hxxps://centraldeatendimento[.]totvs[.]com/hc/pt-br/articles/1500008635842-Hospitalidade-TOTVS-Backoffice-Linha-CMNET-RAD-Como-Realizar-o-Cadastro-de-Tipo-de-Processo?source=search

Analysis

max time kernel
141s
max time network
130s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
12/12/2023, 10:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://centraldeatendimento.totvs.com/hc/pt-br/articles/1500008635842-Hospitalidade-TOTVS-Backoffice-Linha-CMNET-RAD-Como-Realizar-o-Cadastro-de-Tipo-de-Processo?source=search

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 48 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\DOMStorage\totvs.com\Total = "16"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\DOMStorage\totvs.com\Total = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "408540224"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\Toolbar	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\DOMStorage\totvs.com	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 00d138a4e92cda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{8E298991-98DC-11EE-9C57-CE48D87E070D} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\DOMStorage\centraldeatendimento.totvs.com	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\DOMStorage\centraldeatendimento.totvs.com\ = "16"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "16"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009159649b912a9140bf53d83809c5b2ac000000000200000000001066000000010000200000009ce5a56806393fa58e9a431642f046753e1e627fd57479390a29b9a3f0bf16b5000000000e80000000020000200000005bea4215ac7ebf9feceb2d6c6d4fafd538c5b56f9a2f27833b0b0db09498461590000000ed7201d3549a0b3bc104a8fed43250e820d4e4aabd0a8f95471f3847505d0e432992caed0f63430e74404fbb4fa1b287bcda49d083e732f46b811e9ab705c01bbc4258699118e57348d14ba86147f54420641619c140dd8ee9a3529d9546fb3ebbb58c8749dc6b7b0f562714be650e65ee77a3642c9df7af9eeac3e862f9841c7ed1ba872528a0b771843fef0d0330b540000000f4b1c891b6fe24bd5e5c977f38f062b9182613f594b9b88269dbc480c5b9f846f51e6416a342c8cf8b428607b325e0f62c22ccf1f008453e45ddd2b2b313522e	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\DOMStorage	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\DOMStorage\totvs.com\NumberOfSubdomains = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\DOMStorage\centraldeatendimento.totvs.com\ = "0"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009159649b912a9140bf53d83809c5b2ac0000000002000000000010660000000100002000000097214acd304842a0e6f5eb36fb3442b13878695a2bb961842097c546e049c4a2000000000e800000000200002000000047a655b08d5c27c9cb5a9f385f0de39a5e914fac1455f16f40da32d1bcbd3a982000000066df28138912013d3ff9bb92a0ccd09c556f50e698cc50cef69405b01b97a14740000000f89ba7846690e8ecd38aacef29fa2186adbae2465d34286afe5e6716d07d1479ce9a26ac4cda5aa775de5ce1c2263204cfb355c4da137c53f90dacaf869ec19b	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1764	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1764	iexplore.exe
1764	iexplore.exe
2320	IEXPLORE.EXE
2320	IEXPLORE.EXE
2320	IEXPLORE.EXE
2320	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1764 wrote to memory of 2320	1764	iexplore.exe	28
PID 1764 wrote to memory of 2320	1764	iexplore.exe	28
PID 1764 wrote to memory of 2320	1764	iexplore.exe	28
PID 1764 wrote to memory of 2320	1764	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://centraldeatendimento.totvs.com/hc/pt-br/articles/1500008635842-Hospitalidade-TOTVS-Backoffice-Linha-CMNET-RAD-Como-Realizar-o-Cadastro-de-Tipo-de-Processo?source=search
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1764
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1764 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2320

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\1B1495DD322A24490E2BF2FAABAE1C61

Filesize
300B

MD5
dec6bbe308eb44937f77160a25ee32db

SHA1
8f08a4b641b564b67205e00106ca6bd9ca46fc6e

SHA256
68a71de28f488586c2b169f4652347e0a1fd632d48a6d6725393607bfa18bc7e

SHA512
6c2d684af52588cfd34a682337749b829c2336b34d6add7e8bd6e0c641862c26889617b4d6e9f298fd177b89527deb696c493a205ea8490bb8aee60090a68475

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27

Filesize
1KB

MD5
27c7be9746c904ec0a4d238e6ffbc36a

SHA1
ce8b9fbb09791e940b5e6b9f191d9eb32da729b5

SHA256
de83a7f002fbc605f382f32bdbbcdeefbfa6627b60ba2e36529fcf00166fe5b8

SHA512
c91c60f5e4c154980a29c7a02454f4057a075cc3a7b4cd3b6aa3763bd92facb3a630e055f1b0c1b420289b09de09382b6ade650ae286d3978adcddf5e92070d6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

Filesize
230B

MD5
c4564d2c674fbe95d889152cc55068e6

SHA1
5c322ec538b4b5c6606de8124f51c068d4961ab5

SHA256
68f50b59fe78a2d73869caa763d2b86459bcee6d62484f55959dda2b5940df29

SHA512
ef0787ef28e99d908740f8c691fd0f05d84998c4ea89dd18b5e576b4f4006b8bd5ac6e51aa0d866cf6d36031af247abc3a393cc6a502cec2754b49b48dc8d2dc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1B1495DD322A24490E2BF2FAABAE1C61

Filesize
192B

MD5
2e45106f625dcf3285d481f1f3a7e53f

SHA1
2614ac1bf793abe84589eedfc48c7167eb0dea4a

SHA256
97325a4895c59e22cb30119654c9dfb874210262cc40e696367a7f6e02936a8c

SHA512
83cfc942c05fc18bb4aeceedb110af1b2708ba06a3c563622d59e1e6874d82a6f65f73852dff7ce8ce1ac8dae266277f514eb917f380c262286db9e6a28a7a96

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
5f0d8175154987e6bb52c10b6ecf770e

SHA1
6456ac3ac785a218130107e7486dc1f423414f0d

SHA256
bb8f0e385d02676de7bcb04d42d56e84248e8d40a1d2f9bf4593ba0de4a60c23

SHA512
3456669a7ec502a96591408ea80b19b5faad72ee5d247e5335c9b1c2bd469a89ec43e34a475a87affa461bb8c071ee76ad9f0bf1696d8a7ac24d286eccd44c2d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27

Filesize
408B

MD5
d8f835f724af586df2267caad1279673

SHA1
b7ff22f6bfca6fa8d48f638a3c3b5419b7052489

SHA256
8f2e7919f748ae95700c171bdb49e7ace8181a98cb7875d23ae00a788217b86a

SHA512
2f386559c4ec4d4a44119f831ef83d00c27263e5fb0bc8c8fbf2f4f57cb5c5acbb278b77035602a66dd3f07e4298dcf56d7d39549293b1984287e7ea388dacf0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27

Filesize
408B

MD5
ad8981367bda159d34b7dd0cc8f6d4be

SHA1
0af362d98e245187c016be8ad0ab79b655c41c0a

SHA256
1c034daca7138cf81adbbc123a0dfb3cb45bc22a163601bcd163da94c12e0225

SHA512
53c204556e6781609bb12e7f2fcbc9c024c957e49dcf9a3bfec3fa2f9725c96915085b9027e725d5a09b082f31315412344aea15407fc6e6de6aafb324d7d001

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cd106344cfd7ff70c0367348c0e6b0ae

SHA1
f11bd6a73f25071e11fee761614a51d93308bb7d

SHA256
a70fe7378e8867ad29980809e55f595981baae6e9a02230e746d9d69a6215a1c

SHA512
61d13ad3758f4e57eb000d84e5348dcd133288a11d65c4beefdbc669e4e605353d9d1492e9ee8dbe09492f23e0e32ea0c81eb7c39b07191cbc88e37e78c77c27

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8c5ac29a47514ec3a2fe61bcd3091968

SHA1
b0c8c557adaeddd1d2574698c48ff505e418230b

SHA256
8027b0afdf499d9a15340ce08229eeeab78ed0a6bdc8e2bb91f309c4aa26b794

SHA512
b8d6248609bfe0a57940bd22addc879b9bb222f64ff6a956a7c7e893c324fe41201344e03f06a2c253921a234c5761829af8e53c5713fcc4f7a9c66ce34fa8b8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
aec785c07ff90aad176359a68b3d74c5

SHA1
c4618ae06f8b862ec83aaab9222a7b591b9d8f38

SHA256
3115287b54cb73271b10ef3279edde8a4d1bfa9ef04ca393d404b816dd07dbc6

SHA512
c474cc27653c2bab205a70ff5af13e6af5bdfc221625757b71cafc8e4498117845e319468db1ec09db2192d0e9669cd1fd7e1290226bef7918e15808bf4f0e50

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
24f60626bcfb039605b5d5dc1467b996

SHA1
b7833e21dc5eef9e65f53965586a8d054c47c90d

SHA256
853041affdda50a4abe50d2817b9f79768096c899f8161569be730d3d6ae6cbc

SHA512
db3fc86eab8daf9f01f71574dba987c470e37e85977d9b1ebb0b57948610621f62d7fc0276f0b8ca3bb09b73307e5e8467bedbefd943045d67fef66c33d86fa5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
81616c72c44218af9858a64a14cf78f5

SHA1
a8b5cefb047090038d59d78e272ec9dc82a679e5

SHA256
ba58f4f12c2ab433a28443a5839fb591e622d8339127662f40cee9e6a6be12fa

SHA512
c512744307b5e85ac266908fbefc9060e63267aeb0779ee6d03b23c603203b561a45b937748cab741bb0833a4c7f281608a9de62d2fba5cc99282dcae26aa84b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b6d8ed4c0d483becf1c8625818aac298

SHA1
ad92e8746e4f1cccf390ec54b465dba7125b4d2f

SHA256
ea31c68f0c7ae32a66c273b22dcf789795f1dfd6a8e4ad36fc67e46e0297db36

SHA512
16ca6688f8da7364c6e6d15e688db2cbcf2092db51da09f3d77dfb6e4ead4e8bb943effa296c99f7ea39b1e1ae79c17d1a24b5a6bd3b17b8ac4b3918858e1597

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4314f73f1a1a928e0a0289efe534d9b7

SHA1
7f0e62efcc54beaf2c29428681fc41c646ebc88c

SHA256
4ae84a6857b1d8d872333088b42c2b3e19c2a27dbb605aeb42daa1e77f941633

SHA512
4ee61ab2ddbff43eb21c82330cd913d35a212994ac87b77027d1bd7f0f6cd50d54eda7af81705528b0d542e6d328b91ce5df93c3d1dbaf8ca027e7af260fbc50

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
24b11f26645a2dfa9ccca49ed80a2bfc

SHA1
9ad8e70f656c774f631ff70d62b8ced72f74dcc1

SHA256
d655d88415905343f4d7cad8b93c4a9b7ba3c27491947a69bdc60200fb9c75cc

SHA512
f792e0607e33363bce1d9802f77bfbe5feabf9b684781c9d24a49ec62aeff3107b92d15fb880353eec8cb0693d57d598ca15890959b0beda6e38d40a53c442ca

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
632afaf6b45cf6ae19f67836cbbd6ec0

SHA1
c0ca04646c7ee4de9e93ffb2c8f512641764a765

SHA256
8c9501b3d334c148c4f71faf1df5bed5baa48e7998dc1b7dc8e98e4b22b50a65

SHA512
9d74172cf31c27df9e08e92b2273e8cecc9f999e05cb4067c8db62ba69241ffd9d7a0b02604b4b354b362953aab04075dbfe75e3b06c221c4caa4fde1b7356de

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
86d41016e37212db1c56cde0cdeec7ac

SHA1
e1877879952b2f0c54cbcb38ab669a9cf2227068

SHA256
5a5d89cb94d7a33dad74565e191218f7b5bf7f9bccf791d48829f7393d2d0ace

SHA512
367c85f1d13caeecc24a2cb3d8896ef1746e7701e402bafa1a5e0a878a0d484e8526973898be56a40ff3ad7b6f737809bf621ca691be9d7142487fcd3789f0fb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
857754ac8bcdc594f675f440e4dd680c

SHA1
921adf73db24b13a71c7f7a81bfa34560586fbb5

SHA256
544580c7d81f8918e23efca47d40860102bf6e4907d97a3e9b36b2333843402c

SHA512
b89cfe5309778796331e7652007b232aecda83b3a81b0e8eafc66f8615e6df5bb61eab106be49d031752e8672981fea267f434a6359a7b9ae3f98e2b0c674703

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7f8ec6302a33a7a744f3ff837b53bf8a

SHA1
ecbe577faf75fb750d30a7693db88a4617108da0

SHA256
e7396b4d94e011884a2480a945497a3fdb07f8f1e8fb1ffbe3e1fa062766df6d

SHA512
ac5b3d08c990ef58c89680d423ce83cd243f3bdce8f1351a5643fdff0c88318b1b31d9ade71994acc7efe0c09b2382f61e8dad80a7fe392ab67621aac7d1146b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e8a22279da31d10dc3390c5f2b0e05b6

SHA1
7732f8e3e0bf1dbfb04716ec11dd8887abff3f65

SHA256
c9894bcdf52bc07bf4fa28a4618c8ac86b5693766b78e000c01f74b09dde5a61

SHA512
a5b8d0f09f02cbcf53558887af15f05996dabb66bcc1df3875eb9c15a581452e649d9e39108010659a078e487957bc4018ba0e2394a641dec969806816de2038

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2455681fc67756717c7f8a31237cff9f

SHA1
1a596a22cef3c6ce11f976c36274f498a44f6524

SHA256
b6490698c7e5a72f7ce648c28e99144a1c21535d3868bf7f23d433b14999606f

SHA512
592e91e2a53dc12bfbd9c1143b258735aaa8a30a80e51c636315354effe0f43a1afe6bdf0088cc9becfcd9955878d3989a8d095069195bd309a3cbc093b9ad07

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b109e28fa39cc7a7b6fa1baa29338a6a

SHA1
06bde5c5583a74bbb0a7b45d35f77d503f964851

SHA256
3e27791ea8784986d457af5d5bce4ffdcd42f8340722ece302d7c47ae118128d

SHA512
f6ffa8420addbc75730e07e464e32f7fc57e216036433ef2e57bd62598a30d13fdf067abf518910fed8edff13a4e10d00c37162e5e2d6158f13dfacfdf6aee44

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8717a83a0dc5f239d660ef0bd2f2408c

SHA1
6dbad197234ac99dd852682199516a6af524e31d

SHA256
15c1c53d9495ebc992d71dd9da0dbda048e9bc49d3f19ebcd6382ab23edef887

SHA512
4d08bd56fb2887186da0f028a407697a4771dda317a8013d8c7941195dc88a176bd8ad690221e701c06893306cc0b001e1e79b619eb2051df81adc4aafa16008

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0f5fe29ae0b70c31fe5beaaf94957a61

SHA1
910b6f27f520ec917da96aee0897ef2a9961a4ce

SHA256
d16367056a79441a9cb4e472d349394f256b76bce826622ae0cefae88efea32c

SHA512
5539ad479d791b19de18788136d60dcdda1465a74c0254328d0fbc08103641364cec5ffbdd92530138cd52996d3d229eeea7cacfae66962e424b643b037d32a9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
126718480f46530eee1b0eaed142f7dd

SHA1
bd74cd105a4e138dbcd2779221047e6bfeb17390

SHA256
c1c966e5b70d815a5f928ada170a4272d149c0fc146709a93595712fc48d06d9

SHA512
6a260b511297e9a52f9962dca64ba26f0674b4fb659385e379cbc0256500fa6fc8bfec9356e0c1f07b98b92fe08fc77e7088bc359fb9751ebea57f2ad42288e6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
31140b96157199f504a745adab8c18a3

SHA1
065962c734fc160a638cf19ce11fd379e8dda826

SHA256
1af039c426daa6fbe3e7239a9ed3e93288481b3d2a9d463f2dfe6636f36fb422

SHA512
a46f2c808ed1cb9d3b812642ecec5498b6caafbb082ae1561f7ab73ae2ae168c0c8bae8740e4ee102f1bd39253266a31355335a943431d160c89530adeacc180

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
116ee9e941bbddb3e91f32375bd83344

SHA1
bfa31d56e960ff0f84b550c5344eaeb4c9428c79

SHA256
f91673ccb6300600d8bb6b43df4f92b16211bb3a6cb59dc9fd6bf4829b086849

SHA512
490b3c21343fc3e0b5a42d9bc750a7f57c294b3d73dd11b1fe92068e579b7db0a6b7183b144a4115c1f7820f494394bc52ba6db147fc9467608a1be55e134fc7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b8828581c47f2fa0415710677f6e5417

SHA1
9c58c8229d91f3e631397bd43aeb6ef9f9dcfb51

SHA256
c54d4e5d2f34b479fe0ce2dd20abd71f69df3471533d7c09571672b0cfc1035d

SHA512
386209b9331a5e8093ac2d18be677667d6c5dfceeed045f416d830ce975aa1f508fd0a666f20f656201169493ab5436384ad8a97e7ac6ef71715b7355a6b8fe0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cd33940b9b8ac2ba2e7a42a99968712c

SHA1
651dae7b9f86f7b0098002a83f559fff5b7ad87d

SHA256
e6e292135404e3033d9415c664b81502eb47cbb1399886cf7aa02f3465eafe68

SHA512
8b8fae8616c086d8fdbd3034afdb8a4013394b7d26390d14b48581118da1a75f40fd008b777b569da13fa5b01c7158601f03444e12e01c7d591e5a018618a46a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cf348ab31821b89645c0ba1cf28dd496

SHA1
471b5712276c273532174b71160d0ef531ec35cc

SHA256
b1e69418bfbd706ac4a0a2f38b268f8cd30ae6a26e3210e8f525cd8fb1ecca8d

SHA512
e6011ed6e37fbf5c248c42cfb8dcaefe69a4c225dbe577d21b170a205814a6fef3bae18c4a805cdafbbb31c4f80875959d142006abcca9ce9c5c714707d7c5f9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1c8d218369f9891f721b9436101b6f2e

SHA1
16a16f91ae4eb4d0f2b7a495f06708dd5d41d05e

SHA256
d2aedca36ce4ac20faec23df540e67b98b1823ba166f1cbb0fc2bda400e54994

SHA512
6550ac935f3d1a13c0d1b3e86298dca1c1d4dc49fef3ca71ba7e20669748d7b68f15a81f373b9c87691948534b374e15fa376e874b5f23db520e3317fa3671da

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
843c5f9b4c4b5aec5945e47f142c0f7e

SHA1
9a220aeac52d5eeaa5f57ccf0e05b00e738dc792

SHA256
de223bd6c9c7a17793993fa7b386751ec5991929be2fdc99ea1529f499556693

SHA512
55fc8c7ea5eef674e6d7b29746fba807664a178f0860ac98e8b28ede7d1642e88a9411d60a012188073ccf44d27c38be151f39eaeec234fab4ca44e197aa78bf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7e54f4e10dad68770f9253c9cb0f24cd

SHA1
e969da12c20fb217922be48b7569f81712534214

SHA256
6769a6f4c9549b403867d76dbb3e09fee0fe779d5deae0883d52736258a34d4e

SHA512
33e6132c5f9e5dbe3d11658f938bfd638c7653b406262275ecab2d0a1dfab6b919a7fe7d4e1743d4845b9bfbcd68773817c332dea308129c43b81732e9cb63c0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7534dc044a56b1a2afb1f71b01490e43

SHA1
771f72b6eb793aceef20d7dccb4f764c9e61fcbc

SHA256
ca57f5fe3f82ca54badd55d09d214d89be93df6b1cfd591655ed09a840c7771c

SHA512
e1abf66a11231e87eb6dae2e865aea7024289efe11927927b0c64efe72f986de2a2eea21905b9e45363a3c7916f6c676f64a8ed11b9ea6e1b1ea3a8355258a39

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3671ef22db809f05c8931de7b49d8486

SHA1
bd1b67eed608129a8c7841f113e863e8371c9bc7

SHA256
5399cd18c2c8539282efdcca7f0fe61ad16e175fa06304c49e4f0f0544c38109

SHA512
f077de3c6106c84fd9251f3536b061dab28fc7d4ead24c9ccc29f6cc25cecca75563c9e9e37c2a21405f33ef5aa13b07b7f2460859db4e237de3f6042cd3e80d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a175882d637350f0b67ead2d02c179b0

SHA1
07d75e42333eb2b1867355e56c3d09efd8900d7e

SHA256
47aa8394f926dea22c21eaa65b30930e67fb968ca9f6a4c7d24dc673f9b78785

SHA512
5d95f9ca95f7cf378dce4cf0066856d07b5970549f51a8bd52b0a1bc5bd1d813a11ab73d4588ccc35154ef5f1f510ce527db2a861a6c61b65aa39dc355f5d805

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5df9a82bc3fe7ea4cbfbb6484fcc7949

SHA1
ed7c2d6c83cb03e266c4234208bc9bbfaaab338b

SHA256
4e4407d3cbd30a29fda3d3388a1ba225251c4d2d6520dbef670a1708f22c34b5

SHA512
21ab12466a87b0cbce273e917e4191b68b5dc9368243ea1e390a76deb1de8ddd83b20c24dd130a7c7abcf9975fab5ca3495700d00d9affdbb216aad1a7589364

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
76340dd408ba5397b5e741cde5807b79

SHA1
75a7a02bc2ee22f9b20bf8ebbdcaee681e60fb0f

SHA256
a63a8bafc048d8561f6ff03c25c87ba0a547bf11552fcfca1b7b5ab6d1f90ace

SHA512
b66bdf12208b667b2e85aa13a798abb489bb0816bc87b9e195b8d760006220c5e82e64c3ddf07b9d8d5156290592268ba05b14d52241e0d158f352f6eff31d0d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3277e5eac13e5f5f8af20e4d9dbe3ebe

SHA1
b85e5dc27ef64aebff2b9d41fec9e585ee8dd7ec

SHA256
684bc57aa5c51766164124bcb906213ef70c3ee13ec529d763fdd072b3dee80f

SHA512
60727ffdc08c58692690ce40ed3b62c027d99f325c0142b08f3de57bf3fc5684049637270faa589b07cd962d2cbed11f4c3e858a9a1a2df96d489865246c1459

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ddd9d36f6abf9ca708be3e45d6b7d28a

SHA1
e0c0d4b62f58bf57cd35ffd5544a2b03bd23c5f1

SHA256
bc032f34c7ce5d92ad11c18ef77d9b1ed897a72bbbc52e67a1af89303feeae9c

SHA512
b8f194e33595787a83db74f2848c6806ab685b697c6dc8377910a4060f64cfa2cba807a8c123b1f0ae09fc1bb07718f2251639222b11365a312505ad9a3d356c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
02b93436785a7ee7e83c02ed8fb37f30

SHA1
8bcae7d972fc07d912baa67980850affa4053c09

SHA256
dca421f80e969ff1abe8684c5c5ad7c983181f40340fc8dd6cc53a77e9a543e7

SHA512
2bc82abaec99ecff6138c7bcf744685691b720e485064e9db5bf7f8c5f6c81553ff9ea5df322fc910cad61560972af7a22d0e49ac8f28efe229d3a256a68e767

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e561d49281ca1c470a0c0b06c2503f2e

SHA1
0555cda87cc9dd7f904862ba090b9b94778143e0

SHA256
535b408532d71abffdd28bd251942cfc4f6bb829193d93001f707458471152a7

SHA512
3afe501cfc2ace9253a288be3673b089313c9858fedd7f4725871a70dbb2bf182d03f3e9b753e83fd700d7126f5a157e16c5a639f71187e6c137c0e0c620728a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
12cb1a27e122d181ff504d414b3bdd06

SHA1
65dcb6a5f6bc29d8cecc204396bad6ea493c9690

SHA256
c104210e36b3769058a023558f1d8107138eb6280912d53b180e017bd91cca0e

SHA512
64605c49c7ff60f9a809f58b71ee938e00924e19797ecc292fdf4148082752faabe6d50b6c30ef8a3e90ef47dc61e402c5a277dd1fb31a3cd5fb90c484e08b2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\DQ5KHFEW\centraldeatendimento.totvs[1].xml

Filesize
13B

MD5
c1ddea3ef6bbef3e7060a1a9ad89e4c5

SHA1
35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

SHA256
b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

SHA512
6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\h6i8x7q\imagestore.dat

Filesize
1KB

MD5
8626c99b76b184fcb4fc732773d0f271

SHA1
bd143a88fd8aac8a912e2e2a28a8b0d71fc0b65b

SHA256
1071503010dec063d7f70be887f5b8db927a62d0f47e555f663d6c24bd0faf6b

SHA512
52be42ea5d84cbc3550a27914a3070f9b3fe25d868d1e3a482568c047bcda579f715e0cae2ad852e0a53c6487b4d98a716a7906edbfc339c9e37fbfce25a5f46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CX2ABGL1\4c532b41d8f62553abe79e4678a57cabe9f2ea10[1].ico

Filesize
1KB

MD5
10611573d82d739ddb15409b2a2b17ec

SHA1
4c532b41d8f62553abe79e4678a57cabe9f2ea10

SHA256
ff9005e1aa80d7040d4000958e4d7d7e122a41d623c18465a925d3c786613e64

SHA512
3dc917b3b106d722183b291229a51dc20221ae1c4064e9633eb2ad295a2bbdf221afa9e7efe5b79f7258be0d12334b752f6281d5aaf78167b12100b51570dd58

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab46E2.tmp

Filesize
61KB

MD5
f3441b8572aae8801c04f3060b550443

SHA1
4ef0a35436125d6821831ef36c28ffaf196cda15

SHA256
6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

SHA512
5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab47ED.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar4811.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit