na\nd\nL\ni\nb\nr\na\nr\ny\nA\n+\n0\nx\n3\n1\n \nH\ne\na\np\nC\nr\ne\na\nt\ne\n-\n0\nx\n2\n5\n \nk\ne\nr\nn\ne\nl\n3\n2\n+\n0\nx\n1\n4\na\n0\n8\n \n@\n \n0\nx\n7\n5\nb\nc\n4\na\n0\n8\n\n\nr\na\nz\ny\n+\n0\nx\n4\n8\n1\nd\n7\n \n@\n \n0\nx\n4\n4\n8\n1\nd\n7\n\n\nr\na\nz\ny\n+\n0\nx\n4\n9\n0\n0\n6\n \n@\n \n0\nx\n4\n4\n9\n0\n0\n6\n\n\nr\na\nz\ny\n+\n0\nx\n4\n9\nb\nd\n3\n \n@\n \n0\nx\n4\n4\n9\nb\nd\n3\n\n\nB\na\ns\ne\nT\nh\nr\ne\na\nd\nI\nn\ni\nt\nT\nh\nu\nn\nk\n+\n0\nx\n1\n2\n \nV\ne\nr\ni\nf\ny\nC\no\nn\ns\no\nl\ne\nI\no\nH\na\nn\nd\nl\ne\n-\n0\nx\nb\n3\n \nk\ne\nr\nn\ne\nl\n3\n2\n+\n0\nx\n1\n3\n3\nc\na\n \n@\n \n0\nx\n7\n5\nb\nc\n3\n3\nc\na\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n6\n3\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\na\n1\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\nd\n2\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\nd\n2\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n3\n6\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\nc\ne\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\na\n5\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\na\n5",
"registers": {
"esp": 1636472,
"edi": 1636684,
"eax": 0,
"ebp": 1636508,
"edx": 32,
"ebx": 1,
"esi": 1636496,
"ecx": 1636648
},
"exception": {
"instruction_r": "89 08 50 45 43 6f 6d 70 61 63 74 32 00 00 00 08",
"instruction": "mov dword ptr [eax], ecx",
"exception_code": "0xc0000005",
"symbol": "maweccbs+0x191a45",
"address": "0x3651a45"
}
},
"time": 1597290825.157,
"tid": 1576,
"flags": {}
},
"pid": 2628,
"type": "call",
"cid": 1483
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "m\na\nw\ne\nc\nc\nb\ns\n+\n0\nx\n2\n9\nd\nd\nc\n \n@\n \n0\nx\n3\n4\ne\n9\nd\nd\nc\n\n\nm\na\nw\ne\nc\nc\nb\ns\n+\n0\nx\n2\n9\nd\n2\na\n \n@\n \n0\nx\n3\n4\ne\n9\nd\n2\na\n\n\nm\na\nw\ne\nc\nc\nb\ns\n+\n0\nx\n2\n9\nc\ne\n8\n \n@\n \n0\nx\n3\n4\ne\n9\nc\ne\n8\n\n\nm\na\nw\ne\nc\nc\nb\ns\n+\n0\nx\n2\na\nb\nc\n2\n \n@\n \n0\nx\n3\n4\ne\na\nb\nc\n2\n\n\nm\na\nw\ne\nc\nc\nb\ns\n+\n0\nx\n2\n9\ne\n8\n1\n \n@\n \n0\nx\n3\n4\ne\n9\ne\n8\n1\n\n\nm\na\nw\ne\nc\nc\nb\ns\n+\n0\nx\n3\n8\n8\nf\nd\n \n@\n \n0\nx\n3\n4\nf\n8\n8\nf\nd\n\n\nm\na\nw\ne\nc\nc\nb\ns\n+\n0\nx\n3\nf\n4\n2\n1\n \n@\n \n0\nx\n3\n4\nf\nf\n4\n2\n1\n\n\nm\na\nw\ne\nc\nc\nb\ns\n+\n0\nx\n4\n3\n2\n3\nf\n \n@\n \n0\nx\n3\n5\n0\n3\n2\n3\nf\n\n\nm\na\nw\ne\nc\nc\nb\ns\n+\n0\nx\n4\n3\n5\n4\n9\n \n@\n \n0\nx\n3\n5\n0\n3\n5\n4\n9\n\n\nm\na\nw\ne\nc\nc\nb\ns\n+\n0\nx\n4\n3\n6\ne\n4\n \n@\n \n0\nx\n3\n5\n0\n3\n6\ne\n4\n\n\nm\na\nw\ne\nc\nc\nb\ns\n+\n0\nx\n4\n2\n4\n8\n1\n \n@\n \n0\nx\n3\n5\n0\n2\n4\n8\n1\n\n\nm\na\nw\ne\nc\nc\nb\ns\n+\n0\nx\nc\n5\n6\n8\n4\n \n@\n \n0\nx\n3\n5\n8\n5\n6\n8\n4\n\n\nm\na\nw\ne\nc\nc\nb\ns\n+\n0\nx\nc\n5\na\nb\n3\n \n@\n \n0\nx\n3\n5\n8\n5\na\nb\n3\n\n\nm\na\nw\ne\nc\nc\nb\ns\n+\n0\nx\n9\nc\nc\na\n9\n \n@\n \n0\nx\n3\n5\n5\nc\nc\na\n9\n\n\nm\na\nw\ne\nc\nc\nb\ns\n+\n0\nx\n9\nf\n9\n9\n7\n \n@\n \n0\nx\n3\n5\n5\nf\n9\n9\n7\n\n\nm\na\nw\ne\nc\nc\nb\ns\n+\n0\nx\n2\n3\n3\nd\nf\n \n@\n \n0\nx\n3\n4\ne\n3\n3\nd\nf\n\n\nm\na\nw\ne\nc\nc\nb\ns\n+\n0\nx\n4\na\n5\n6\n \n@\n \n0\nx\n3\n4\nc\n4\na\n5\n6\n\n\nB\na\ns\ne\nT\nh\nr\ne\na\nd\nI\nn\ni\nt\nT\nh\nu\nn\nk\n+\n0\nx\n1\n2\n \nV\ne\nr\ni\nf\ny\nC\no\nn\ns\no\nl\ne\nI\no\nH\na\nn\nd\nl\ne\n-\n0\nx\nb\n3\n \nk\ne\nr\nn\ne\nl\n3\n2\n+\n0\nx\n1\n3\n3\nc\na\n \n@\n \n0\nx\n7\n5\nb\nc\n3\n3\nc\na\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n6\n3\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\na\n1\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\nd\n2\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\nd\n2\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n3\n6\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\nc\ne\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\na\n5\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\na\n5",
"registers": {
"esp": 59503700,
"edi": 59503888,
"eax": 59503700,
"ebp": 59503780,
"edx": 0,
"ebx": 55486468,
"esi": 11004,
"ecx": 7
},
"exception": {
"instruction_r": "c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b",
"symbol": "RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727",
"instruction": "leave",
"module": "KERNELBASE.dll",
"exception_code": "0xeedfade",
"offset": 46887,
"address": "0x75dbb727"
}
},
"time": 1597290827.563,
"tid": 2408,
"flags": {}
},
"pid": 2628,
"type": "call",
"cid": 2526
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "m\na\nw\ne\nc\nc\nb\ns\n+\n0\nx\n9\ne\n3\n7\nf\n \n@\n \n0\nx\n3\n5\n5\ne\n3\n7\nf\n\n\nm\na\nw\ne\nc\nc\nb\ns\n+\n0\nx\n9\nf\n9\n9\n7\n \n@\n \n0\nx\n3\n5\n5\nf\n9\n9\n7\n\n\nm\na\nw\ne\nc\nc\nb\ns\n+\n0\nx\n2\n3\n3\nd\nf\n \n@\n \n0\nx\n3\n4\ne\n3\n3\nd\nf\n\n\nm\na\nw\ne\nc\nc\nb\ns\n+\n0\nx\n4\na\n5\n6\n \n@\n \n0\nx\n3\n4\nc\n4\na\n5\n6\n\n\nB\na\ns\ne\nT\nh\nr\ne\na\nd\nI\nn\ni\nt\nT\nh\nu\nn\nk\n+\n0\nx\n1\n2\n \nV\ne\nr\ni\nf\ny\nC\no\nn\ns\no\nl\ne\nI\no\nH\na\nn\nd\nl\ne\n-\n0\nx\nb\n3\n \nk\ne\nr\nn\ne\nl\n3\n2\n+\n0\nx\n1\n3\n3\nc\na\n \n@\n \n0\nx\n7\n5\nb\nc\n3\n3\nc\na\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n6\n3\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\na\n1\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\nd\n2\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\nd\n2\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n3\n6\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\nc\ne\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\na\n5\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\na\n5",
"registers": {
"esp": 59505568,
"edi": 0,
"eax": 1447909480,
"ebp": 59505608,
"edx": 22104,
"ebx": 0,
"esi": 0,
"ecx": 10
},
"exception": {
"instruction_r": "ed 81 fb 68 58 4d 56 0f 94 45 ff 5b 59 5a 33 c0",
"instruction": "in eax, dx",
"exception_code": "0xc0000096",
"symbol": "maweccbs+0xdbbdc",
"address": "0x359bbdc"
}
},
"time": 1597290827.563,
"tid": 2408,
"flags": {}
},
"pid": 2628,
"type": "call",
"cid": 2539
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "m\na\nw\ne\nc\nc\nb\ns\n+\n0\nx\n2\n9\nd\nd\nc\n \n@\n \n0\nx\n3\n4\ne\n9\nd\nd\nc\n\n\nm\na\nw\ne\nc\nc\nb\ns\n+\n0\nx\n2\n9\nd\n2\na\n \n@\n \n0\nx\n3\n4\ne\n9\nd\n2\na\n\n\nm\na\nw\ne\nc\nc\nb\ns\n+\n0\nx\n2\n9\nc\ne\n8\n \n@\n \n0\nx\n3\n4\ne\n9\nc\ne\n8\n\n\nm\na\nw\ne\nc\nc\nb\ns\n+\n0\nx\n2\na\nb\nc\n2\n \n@\n \n0\nx\n3\n4\ne\na\nb\nc\n2\n\n\nm\na\nw\ne\nc\nc\nb\ns\n+\n0\nx\n2\n9\ne\n8\n1\n \n@\n \n0\nx\n3\n4\ne\n9\ne\n8\n1\n\n\nm\na\nw\ne\nc\nc\nb\ns\n+\n0\nx\n3\n8\n8\nf\nd\n \n@\n \n0\nx\n3\n4\nf\n8\n8\nf\nd\n\n\nm\na\nw\ne\nc\nc\nb\ns\n+\n0\nx\n3\nf\n4\n2\n1\n \n@\n \n0\nx\n3\n4\nf\nf\n4\n2\n1\n\n\nm\na\nw\ne\nc\nc\nb\ns\n+\n0\nx\n4\n3\n2\n3\nf\n \n@\n \n0\nx\n3\n5\n0\n3\n2\n3\nf\n\n\nm\na\nw\ne\nc\nc\nb\ns\n+\n0\nx\n4\n3\n5\n4\n9\n \n@\n \n0\nx\n3\n5\n0\n3\n5\n4\n9\n\n\nm\na\nw\ne\nc\nc\nb\ns\n+\n0\nx\n4\n3\n6\ne\n4\n \n@\n \n0\nx\n3\n5\n0\n3\n6\ne\n4\n\n\nm\na\nw\ne\nc\nc\nb\ns\n+\n0\nx\n4\n2\n4\n8\n1\n \n@\n \n0\nx\n3\n5\n0\n2\n4\n8\n1\n\n\nm\na\nw\ne\nc\nc\nb\ns\n+\n0\nx\nd\n9\nb\nc\ne\n \n@\n \n0\nx\n3\n5\n9\n9\nb\nc\ne\n\n\nm\na\nw\ne\nc\nc\nb\ns\n+\n0\nx\nb\nd\n8\n9\n3\n \n@\n \n0\nx\n3\n5\n7\nd\n8\n9\n3\n\n\nB\na\ns\ne\nT\nh\nr\ne\na\nd\nI\nn\ni\nt\nT\nh\nu\nn\nk\n+\n0\nx\n1\n2\n \nV\ne\nr\ni\nf\ny\nC\no\nn\ns\no\nl\ne\nI\no\nH\na\nn\nd\nl\ne\n-\n0\nx\nb\n3\n \nk\ne\nr\nn\ne\nl\n3\n2\n+\n0\nx\n1\n3\n3\nc\na\n \n@\n \n0\nx\n7\n5\nb\nc\n3\n3\nc\na\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n6\n3\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\na\n1\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\nd\n2\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\nd\n2\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n3\n6\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\nc\ne\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\na\n5\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\na\n5",
"registers": {
"esp": 61013128,
"edi": 61013316,
"eax": 61013128,
"ebp": 61013208,
"edx": 0,
"ebx": 55486468,
"esi": 11004,
"ecx": 7
},
"exception": {
"instruction_r": "c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b",
"symbol": "RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727",
"instruction": "leave",
"module": "KERNELBASE.dll",
"exception_code": "0xeedfade",
"offset": 46887,
"address": "0x75dbb727"
}
},
"time": 1597290840.032,
"tid": 2296,
"flags": {}
},
"pid": 2628,
"type": "call",
"cid": 10996
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "m\na\nw\ne\nc\nc\nb\ns\n+\n0\nx\n2\n9\nd\nd\nc\n \n@\n \n0\nx\n3\n4\ne\n9\nd\nd\nc\n\n\nm\na\nw\ne\nc\nc\nb\ns\n+\n0\nx\n2\n9\nd\n2\na\n \n@\n \n0\nx\n3\n4\ne\n9\nd\n2\na\n\n\nm\na\nw\ne\nc\nc\nb\ns\n+\n0\nx\n2\n9\nc\ne\n8\n \n@\n \n0\nx\n3\n4\ne\n9\nc\ne\n8\n\n\nm\na\nw\ne\nc\nc\nb\ns\n+\n0\nx\n2\na\nb\nc\n2\n \n@\n \n0\nx\n3\n4\ne\na\nb\nc\n2\n\n\nm\na\nw\ne\nc\nc\nb\ns\n+\n0\nx\n2\n9\ne\n8\n1\n \n@\n \n0\nx\n3\n4\ne\n9\ne\n8\n1\n\n\nm\na\nw\ne\nc\nc\nb\ns\n+\n0\nx\n3\n8\n8\nf\nd\n \n@\n \n0\nx\n3\n4\nf\n8\n8\nf\nd\n\n\nm\na\nw\ne\nc\nc\nb\ns\n+\n0\nx\n3\nf\n4\n2\n1\n \n@\n \n0\nx\n3\n4\nf\nf\n4\n2\n1\n\n\nm\na\nw\ne\nc\nc\nb\ns\n+\n0\nx\n4\n3\n2\n3\nf\n \n@\n \n0\nx\n3\n5\n0\n3\n2\n3\nf\n\n\nm\na\nw\ne\nc\nc\nb\ns\n+\n0\nx\n4\n3\n5\n4\n9\n \n@\n \n0\nx\n3\n5\n0\n3\n5\n4\n9\n\n\nm\na\nw\ne\nc\nc\nb\ns\n+\n0\nx\n4\n3\n6\ne\n4\n \n@\n \n0\nx\n3\n5\n0\n3\n6\ne\n4\n\n\nm\na\nw\ne\nc\nc\nb\ns\n+\n0\nx\n4\n2\n4\n8\n1\n \n@\n \n0\nx\n3\n5\n0\n2\n4\n8\n1\n\n\nm\na\nw\ne\nc\nc\nb\ns\n+\n0\nx\nd\n9\nb\nc\ne\n \n@\n \n0\nx\n3\n5\n9\n9\nb\nc\ne\n\n\nm\na\nw\ne\nc\nc\nb\ns\n+\n0\nx\nb\nd\n8\nb\n8\n \n@\n \n0\nx\n3\n5\n7\nd\n8\nb\n8\n\n\nB\na\ns\ne\nT\nh\nr\ne\na\nd\nI\nn\ni\nt\nT\nh\nu\nn\nk\n+\n0\nx\n1\n2\n \nV\ne\nr\ni\nf\ny\nC\no\nn\ns\no\nl\ne\nI\no\nH\na\nn\nd\nl\ne\n-\n0\nx\nb\n3\n \nk\ne\nr\nn\ne\nl\n3\n2\n+\n0\nx\n1\n3\n3\nc\na\n \n@\n \n0\nx\n7\n5\nb\nc\n3\n3\nc\na\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n6\n3\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\na\n1\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\nd\n2\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\nd\n2\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n3\n6\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\nc\ne\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\na\n5\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\na\n5",
"registers": {
"esp": 61013128,
"edi": 61013316,
"eax": 61013128,
"ebp": 61013208,
"edx": 0,
"ebx": 55486468,
"esi": 11004,
"ecx": 7
},
"exception": {
"instruction_r": "c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b",
"symbol": "RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727",
"instruction": "leave",
"module": "KERNELBASE.dll",
"exception_code": "0xeedfade",
"offset": 46887,
"address": "0x75dbb727"
}
},
"time": 1597290842.282,
"tid": 2296,
"flags": {}
},
"pid": 2628,
"type": "call",
"cid": 11051
}
],
"references": [],
"name": "raises_exception"
},
{
"markcount": 8,
"families": [],
"description": "Allocates read-write-execute memory (usually to unpack itself)",
"severity": 2,
"marks": [
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 816,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 299008,
"protection": 64,
"process_handle": "0xffffffff",
"base_address": "0x00401000"
},
"time": 1597290787.218375,
"tid": 2256,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE"
}
},
"pid": 816,
"type": "call",
"cid": 1
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtAllocateVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 816,
"region_size": 4096,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 1,
"protection": 64,
"process_handle": "0xffffffff",
"allocation_type": 12288,
"base_address": "0x77d20000"
},
"time": 1597290787.406375,
"tid": 2256,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE",
"allocation_type": "MEM_COMMIT|MEM_RESERVE"
}
},
"pid": 816,
"type": "call",
"cid": 606
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtAllocateVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 816,
"region_size": 4096,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 1,
"protection": 64,
"process_handle": "0xffffffff",
"allocation_type": 12288,
"base_address": "0x75e00000"
},
"time": 1597290787.406375,
"tid": 2256,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE",
"allocation_type": "MEM_COMMIT|MEM_RESERVE"
}
},
"pid": 816,
"type": "call",
"cid": 612
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2628,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 299008,
"protection": 64,
"process_handle": "0xffffffff",
"base_address": "0x00401000"
},
"time": 1597290787.703,
"tid": 1576,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE"
}
},
"pid": 2628,
"type": "call",
"cid": 1
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtAllocateVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2628,
"region_size": 4096,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 1,
"protection": 64,
"process_handle": "0xffffffff",
"allocation_type": 12288,
"base_address": "0x77d20000"
},
"time": 1597290787.86,
"tid": 1576,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE",
"allocation_type": "MEM_COMMIT|MEM_RESERVE"
}
},
"pid": 2628,
"type": "call",
"cid": 609
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtAllocateVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2628,
"region_size": 4096,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 1,
"protection": 64,
"process_handle": "0xffffffff",
"allocation_type": 12288,
"base_address": "0x75e00000"
},
"time": 1597290787.86,
"tid": 1576,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE",
"allocation_type": "MEM_COMMIT|MEM_RESERVE"
}
},
"pid": 2628,
"type": "call",
"cid": 615
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtAllocateVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2628,
"region_size": 12288,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"protection": 64,
"process_handle": "0xffffffff",
"allocation_type": 4096,
"base_address": "0x03100000"
},
"time": 1597290825.157,
"tid": 1576,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE",
"allocation_type": "MEM_COMMIT"
}
},
"pid": 2628,
"type": "call",
"cid": 1484
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtAllocateVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2628,
"region_size": 4096,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"protection": 64,
"process_handle": "0xffffffff",
"allocation_type": 4096,
"base_address": "0x03110000"
},
"time": 1597290825.282,
"tid": 1576,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE",
"allocation_type": "MEM_COMMIT"
}
},
"pid": 2628,
"type": "call",
"cid": 2278
}
],
"references": [],
"name": "allocates_rwx"
},
{
"markcount": 0,
"families": [],
"description": "Checks whether any human activity is being performed by constantly checking whether the foreground window changed",
"severity": 2,
"marks": [],
"references": [
"https:\/\/www.virusbtn.com\/virusbulletin\/archive\/2015\/09\/vb201509-custom-packer.dkb"
],
"name": "antisandbox_foregroundwindows"
},
{
"markcount": 1,
"families": [],
"description": "Attempts to modify Internet Explorer's start page",
"severity": 2,
"marks": [
{
"category": "registry",
"ioc": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\Start Page",
"type": "ioc",
"description": null
}
],
"references": [],
"name": "browser_startpage"
},
{
"markcount": 2,
"families": [],
"description": "Steals private information from local Internet browsers",
"severity": 2,
"marks": [
{
"category": "file",
"ioc": "C:\\Users\\cuck\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\AppData\\Local\\Opera\\Opera\\Cache",
"type": "ioc",
"description": null
}
],
"references": [],
"name": "infostealer_browser"
},
{
"markcount": 23,
"families": [],
"description": "Foreign language identified in PE resource",
"severity": 2,
"marks": [
{
"name": "RT_BITMAP",
"language": "LANG_CHINESE",
"offset": "0x0005a57c",
"filetype": "data",
"sublanguage": "SUBLANG_CHINESE_SIMPLIFIED",
"type": "generic",
"size": "0x00000bb6"
},
{
"name": "RT_ICON",
"language": "LANG_CHINESE",
"offset": "0x0005baac",
"filetype": "data",
"sublanguage": "SUBLANG_CHINESE_SIMPLIFIED",
"type": "generic",
"size": "0x000008a8"
},
{
"name": "RT_ICON",
"language": "LANG_CHINESE",
"offset": "0x0005baac",
"filetype": "data",
"sublanguage": "SUBLANG_CHINESE_SIMPLIFIED",
"type": "generic",
"size": "0x000008a8"
},
{
"name": "RT_ICON",
"language": "LANG_CHINESE",
"offset": "0x0005baac",
"filetype": "data",
"sublanguage": "SUBLANG_CHINESE_SIMPLIFIED",
"type": "generic",
"size": "0x000008a8"
},
{
"name": "RT_ICON",
"language": "LANG_CHINESE",
"offset": "0x0005baac",
"filetype": "data",
"sublanguage": "SUBLANG_CHINESE_SIMPLIFIED",
"type": "generic",
"size": "0x000008a8"
},
{
"name": "RT_DIALOG",
"language": "LANG_CHINESE",
"offset": "0x0005c9ec",
"filetype": "data",
"sublanguage": "SUBLANG_CHINESE_SIMPLIFIED",
"type": "generic",
"size": "0x000001ce"
},
{
"name": "RT_DIALOG",
"language": "LANG_CHINESE",
"offset": "0x0005c9ec",
"filetype": "data",
"sublanguage": "SUBLANG_CHINESE_SIMPLIFIED",
"type": "generic",
"size": "0x000001ce"
},
{
"name": "RT_DIALOG",
"language": "LANG_CHINESE",
"offset": "0x0005c9ec",
"filetype": "data",
"sublanguage": "SUBLANG_CHINESE_SIMPLIFIED",
"type": "generic",
"size": "0x000001ce"
},
{
"name": "RT_DIALOG",
"language": "LANG_CHINESE",
"offset": "0x0005c9ec",
"filetype": "data",
"sublanguage": "SUBLANG_CHINESE_SIMPLIFIED",
"type": "generic",
"size": "0x000001ce"
},
{
"name": "RT_DIALOG",
"language": "LANG_CHINESE",
"offset": "0x0005c9ec",
"filetype": "data",
"sublanguage": "SUBLANG_CHINESE_SIMPLIFIED",
"type": "generic",
"size": "0x000001ce"
},
{
"name": "RT_DIALOG",
"language": "LANG_CHINESE",
"offset": "0x0005c9ec",
"filetype": "data",
"sublanguage": "SUBLANG_CHINESE_SIMPLIFIED",
"type": "generic",
"size": "0x000001ce"
},
{
"name": "RT_STRING",
"language": "LANG_CHINESE",
"offset": "0x0005d2d8",
"filetype": "data",
"sublanguage": "SUBLANG_CHINESE_SIMPLIFIED",
"type": "generic",
"size": "0x0000006a"
},
{
"name": "RT_STRING",
"language": "LANG_CHINESE",
"offset": "0x0005d2d8",
"filetype": "data",
"sublanguage": "SUBLANG_CHINESE_SIMPLIFIED",
"type": "generic",
"size": "0x0000006a"
},
{
"name": "RT_STRING",
"language": "LANG_CHINESE",
"offset": "0x0005d2d8",
"filetype": "data",
"sublanguage": "SUBLANG_CHINESE_SIMPLIFIED",
"type": "generic",
"size": "0x0000006a"
},
{
"name": "RT_STRING",
"language": "LANG_CHINESE",
"offset": "0x0005d2d8",
"filetype": "data",
"sublanguage": "SUBLANG_CHINESE_SIMPLIFIED",
"type": "generic",
"size": "0x0000006a"
},
{
"name": "RT_STRING",
"language": "LANG_CHINESE",
"offset": "0x0005d2d8",
"filetype": "data",
"sublanguage": "SUBLANG_CHINESE_SIMPLIFIED",
"type": "generic",
"size": "0x0000006a"
},
{
"name": "RT_STRING",
"language": "LANG_CHINESE",
"offset": "0x0005d2d8",
"filetype": "data",
"sublanguage": "SUBLANG_CHINESE_SIMPLIFIED",
"type": "generic",
"size": "0x0000006a"
},
{
"name": "RT_STRING",
"language": "LANG_CHINESE",
"offset": "0x0005d2d8",
"filetype": "data",
"sublanguage": "SUBLANG_CHINESE_SIMPLIFIED",
"type": "generic",
"size": "0x0000006a"
},
{
"name": "RT_STRING",
"language": "LANG_CHINESE",
"offset": "0x0005d2d8",
"filetype": "data",
"sublanguage": "SUBLANG_CHINESE_SIMPLIFIED",
"type": "generic",
"size": "0x0000006a"
},
{
"name": "RT_STRING",
"language": "LANG_CHINESE",
"offset": "0x0005d2d8",
"filetype": "data",
"sublanguage": "SUBLANG_CHINESE_SIMPLIFIED",
"type": "generic",
"size": "0x0000006a"
},
{
"name": "RT_STRING",
"language": "LANG_CHINESE",
"offset": "0x0005d2d8",
"filetype": "data",
"sublanguage": "SUBLANG_CHINESE_SIMPLIFIED",
"type": "generic",
"size": "0x0000006a"
},
{
"name": "RT_GROUP_ICON",
"language": "LANG_CHINESE",
"offset": "0x0005d344",
"filetype": "MS Windows icon resource - 4 icons, 16x16, 16 colors",
"sublanguage": "SUBLANG_CHINESE_SIMPLIFIED",
"type": "generic",
"size": "0x0000003e"
},
{
"name": "RT_MANIFEST",
"language": "LANG_CHINESE",
"offset": "0x0005d384",
"filetype": "XML 1.0 document, ASCII text, with CRLF line terminators",
"sublanguage": "SUBLANG_CHINESE_SIMPLIFIED",
"type": "generic",
"size": "0x00000640"
}
],
"references": [],
"name": "origin_langid"
},
{
"markcount": 1,
"families": [],
"description": "Creates hidden or system file",
"severity": 2,
"marks": [
{
"call": {
"category": "file",
"status": 1,
"stacktrace": [],
"api": "SetFileAttributesW",
"return_value": 1,
"arguments": {
"file_attributes": 2,
"filepath_r": "C:\\Windows\\System32\\GroupPolicy",
"filepath": "C:\\Windows\\System32\\GroupPolicy"
},
"time": 1597290900.703,
"tid": 2408,
"flags": {
"file_attributes": "FILE_ATTRIBUTE_HIDDEN"
}
},
"pid": 2628,
"type": "call",
"cid": 12401
}
],
"references": [],
"name": "creates_hidden_file"
},
{
"markcount": 1,
"families": [],
"description": "Creates a service",
"severity": 2,
"marks": [
{
"call": {
"category": "services",
"status": 1,
"stacktrace": [],
"api": "CreateServiceW",
"return_value": 8824696,
"arguments": {
"service_start_name": "",
"start_type": 3,
"service_handle": "0x0086a778",
"display_name": "I6vMf7Hi8P",
"error_control": 1,
"service_name": "I6vMf7Hi8P",
"filepath": "C:\\Windows\\SysWOW64\\I6vMf7Hi8Py.sys",
"filepath_r": "C:\\Windows\\syswow64\\I6vMf7Hi8Py.sys",
"service_manager_handle": "0x0086a7f0",
"desired_access": 983551,
"service_type": 1,
"password": ""
},
"time": 1597290827.672,
"tid": 2408,
"flags": {}
},
"pid": 2628,
"type": "call",
"cid": 2726
}
],
"references": [],
"name": "creates_service"
},
{
"markcount": 7,
"families": [],
"description": "Creates a shortcut to an executable file",
"severity": 2,
"marks": [
{
"category": "file",
"ioc": "C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Shows Desktop.lnk",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Firefox.lnk",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Window Switcher.lnk",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Explorer.lnk",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Launch Internet Explorer Browser.lnk",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Internet Explorer.lnk",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Media Player.lnk",
"type": "ioc",
"description": null
}
],
"references": [],
"name": "creates_shortcut"
},
{
"markcount": 2,
"families": [],
"description": "Drops a binary and executes it",
"severity": 2,
"marks": [
{
"category": "file",
"ioc": "C:\\xfpl\\crazy.exe",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Program Files (x86)\\ihfqgu\\razy.exe",
"type": "ioc",
"description": null
}
],
"references": [],
"name": "dropper"
},
{
"markcount": 1,
"families": [],
"description": "Drops an executable to the user AppData folder",
"severity": 2,
"marks": [
{
"category": "file",
"ioc": "C:\\Users\\cuck\\AppData\\Local\\Temp\\FwFQmYtW\\ojPwIJFk.dll",
"type": "ioc",
"description": null
}
],
"references": [],
"name": "exe_appdata"
},
{
"markcount": 3,
"families": [],
"description": "Searches running processes potentially to identify processes for sandbox evasion, code injection or memory dumping",
"severity": 2,
"marks": [
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "Process32NextW",
"return_value": 1,
"arguments": {
"process_name": "SearchProtocolHost.exe",
"snapshot_handle": "0x00000278",
"process_identifier": 1512
},
"time": 1597290825.297,
"tid": 2408,
"flags": {}
},
"pid": 2628,
"type": "call",
"cid": 2427
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "Process32NextW",
"return_value": 1,
"arguments": {
"process_name": "taskhost.exe",
"snapshot_handle": "0x00000278",
"process_identifier": 2952
},
"time": 1597290825.297,
"tid": 2408,
"flags": {}
},
"pid": 2628,
"type": "call",
"cid": 2429
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "Process32NextW",
"return_value": 1,
"arguments": {
"process_name": "razy.exe",
"snapshot_handle": "0x00000278",
"process_identifier": 2628
},
"time": 1597290825.297,
"tid": 2408,
"flags": {}
},
"pid": 2628,
"type": "call",
"cid": 2430
}
],
"references": [],
"name": "injection_process_search"
},
{
"markcount": 3,
"families": [],
"description": "Checks for the Locally Unique Identifier on the system for a suspicious privilege",
"severity": 2,
"marks": [
{
"call": {
"category": "system",
"status": 1,
"stacktrace": [],
"api": "LookupPrivilegeValueW",
"return_value": 1,
"arguments": {
"system_name": "",
"privilege_name": "SeDebugPrivilege"
},
"time": 1597290825.297,
"tid": 2408,
"flags": {}
},
"pid": 2628,
"type": "call",
"cid": 2373
},
{
"call": {
"category": "system",
"status": 1,
"stacktrace": [],
"api": "LookupPrivilegeValueW",
"return_value": 1,
"arguments": {
"system_name": "",
"privilege_name": "SeShutdownPrivilege"
},
"time": 1597290471.409644,
"tid": 1828,
"flags": {}
},
"pid": 1788,
"type": "call",
"cid": 6942
},
{
"call": {
"category": "system",
"status": 1,
"stacktrace": [],
"api": "LookupPrivilegeValueW",
"return_value": 1,
"arguments": {
"system_name": "",
"privilege_name": "SeShutdownPrivilege"
},
"time": 1597290471.409644,
"tid": 1828,
"flags": {}
},
"pid": 1788,
"type": "call",
"cid": 6974
}
],
"references": [],
"name": "privilege_luid_check"
},
{
"markcount": 44,
"families": [],
"description": "Repeatedly searches for a not-found process, you may want to run a web browser during analysis",
"severity": 2,
"marks": [
{
"call": {
"category": "process",
"status": 0,
"stacktrace": [],
"last_error": 18,
"nt_status": -1073741772,
"api": "Process32NextW",
"return_value": 0,
"arguments": {
"process_name": "razy.exe",
"snapshot_handle": "0x00000278",
"process_identifier": 2628
},
"time": 1597290825.297,
"tid": 2408,
"flags": {}
},
"pid": 2628,
"type": "call",
"cid": 2431
},
{
"call": {
"category": "process",
"status": 0,
"stacktrace": [],
"last_error": 18,
"nt_status": -1073741700,
"api": "Process32NextW",
"return_value": 0,
"arguments": {
"process_name": "razy.exe",
"snapshot_handle": "0x00000278",
"process_identifier": 2628
},
"time": 1597290825.313,
"tid": 2408,
"flags": {}
},
"pid": 2628,
"type": "call",
"cid": 2502
},
{
"call": {
"category": "process",
"status": 0,
"stacktrace": [],
"last_error": 18,
"nt_status": 0,
"api": "Process32NextW",
"return_value": 0,
"arguments": {
"process_name": "razy.exe",
"snapshot_handle": "0x000002b4",
"process_identifier": 2628
},
"time": 1597290827.719,
"tid": 2408,
"flags": {}
},
"pid": 2628,
"type": "call",
"cid": 2827
},
{
"call": {
"category": "process",
"status": 0,
"stacktrace": [],
"last_error": 18,
"nt_status": 0,
"api": "Process32NextW",
"return_value": 0,
"arguments": {
"process_name": "razy.exe",
"snapshot_handle": "0x000002b8",
"process_identifier": 2628
},
"time": 1597290827.719,
"tid": 2408,
"flags": {}
},
"pid": 2628,
"type": "call",
"cid": 2876
},
{
"call": {
"category": "process",
"status": 0,
"stacktrace": [],
"last_error": 18,
"nt_status": -1073741772,
"api": "Process32NextW",
"return_value": 0,
"arguments": {
"process_name": "razy.exe",
"snapshot_handle": "0x000002c0",
"process_identifier": 2628
},
"time": 1597290827.735,
"tid": 2408,
"flags": {}
},
"pid": 2628,
"type": "call",
"cid": 2940
},
{
"call": {
"category": "process",
"status": 0,
"stacktrace": [],
"last_error": 18,
"nt_status": -1073741772,
"api": "Process32NextW",
"return_value": 0,
"arguments": {
"process_name": "razy.exe",
"snapshot_handle": "0x000002c0",
"process_identifier": 2628
},
"time": 1597290827.735,
"tid": 2408,
"flags": {}
},
"pid": 2628,
"type": "call",
"cid": 2980
},
{
"call": {
"category": "process",
"status": 0,
"stacktrace": [],
"last_error": 18,
"nt_status": -1073741772,
"api": "Process32NextW",
"return_value": 0,
"arguments": {
"process_name": "razy.exe",
"snapshot_handle": "0x000002c0",
"process_identifier": 2628
},
"time": 1597290827.735,
"tid": 2408,
"flags": {}
},
"pid": 2628,
"type": "call",
"cid": 3020
},
{
"call": {
"category": "process",
"status": 0,
"stacktrace": [],
"last_error": 18,
"nt_status": -1073741772,
"api": "Process32NextW",
"return_value": 0,
"arguments": {
"process_name": "razy.exe",
"snapshot_handle": "0x000002d4",
"process_identifier": 2628
},
"time": 1597290837.141,
"tid": 2984,
"flags": {}
},
"pid": 2628,
"type": "call",
"cid": 10935
},
{
"call": {
"category": "process",
"status": 0,
"stacktrace": [],
"last_error": 18,
"nt_status": -1073741772,
"api": "Process32NextW",
"return_value": 0,
"arguments": {
"process_name": "razy.exe",
"snapshot_handle": "0x000005b8",
"process_identifier": 2628
},
"time": 1597290839.141,
"tid": 2984,
"flags": {}
},
"pid": 2628,
"type": "call",
"cid": 10988
},
{
"call": {
"category": "process",
"status": 0,
"stacktrace": [],
"last_error": 18,
"nt_status": -1073741772,
"api": "Process32NextW",
"return_value": 0,
"arguments": {
"process_name": "razy.exe",
"snapshot_handle": "0x000005b8",
"process_identifier": 2628
},
"time": 1597290841.172,
"tid": 2984,
"flags": {}
},
"pid": 2628,
"type": "call",
"cid": 11043
},
{
"call": {
"category": "process",
"status": 0,
"stacktrace": [],
"last_error": 18,
"nt_status": -1073741772,
"api": "Process32NextW",
"return_value": 0,
"arguments": {
"process_name": "razy.exe",
"snapshot_handle": "0x00000414",
"process_identifier": 2628
},
"time": 1597290843.188,
"tid": 2984,
"flags": {}
},
"pid": 2628,
"type": "call",
"cid": 11100
},
{
"call": {
"category": "process",
"status": 0,
"stacktrace": [],
"last_error": 18,
"nt_status": -1073741772,
"api": "Process32NextW",
"return_value": 0,
"arguments": {
"process_name": "razy.exe",
"snapshot_handle": "0x00000414",
"process_identifier": 2628
},
"time": 1597290845.203,
"tid": 2984,
"flags": {}
},
"pid": 2628,
"type": "call",
"cid": 11144
},
{
"call": {
"category": "process",
"status": 0,
"stacktrace": [],
"last_error": 18,
"nt_status": -1073741772,
"api": "Process32NextW",
"return_value": 0,
"arguments": {
"process_name": "razy.exe",
"snapshot_handle": "0x00000414",
"process_identifier": 2628
},
"time": 1597290847.235,
"tid": 2984,
"flags": {}
},
"pid": 2628,
"type": "call",
"cid": 11188
},
{
"call": {
"category": "process",
"status": 0,
"stacktrace": [],
"last_error": 18,
"nt_status": -1073741772,
"api": "Process32NextW",
"return_value": 0,
"arguments": {
"process_name": "razy.exe",
"snapshot_handle": "0x00000414",
"process_identifier": 2628
},
"time": 1597290849.266,
"tid": 2984,
"flags": {}
},
"pid": 2628,
"type": "call",
"cid": 11236
},
{
"call": {
"category": "process",
"status": 0,
"stacktrace": [],
"last_error": 18,
"nt_status": -1073741772,
"api": "Process32NextW",
"return_value": 0,
"arguments": {
"process_name": "razy.exe",
"snapshot_handle": "0x00000414",
"process_identifier": 2628
},
"time": 1597290851.282,
"tid": 2984,
"flags": {}
},
"pid": 2628,
"type": "call",
"cid": 11280
},
{
"call": {
"category": "process",
"status": 0,
"stacktrace": [],
"last_error": 18,
"nt_status": -1073741772,
"api": "Process32NextW",
"return_value": 0,
"arguments": {
"process_name": "razy.exe",
"snapshot_handle": "0x000002d0",
"process_identifier": 2628
},
"time": 1597290853.297,
"tid": 2984,
"flags": {}
},
"pid": 2628,
"type": "call",
"cid": 11328
},
{
"call": {
"category": "process",
"status": 0,
"stacktrace": [],
"last_error": 18,
"nt_status": -1073741772,
"api": "Process32NextW",
"return_value": 0,
"arguments": {
"process_name": "razy.exe",
"snapshot_handle": "0x00000308",
"process_identifier": 2628
},
"time": 1597290855.297,
"tid": 2984,
"flags": {}
},
"pid": 2628,
"type": "call",
"cid": 11372
},
{
"call": {
"category": "process",
"status": 0,
"stacktrace": [],
"last_error": 18,
"nt_status": -1073741772,
"api": "Process32NextW",
"return_value": 0,
"arguments": {
"process_name": "razy.exe",
"snapshot_handle": "0x00000308",
"process_identifier": 2628
},
"time": 1597290857.313,
"tid": 2984,
"flags": {}
},
"pid": 2628,
"type": "call",
"cid": 11417
},
{
"call": {
"category": "process",
"status": 0,
"stacktrace": [],
"last_error": 18,
"nt_status": -1073741772,
"api": "Process32NextW",
"return_value": 0,
"arguments": {
"process_name": "razy.exe",
"snapshot_handle": "0x00000308",
"process_identifier": 2628
},
"time": 1597290859.344,
"tid": 2984,
"flags": {}
},
"pid": 2628,
"type": "call",
"cid": 11459
},
{
"call": {
"category": "process",
"status": 0,
"stacktrace": [],
"last_error": 18,
"nt_status": -1073741772,
"api": "Process32NextW",
"return_value": 0,
"arguments": {
"process_name": "razy.exe",
"snapshot_handle": "0x00000308",
"process_identifier": 2628
},
"time": 1597290861.36,
"tid": 2984,
"flags": {}
},
"pid": 2628,
"type": "call",
"cid": 11501
},
{
"call": {
"category": "process",
"status": 0,
"stacktrace": [],
"last_error": 18,
"nt_status": -1073741772,
"api": "Process32NextW",
"return_value": 0,
"arguments": {
"process_name": "razy.exe",
"snapshot_handle": "0x00000308",
"process_identifier": 2628
},
"time": 1597290863.375,
"tid": 2984,
"flags": {}
},
"pid": 2628,
"type": "call",
"cid": 11544
},
{
"call": {
"category": "process",
"status": 0,
"stacktrace": [],
"last_error": 18,
"nt_status": -1073741772,
"api": "Process32NextW",
"return_value": 0,
"arguments": {
"process_name": "razy.exe",
"snapshot_handle": "0x00000308",
"process_identifier": 2628
},
"time": 1597290865.407,
"tid": 2984,
"flags": {}
},
"pid": 2628,
"type": "call",
"cid": 11586
},
{
"call": {
"category": "process",
"status": 0,
"stacktrace": [],
"last_error": 18,
"nt_status": -1073741772,
"api": "Process32NextW",
"return_value": 0,
"arguments": {
"process_name": "razy.exe",
"snapshot_handle": "0x00000308",
"process_identifier": 2628
},
"time": 1597290867.407,
"tid": 2984,
"flags": {}
},
"pid": 2628,
"type": "call",
"cid": 11628
},
{
"call": {
"category": "process",
"status": 0,
"stacktrace": [],
"last_error": 18,
"nt_status": -1073741772,
"api": "Process32NextW",
"return_value": 0,
"arguments": {
"process_name": "razy.exe",
"snapshot_handle": "0x00000308",
"process_identifier": 2628
},
"time": 1597290869.422,
"tid": 2984,
"flags": {}
},
"pid": 2628,
"type": "call",
"cid": 11670
},
{
"call": {
"category": "process",
"status": 0,
"stacktrace": [],
"last_error": 18,
"nt_status": -1073741772,
"api": "Process32NextW",
"return_value": 0,
"arguments": {
"process_name": "razy.exe",
"snapshot_handle": "0x00000308",
"process_identifier": 2628
},
"time": 1597290871.438,
"tid": 2984,
"flags": {}
},
"pid": 2628,
"type": "call",
"cid": 11712
},
{
"call": {
"category": "process",
"status": 0,
"stacktrace": [],
"last_error": 18,
"nt_status": -1073741772,
"api": "Process32NextW",
"return_value": 0,
"arguments": {
"process_name": "razy.exe",
"snapshot_handle": "0x00000308",
"process_identifier": 2628
},
"time": 1597290873.469,
"tid": 2984,
"flags": {}
},
"pid": 2628,
"type": "call",
"cid": 11753
},
{
"call": {
"category": "process",
"status": 0,
"stacktrace": [],
"last_error": 18,
"nt_status": -1073741772,
"api": "Process32NextW",
"return_value": 0,
"arguments": {
"process_name": "razy.exe",
"snapshot_handle": "0x00000308",
"process_identifier": 2628
},
"time": 1597290875.469,
"tid": 2984,
"flags": {}
},
"pid": 2628,
"type": "call",
"cid": 11795
},
{
"call": {
"category": "process",
"status": 0,
"stacktrace": [],
"last_error": 18,
"nt_status": -1073741772,
"api": "Process32NextW",
"return_value": 0,
"arguments": {
"process_name": "razy.exe",
"snapshot_handle": "0x00000308",
"process_identifier": 2628
},
"time": 1597290877.469,
"tid": 2984,
"flags": {}
},
"pid": 2628,
"type": "call",
"cid": 11839
},
{
"call": {
"category": "process",
"status": 0,
"stacktrace": [],
"last_error": 18,
"nt_status": -1073741772,
"api": "Process32NextW",
"return_value": 0,
"arguments": {
"process_name": "razy.exe",
"snapshot_handle": "0x000000d8",
"process_identifier": 2628
},
"time": 1597290879.485,
"tid": 2984,
"flags": {}
},
"pid": 2628,
"type": "call",
"cid": 11886
},
{
"call": {
"category": "process",
"status": 0,
"stacktrace": [],
"last_error": 18,
"nt_status": -1073741772,
"api": "Process32NextW",
"return_value": 0,
"arguments": {
"process_name": "razy.exe",
"snapshot_handle": "0x000000d8",
"process_identifier": 2628
},
"time": 1597290881.485,
"tid": 2984,
"flags": {}
},
"pid": 2628,
"type": "call",
"cid": 11928
},
{
"call": {
"category": "process",
"status": 0,
"stacktrace": [],
"last_error": 18,
"nt_status": -1073741772,
"api": "Process32NextW",
"return_value": 0,
"arguments": {
"process_name": "razy.exe",
"snapshot_handle": "0x000000d8",
"process_identifier": 2628
},
"time": 1597290883.5,
"tid": 2984,
"flags": {}
},
"pid": 2628,
"type": "call",
"cid": 11970
},
{
"call": {
"category": "process",
"status": 0,
"stacktrace": [],
"last_error": 18,
"nt_status": -1073741772,
"api": "Process32NextW",
"return_value": 0,
"arguments": {
"process_name": "razy.exe",
"snapshot_handle": "0x000000d8",
"process_identifier": 2628
},
"time": 1597290885.516,
"tid": 2984,
"flags": {}
},
"pid": 2628,
"type": "call",
"cid": 12012
},
{
"call": {
"category": "process",
"status": 0,
"stacktrace": [],
"last_error": 18,
"nt_status": -1073741772,
"api": "Process32NextW",
"return_value": 0,
"arguments": {
"process_name": "razy.exe",
"snapshot_handle": "0x000000d8",
"process_identifier": 2628
},
"time": 1597290887.532,
"tid": 2984,
"flags": {}
},
"pid": 2628,
"type": "call",
"cid": 12054
},
{
"call": {
"category": "process",
"status": 0,
"stacktrace": [],
"last_error": 18,
"nt_status": -1073741772,
"api": "Process32NextW",
"return_value": 0,
"arguments": {
"process_name": "razy.exe",
"snapshot_handle": "0x00000418",
"process_identifier": 2628
},
"time": 1597290889.532,
"tid": 2984,
"flags": {}
},
"pid": 2628,
"type": "call",
"cid": 12098
},
{
"call": {
"category": "process",
"status": 0,
"stacktrace": [],
"last_error": 18,
"nt_status": -1073741772,
"api": "Process32NextW",
"return_value": 0,
"arguments": {
"process_name": "razy.exe",
"snapshot_handle": "0x00000418",
"process_identifier": 2628
},
"time": 1597290891.532,
"tid": 2984,
"flags": {}
},
"pid": 2628,
"type": "call",
"cid": 12139
},
{
"call": {
"category": "process",
"status": 0,
"stacktrace": [],
"last_error": 18,
"nt_status": -1073741772,
"api": "Process32NextW",
"return_value": 0,
"arguments": {
"process_name": "razy.exe",
"snapshot_handle": "0x00000418",
"process_identifier": 2628
},
"time": 1597290893.532,
"tid": 2984,
"flags": {}
},
"pid": 2628,
"type": "call",
"cid": 12181
},
{
"call": {
"category": "process",
"status": 0,
"stacktrace": [],
"last_error": 18,
"nt_status": -1073741772,
"api": "Process32NextW",
"return_value": 0,
"arguments": {
"process_name": "razy.exe",
"snapshot_handle": "0x00000418",
"process_identifier": 2628
},
"time": 1597290895.563,
"tid": 2984,
"flags": {}
},
"pid": 2628,
"type": "call",
"cid": 12223
},
{
"call": {
"category": "process",
"status": 0,
"stacktrace": [],
"last_error": 18,
"nt_status": -1073741772,
"api": "Process32NextW",
"return_value": 0,
"arguments": {
"process_name": "razy.exe",
"snapshot_handle": "0x00000524",
"process_identifier": 2628
},
"time": 1597290897.578,
"tid": 2984,
"flags": {}
},
"pid": 2628,
"type": "call",
"cid": 12323
},
{
"call": {
"category": "process",
"status": 0,
"stacktrace": [],
"last_error": 18,
"nt_status": -1073741772,
"api": "Process32NextW",
"return_value": 0,
"arguments": {
"process_name": "razy.exe",
"snapshot_handle": "0x00000524",
"process_identifier": 2628
},
"time": 1597290899.578,
"tid": 2984,
"flags": {}
},
"pid": 2628,
"type": "call",
"cid": 12365
},
{
"call": {
"category": "process",
"status": 0,
"stacktrace": [],
"last_error": 18,
"nt_status": -1073741816,
"api": "Process32NextW",
"return_value": 0,
"arguments": {
"process_name": "razy.exe",
"snapshot_handle": "0x0000057c",
"process_identifier": 2628
},
"time": 1597290900.75,
"tid": 2408,
"flags": {}
},
"pid": 2628,
"type": "call",
"cid": 12623
},
{
"call": {
"category": "process",
"status": 0,
"stacktrace": [],
"last_error": 18,
"nt_status": -1073741772,
"api": "Process32NextW",
"return_value": 0,
"arguments": {
"process_name": "razy.exe",
"snapshot_handle": "0x0000055c",
"process_identifier": 2628
},
"time": 1597290901.578,
"tid": 2984,
"flags": {}
},
"pid": 2628,
"type": "call",
"cid": 12672
},
{
"call": {
"category": "process",
"status": 0,
"stacktrace": [],
"last_error": 18,
"nt_status": -1073741772,
"api": "Process32NextW",
"return_value": 0,
"arguments": {
"process_name": "razy.exe",
"snapshot_handle": "0x0000055c",
"process_identifier": 2628
},
"time": 1597290903.61,
"tid": 2984,
"flags": {}
},
"pid": 2628,
"type": "call",
"cid": 12714
},
{
"call": {
"category": "process",
"status": 0,
"stacktrace": [],
"last_error": 18,
"nt_status": -1073741772,
"api": "Process32NextW",
"return_value": 0,
"arguments": {
"process_name": "razy.exe",
"snapshot_handle": "0x0000055c",
"process_identifier": 2628
},
"time": 1597290905.641,
"tid": 2984,
"flags": {}
},
"pid": 2628,
"type": "call",
"cid": 12757
},
{
"call": {
"category": "process",
"status": 0,
"stacktrace": [],
"last_error": 18,
"nt_status": -1073741772,
"api": "Process32NextW",
"return_value": 0,
"arguments": {
"process_name": "razy.exe",
"snapshot_handle": "0x0000055c",
"process_identifier": 2628
},
"time": 1597290907.657,
"tid": 2984,
"flags": {}
},
"pid": 2628,
"type": "call",
"cid": 12799
}
],
"references": [],
"name": "process_needed"
},
{
"markcount": 1,
"families": [],
"description": "Checks for the presence of known windows from debuggers and forensic tools",
"severity": 3,
"marks": [
{
"call": {
"category": "ui",
"status": 0,
"stacktrace": [],
"last_error": 2,
"nt_status": -1073741772,
"api": "FindWindowA",
"return_value": 0,
"arguments": {
"class_name": "TApplication",
"window_name": "eyoorun"
},
"time": 1597290827.735,
"tid": 2408,
"flags": {}
},
"pid": 2628,
"type": "call",
"cid": 2901
}
],
"references": [],
"name": "antidbg_windows"
},
{
"markcount": 1,
"families": [],
"description": "Deletes executed files from disk",
"severity": 3,
"marks": [
{
"category": "file",
"ioc": "C:\\Program Files (x86)\\ihfqgu\\razy.exe",
"type": "ioc",
"description": null
}
],
"references": [],
"name": "deletes_executed_files"
},
{
"markcount": 1,
"families": [],
"description": "Creates a windows hook that monitors keyboard input (keylogger)",
"severity": 3,
"marks": [
{
"call": {
"category": "system",
"status": 1,
"stacktrace": [],
"api": "SetWindowsHookExW",
"return_value": 27394487,
"arguments": {
"thread_identifier": 0,
"callback_function": "0x00000000ffe9ae10",
"module_address": "0x00000000ffdf0000",
"hook_identifier": 13
},
"time": 1597290422.330644,
"tid": 1828,
"flags": {
"hook_identifier": "WH_KEYBOARD_LL"
}
},
"pid": 1788,
"type": "call",
"cid": 4978
}
],
"references": [],
"name": "infostealer_keylogger"
},
{
"markcount": 1,
"families": [],
"description": "Expresses interest in specific running processes",
"severity": 3,
"marks": [
{
"category": "process: potential process injection target",
"ioc": "csrss.exe",
"type": "ioc",
"description": null
}
],
"references": [],
"name": "process_interest"
},
{
"markcount": 137,
"families": [],
"description": "Drops 137 unknown file mime types indicative of ransomware writing encrypted files back to disk",
"severity": 3,
"marks": [
{
"category": "file",
"ioc": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-phish-proto.metadata",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\mozplugin-block-digest256.sbstore",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B25B8C1B43CF7FBFAE6666322FAC0E83376388E2",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4EC268BEC38CFB516EF780E0EBE4E401AF241132",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-malware-simple.sbstore",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D7152E928865BCA4A03E2E2EA4F70459D0A65CA9",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\9BA38CD17924C08AD334BFB3903E3E7CD5627B1B",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\911B0C61350C012E383F7D0845A33B4D64F1AD2A",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B871BCA40A90227E35C39797525C79C94A1D99BE",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\5910B209536948818F465D83D2569E7CE0895207",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\63FFF734326AB3EF836515DFE9353A5E12B66B71",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\FDC043D6190638980733E805CC7517F27A931511",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\urlCache-current.bin",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\80C4BD9CF4D3178043F25467076DC8E0EDCA7FA2",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\179F6D8969C48967D77229126C8892C5E40DBC29",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\64E75C732D9C3F23724ACEF48E9B6C566BC6D9BE",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-phish-simple.sbstore",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\25D9FE4CEA5B58770648CDAF3242ACDE286A6CBF",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\6E1FED29EBE0BFDE3E498E4192938BE957FF9246",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\AC09BBF6FF451E6C03BF3FB18C85B1A52662C4FC",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\A2FD2AEC52AD764EF05C6E7CE3A4CE4B752EA5F0",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\EFC872FB5405AFC377348FFCDD26E62BBB612D81",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\C4FA0268E64A0AD9E2040B07A1F10F120BD4EB0C",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\3A472858AE5D0DD4813DF4EFC9F1037A487B1A64",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\406A03EE0E91037465ACB2B4F4105250A54F282B",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B028362E3889BEAC998CED49FD74BA83B106FF93",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\AFE5FBBD40656A0DF79CF1E5D0A1DF072C6B9AE9",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\01B2BB0FC84221A3593CA7991D57E56AC2CAE656",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D6BFEAEE7117A9C7FDE6A10EAB400F894E4195A8",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4A7B3B12544D1B7ECC140DBCC7F13159E5C2811A",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F456E8433011E699C016D5F1A2CD66D7F02F61A1",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\167493A5CFB1A41265EC1B95DA06580C32BCF814",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\006309EAFFD4653F45B69F09BF6F930B6C5B394C",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D172C03F361E7325D8F391F992106A828306767D",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\0EDDF8C091E2FED62E44BEDDDC1723F5BF38FE4F",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-harmful-simple.sbstore",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-unwanted-proto.metadata",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\scriptCache-current.bin",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\17AFA6B228D2D87514B84B53E61306EC9F76A8AE",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\773ADD9F62EEAF7F2246C8AD56A9F1B7BAA7B703",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\89ACBB962943FAF1EF2F1C7CA72502C77A714625",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\1E6CC88205509B4729347C79C048D6FEE47BA702",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\92B5C9352DD00CE3BC97E4D5F624D41C2B3E8A45",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\allow-flashallow-digest256.pset",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B7DB036074231ACC212F58CA5B8AF0545A418060",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\webext.sc.lz4",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\505DF13F4DA2C53FEB1945E0598B23F47FDBDCC7",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\96ABC2EA8266E6EA2ABE62F8766B67BC8CA527BD",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\A9004750076EB06EEC33AA7B9CC6D2557CD44CF4",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B43D30F6F6BD7155ECCE1FFC98748C5FE69D8051",
"type": "ioc",
"description": null
}
],
"references": [],
"name": "ransomware_dropped_files"
},
{
"markcount": 574,
"families": [],
"description": "Deletes a large number of files from the system indicative of ransomware, wiper malware or system destruction",
"severity": 3,
"marks": [
{
"category": "file",
"ioc": "C:\\Windows\\YRFEtcu.dll",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\C57B57965CBA09581E320B5AA0337D210F8F93D2",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\BA3014356B4F6ECADF1B5288B6841EB407783B99",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\1FD79E550E990A5DE8BC811C9BBECF380A66A9DF",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\1F3A3A34BAF218785600EB46E9182918B9928898",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\BBKtzto[1].jpg",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-unwanted-proto.metadata",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\AAn2nbX[1].png",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\BB03D28C0A5842A9006EBFBFCDEC58959BE6B505",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\FF55B8192FB0DF5264A1A67E55A281598969EDD1",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\AAyDNXs[1].jpg",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\billboard-healthy-internet.4c6fc8ad55a2[1].png",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\7ADD52E257AB16553D632B8F4B6830030878A19E",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\activity-stream.tippytop.json",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\desktop.ini",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\0CDAD0FEE8D457A239E21FCEAC3C12851FD524BB",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\thumbnails\\fb2f644bcf6b36d8862a33041d87ddf0.png",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F456E8433011E699C016D5F1A2CD66D7F02F61A1",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\24AB539CB6640E15DB1604220F3951544785212C",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\AAyGytH[1].jpg",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\pebbles.03d45fb8fff9[1].css",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\AAyHX0C[1].jpg",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\AAyGEJ3[1].jpg",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\AAyGk1E[1].png",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\linkid[1].js",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\AAyG7xi[1].jpg",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-malware-simple.pset",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\53DAE4B1D7BFF6744CCAF7207DE631267F9883DC",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\AAyGF0V[1].jpg",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\03C2D63D520038594126B6B542E92CB503EF60B6",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\jumpListCache\\TNrpsmOw5RDPyttYNXVb1A==.ico",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\AAmTi96[1].png",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\BD75785200C0E1E894D78880C72AC03D1B02A575",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\24C085D72E4DC34C183B0875733BBC71612D9696",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\AA5Pgkt[1].png",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\8C98F893C7DC5F2C401AD1482A81572B54197408",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\AAyHSTw[1].jpg",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\80C4BD9CF4D3178043F25467076DC8E0EDCA7FA2",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\QQUHP74Z\\AAyGjgH[1].jpg",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\cuck@www.bing[1].txt",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\f1d86b5a[1].js",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\AAyHtCF[1].jpg",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\E600EF8778C4BFEC40D87FF56E5C46E3377094F0",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\AAyFSlO[1].jpg",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\89ACBB962943FAF1EF2F1C7CA72502C77A714625",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\moz-wordmark-light-reverse.cb1bdf6d1de6[1].svg",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\I6GMLZZB\\analytics[1].js",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\AAyHp3I[1].jpg",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EIDFNJNY\\AAyDG2i[1].jpg",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\SHYNOLTK\\AAmAjxE[1].png",
"type": "ioc",
"description": null
}
],
"references": [],
"name": "ransomware_mass_file_delete"
},
{
"markcount": 1,
"families": [],
"description": "Detects VMWare through the in instruction feature",
"severity": 3,
"marks": [
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "m\na\nw\ne\nc\nc\nb\ns\n+\n0\nx\n9\ne\n3\n7\nf\n \n@\n \n0\nx\n3\n5\n5\ne\n3\n7\nf\n\n\nm\na\nw\ne\nc\nc\nb\ns\n+\n0\nx\n9\nf\n9\n9\n7\n \n@\n \n0\nx\n3\n5\n5\nf\n9\n9\n7\n\n\nm\na\nw\ne\nc\nc\nb\ns\n+\n0\nx\n2\n3\n3\nd\nf\n \n@\n \n0\nx\n3\n4\ne\n3\n3\nd\nf\n\n\nm\na\nw\ne\nc\nc\nb\ns\n+\n0\nx\n4\na\n5\n6\n \n@\n \n0\nx\n3\n4\nc\n4\na\n5\n6\n\n\nB\na\ns\ne\nT\nh\nr\ne\na\nd\nI\nn\ni\nt\nT\nh\nu\nn\nk\n+\n0\nx\n1\n2\n \nV\ne\nr\ni\nf\ny\nC\no\nn\ns\no\nl\ne\nI\no\nH\na\nn\nd\nl\ne\n-\n0\nx\nb\n3\n \nk\ne\nr\nn\ne\nl\n3\n2\n+\n0\nx\n1\n3\n3\nc\na\n \n@\n \n0\nx\n7\n5\nb\nc\n3\n3\nc\na\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n6\n3\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\na\n1\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\nd\n2\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\nd\n2\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n3\n6\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\nc\ne\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\na\n5\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\na\n5",
"registers": {
"esp": 59505568,
"edi": 0,
"eax": 1447909480,
"ebp": 59505608,
"edx": 22104,
"ebx": 0,
"esi": 0,
"ecx": 10
},
"exception": {
"instruction_r": "ed 81 fb 68 58 4d 56 0f 94 45 ff 5b 59 5a 33 c0",
"instruction": "in eax, dx",
"exception_code": "0xc0000096",
"symbol": "maweccbs+0xdbbdc",
"address": "0x359bbdc"
}
},
"time": 1597290827.563,
"tid": 2408,
"flags": {}
},
"pid": 2628,
"type": "call",
"cid": 2539
}
],
"references": [],
"name": "antivm_vmware_in_instruction"
}
]Yara
The Yara rules did not detect anything in the file.
Network
{
"tls": [],
"udp": [
{
"src": "192.168.56.101",
"dst": "192.168.56.255",
"offset": 662,
"time": 6.221152067184448,
"dport": 137,
"sport": 137
},
{
"src": "192.168.56.101",
"dst": "192.168.56.255",
"offset": 33854,
"time": 12.315307855606079,
"dport": 138,
"sport": 138
},
{
"src": "192.168.56.101",
"dst": "224.0.0.252",
"offset": 36118,
"time": 6.177114009857178,
"dport": 5355,
"sport": 51001
},
{
"src": "192.168.56.101",
"dst": "224.0.0.252",
"offset": 36446,
"time": 4.167547941207886,
"dport": 5355,
"sport": 53595
},
{
"src": "192.168.56.101",
"dst": "224.0.0.252",
"offset": 36774,
"time": 6.1882548332214355,
"dport": 5355,
"sport": 53848
},
{
"src": "192.168.56.101",
"dst": "224.0.0.252",
"offset": 37102,
"time": 4.767627000808716,
"dport": 5355,
"sport": 54255
},
{
"src": "192.168.56.101",
"dst": "224.0.0.252",
"offset": 37430,
"time": 3.0512678623199463,
"dport": 5355,
"sport": 55314
},
{
"src": "192.168.56.101",
"dst": "224.0.0.252",
"offset": 37758,
"time": 119.32252383232117,
"dport": 5355,
"sport": 55880
},
{
"src": "192.168.56.101",
"dst": "239.255.255.250",
"offset": 38086,
"time": 4.2380499839782715,
"dport": 1900,
"sport": 1900
},
{
"src": "192.168.56.101",
"dst": "239.255.255.250",
"offset": 57496,
"time": 4.189741849899292,
"dport": 3702,
"sport": 49152
},
{
"src": "192.168.56.101",
"dst": "239.255.255.250",
"offset": 65880,
"time": 6.26871395111084,
"dport": 1900,
"sport": 53598
},
{
"src": "192.168.56.101",
"dst": "255.255.255.255",
"offset": 70010,
"time": 21.259589910507202,
"dport": 6880,
"sport": 53849
},
{
"src": "192.168.56.101",
"dst": "255.255.255.255",
"offset": 70310,
"time": 46.309056997299194,
"dport": 6880,
"sport": 53850
},
{
"src": "192.168.56.101",
"dst": "255.255.255.255",
"offset": 70610,
"time": 119.28489995002747,
"dport": 6880,
"sport": 53851
}
],
"dns_servers": [],
"http": [],
"icmp": [],
"smtp": [],
"tcp": [],
"smtp_ex": [],
"mitm": [],
"hosts": [],
"pcap_sha256": "a554b806ca406b1121f7b9ffaf0ace27bc89608e1948f048cd0e45451c782b42",
"dns": [],
"http_ex": [],
"domains": [],
"dead_hosts": [],
"sorted_pcap_sha256": "ff74a1de98e42b8cf73e080dfdbfbf7b0bc2a81a46c8255b9fe938e2ae994fc3",
"irc": [],
"https_ex": []
}Screenshots
fzad.exe removal instructions
The instructions below shows how to remove fzad.exe with help from the FreeFixer removal tool. Basically, you install FreeFixer, scan your computer, check the fzad.exe file for removal, restart your computer and scan it again to verify that fzad.exe has been successfully removed. Here are the removal instructions in more detail:
- Download and install FreeFixer: http://www.freefixer.com/download.html
- Start FreeFixer and press the Start Scan button. The scan will finish in approximately five minutes.
- When the scan is finished, locate fzad.exe in the scan result and tick the checkbox next to the fzad.exe file. Do not check any other file for removal unless you are 100% sure you want to delete it. Tip: Press CTRL-F to open up FreeFixer's search dialog to quickly locate fzad.exe in the scan result.
c:\downloads\fzad.exe 
- Scroll down to the bottom of the scan result and press the Fix button. FreeFixer will now delete the fzad.exe file.
- Restart your computer.
- Start FreeFixer and scan your computer again. If fzad.exe still remains in the scan result, proceed with the next step. If fzad.exe is gone from the scan result you're done.
- If fzad.exe still remains in the scan result, check its checkbox again in the scan result and click Fix.
- Restart your computer.
- Start FreeFixer and scan your computer again. Verify that fzad.exe no longer appear in the scan result.
Hashes [?]
Property Value MD5 bf224547a56ca6cf5ded7c7af89e4653 SHA256 02b3347e2bc807abd5a3c361d5d88e5013e88b169e86077d525a29f791602ea5
Error Messages
These are some of the error messages that can appear related to fzad.exe:
fzad.exe has encountered a problem and needs to close. We are sorry for the inconvenience.
fzad.exe - Application Error. The instruction at "0xXXXXXXXX" referenced memory at "0xXXXXXXXX". The memory could not be "read/written". Click on OK to terminate the program.
fzad.exe has stopped working.
End Program - fzad.exe. This program is not responding.
fzad.exe is not a valid Win32 application.
fzad.exe - Application Error. The application failed to initialize properly (0xXXXXXXXX). Click OK to terminate the application.
What will you do with fzad.exe?
To help other users, please let us know what you will do with fzad.exe:
Comments
Please share with the other users what you think about this file. What does this file do? Is it legitimate or something that your computer is better without? Do you know how it was installed on your system? Did you install it yourself or did it come bundled with some other software? Is it running smoothly or do you get some error message? Any information that will help to document this file is welcome. Thank you for your contributions.
I'm reading all new comments so don't hesitate to post a question about the file. If I don't have the answer perhaps another user can help you.
No comments posted yet.
Leave a reply
