Analysis Report Fennec Pharma .docx

Overview

General Information

Sample Name:	Fennec Pharma .docx
Analysis ID:	321374
MD5:	e935876bc1daf073b5730cfef5ee1b6f
SHA1:	2f0444a05ac3eca81313712825fec001efceb3ac
SHA256:	494148b0b3b41783ae059b3344248b7ea1d5ce4a99f00c55f7631f9493d44483
Most interesting Screenshot:

Detection

Score:	48
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for URL or domain

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

Classification

Signatures

AV Detection:

Antivirus detection for URL or domain

Source: https://jamif-cdn3d.us-east-1.linodeobjects.com/dfce06801e1a85d6d06f1fdd4475dacd.html	SlashNext: Label: Fake Login Page type: Phishing & Social Engineering
Source: https://jamif-cdn3d.us-east-1.linodeobjects.com/dfce06801e1a85d6d06f1fdd4475dacd.html	UrlScan: Label: phishing brand: generic microsoft			Perma Link

Source: https://workflowy.com/login/?next=/s/this-document-is-too/Tdcv9KOl0AuohEPI	HTTP Parser: No <meta name="author".. found
Source: https://workflowy.com/login/?next=/s/this-document-is-too/Tdcv9KOl0AuohEPI	HTTP Parser: No <meta name="author".. found
Source: https://workflowy.com/signup/?next=/s/this-document-is-too/Tdcv9KOl0AuohEPI	HTTP Parser: No <meta name="author".. found
Source: https://workflowy.com/signup/?next=/s/this-document-is-too/Tdcv9KOl0AuohEPI	HTTP Parser: No <meta name="author".. found

Source: https://workflowy.com/login/?next=/s/this-document-is-too/Tdcv9KOl0AuohEPI	HTTP Parser: No <meta name="copyright".. found
Source: https://workflowy.com/login/?next=/s/this-document-is-too/Tdcv9KOl0AuohEPI	HTTP Parser: No <meta name="copyright".. found
Source: https://workflowy.com/signup/?next=/s/this-document-is-too/Tdcv9KOl0AuohEPI	HTTP Parser: No <meta name="copyright".. found
Source: https://workflowy.com/signup/?next=/s/this-document-is-too/Tdcv9KOl0AuohEPI	HTTP Parser: No <meta name="copyright".. found

Networking:

IP address seen in connection with other malware

Source: Joe Sandbox View

IP Address: 74.125.140.156 74.125.140.156

JA3 SSL client fingerprint seen in connection with other malware

Source: Joe Sandbox View

JA3 fingerprint: 7dcce5b76c8b17472d024758970a406b

Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

File created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{B5D78783-1A3F-4CA6-941D-F5C2CCA9C0AC}.tmp

Jump to behavior

Source: document_view.min[1].js.3.dr

String found in binary or memory: re glad you like WorkFlowy. Please share it with your friends!"),!c.d()&&o.createElement(o.Fragment,null,o.createElement("div",{className:Object(l.e)({marginBottom:"24px",lineHeight:"20px",fontSize:"13px"})},o.createElement("strong",null,"When a friend signs up through your Facebook post, we'll give you"," ",s===d?"both "+s+" more monthly items.":s+" more monthly items."+(d?" They'll get "+d+" more items too.":""))," ","You currently have ",i," WorkFlowy items per month.")),o.createElement(a.b,{buttonStyle:a.a.Primary,onClick:function(){var e=f+"&utm_campaign=friend_recommendation_prompt_10_days&utm_medium=facebook&utm_source=wf";window.open("https://www.facebook.com/sharer/sharer.php?u="+e,"Share WorkFlowy","height=640,width=558,left=50,top=50"),_gaq.push(["_trackPageview","/virtual/friend_recommendation_prompt/10_days/facebook_share_button_clicked"])}},"Share WorkFlowy on Facebook")))}},t}return d(t,e),t.prototype.componentWillUnount=function(){_gaq.push(["_trackPageview","/virtual/friend_recommendation_prompt/10_days/rating_dialog_closed/"])},t.prototype.render=function(){return o.createElement(o.Fragment,null,o.createElement(u.b,null,"What do you think of WorkFlowy?"),o.createElement("div",{className:Object(l.e)({marginTop:"24px",marginBottom:"24px"})},"Please click a star to rate WorkFlowy."),o.createElement(p,{onChange:this.onRatingChange}),o.createElement("div",{className:Object(l.e)({marginTop:"24px",marginBottom:"12px",fontSize:"13px",lineHeight:"20px"})},"You equals www.facebook.com (Facebook)

Source: unknown

DNS traffic detected: queries for: workflowy.com

Source: document_view.min[1].js.3.dr	String found in binary or memory: http://getfirefox.com
Source: document_view.min[1].js.3.dr	String found in binary or memory: http://google.com/chrome
Source: ga[1].js.3.dr	String found in binary or memory: http://www.google-analytics.com
Source: {4D8EA032-2BE1-11EB-ADCF-ECF4BBB5915B}.dat.2.dr	String found in binary or memory: https://jamif-cdn3d.us
Source: ~DF2A13DD1A919A2BA2.TMP.2.dr	String found in binary or memory: https://jamif-cdn3d.us-east-1.linodeobjects.com/dfce06801e1a85d6d06f1fdd4475dacd.html
Source: ~DF2A13DD1A919A2BA2.TMP.2.dr	String found in binary or memory: https://jamif-cdn3d.us-east-1.linodeobjects.com/dfce06801e1a85d6d06f1fdd4475dacd.html8This
Source: ga[1].js.3.dr	String found in binary or memory: https://ssl.google-analytics.com
Source: Tdcv9KOl0AuohEPI[1].htm0.3.dr	String found in binary or memory: https://ssl.google-analytics.com/ga.js
Source: ga[1].js.3.dr	String found in binary or memory: https://ssl.google-analytics.com/j/__utm.gif
Source: ga[1].js.3.dr	String found in binary or memory: https://stats.g.doubleclick.net/j/collect?
Source: {4D8EA032-2BE1-11EB-ADCF-ECF4BBB5915B}.dat.2.dr	String found in binary or memory: https://workflowy-east-1.linodeobjects.com/dfce06801e1a85d6d06f1fdd4475dacd.htmlRoot
Source: {4D8EA032-2BE1-11EB-ADCF-ECF4BBB5915B}.dat.2.dr	String found in binary or memory: https://workflowy.com/
Source: signup[1].htm0.3.dr, login[1].htm0.3.dr	String found in binary or memory: https://workflowy.com/accounts/password_reset/
Source: ~DF2A13DD1A919A2BA2.TMP.2.dr	String found in binary or memory: https://workflowy.com/login/?next=/s/this-document-is-too/Tdcv9KOl0AuohEPI
Source: ~DF2A13DD1A919A2BA2.TMP.2.dr	String found in binary or memory: https://workflowy.com/login/?next=/s/this-document-is-too/Tdcv9KOl0AuohEPI&Log
Source: imagestore.dat.3.dr	String found in binary or memory: https://workflowy.com/media/i/favicon.ico
Source: imagestore.dat.3.dr	String found in binary or memory: https://workflowy.com/media/i/favicon.ico~
Source: document_view.min[1].js.3.dr	String found in binary or memory: https://workflowy.com/referrals/
Source: {4D8EA032-2BE1-11EB-ADCF-ECF4BBB5915B}.dat.2.dr	String found in binary or memory: https://workflowy.com/s/this-doRoot
Source: ~DF2A13DD1A919A2BA2.TMP.2.dr, ~WRS{0863C5D3-5908-4917-8FD7-8909E0160183}.tmp.0.dr	String found in binary or memory: https://workflowy.com/s/this-document-is-too/Tdcv9KOl0AuohEPI
Source: ~DF2A13DD1A919A2BA2.TMP.2.dr	String found in binary or memory: https://workflowy.com/s/this-document-is-too/Tdcv9KOl0AuohEPI#/7686a5f8c6e6
Source: ~DF2A13DD1A919A2BA2.TMP.2.dr	String found in binary or memory: https://workflowy.com/s/this-document-is-too/Tdcv9KOl0AuohEPI#/7686a5f8c6e6workflowy.com/media/i/fav
Source: {4D8EA032-2BE1-11EB-ADCF-ECF4BBB5915B}.dat.2.dr	String found in binary or memory: https://workflowy.com/s/this-document-is-too/Tdcv9KOl0AuohEPIRoot
Source: ~DF2A13DD1A919A2BA2.TMP.2.dr	String found in binary or memory: https://workflowy.com/s/this-document-is-too/Tdcv9KOl0AuohEPInThis
Source: ~DF2A13DD1A919A2BA2.TMP.2.dr	String found in binary or memory: https://workflowy.com/signup/?next=/s/this-document-is-too/Tdcv9KOl0AuohEPI
Source: ga[1].js.3.dr	String found in binary or memory: https://www.google.%/ads/ga-audiences?
Source: ga[1].js.3.dr	String found in binary or memory: https://www.google.com/analytics/web/inpage/pub/inpage.js?

Source: unknown	Network traffic detected: HTTP traffic on port 49185 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49169
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49168
Source: unknown	Network traffic detected: HTTP traffic on port 49187 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49167
Source: unknown	Network traffic detected: HTTP traffic on port 49183 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49187
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49185
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49173
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49172
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49183
Source: unknown	Network traffic detected: HTTP traffic on port 49172 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49168 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49169 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49167 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49173 -> 443

Source: classification engine

Classification label: mal48.winDOCX@4/71@5/2

Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

File created: C:\Users\user\Desktop\~$nnec Pharma .docx

Jump to behavior

Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

File created: C:\Users\user\AppData\Local\Temp\CVRC16A.tmp

Jump to behavior

Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

File read: C:\Users\desktop.ini

Jump to behavior

Source: unknown	Process created: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE 'C:\Program Files\Microsoft Office\Office14\WINWORD.EXE' /Automation -Embedding
Source: unknown	Process created: C:\Program Files\Internet Explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: unknown	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:2568 CREDAT:275457 /prefetch:2
Source: C:\Program Files\Internet Explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:2568 CREDAT:275457 /prefetch:2	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: Fennec Pharma .docx

Initial sample: OLE zip file path = word/_rels/header1.xml.rels

Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems

Jump to behavior

Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

File opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dll

Jump to behavior

Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
74.125.140.156	unknown	United States		15169	GOOGLEUS	false
54.84.56.113	unknown	United States		14618	AMAZON-AESUS	false

Contacted Domains

Name	IP	Active
workflowy.com	54.84.56.113	true
stats.l.doubleclick.net	74.125.140.156	true
js-agent.newrelic.com	unknown	unknown
bam-cell.nr-data.net	unknown	unknown
stats.g.doubleclick.net	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://workflowy.com/s/this-document-is-too/Tdcv9KOl0AuohEPI	false		high
https://workflowy.com/s/this-document-is-too/Tdcv9KOl0AuohEPI#/7686a5f8c6e6	false		high
https://jamif-cdn3d.us-east-1.linodeobjects.com/dfce06801e1a85d6d06f1fdd4475dacd.html	true	100%, UrlScan, Browse SlashNext: Fake Login Page type: Phishing & Social Engineering	unknown
https://workflowy.com/login/?next=/s/this-document-is-too/Tdcv9KOl0AuohEPI	false		high
https://workflowy.com/signup/?next=/s/this-document-is-too/Tdcv9KOl0AuohEPI	false		high

ID:	321374
Product:	CloudBasic
Start time:	02:05:59
Start date:	21.11.2020
Sample:	Fennec Pharma .docx
Cookbook:	defaultwindowsofficecookbook.jbs
System description:	Windows 7 x64 SP1 with Office 2010 SP2 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
Architecture:	WINDOWS
MD5:	e935876bc1daf073b5730cfef5ee1b6f
SHA1:	2f0444a05ac3eca81313712825fec001efceb3ac
SHA256:	494148b0b3b41783ae059b3344248b7ea1d5ce4a99f00c55f7631f9493d44483
Filetype:	Word Microsoft Office Open XML Format document (49504/1) 49.01%

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico	PNG image data, 16 x 16, 4-bit colormap, non-interlaced	9FB559A691078558E77D6848202F6541	EA13848D33C2C7F4F4BAA39348AEB1DBFAD3DF31	6D8A01DC7647BC218D003B58FE04049E24A9359900B7E0CEBAE76EDF85B8B914
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\MP98E46N\workflowy[1].xml	ASCII text, with very long lines, with no line terminators	755A289645BD1E1D9C561C6AEAA0E9E0	C0A9E91C78F972DFADC2053054CE575864BCDC2A	D10762788108893218744983745DB555CAE8C3AC234AC16852A5AA3DE0F5F083
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{4D8EA030-2BE1-11EB-ADCF-ECF4BBB5915B}.dat	Microsoft Word Document	BE4C5A148D093F9AE72F1AEBB9F37CDD	C7ECF4AA5CA7504530F082815DAEA664A6644E28	5BBBC574870D6DCD9B5DA67FDDC0DF8191315F68BA8505B8007F294470911CC0
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{4D8EA032-2BE1-11EB-ADCF-ECF4BBB5915B}.dat	Microsoft Word Document	8C372D7FA087FFAA3C36ECA190F430A3	E45FEE9C6B49B175C45C0E2A1BE9A5B5BB6413B6	8EBE518EA318C406EF17DDED92F336A7B1DC84AAD812DF45E1DDC3E61985AB85
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{63490D46-2BE1-11EB-ADCF-ECF4BBB5915B}.dat	Microsoft Word Document	FB33C587FFEC2760F559648B87AA28CF	AF2361097A43CCE9EEBD9EB88E13CD1562B87899	32163CD17CC268E8DB895D4363D7733685C136881639BF5409367535BE9D967D
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\lr5drzg\imagestore.dat	data	07B89D73BAFD9E0F4F5E05279213907F	A664D8028BB1FA5A5DA177E874EEF2BD6970D6B1	489C783F8471A485B69A3E81ED9340EB96921C15CA2F2314D30F4DE06B2D5E98
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\Tdcv9KOl0AuohEPI[1].htm	HTML document, ASCII text, with very long lines	EDD0E7054E0AFB0C108A450DD0BAEB0A	0268CBBABD7FC34F27A45B16C7EA94290FEBC5C1	363340B8C89CAB46D86371F32C07A4FC5BC89C4F1AC08E94E02C845B3F94F94E
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\adf9fc155506e2fa3fbf[1].js	ASCII text, with very long lines	B0CCC823DF717416D5EAA426AAC6BA86	6984D4F8B021EC07E4EEB338F9F6F8431C6C18EB	53BDF5DAE2A46EE74470051D7AF9FB93BEAF8659D193322D4916EB758FE87294
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\eaeea54ab7[1].js	ASCII text, with no line terminators	79F2D634CE67570918939DF10A075576	BA47B7DACB11250F9B1B3974B34954B188E3ECAD	D10C94B6CDB747904BAEE9070F003BB45849DA46F8100B1320F286C21CBCAAA1
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\favicon[1].ico	PNG image data, 16 x 16, 4-bit colormap, non-interlaced	9FB559A691078558E77D6848202F6541	EA13848D33C2C7F4F4BAA39348AEB1DBFAD3DF31	6D8A01DC7647BC218D003B58FE04049E24A9359900B7E0CEBAE76EDF85B8B914
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\httpErrorPagesScripts[1]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	3F57B781CB3EF114DD0B665151571B7B	CE6A63F996DF3A1CCCB81720E21204B825E0238C	46E019FA34465F4ED096A9665D1827B54553931AD82E98BE01EDB1DDBC94D3AD
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\nr-1184.min[1].js	ASCII text, with very long lines, with no line terminators	3D7F312BE60D08A2568E311E4762F3AF	EDC028ACC27FB8DC6E2106A071A03AE7F93DC3B4	780861F2AB29C0144055244696561FB0306C8CB3CB7F548F9105C763B0E91F77
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\signup[1].htm	HTML document, ASCII text, with CRLF line terminators	7B4F513528A3D65397F0E7F6DEF7AD4A	5DA8E55D7F30D9530BDEFB6FD670C273FF9DDD66	5075788CBBDF48D111B4882949D3E50856C81CA87630A85D7C8DD1E600CDC691
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\Tdcv9KOl0AuohEPI[1].htm	HTML document, ASCII text, with very long lines	F7A8F1BF1B39C510AAEB9BA8277AA138	1BA9D479FB4C1854929FE6582D267AF91471EBC9	F122C256F319D5C9122CEF63B37810A28D72FE5EA3891452A5D08428FBAEA2DB
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\dnserror[1]	HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators	73C70B34B5F8F158D38A94B9D7766515	E9EAA065BD6585A1B176E13615FD7E6EF96230A9	3EBD34328A4386B4EBA1F3D5F1252E7BD13744A6918720735020B4689C13FCF4
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\eaeea54ab7[1].gif	GIF image data, version 89a, 1 x 1	BC32ED98D624ACB4008F986349A20D26	2D3DF8C11D2168CE2C27E0937421D11D85016361	0C9CF152A0AD00D4F102C93C613C104914BE5517AC8F8E0831727F8BFBE8B300
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\eaeea54ab7[2].gif	GIF image data, version 89a, 1 x 1	BC32ED98D624ACB4008F986349A20D26	2D3DF8C11D2168CE2C27E0937421D11D85016361	0C9CF152A0AD00D4F102C93C613C104914BE5517AC8F8E0831727F8BFBE8B300
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\favicon[1].ico	MS Windows icon resource - 6 icons, 256x256, 32 bits/pixel, 128x128, 32 bits/pixel	F411E7E8A5B13EB1DE3974675C0D8CFC	86E1C2A83787FF51333BA6CF512A7C125DE16429	D183C18DB92DD74B44320182C14B12A627B9F0A836776A7E0C263BE8D2792995
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\login[1].htm	HTML document, ASCII text, with CRLF line terminators	7B4F513528A3D65397F0E7F6DEF7AD4A	5DA8E55D7F30D9530BDEFB6FD670C273FF9DDD66	5075788CBBDF48D111B4882949D3E50856C81CA87630A85D7C8DD1E600CDC691
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\reset[1].css	ASCII text	11B989919D8B8857A3700B00F4E8F184	0D909DA6DE2B0157D07D0FCB721221F5D49688C0	20B1C4B5D2BE0EED0ABB524023534E08D98D34D82C01D60CEB40D9B387EB8AC5
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\urlblockindex[1].bin	data	FA518E3DFAE8CA3A0E495460FD60C791	E4F30E49120657D37267C0162FD4A08934800C69	775853600060162C4B4E5F883F9FD5A278E61C471B3EE1826396B6D129499AA7
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\6f0b670eddaac85c5e4a[1].js	UTF-8 Unicode text, with very long lines	8AFD3E7AEF0EF52C3EC7F4647F443AE4	21B6CC97A07DE5C5E62A5A0BEE624DE2B8033A23	FA8372A7BFB9536773A97EF134BD77AAA88295B10382F5885C70C639C51EB5B3
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\document_view.min[1].js	UTF-8 Unicode text, with very long lines, with NEL line terminators	4178D793497614CBF5B74C0C8979754F	700184FFA5B57AF2316B37DF357E02BA2346352B	AA3D1A96BF8F4EED52C33D311D1CEDE1A735C7595E567BF81E9397480B7E4D48
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\e42577a28f6c3e306a7f[1].js	ASCII text, with very long lines	AD5D37EB59C3360ECE2973696A3520D4	74E94926731088E2CCD62DD065CDB1B7316FF1AA	1463EEA0C3698C8760F805F7720FC1A8195AF56227DF0D22CCEB1955C2858646
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\errorPageStrings[1]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	6B26ECFA58E37D4B5EC861FCDD3F04FA	B69CD71F68FE35A9CE0D7EA17B5F1B2BAD9EA8FA	7F7D1069CA8A852C1C8EB36E1D988FE6A9C17ECB8EFF1F66FC5EBFEB5418723A
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\ga[1].js	ASCII text, with very long lines	E9372F0EBBCF71F851E3D321EF2A8E5A	2C7D19D1AF7D97085C977D1B69DCB8B84483D87C	1259EA99BD76596239BFD3102C679EB0A5052578DC526B0452F4D42F8BCDD45F
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\logo-bullet-lines-blue[1].svg	SVG Scalable Vector Graphics image	7C6542F8D09ED039CEAD9A46BA912E53	45BECA1B83D4B72F79D1A10C6210ACDFF355C23B	1255B7A53BEFBB4A3C4031F9582FE1936B8D124DE5B8B693B03358CB3E492071
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\NewErrorPageTemplate[1]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	CDF81E591D9CBFB47A7F97A2BCDB70B9	8F12010DFAACDECAD77B70A3E781C707CF328496	204D95C6FB161368C795BB63E538FE0B11F9E406494BB5758B3B0D60C5F651BD
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\eaeea54ab7[1].js	ASCII text, with no line terminators	79F2D634CE67570918939DF10A075576	BA47B7DACB11250F9B1B3974B34954B188E3ECAD	D10C94B6CDB747904BAEE9070F003BB45849DA46F8100B1320F286C21CBCAAA1
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\login[1].htm	HTML document, ASCII text, with very long lines	5462057035E108135972ABB914FB85A8	580BDFA18401421EC757AA11F6138BE4DE233D6B	357F8DC902E87B5F314CBCC917B670FE608B3284BE46ED5AD083A64D9126FF99
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\print[1].css	ASCII text	7471DC37D85CB2B6BAAC70B6A9312DB4	D4775C3D288899890AA0874D3F9AC33843680119	858EBBB77D7504548FED0FB9088D90B774945E88B0464D42A44C4829A84B972D
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\signup[1].htm	HTML document, ASCII text, with very long lines	8A0730731A4463EAF1E9C6057B1CE100	C654D4BC0F4FE542744603F4478A6EDAE4A4ED3E	38DFDE1431EE46C01C9F41C1DF70DBEE7415BBE0C0C83787F2736330DEB59F48
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\site.min[1].js	UTF-8 Unicode text, with very long lines, with LF, NEL line terminators	D06B9C7BBDB584E891AF7470C540373F	9E09177E303D5EC1876E1183842BFE60D4BCBC17	1D96DED3CBB2E05D247CA03185BA021F790DBE8AABDD03DF56BBC27AB84BD7D6
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\2CB71C2A.png	PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced	9C2FBA52C04789512F6A65063D4E133D	7DB79BE522470FD497E3B773573B9AAA0BC16859	830F7BA5968E6EBF92275418B4AC0622CC85867B1A8729DA7B571992052C7DB3
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\424A15C8.wmf	Targa image data - Map - RLE 65536 x 65536 x 0 "\004"	6D97AE53BC6D99F3088C2C3AF12626F8	0BBA44EC62E837E0F63CDA2CDE2747C949F62A6E	6CDC4891CA97A0113A709ABD04A2CE37DAD638E3FC0422D812C9B582BC14DFC5
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\59D359E7.png	PNG image data, 510 x 280, 8-bit/color RGBA, non-interlaced	7A3FD376C29289D2BDE569B6FC88387A	4B4DD1F44164EF4E9356297CC9A7A8B04430D69D	ED58EB28375D1515BB2C6197F1CDCF063521F3FF84478FFC8234F962EEC223CC
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\8D1C9ABC.png	PNG image data, 172 x 40, 8-bit/color RGBA, non-interlaced	BD7344C330BCB32B4F97670132E93812	C002D5CD0241EC15F2A8765FCD250E2568E304A2	F1760B2EF1795DEFBE9F2918D19DE19AA09333FD56C079E4468C83162F589A0C
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\AC76C38D.png	PNG image data, 96 x 96, 8-bit/color RGBA, non-interlaced	0FE6ADC78BBEBE98184DF48B55373859	C2029F1E8DAAB504C75BA6CE808B10D93F4FDA7F	EB307607E7F37A674C545B5E05C88117888A393D8FAACED70C765142CBC97028
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\FA9F2A23.png	PNG image data, 96 x 96, 8-bit/color RGBA, non-interlaced	CC88C60FD2660CFF828977A4990A9D96	68100B92B26040D5A243C585964BB03536C21860	AA694497406EC6F5C284C34504C660E4C129F0DD5AA9A6A7B1358A7E332D7DDA
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{0863C5D3-5908-4917-8FD7-8909E0160183}.tmp	data	A681FBCE42F7EA8A71D1D74A0E2C6AC2	F6DB152B304C1F58E6CFE6CE3B301AC5D45E63A7	E1FE8AA38F3A6D6174446D26BDC7A308E634D537EDC73A3E27164AA10880A2EA
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{B5D78783-1A3F-4CA6-941D-F5C2CCA9C0AC}.tmp	data	5D4D94EE7E06BBB0AF9584119797B23A	DBB111419C704F116EFA8E72471DD83E86E49677	4826C0D860AF884D3343CA6460B0006A7A2CE7DBCCC4D743208585D997CC5FD1
C:\Users\user\AppData\Local\Temp\msoC39D.tmp	GIF image data, version 89a, 15 x 15	ED3C1C40B68BA4F40DB15529D5443DEC	831AF99BB64A04617E0A42EA898756F9E0E0BCCA	039FE79B74E6D3D561E32D4AF570E6CA70DB6BB3718395BE2BF278B9E601279A
C:\Users\user\AppData\Local\Temp\~DF162A030C2D645432.TMP	data	7450AD212389BD4EC710C0462F21E821	DCECB2617B1A197DAEB6D603590C39EB8F5E1CA2	7CFAE7CB404D1A484C8E282CBAA2DE68AD04CD0DAE9688423964AD766D178270
C:\Users\user\AppData\Local\Temp\~DF2A13DD1A919A2BA2.TMP	data	D4CA73C2ECF647FE227CE72A6FE1E0F1	EF140A2BE102ECC8B5AF622FA9B8EFCE3372BEE7	61BAD9C1AA4D6AAC850EDBE78F561AD4904AF3F2F433FFA74ED813348434138F
C:\Users\user\AppData\Local\Temp\~DF48D934FA04C84F45.TMP	data	D0670624C33E7067738BCF6891A565D0	62F947E82F4BFFB3AE2E97D6EC8852701163BCED	F03E8A4E1CF862BE7FAC18E9DA3D1AF46FDE987141953434613A7DD147E3F6B3
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Fennec Pharma .LNK	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Wed Aug 26 14:08:13 2020, mtime=Wed Aug 26 14:08:13 2020, atime=Sat Nov 21 09:06:34 2020, length=49414, window=hide	148BAA29BC5C8628C73C8F1146B1B157	031BD6BC3F08889A9FE2ED4843148053C03A2ABC	998C7848D38348BFA949B55BB7A9252B3F9F4F1331A04F21E3A7EF9491E05441
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat	ASCII text, with CRLF line terminators	E85E4CBE668D138D52C4F57FD67362A3	B48BCF5A655C1420131627633C4F001AA5916324	467053108BC5EB8C9DAA4B2EA865C06ACBF40517F211005B07CB005491567E71
C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm	data	39EB3053A717C25AF84D576F6B2EBDD2	F6157079187E865C1BAADCC2014EF58440D449CA	CD95C0EA3CEAEC724B510D6F8F43449B26DF97822F25BDA3316F5EAC3541E54A
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\20008D2I.txt	ASCII text	A5303C0653F113F66D5EAD08CF4809FA	6FF71F753FE894D990782EDEA8D160ACC8DA5E9A	5A6CC7F554C03C3A3944CBBC010D77228A440515A3F315F43663B50026D8FC3A
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\5YOAGXA2.txt	ASCII text	B09ED27ECC074695A6F6640CC2628F11	C4891B4514457C8E451CCC585297224DB51DC7E0	1A9CE3D638AF2E66EFB034817A051C622CCDFBA9D3BBE2B577619E69B94B8F03
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\8UM1TNP9.txt	ASCII text	7F4D4F2B57AECC3784A3515947F72E64	60F0B9B3693E6F4ABD6AE95565340BD2AA11E08D	107B35F187269D6821B43A7670E6E85819F6F1461E714ABFC44F651C126F0C96
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\A3HA6TUX.txt	ASCII text	79186F895FB7C1AC20946645DFFAA227	9F371E1760782105581E8B5B389C68D601CFB35F	09FC4CC03B1E92BC50D5B8F28DA29FBB4585B1A78BFBC76FD8F8FB6050D360CD
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\D9YU0K3A.txt	ASCII text	D9941DF34DF7CAED12A3541F721F9C6A	E30CECB94C5F88FF606AE5064337BD24A0367ACE	63B8988EF43EE82C455DC621A1F19C9CCA1327D8B3D0CD83B98B80891CD18D65
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\DGYF4AAU.txt	ASCII text	35D7ED32D4FEAC9AA53C7927B609D4D3	C6238BBB31C45438B03A015BE91887B0EB38CDE2	7251523F06A09B9AB78C2B4E4966B78A353A47FDE0AE6CF961A3AEE1EFCAB142
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\DKL9R64F.txt	ASCII text	2308B34473F794F0E20E2F4248F43711	CEEF262CF38DE71B911FBE1F0C07C972783CCDF2	98031CE0B63B5547393BFD096E057502CFFC2BA4E9DDDC62741B92A0211C1C45
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\EGSLUL40.txt	ASCII text	399D485E691D5A5B05B4A5E0AB2734EF	3D2566DB6FEE7EDFEFEAC5C999B8842B4CDF3728	9BA19E43A71154FD315E9AD029D2CEB3A0CB2E56C123D7A14BA3FEB23F5A5D32
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\EPZ40RY5.txt	ASCII text	9F5625B458369829FDAEFA715EBE5CE2	AAB7BE1503693E60C0D9214927FED293AD407475	9C7CA1CDA2688DD2CABFA02EB6238F0EF9BCDB01236D8924E3DD794CBCDF262B
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\FY8C5745.txt	ASCII text	128BAAA77B9C71EA97642485B6B23C76	7005548796D2C6C89796EF710997B1E93DEE02DF	55243C536AFFB4CCF2EB75422E54F41B08B0FE51B9D7F08B13F7C2F1C89AD746
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\LD3L2UX2.txt	ASCII text	A91AE54D1A3E4C64F9BA2A612F2A308E	5D9299E4936E04DA38099FEA3DD8B598F586F934	C9601A08CE7943ADFFFBC7F7E2E7444032E4505AE483C7CF2826404EC3966F49
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\MTKGX0S4.txt	ASCII text	9DB788D4BE18BF47156D56428C13E9D8	E0016BA93DA8E26FC35656EF437FB3D62676BA82	FCBE8EA2A39F13112BDCF19A02867D31863A2A98FE7380A1517A30AF45F561A8
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\RDOO2FAN.txt	ASCII text	8C22939404F5ABAF7CA8C4CAB8C4386B	8B6E7556285EEBDCF92BA675C9D59F83AAE491D5	4A5377147A4A32945BDD6E96281DF8E21AB7FB19CA8BE406F4909EA21AB1EEAC
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\SNDTUBR8.txt	ASCII text	9F99761D95FC84CF99F35D780F9421D4	59CBB3DD17AD3A3F07ADCC87F15CCA95AF0510C9	C2F59D683B9767762D1A20ECAED89E8C3A25500830256C52A95C86C20629517C
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\TRO5Q8OE.txt	ASCII text	E3CB109D2CF447B0DA7848B49EFC16BE	E4B2D42FFE7905C934E9F0B881EFAC2FA2000351	1A7FB7BF3141465FB2047F56BD4245006D036FD5595C4575206576958743CF12
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\U696PLWZ.txt	ASCII text	03157595363BE270F5760559846DB0B9	8FF12AA2B24A19423EB690BF19979D91D6CCF873	95F0F17C43AB8E12AC50097AFC3915D247E0EBFECBBDDE982CFF84A12B607FDB
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\UE0MASFT.txt	ASCII text	DF51A5AF71DCA34D18445356E9080F23	65DF2EB99EFC358BBE73445CC7EBB68C05F7EAF9	BD1466CD3B7BED03BE06F1485AA0C2E07E3139035991117AD21A27F6C42F3985
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\UM7FU2S2.txt	ASCII text	313717B851C7483C696925DCF9CAE4EA	AB7A3D4A6829064A2DBEAD7C862B407FCCA04EB1	56FD42DE07BB93F7DB4ED9861EFF1B09354B40A0D0599BA464203C0AD2686899
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\UYOL6YWA.txt	ASCII text	B3BA38AFFE9AA06102830AD316EE7ABF	7F42849C700F6619FC65749686A4557A540A8BB0	D96319A43838EE17D7D1517747C50ADF5C5F35B15449A8372CA5F9EADD56C9F0
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\VVOXSWFO.txt	ASCII text	AA2B6A6218DEE2DB2C3AFD221E24E3B9	FA2E7C85B980D6FE1CAAD7F42A1FA7669191E9D4	EAD94FDD3C5D88257E435E0DAAC21CF96658BECEE8E54E38BAD79CA88BA2D1C5
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\WYBYWM6N.txt	ASCII text	A91969D1618677CD6F31E2ECA619AFFD	5FF6FD585E0B5C21F16A4EDB3DBF6BFA8878BE01	FD4506BA292E07C1DA564EE5A596E292849FEE100463AD87D7DA01ABFB9B2561
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\ZMM0BWVX.txt	ASCII text	8C0F00079EA30F9C792DE0ABF90D3FDE	0A607BF81B01575C7B9D6479717DFFB053812EB6	882C2C6616454E74D52CDBE08BCF3396BF9BDAA1982214CA27754895D7CA4B2D
C:\Users\user\Desktop\~$nnec Pharma .docx	data	39EB3053A717C25AF84D576F6B2EBDD2	F6157079187E865C1BAADCC2014EF58440D449CA	CD95C0EA3CEAEC724B510D6F8F43449B26DF97822F25BDA3316F5EAC3541E54A

Analysis Report Fennec Pharma .docx

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection:

Phishing:

Networking:

System Summary:

Hooking and other Techniques for Hiding and Protection:

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Contacted Domains

Contacted URLs