Malware Analysis Report

2024-10-16 02:40

Sample ID 240519-bsnfasba6s
Target 57de86fea26df1bbf0a2311318ef9688_JaffaCakes118
SHA256 5e98901654f1da82cbe17081e74f72085d0a136b061fa76d6a4d0bc289dce8db
Tags
gozi 3523 banker isfb trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

5e98901654f1da82cbe17081e74f72085d0a136b061fa76d6a4d0bc289dce8db

Threat Level: Known bad

The file 57de86fea26df1bbf0a2311318ef9688_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

gozi 3523 banker isfb trojan

Gozi

Unsigned PE

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-19 01:24

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-19 01:24

Reported

2024-05-19 01:27

Platform

win7-20240419-en

Max time kernel

148s

Max time network

149s

Command Line

"C:\Users\Admin\AppData\Local\Temp\57de86fea26df1bbf0a2311318ef9688_JaffaCakes118.exe"

Signatures

Gozi

banker trojan gozi

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B9014711-157E-11EF-BD6B-4E7248FDA7F2} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D4FE31D1-157E-11EF-BD6B-4E7248FDA7F2} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{9EB59691-157E-11EF-BD6B-4E7248FDA7F2} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\MINIE C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\MINIE C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2628 wrote to memory of 2372 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2628 wrote to memory of 2372 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2628 wrote to memory of 2372 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2628 wrote to memory of 2372 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2036 wrote to memory of 2032 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2036 wrote to memory of 2032 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2036 wrote to memory of 2032 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2036 wrote to memory of 2032 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1928 wrote to memory of 2892 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1928 wrote to memory of 2892 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1928 wrote to memory of 2892 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1928 wrote to memory of 2892 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1912 wrote to memory of 2072 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1912 wrote to memory of 2072 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1912 wrote to memory of 2072 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1912 wrote to memory of 2072 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 696 wrote to memory of 2464 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 696 wrote to memory of 2464 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 696 wrote to memory of 2464 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 696 wrote to memory of 2464 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Processes

C:\Users\Admin\AppData\Local\Temp\57de86fea26df1bbf0a2311318ef9688_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\57de86fea26df1bbf0a2311318ef9688_JaffaCakes118.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2628 CREDAT:275457 /prefetch:2

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2036 CREDAT:275457 /prefetch:2

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1928 CREDAT:275457 /prefetch:2

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1912 CREDAT:275457 /prefetch:2

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:696 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 fortinet.com udp
US 54.177.212.176:80 fortinet.com tcp
US 54.177.212.176:80 fortinet.com tcp
US 8.8.8.8:53 www.fortinet.com udp
GB 18.171.30.181:443 www.fortinet.com tcp
GB 18.171.30.181:443 www.fortinet.com tcp
GB 18.171.30.181:443 www.fortinet.com tcp
GB 18.171.30.181:443 www.fortinet.com tcp
GB 18.171.30.181:443 www.fortinet.com tcp
US 8.8.8.8:53 z39bldfq.com udp
US 8.8.8.8:53 r79xhiram81ue.com udp
US 8.8.8.8:53 mlqlqewh.com udp
US 54.177.212.176:80 fortinet.com tcp
US 54.177.212.176:80 fortinet.com tcp
US 8.8.8.8:53 www.fortinet.com udp
GB 18.171.30.181:443 www.fortinet.com tcp
GB 18.171.30.181:443 www.fortinet.com tcp
GB 18.171.30.181:443 www.fortinet.com tcp
GB 18.171.30.181:443 www.fortinet.com tcp
GB 18.171.30.181:443 www.fortinet.com tcp

Files

memory/2068-1-0x000000000117A000-0x000000000117D000-memory.dmp

memory/2068-2-0x0000000000DF0000-0x00000000020B0000-memory.dmp

memory/2068-3-0x00000000000A0000-0x00000000000AF000-memory.dmp

memory/2068-10-0x0000000000190000-0x0000000000192000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Cab87D7.tmp

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\Local\Temp\Tar8848.tmp

MD5 435a9ac180383f9fa094131b173a2f7b
SHA1 76944ea657a9db94f9a4bef38f88c46ed4166983
SHA256 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA512 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d6493483774526e4b6f0fe8954a08d57
SHA1 1fc8c223670954479f5a0794ca601f9b9e7b0f46
SHA256 3e2c0c52c11f920794d0b95e5e621c243373febc78760e9ab8f6557f53a145de
SHA512 9f35d3ee0529c0bdc8af9f782e8471be4e0c62f500ac3e780d466818ce4b851dcb676d93b6f334e658380632cb5c25149a8be12b1d62e1299ae41edde6a9df72

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b2034a84c9e90227792f815113330993
SHA1 2c5a41a72868ca33931ce8e877249a1dc4f524e1
SHA256 e418070db53cc3c84aaa803d66c3e7dd1e77300c0da4fe75c3aadc449aa39560
SHA512 572e78861e5e4747d3830a69fa02d564395f766a706d956c31f31ad143119225aa08a75da07c7c76967f71312ed6379fbcde276ffbef0ee09e187bd882c37e11

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 df0f3b53bdc599465e87e7210877b881
SHA1 6f8d963c1d5ee8ce43620edfe13f2e4dffae8e13
SHA256 8f7d60cdb702223fc2056a7dbe798928f2ceff104eec2ab1a53f8fb7050c6ce4
SHA512 edf0a2426e038d7a65ae8e9b020dda745a76844c3a25ac7210e6d3770fd5c347f335422cd7f53fc0c42b7fd64db29b0d0ae9e0bd64e660f6fb4d613e54b64f94

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f1d87875ade7b44c9ed9b3c8142ed901
SHA1 acd6faf8a54fff5ce72dbc02eae6b4daa961baf1
SHA256 7736e7f748fb01958c04f49ce32d2ef49eb78eef7ea9a89d06e3a6e206d0bcd6
SHA512 0911044a62ae8101aa98d85720776f3cf1620410abf3e055a5ce88572d0b020dbab0322def784a57f6d58c38f4a52d205c37d63fc5f77102fe1994452ac1b65b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 49972131ce901a54928820f8bbf114cc
SHA1 9457bfc26a6300b1a07dffe4f41a1c26ef74e1f4
SHA256 a076ed304e9649643b1eea324388de4be70d8d05219529bbdf7e5355a4388cbe
SHA512 12a52f2cf56d05d14b40096561eb706b7a70f9fa76be5b9ee945937b85f5e661056b5a2e96ec6bb2798cd809bd1695814423773720590d24a3a310a00171d362

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1cb93acca0d918cd2c20633b782b8b2d
SHA1 c8c00c2793eb2992cc28b8f5c8a369bf25ce3d93
SHA256 ae9f2cfee106ba2543c1c8102bcf1273f83e0449cb560e1d7dfc34e08a5b2cce
SHA512 a9298a72b5b9c817ea7d85be17bacd68447b68a67211860275088d426225c458154b3df5b28ea4c22521aa90180ea4d69b8a1a86fccff6e0e71d26b28dab0d86

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f31dbced922c0ca130e815d7a4b56e33
SHA1 b841b771b3be498dce913a458b1391c22f84c876
SHA256 2e37fda7b982b3c986562acc3804eab8a14790969c84a4957e161c8e388830dd
SHA512 fc56ce12f3ea8c48c2f720af0c0fbc0b2221a6047c7759d35564b50565763174a3c979bbae3bcb2f7f49310d1f8a057896ae0fdd1c71aef38b39a9ed81c6cb9d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3c8b3530a1673ea7f73bc7d13ba03812
SHA1 59fea731ae4f2b1ae83992193654e58d08d9b680
SHA256 0f2d53316411038b108caad4015c1e09a80a6c90c85e9bea4e4b62892c4a8c42
SHA512 4df95d8b3e9623a7dc22aa590b393ca43cf1596e9a5305de6618d3ec32d3bf91c827f9da91f5e265eb328c1168579e21722fb005f94fdffd45473a230ade16e1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4450a0bd2df00cfba8861936f5539490
SHA1 5847e02c02b2ac00bac0e5a62d0fac49acfcfa81
SHA256 6d74331590e1d4fea55a90790fc322b62d0adc10bac600edff880b5a991b823e
SHA512 584c8cfd09ad3c5fd539ac78255b75d833bb0174f01e8c2f9221d478d714a538180a08dd128d6d3d6e0c8888d2bb0c2f5bef86d85f615580446349eee7afec29

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dcfa98921ee07029b7f7f0d500218929
SHA1 14433f70fd950cc0ee2fcbfc76ff3d87c30bf848
SHA256 65080bc1b7650806c104bfb831f4cbf60b7d10a033d8d8682a2942830085c557
SHA512 acf3ad1f1584a9f3af4c023d14722a96c76d678a93c0f7f2c997b3f094907880f8ad9af0fcf61a56a38cd8b1356fb6d2fd5f894b3f00351e20e337b98216f117

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 de420a9256728d5e3a14f3527887c942
SHA1 acae94adcbd63bdc463cf8f23290474382c255f7
SHA256 b8617c7f31d01c0afc2736c81fe82e4e7fdef375df718fbc8d7747c16359c969
SHA512 f3cb09f73c36bcab32254ec3724149bc9b9ce5d1d7e1c794794d2b7d514756f05269a31935226d7d68b2872bd320b04dd932e0579cdc071f78a2fe12e4564e73

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 55e9cb25c6967752b5fa66d4862fa995
SHA1 42914f8b1c1328930a59a36560acf8d388988089
SHA256 8b2246edf2f010ca5ac0d116e8d69e3541d7d11380393592ca2b07a4a90e23c0
SHA512 6b570c5f4c3e8a553cf8da9b58ab6b6fd2a6b233ed1a9a968a0113f6197d47a676a885fcf0fb94078f4b20ad7275b58828de391b12152bc248b037403aecfb19

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3028b22b8f145816f9c507dba91eef89
SHA1 17c7ca6216b9a2b534d5edbe5d056e3bd0e85120
SHA256 a4a3947337209c19e998b72a3003e29397925a35a2a98e0f104c2f49ca295605
SHA512 c8af8d78191064445b8dbf0019e097d2b8d6db95de41a93fca3a387e2c1eb10bed07c3bc384d2a487b44f93ce9910c5c8ba0b03fe3949f2870bd7b46ea0eb5af

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 23d82767d2b2bffc49aa7bb861221bee
SHA1 60183d666b5fb484e58a2de8b144215f1a1233f8
SHA256 8eea1609ac56825dd834ae2f6a837e1cfa93e61a4e53ec2a3654641b6354fb84
SHA512 dde5ab4620e7c610f9972c9454fbb78aad301f62b6c273486b4d64be1b2cd2237fa62b534da15ed066f4ec48123117ec7feaa7d62edd5cb7e543d808e1ed240a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2c94e16ea9dae29bdae9319d1dfcde25
SHA1 a322d89fbe7b53596421e2e0da07c41460e9cc1f
SHA256 e91e06ea1fc1c2cb3a32e738388445c5e08d777ab93b1e15b38a7e0161ad2d0d
SHA512 9d575bd91eeb5f076ef70ca1ba876bef052c02bbdc748cc40bd989aacd8093da66a650df0a1f12bc9ebee2ae450648e9ae3a52b8e94b308cc06fc6a9e1c06785

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 243ab7ec77fc8a128881216feb8fd0df
SHA1 351720dbdce414627fbb49f0606788661dc5b647
SHA256 6d728b90cb4e6eef2870b3b11879680941165f000e01af2a5dd0f80ab39d2f67
SHA512 ac43f4ba60882403effcedeec18f519c10c2eb2b7e1d21355ce65f9da860e604000704990de334c9f36ef22ff43dac604d066af55a9001c1f437ac223b37401e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 89432a54748fc2943d585c042aa89111
SHA1 a4dca2dbef4167c467908866c90f188d80d907b6
SHA256 cd1b0e41d24a7b07e6f96d281ad3552a6f196a2b60566cf0b71f66033c61d66d
SHA512 e81d1a3b75b8d6739c6b195858aa8fb9a737c92b5cdc4ebca957db049d658bb458255ca4967180687bf79490803973e0e3478669974405726feb1c785b1cb262

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 77178de5e6a14dd2c1d6121c2f7ac489
SHA1 f99bc3ca16c84d47f2d92beaaff6ecbc39305342
SHA256 1c876dd112e52777263c7718115010ccd4c77a7cb3f9ec8b6aed7c89cfb3e4b5
SHA512 fb2c332e2dca60f459222d0ec434b850fac5c341b6d9fe3cbb7a9519123eb07a5c91c1130dce78a694791cd10bccac216699921d4a9a1ab21cf282328b37722e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 62bda98f7142b57715d690dc6db338af
SHA1 10bfc9a0fa73363450f6935fcc7b41dbb849c824
SHA256 b3d2435c780c9f5868ca67164367e8640db294b7e7969ade9e610f185cdb3990
SHA512 d0b4a5d42a44b158b4016e2649795290da7250ad694822493c7e183b86cab229900c987b5982679b6c411b2444dc7e1c45ce0c1d73cef57dfd8d8e2b60466a87

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 78bd8ccf8fe034dac9662de8ec228109
SHA1 ca6d808c1c6072a97fc030b84cf96e7f5fd8ed10
SHA256 74656ac9118a2800c5197348a012a49a69f893039f62458724f821e5bdc883c0
SHA512 eff67fcd6e4ad636728a3724b6ff038800b8982f14a93720692d3844c1f60346e46bf4c7922974ee805d7d627c9aaabef0caa50aa2e88a77ff806c41e94e9829

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 345f177680a8b6535ef95b9043828973
SHA1 4c2cd2c93984a1d064f9c36f37ee6a97c76008f7
SHA256 84d7ac69c8f85dbc9a2bd8c209df54fc56b046b344ac6a2dd1ce4833a5df99f3
SHA512 f76dc4620b5291473bfd2d4e78906b2164d3d4af1759123ce0dc51d735c644320542b41ec6f2eaf6115b8f819e12d16d9f74e64a07799018e7c5f3245bf60c02

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 250795a355cd41d19e92b73bb959f1de
SHA1 33cf47cf8ec2d31d0d0f6c31fc81027d770d1f7a
SHA256 826bcbbd1c436f05ba03706b0f1802f006b741143d0769ad09b58c6e470e7f53
SHA512 ecc28bf44445c82880395a8102b038c6228772122b9dbdb1f536c664c1891b04c2651fc90e346f9451f742762c9a7e38bfb940d9138b5aa4260454f94e7af09e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7f3880d52e32766ef5f582be0a8976f7
SHA1 0a739419c92adab4e21d09360357f8b26cf1e643
SHA256 8e9a55de1ede227fbebaabb0ba6a98a9f7dc8c25b836548314f6aa34716496c5
SHA512 b10318ddac4cd10623ac48b3c7c661d4025384e8b4bf4b58ef55f07447789a494b9e8a62ce6ebe6835ff8cc20bcbc0244dd426406f354f558fc7a34e2c69885b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 db130f11c92ff6981611b8f805a3f502
SHA1 fdda776455b237e0ef45976620b96fdca1ab065c
SHA256 0afad07b5695c1659256cb28eb0acf245acc04680b5f80f6a37a15fd9008b9f7
SHA512 ec84ae5b382b3133da2c4cfc1cc209946b56b39cda0f3b1c68e9489c4db448b142809c5f59efbc5c42b576cf6587d55d820ce424a94c1669f39d65ad9f32a444

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 63f6a634da5b0be9e040eb713f56ee1b
SHA1 66d484300a473e16013605facde315555437c8a2
SHA256 928293d9cf743e421df5248eb16885225a5758df4bd550e3651b8850f03e2387
SHA512 ddc65fed24811f57f5fe6db1d52dcbb5091647b4e29291f5a4b6ef519c7c96303e5f6ba54b5686dbbdd5533656ace9188b37ca7a7f023fa4acfe7b459453d7da

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2533cecf091d6e11d38473787acc8d48
SHA1 8ba14191a7948eaca872b7eb36c334776dc99086
SHA256 d63b6c17329851b98da6a17229f9b92a7caddfeeaef3717b62b1fb19f2544e3c
SHA512 bf98e028cb7e6a04f7730efe5386505d0916f2dccc39f9db58b649c1efaf10717908ba22236d13344a6e12d3af75dec88d91cb8ed79a8310247c6790c619797f

memory/2068-1118-0x0000000000DF0000-0x00000000020B0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\~DFD9133247F1F43EFD.TMP

MD5 784aa21787b7b939c9cf731506bb08c7
SHA1 70bf0e7034957296561056fb72efc395bbd9c4dc
SHA256 23fd8363a0a3b1eb435f36f9198572609fe2c4649992c288cc8ca1ffdeaaa9eb
SHA512 a94aebd18b12624e27c2badaf3e23afc76e036c398953b228bf052fd39abe93ebee2969fa511ee8ce282d50671589008f448129de29aa0fab2bfd24b0a419e42

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 73e0ec5c5294c09faa028a81761278e1
SHA1 21665e2abedabb9765c0d8091d0b62d7db201cec
SHA256 cef648171242f90ae38c59528ffcd1d0115c6dc5ae4786919ab3fdcac86ad13e
SHA512 3ac52893d60a8be564225c1ab37c9357c830abbe3fe88c95ae3d7360b1aa711513d5439613615d9c1e01aa4198567ab5b33ba94803a3411e891c7b0303157943

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ec90e47aca4b9e38e3b6ad327d19d15e
SHA1 8cbd42a0ee354b5d615c22bdf02fdb25cc56efd5
SHA256 e802e5630fc142328a8f3f922487474bfedb47da78a7e911182fe5ac006d7002
SHA512 7408a8944d889a00ebb5507998ac9c85074153d6dbae56e4d44cc147a135867d07a5e89520ffd7585c3a4e720fb1961f8408e44476a35b6ba10003a0145f0d09

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4fcb1036a7fa0d24a33ad6e2aae318a8
SHA1 40a1820a9f1f2965020ff74c27dcfc09e9eca09b
SHA256 41cb1ca14d621647af7b182e8b33ff49d784c10fe8d1ef07ae2860b53bac39c0
SHA512 58e5e73fa56ab466daa7d0be7419c8cf00f134cae9fa7cc0baca96d074ae9b18a60680ba7ad9ffa568253114f353c363a9e53c4d474ecaa5eca6661ca986c10e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 27e1042a3ba1d104fbc2bed2eef39488
SHA1 4a93781d758b03b0e0d15adbc0aa7ea578157140
SHA256 46e36c386fe219afcbad106f264cb9fe8b039adecf2cae4b1eb531ebfb084710
SHA512 615e80e068947ec3d87f4a77e33ef1875435570186b1f7bac1cfd3ac5b636c284b3ff58fedb2179009c1d42498b836058dddd6481674c4a0fd576eb63aafd4b1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7239931b82ab872a89a66a1c881e05d5
SHA1 d004ab4f2f2be6aa2575d5c1435ed9ee49e22080
SHA256 9944e3a84dc2c958540889351d225f5a545244cc5d44605f07faef7eb16f80ff
SHA512 967e29038dfe39d8c3bf5471f0f3d87bfa2e64b440392cb062a636f84bceb184378d4e91783bdbe933c1c4e6148abcf3b88de1569e37a61f3547d7133572626b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5a6e4d9f1a2e615aca5a37f25cf53b43
SHA1 8924311b8f6ee8bdf4ec07bb27042273fcbe00ac
SHA256 f0a0977a51bcef12edc6370ee45e10e097136355ca353ce333abe752e06dd3be
SHA512 4596ae293c00f5034a3bc9cd9ae49b242634106e46ad796fad548234ca44906c3c56034fa2dd18ca18ce0fbd4787b2c2273569230e7882a6b6c6da02ff5156d8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 857d601d9fad412039d5eab2e04c74e1
SHA1 4b045e80acc68545d7fbaae78f02cb1b5f30ed6d
SHA256 e3e5d6dfd006224361fb86c62038a1fb27530c511a65ccb1946bf41ac314275d
SHA512 ebdfdadccd5cdebb626b1c755b0a816676773d3d33cff565999066562aae9d074a9e14597dfbe5f88d4d472820ab02d0e792ffdfaebef3e29bd2aed5299d504a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9990d6614f7099e42f971c1fe19bd1ab
SHA1 21040529042444e843a9768ed73f7fd782939242
SHA256 c4414011e6668589e504d5bf79d7bc86f70acac6fbeba3d1b45341ed98d8a924
SHA512 1dad5422d8c13139c1299678fb41cf883a8b1c21eff1c920650ff64112a13192372cdf5ddd17e6d85be8c4111bcab3f3f388bb26b34c1ec798620e4479190b39

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8156fe7805bf0efae8f83a77a729a295
SHA1 328aa1dcd38b6068d3c3f9f79e8fd93e5619a7fa
SHA256 d4eeb44abfc9fcf08c74d78e7d42889b5b0832398fc59555b1ccf3869b6454f8
SHA512 657a3cef6b83ece7e8f67536d540ece6408eff0a72d5d8f69f34e4904b7c8887384f878f5e5b4a043eb4bbe0ba06e29c816829299ce0ce54e79740f03771b2b5

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KRMHFE1W\errorPageStrings[1]

MD5 e3e4a98353f119b80b323302f26b78fa
SHA1 20ee35a370cdd3a8a7d04b506410300fd0a6a864
SHA256 9466d620dc57835a2475f8f71e304f54aee7160e134ba160baae0f19e5e71e66
SHA512 d8e4d73c76804a5abebd5dbc3a86dcdb6e73107b873175a8de67332c113fb7c4899890bf7972e467866fa4cd100a7e2a10a770e5a9c41cbf23b54351b771dcee

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OV51DDG5\httpErrorPagesScripts[1]

MD5 3f57b781cb3ef114dd0b665151571b7b
SHA1 ce6a63f996df3a1cccb81720e21204b825e0238c
SHA256 46e019fa34465f4ed096a9665d1827b54553931ad82e98be01edb1ddbc94d3ad
SHA512 8cbf4ef582332ae7ea605f910ad6f8a4bc28513482409fa84f08943a72cac2cf0fa32b6af4c20c697e1fac2c5ba16b5a64a23af0c11eefbf69625b8f9f90c8fa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4ce1041286f62578f0ad14149b7047b2
SHA1 2b1b47fbc661f4639b8a301162ee5a576f454c59
SHA256 4d46ade531b05f13878bf163c92cdc87a4bae8fb6e79d9f3f6321f09bfdf2d4f
SHA512 5136522c1e0a3fa3be8a8c080566ca56ccabcd62aa6540d4a8f6bfaa83e9e32d94342c6bd24d28f8d9245a974161ae5f68ff6df93025142d057914887a5f52a6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e6fee5e36b4a622a5ee19cd4cdb0b238
SHA1 1daaeb3aba5ad6c219433f6742fb5ea006beb137
SHA256 e5a42f5bab490de3d6eecc0d0b5ab9b1b921a999a8a46ce0aac0ee4313295da2
SHA512 ad5b00f0bd4bd754c2bb36685262901b270e8d6727d74a5df93fb942c40fff92204d64deb0a45d536557637dabb43e7b5d9d692a45089334308ec7d4f1d0887c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 566390657b40949a845ec93bcbbcbfda
SHA1 6045ed7c80325f87630b3a446ad6118f565a3235
SHA256 4daa1cb84f7e306bd11d413ccbb803793074b25f88653d33fdc357988a141bed
SHA512 74f571f8c11a7360b453271d4938a58b72641440f4f62714b2cda9f4d86ced40bb84df684bdec213a94316df77a0826715343ce4c19771641b1dbd3d950024ce

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f7ba98a4e1d8c20eaa0b0b9dc6ebb230
SHA1 79b14dbb12dc4f51baa7d42e8695c2287dfb0f76
SHA256 9c26351467732cbfc3bbd9c9260b06bbc3ee29c682f050cc9cb17931954e0695
SHA512 4c258557cbb1734ee458d1b2510146501ca5cbc60096b5a4c83856497d6f426396c2a4cfba55926a9351dd845d4b9ecc36d5515c681dc956d95b53bdcbf01237

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e2b4a1e065fcb8d07922591e3885c10e
SHA1 409a7ddaaee58345a9066ba9dbd290d8b7410dc9
SHA256 647e71c623f84ab82ecdb30e00275c3c48f9880b1baff84de06773b3741ecee2
SHA512 d08119df6fa3de6ba86d0f20234aa4344319577b0dc7834fce06ce26a990c60dfc0fd6004168ac03d526536cfae1934818a4441c4f9f7bc73b20f4fa9ced3b82

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 135fc43e71a568276e643a58650780c0
SHA1 9b0e2dabac2504261c1afa6a008ba623847c2579
SHA256 465088da1622b4ec8268db32bd6a4b2e69b3e6726c585da8fa20bc7e5ba21c55
SHA512 2783c11a988afe62efe2e8c5ce58f0b1e3169675b13d8b42310c6d77765e885f0fcc7d607b233ba21102cf55fa25f2cf6d1ba329866eafb4b7719c50b80eb7b6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 47c2e945e044438c180c30cceeee30c8
SHA1 1c84db0bb3eb8ceebcc986439f50bddf4275707c
SHA256 ffcfa1748062da1da6307fec6817755116d331ab93497ba185b86847c8c16454
SHA512 b5125c7ae31eb72f7dc61bd1810ffe92c74135c8c414c2f70b0bb411e543fe77061755ae51ad1c9d8d6aa62bac9b959d4936847df16ffa07687e2f2a961fe4df

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4a8632a37d68cd5273395537d82cbcbe
SHA1 28b63ee09d8fa645b2af28437697c254355ca825
SHA256 addbb28a1c5cebe6c98b59c335745308a454d095525860352db5c680aa1ee5d6
SHA512 89ee09ee5d95edf839c2d3593627cd29abebc28b40c5884492901d0f1152b578e33b2017462df7ce3a01ce221a72a4cdeaa28e6e06cec597662e8ad9f77a63a7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 332a170b41daeb718af7b52e95d70401
SHA1 3e32a35acca908b05ced3ccce75c59e819cd0cca
SHA256 6d35fb33705263622ba050086b3f45f6b259a7df7f60ac144cd37677250b7660
SHA512 f2f0a0dd52021600be0f19ec4c693cfe22a420a4f8432f06444f9f478137011d1a68a2a968fd4b0163e1543d0cce35c321d1d79019861792c7227859ab1471ed

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-19 01:24

Reported

2024-05-19 01:27

Platform

win10v2004-20240508-en

Max time kernel

148s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\57de86fea26df1bbf0a2311318ef9688_JaffaCakes118.exe"

Signatures

Gozi

banker trojan gozi

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Software\Microsoft\Internet Explorer\IESettingSync C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1968715638" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{BD26C2D0-157E-11EF-BCA5-E659512317F8} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 00e1f88c8ba9da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\fortinet.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007bd2b5d2c6d91e4f8f2c8e8b7d41a41500000000020000000000106600000001000020000000e306961dc8fa801fbbc6824d48c4e49b7504a55d032b7395939fd6ebec95a70f000000000e8000000002000020000000a35df702dd90d1765859e8de392460806cb81dbaf2f117ed5dfa007d123ce9c820000000ee2ce7a112c710a41e5908f7fc38e6be0a94cc16798aba479a5c17b1384ccfb240000000cf34092c6c8218a72175dae461513bfcab618c6207750eb3ec3eed68c2946f298832a8f21d0c0dc7947d0f51a64a126f91f873890b1a1563e0d17409fe8f08ff C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007bd2b5d2c6d91e4f8f2c8e8b7d41a41500000000020000000000106600000001000020000000e0b527d5bd51d8b196bd73c82c710910a6b9259e86490ea25c9ff878e5ed4d04000000000e800000000200002000000005cdbc9303f221186ce9aeefbf205486c52411010b379d1cd0ac452b38cdf7e22000000035d1980a340150db0c3d44b7ba65609593257710fa59024c39a6d6adab0afe314000000085bfcabfc10ff515265afcb0515fa8987df346bd079dca2d830e32c00adc2e432b9db7d4ea7a3561aebb06f16f45f01778e5d3b76cd4aa54efb0bc69936102c2 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31107467" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007bd2b5d2c6d91e4f8f2c8e8b7d41a4150000000002000000000010660000000100002000000018caca7961b379ddaf44908c83537c5101f172c50d27c456c4faee50843d8480000000000e8000000002000020000000bfe0a3f4d5992fb6cc92b99f7516cc510520dd165a3ac97bacc499806e5c1a5020000000832b3ea717066378ea922deb750557f151cfcf6847d82cacca55efd9895ae023400000002736f1e1dd22e47c44cf11739a6e8ceb36b776b374c8e94ddcb0c5bc45903767e5caa1d81e435dc6720661cc954453065ed51880093ab9340f95cbae96cc80ab C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{D70ACBA4-157E-11EF-BCA5-E659512317F8} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 2078079a8ba9da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.fortinet.com\ = "38" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Software\Microsoft\Internet Explorer\DOMStorage\fortinet.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "38" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Software\Microsoft\Internet Explorer\MINIE C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Software\Microsoft\Internet Explorer\IESettingSync C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 10d111798ba9da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{CA1D8CCE-157E-11EF-BCA5-E659512317F8} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Software\Microsoft\Internet Explorer\MINIE C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007bd2b5d2c6d91e4f8f2c8e8b7d41a41500000000020000000000106600000001000020000000b6bfb22d540ea1721aadd08628358f5eb75a6a0588f0721af56285d7d0e73153000000000e80000000020000200000007948ad43b397de107837310f30b757986c1b0d94df88a1ea4bf0b514e79ba18f200000006dfe370300ce819f064a67519ecc84f6b8f3807008eb9820af9ea3e202c5f6fa40000000998c2dfc5f955bf521f513d68b077bf9a29be3b502dce0cf8724dd9ae39c8ac5fd1d5e2212ca5a094f0d83f3feae64df6d3139a2c89fa0a5231e87c58f9a1d51 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Software\Microsoft\Internet Explorer\MINIE C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c0fa08a88ba9da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 5044 wrote to memory of 4372 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 5044 wrote to memory of 4372 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 5044 wrote to memory of 4372 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2888 wrote to memory of 1228 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2888 wrote to memory of 1228 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2888 wrote to memory of 1228 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 220 wrote to memory of 3952 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 220 wrote to memory of 3952 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 220 wrote to memory of 3952 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 4988 wrote to memory of 2536 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 4988 wrote to memory of 2536 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 4988 wrote to memory of 2536 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1416 wrote to memory of 4024 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1416 wrote to memory of 4024 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1416 wrote to memory of 4024 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Processes

C:\Users\Admin\AppData\Local\Temp\57de86fea26df1bbf0a2311318ef9688_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\57de86fea26df1bbf0a2311318ef9688_JaffaCakes118.exe"

C:\Program Files (x86)\Internet Explorer\ielowutil.exe

"C:\Program Files (x86)\Internet Explorer\ielowutil.exe" -CLSID:{0002DF01-0000-0000-C000-000000000046} -Embedding

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5044 CREDAT:17410 /prefetch:2

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2888 CREDAT:17410 /prefetch:2

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:220 CREDAT:17410 /prefetch:2

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4988 CREDAT:17410 /prefetch:2

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1416 CREDAT:17410 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 fortinet.com udp
US 54.151.118.105:80 fortinet.com tcp
US 54.151.118.105:80 fortinet.com tcp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 www.fortinet.com udp
GB 18.171.30.181:443 www.fortinet.com tcp
GB 18.171.30.181:443 www.fortinet.com tcp
US 8.8.8.8:53 105.118.151.54.in-addr.arpa udp
US 8.8.8.8:53 181.30.171.18.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 cdn.cookielaw.org udp
US 8.8.8.8:53 assets.adobedtm.com udp
US 104.19.177.52:443 cdn.cookielaw.org tcp
US 104.19.177.52:443 cdn.cookielaw.org tcp
GB 18.171.30.181:443 www.fortinet.com tcp
GB 18.171.30.181:443 www.fortinet.com tcp
GB 18.171.30.181:443 www.fortinet.com tcp
GB 18.171.30.181:443 www.fortinet.com tcp
US 8.8.8.8:53 52.177.19.104.in-addr.arpa udp
GB 18.171.30.181:443 www.fortinet.com tcp
GB 18.171.30.181:443 www.fortinet.com tcp
GB 18.171.30.181:443 www.fortinet.com tcp
US 8.8.8.8:53 s3049749.t.eloqua.com udp
US 147.154.54.13:443 s3049749.t.eloqua.com tcp
US 147.154.54.13:443 s3049749.t.eloqua.com tcp
US 8.8.8.8:53 geolocation.onetrust.com udp
US 104.18.32.137:443 geolocation.onetrust.com tcp
US 104.18.32.137:443 geolocation.onetrust.com tcp
US 8.8.8.8:53 13.54.154.147.in-addr.arpa udp
US 8.8.8.8:53 137.32.18.104.in-addr.arpa udp
GB 18.171.30.181:443 www.fortinet.com tcp
SE 23.32.85.8:443 assets.adobedtm.com tcp
SE 23.32.85.8:443 assets.adobedtm.com tcp
US 8.8.8.8:53 j.6sc.co udp
NL 23.62.61.152:443 j.6sc.co tcp
NL 23.62.61.152:443 j.6sc.co tcp
US 8.8.8.8:53 8.85.32.23.in-addr.arpa udp
US 8.8.8.8:53 dpm.demdex.net udp
IE 108.128.43.116:443 dpm.demdex.net tcp
IE 108.128.43.116:443 dpm.demdex.net tcp
US 8.8.8.8:53 metrics.fortinet.com udp
IE 66.235.152.221:443 metrics.fortinet.com tcp
IE 66.235.152.221:443 metrics.fortinet.com tcp
US 8.8.8.8:53 152.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 11.97.55.23.in-addr.arpa udp
US 8.8.8.8:53 116.43.128.108.in-addr.arpa udp
US 8.8.8.8:53 221.152.235.66.in-addr.arpa udp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
US 8.8.8.8:53 z39bldfq.com udp
US 8.8.8.8:53 z39bldfq.com udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 r79xhiram81ue.com udp
US 8.8.8.8:53 r79xhiram81ue.com udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 mlqlqewh.com udp
US 8.8.8.8:53 mlqlqewh.com udp
US 54.151.118.105:80 fortinet.com tcp
US 54.151.118.105:80 fortinet.com tcp
US 8.8.8.8:53 www.fortinet.com udp
GB 18.134.81.66:443 www.fortinet.com tcp
GB 18.134.81.66:443 www.fortinet.com tcp
US 8.8.8.8:53 assets.adobedtm.com udp
GB 18.134.81.66:443 www.fortinet.com tcp
GB 18.134.81.66:443 www.fortinet.com tcp
GB 18.134.81.66:443 www.fortinet.com tcp
GB 18.134.81.66:443 www.fortinet.com tcp
GB 18.134.81.66:443 www.fortinet.com tcp
GB 18.134.81.66:443 www.fortinet.com tcp
GB 18.134.81.66:443 www.fortinet.com tcp
US 147.154.54.13:443 s3049749.t.eloqua.com tcp
US 147.154.54.13:443 s3049749.t.eloqua.com tcp
US 8.8.8.8:53 66.81.134.18.in-addr.arpa udp
US 104.18.32.137:443 geolocation.onetrust.com tcp
US 104.18.32.137:443 geolocation.onetrust.com tcp
US 8.8.8.8:53 assets.adobedtm.com udp
SE 23.32.85.8:443 assets.adobedtm.com tcp
SE 23.32.85.8:443 assets.adobedtm.com tcp
US 8.8.8.8:53 j.6sc.co udp
NL 23.62.61.152:443 j.6sc.co tcp
NL 23.62.61.152:443 j.6sc.co tcp
US 8.8.8.8:53 dpm.demdex.net udp
IE 52.17.107.72:443 dpm.demdex.net tcp
IE 52.17.107.72:443 dpm.demdex.net tcp
IE 66.235.152.221:443 metrics.fortinet.com tcp
IE 66.235.152.221:443 metrics.fortinet.com tcp
US 8.8.8.8:53 210.143.182.52.in-addr.arpa udp
US 104.19.177.52:443 cdn.cookielaw.org tcp
US 104.19.177.52:443 cdn.cookielaw.org tcp
US 8.8.8.8:53 72.107.17.52.in-addr.arpa udp

Files

memory/1328-0-0x0000000000040000-0x0000000001300000-memory.dmp

memory/1328-1-0x00000000003CA000-0x00000000003CD000-memory.dmp

memory/1328-2-0x0000000000040000-0x0000000001300000-memory.dmp

memory/1328-3-0x0000000003670000-0x000000000367F000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\GOWSKSPC\favicon-32x32[1].png

MD5 96a586e7980535d42beff837da619d21
SHA1 3476ce982ea70b4bc3d2256a0139a143f8091f0b
SHA256 b9c9438c1faf2999165e269cdb87496dfbcdf0e37c4fae8f0c50331e60f2e08f
SHA512 ec2d63ae22193e7e1aca278e903f9650ea9c09bd14dc21b3d7d69eea6477160573f0a877eeb234b9b347a3c18b6b1505c8c159c674dc7d54c1534ea8ce749fbf

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\1uoccp3\imagestore.dat

MD5 cc2cd973d31dfd0adf1fc74a4fbf7441
SHA1 903788c47160258a31c50edabca0561ff5eb9a60
SHA256 1ee206c35652073174df8fca0bd3783518727fc040f8946fadf52b16de6bf934
SHA512 153f9c2e72ddd7c873d25aadefc8e886657eecb32f961bc2aa1c1713be3a8f527477645bcfd95d276503916bbe70e21c9df239d0de1c405507ac6bf952fcae0a

memory/1328-175-0x0000000000040000-0x0000000001300000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\1uoccp3\imagestore.dat

MD5 91c7cac252bbe0b57f9d737ca2715b9f
SHA1 d10282851b6847d294d9959a7f8b8b86b9c50041
SHA256 30bbc59e4d5d0cfa1595e232a3f833e2dc9838b9b0ffb0c2c3c8b0b6911e7cff
SHA512 16dc5182c2cb8f5428bd1df807d35624dab3231ae9341d5f274c50f6a62e50a6d58a7b84fcbf8f8aa15fd960cbc46f10ad39956371d8672c0981462dc9d8cae1

C:\Users\Admin\AppData\Local\Temp\~DFA7EE108D4A35262A.TMP

MD5 14dfe2151203e0f92c4a8689b13f49a6
SHA1 132f72d13fea8d60099267e622c9ef0e2c8ccd82
SHA256 a4c7864c144760de80e5c28020a0de1b5e1f18486513628c7d2169e9f267f157
SHA512 ca9b66beb74565277be73103ee875fa8992159964a063f1772d2b42f19eb16a379925e4e5cf4091ff41304e9111c0d00dc519693a5001f9a362e3e21ccc78ec7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\59D76868C250B3240414CE3EFBB12518_E84A01531BB3C376791E50FDF72FC26C

MD5 50ed742799e38480440a8f04f2a8ccf8
SHA1 4d7f26176b62bdce55775a1e2459e99e031ac1a5
SHA256 9808c5a9a3423a27be8c5b2815f74c277d4d974bb7c879bcd3afb28c043b3100
SHA512 da58d6e3b0bff9e6528a7e5ec98e7b1252b117cfa28e8c2a596380ec890bb0d325ddd343c3af704bd2311a4dcdfa66514e634dbb9ec27e6ce8b9500923025c8b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\59D76868C250B3240414CE3EFBB12518_E84A01531BB3C376791E50FDF72FC26C

MD5 946a9b79af2459dc971c37629891138e
SHA1 5aa4f3437154fd169064c9b1a632c612d9621741
SHA256 cd8e4c2f6a7c033c22d2c9bcf92c89a7ccc84be0a38dc863cda738d6d04f1bdd
SHA512 0cfb6573f1a57c4cdd5b7c67a7bf2af1412baf8e377b9b288f3124226f3450be3c5f423622e96577c4d052c9ba7f84e4a196729c474d9f4c80effd840bce10cb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_49536AB5156BDD74EFF881D01C36A419

MD5 afc28997cc0772c3bd99aad094d79b1f
SHA1 59694d4d8ae33ee3af08c881045ea171d73bd576
SHA256 23963996da39cfe403518cb7fe648ff44d46ff421a17a53b94c4a4cf0c383488
SHA512 502116ea2bb16e4bcfe5f77038ca6fbbf51eeb5dfcc6e62e0302764b70066fd5321c6356b6cf0dd3c2a82716957db9a32caea477d047e5904fb5162ada8dadbe

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_49536AB5156BDD74EFF881D01C36A419

MD5 bf908f8d6a444da0267eb0aaba8a436a
SHA1 bf4f52b4657be590ce6ea5b1c0144b4bed09c75c
SHA256 85b0432b628d2b9d8ef2d0a8308bd67d6c7ce6123ccdd02c8eabee936672ac3e
SHA512 f2936068f31d4277e10ca05f4173fd700ec248450cd1a6d1e055e41bb9a9f3bf9a53b0f54511ec03f80cffec3783248f75ce82717eed02259436aad67b0c5b9b

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\7KQBJSM0\5TJI1S55.htm

MD5 cb2f1bcbb0c3d410c49c18f4f5cf7b06
SHA1 fe2f8cf507228e625637993def449e72a5157c48
SHA256 dd8653d7a8263f948d85ee2838cba574546fd39fb95f30ad223c9ca1db8e0c0e
SHA512 13d7b8980f714cdbb8d2af1c659fd78cb6dbd8702f4935c2ef1b88b962190b3f9fae7852779953bbd06a1861b2bf1c7d999eed92658afd9cc1889302dd3df0fa

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\EO73ZF47\ftnt-site.min.8fd5ddcd5815e37ca1c18ba1ee7dfc6a[1].css

MD5 8fd5ddcd5815e37ca1c18ba1ee7dfc6a
SHA1 3d6f7bdb2f8a062c4b40f97a2af1e7943359f554
SHA256 4e5bfdde03ff7abc13a432a282adc90aa9aec87503b9b9f5fc2e234b5e6a63a0
SHA512 1fad6b97be22e4685c4fa4f1e3bc0f3fb27b0d5217e02af124c71ae236daa838bc86b0c10cd4ade3aa6ec6053f22f77ded5a798e88db2ee2e5904fd8b45a28a7

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\EO73ZF47\otSDKStub[1].js

MD5 0b240efaa8d49be60806096ca5b0ca04
SHA1 6c0b504ace45134621201b82f0f53d77b0354678
SHA256 6a2f825beb3b540a044cdb0515177c34497aa2ce92e335bf1498fa42bb5baf88
SHA512 c63a6f81ac9b7b99506bdf7433f2b1a25d1f023c6277046d89a7f1f82e1da937b89df2f8b519534f717bd87c2f186e7ce9e5d0106103667b0fda87c81fc40a56

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\EO73ZF47\security-operations-icon[1].jpg

MD5 480fc6a87bd6560bda19ed319c420893
SHA1 38ba02b461297f691e22044f17d716e9e9668f6d
SHA256 8b58065453f38c6fbbb5e07832446132c8a72148e1853868400eb3d47cf80802
SHA512 323c4176e5cea0132f870c44b02e8de0d3853d0e5145744c5390b60f94baf6df325163010f5872284eac0c0a024cedf3d640978e778602b96cbe2c7235d20a41

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\CMPDKH9Q\lozad[1].js

MD5 ed185568fc5c806e47c9cc341226968b
SHA1 3e9e5a2333d21a80913d521ca628d42abf0b76e0
SHA256 b9d286e34f4966c9930d0bcd7d32e4f80e0e9b45ba493d3f71e5ff695ab7d92c
SHA512 bb6cc87422d670c72b6fa5c13c531c95433e99c41a4f40ec81777d50e0c37e30764adbb8642c4d2eac19edcc4a87e76c7008f3b5075e260329e3a9aadea0d6e9

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\7KQBJSM0\forticloud-one[1].js

MD5 a35d465d56abe5626d2013cf1e9768ad
SHA1 5e9535c9b83d5679a6fab6c9655be7e10340abe4
SHA256 9e8aaf26c38f74fd3f592d58478cb252dbed848e1af283641c9ae8bac4d3c2a4
SHA512 340f143d468a3319a8a7f5b08c273de982d4f8511f7053ececd7a3e5ce7d51a012d9b724bf2abd2cfb419d7550c29dd33efc4915dcab08daa69b998608fa7077

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\CMPDKH9Q\ftnt-site.min.6c96bf20085c7fa5eb766d9d4a110f5c[1].js

MD5 6c96bf20085c7fa5eb766d9d4a110f5c
SHA1 69d3202b565dd7f5a82748ce76044f45a5206080
SHA256 f99401c8a79d0739e851258d44e8269aa566dfb7c4bc5533df409c168fbb386d
SHA512 1fa1b642b76ba9a897c0c19b794512fb3ba994961d3f19026b7ed12c30cb4f2a645d3bf3aac30d997a4548947095012401ecdb5d1e5af04e48172757f83aa18b

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\EO73ZF47\icon-tech-5-ot-aware[1].svg

MD5 3148a5ca2f68fc247b730c1d36ca8331
SHA1 35969c74fd807e4e7276f6eecfc8f3adb8c077de
SHA256 27ead6e8776436d800ea55f8b5b324445ff31fce6a4f546f975df20834138b94
SHA512 368ef96c55e794555dd64dccc1bf147626dbbbdd2a5dfe3524b5cc8a24609ff93c629a0dfcd1ce26be412490939ba8e947e00cc53a02b66681e9645d0926f674

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\7KQBJSM0\icon-tech-4-fgl[1].svg

MD5 a745bf234cd317f93f6f95df65d534a5
SHA1 4f76412a0e1b8f4dca0c16890dbb4bb470e5dd92
SHA256 30bed5ba7440ff8234b132461a275384b157c2007a3e39e853ea064511c98d13
SHA512 d6795c60b288e0094a56954b7393598a5c8887a7b53ab39d04a52855b840fcf5ef697c3688bf9b7d0127024c81316e64ddcfc334c838b8dbd54fee53088cd0cf

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\GOWSKSPC\icon-tech-2-fortinet-global[1].svg

MD5 a9cbafc9c742822e128e299a5dcf9907
SHA1 a8f99a4076201951fbee96857a510669d40533c0
SHA256 db2bfd8a27b0614651d098be386231b7cee878e9b6a14b3ae372c1d8f2baf7a2
SHA512 95cc6e46d51897a9569580d344be03a2658808b9d77080c255e672b7fcaaaacf55b8d8f88c3a00fc488d47c74a1e5dfcb18f8f69382e3b6d421ef22ee3fae689

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\CMPDKH9Q\icon-fortios[1].svg

MD5 88096bd724fc892256ee6058e3ae00f2
SHA1 4dc758be99551f049c2e9fc59f086760a3426361
SHA256 dcaf5ab514f5138e5ecd93d8e88bcc151c2e4ec161a925f3be411b064289518c
SHA512 7310c2f2c2b6eba4c2db26c6a82feaca16c6ca62009312b1fc04110bedc57c56907e967e7f68acec10dc625609434fa7aac628bff42aa856d36b7bb320c921e3

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\GOWSKSPC\icon-tech-3-fortipoints[1].svg

MD5 8d41796d65d0fb1160e71c75d3627849
SHA1 a12c461df093e035dbfea0d43973e6298a211254
SHA256 ee1015b06c149a7c12f5980f8babd07d296f37bcde3307cb982eb3424d90f569
SHA512 aa59d2faddc33a3130795720bf85bcffb9ed505cbcec211d819eadcd6ca1d66cb2e545dc8b1320b38da976a78dab6bc9fab25650385a0920deb863831277e384

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\GOWSKSPC\icon-tech-1-ai-driven[1].svg

MD5 a8bc6082a2577c495af7dfdd05ecb6fd
SHA1 2ec8a2c46607c50a150e62b27d328076fdc29989
SHA256 57a08ed10abd2445a66264916cec70382c0309ea184d47dc46128a32ee849f7c
SHA512 6d2ab4ec667daed044fbc432e4ceaf00da5d4af3d0245aeacac2dfca652328397c102d1194239e7e9545013f088efd4a65b7b23fb1969668441ba9271f2103d3

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\7KQBJSM0\sase-icon[1].jpg

MD5 4f2337bf4e28a00d36feae3894a1d653
SHA1 0a188222eb147060bf517be46f43d76af2a39ecb
SHA256 e3acdd56144610d8ed86cd32160f31c042b782c6e8232cd10d2e60aec6cc961e
SHA512 3b3d8eaefa91ec42d2626f375c429115a8c7f7dae7a7635f73fcc3a0eb384fcf2dbcb19f72609efca48ac53dc821d2bc593c34873db1d996e313b6aee8bd535a

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\CMPDKH9Q\secure-networking-icon[1].jpg

MD5 e9ca53a0670e5a1a4fcb9780f59ae6ec
SHA1 90d409d71a17b59a5cbf37621a026e01e6e84d5a
SHA256 b3aa57ed4d5931f8fcdb1eae8353702b8244c1f6c2a4f0b1d3328f545556fc09
SHA512 d4d8ae53e69fdf3fc14b9b23b61ad0907c93160cd3a7834a27b8defc9e3e933ddfc1e9d6fec4d0b05ae56756187bc9ad22473c5ee066e8ada320f45be5812906

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\7KQBJSM0\main[1].css

MD5 1bb10d283417e80104243ddeb8139349
SHA1 2bcb579f883f9a4257408db2e25538c24903dd93
SHA256 9a4760fd96675f463b35cca209de5ef6e7ea756f720b7bf3fac5dc074f55b35f
SHA512 042f945b2717d5eaae3e9a3e543b73b35ebd1decebadea3b6fd2d4a60ebbeaf96eb2da2d15c974a3f3186360647f5b953711cd18da60fc0e8a1670d3071e0cb3

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\GOWSKSPC\fortinet-logo[1].svg

MD5 0b4efbc11dcf87a6baf56f66c7fb3cdf
SHA1 44183ed1e9d6e390d722daec238e8aad64f0be2e
SHA256 57e367546766312fefd36a98e0fb6f6c2885768616fc186ec42435bf85eb48f2
SHA512 850666f625edec107c619e64b421e6ddffbdaceeaec79d6e9f55f3619313196d4e9d1b6f1cd24408dd028f3f48555ef0f726c1dbddda208e832d9238f4571838

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\CMPDKH9Q\f85f39fc-d7aa-467a-b762-fbb722748016[1].js

MD5 24b4abec973c15adb60b46c4c03d0167
SHA1 518a1248f3d3de3b985069dabb54d8540daa8fb5
SHA256 8998282f5a80fff5eaafdbd457dd7a81af0cd7c8696bfe032a6aeef8fe67f99f
SHA512 73304f1944b04559d09a87ac362412e95bbd36c3325e5caa289fa8d1e102da9918a1e217720385e0e9f03d7318cd6e5c9f3b66e0b7613a9fc7a1e57e0987bcd7

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\EO73ZF47\featured-news-104b[1].jpg

MD5 590b3a1511e8a0d8764a9f75497edc86
SHA1 c82016c85162879a300dc9aec5e5f62daafacc11
SHA256 fa455d9be03c04d0976b261804738aa851d1e3517b352bf750bb8559480d1a2b
SHA512 305e32cf5d393c2f1556628e421ccc1c34a8c4dba7539a0109310be3fade9a40646b6fa1c1c1c7f9f4395825ae3f8d867fc8dd99624f73ae264432584a5ea987

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\EO73ZF47\featured-news-99[1].jpg

MD5 5906b44a3d499dbcffc4999748c738f1
SHA1 738539a9458f289aeea40b43f5f7a11ca7c4c99b
SHA256 776c1f178d184dacefcf124e78fca5a57bbc2971fd04c8e9ca449c09ee4aa5e4
SHA512 421554efbc2136db06abbe4b0c9fa12a6a907f2ef657b5d2e43f331ea22c988e31dd4c7b52a4970b63cdac566bc7121a280a92bc154cffe6f8cf1722b6d8d082

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\EO73ZF47\manufacturing[1].svg

MD5 ba26b04e9805cce59a79ac10636d9a1d
SHA1 c3eca4d994044c3ace4173b903cd2cd7b8bef177
SHA256 df579d2e22d400eb476ae58ed018f5cbfab9757acb66a734da1969f958cf9578
SHA512 60a5f9b61b900fb0a7003f9d35dee5823775e7edfb64c157a17b9651ccc7a79bef2feb8b49d2ed03fb30460c1d2a03f0887809a2910414b0c41c33f4e19429a4

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\7KQBJSM0\romain-attanasio[1].jpg

MD5 fe41c1cbaa92d5c2dca898d054476f85
SHA1 0a06fa2a90f5f6b3d728f5dc17f824d71c6d880e
SHA256 c7db13bb3c81f73dd0228222ee0e2dce22ff62aea05315edecfa2cbc3390184b
SHA512 0f904d476a8ad209fe88ff21774c42f37988c803795b87fc04efd00493413a8993c4cca0047fa45683a7a6c2f8e076db8a8ea4d5ecd9f752ce89d8f225aa489e

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\CMPDKH9Q\microsoft-ignite-save-the-date[1].jpg

MD5 18f3e4adeb555bcedc146c13b53ac0c4
SHA1 14d6632fa8b4ee5f3b98b86809834c7813508eb1
SHA256 f2b03160d8fff22bd04703eef4499e79c7117634cffdd3c7d634f6356bf0d16c
SHA512 5eaaac386df08d0a14ba1e82318012c4ad0fed83abdfccb91716f767344fda847063454a7c50597ad47705dbdb7007e01509b5e3526962b6d4cd9ce7e3788faa

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\EO73ZF47\kubecon-cloudnativecon[1].jpg

MD5 f366528786f965841b661553505c7337
SHA1 d42e2291f8f673730e0bf07f7d3b1dff2b1098c0
SHA256 997359c974c92d42cb9baf7b56256887c45610be23a8cb1e1b62888d4527a252
SHA512 baf469d68c69879509b5e76df940471aa879ce90d3729aa432e5220f0dc9f8413714442f834cfef131cff9dcd71e7a6247d691fdfb2d8fead27be2a529441fd7

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\CMPDKH9Q\black-hat-2024[1].jpg

MD5 a8fbd4a9cd6d447a25cddb758787acd7
SHA1 54095b6d88de26ecd58b1e29de15542990245618
SHA256 15cac9bad599672ac16e130f05be48f9bbb337fa7ea5e333837af1adf32bf5a9
SHA512 a8b791b45886025dcbb5c2854b6ed3bffa88bc46ec480b6d8e7c4c3737dc8d00a3dc42da3fed993230c9855ca952f516b5aff1f53346b085ccf7375f9c16adb0

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\GOWSKSPC\aws-reinforce-2024[1].jpg

MD5 dedced5fd0e34b74040565886d795266
SHA1 c3dc08a3d3b079eda13202fd8212c219a6ee6f2a
SHA256 ce6d43e5be318fcf8233a4d9766e0af3f47b3e8ca9340488fd5273df4e4b3abb
SHA512 603302dbb07eb195b3be0cc92bbbfe5687f6a84550bba9fa7313f94be9b80296b8079594828182e06a2f0b06cd2296ce10778b32450023e8bfeb2355cde97951

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\CMPDKH9Q\discussion-idc-realities-trends-influencing-cloud-security[1].png

MD5 961c87fa541f9775d629e856184d0528
SHA1 4763b03f3c2357d3a0602859c4a0b05f12aa28f2
SHA256 c1383923151de4deec0291a67cfcf56d4feb1f177d04bc64c6e3d547638236bc
SHA512 c6f10310a5b13887eb0cfb0947beea8faad821a9d0af1cb5fa44240f5a254af352855f0145e5f094990d34c8183bcbe59e56401811dd98759e32afb874ba5451

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\EO73ZF47\gartner-security-summit-2024[1].jpg

MD5 3b7d1f28dd6d6d1f6dc9d171dd2824c4
SHA1 4e0703b370559633642d89d06221bea996676aeb
SHA256 a161c39be82dd5b95a8ce8d69c8e31253077ae1f74f25ddfb7a0b6abfb981828
SHA512 b93a9355fca71b0a695f2bd26e86a6d0778981f511a791138dde955374c6e58b1dda723788a14696b360759c2d5427322eaa2b88267516a03be2f8e14e608ec0

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\7KQBJSM0\power-simplicity-unified-security-unified-sase-innovations[1].jpg

MD5 a675e3e730847777b36936f2a382454a
SHA1 251a7c5baead03e048e4c357e68cb3eef585170f
SHA256 a53b3d8344ca1e966839aef66c0dcba068fa45e12fd6b21ad75a9d45bc5e87e1
SHA512 183e8f5ce4e1f731eb1d51ad6c7097e12bee36bd8776d339189a917b8188c957bebe14010a481f1f951203cfb63be72d076b09cf794da93419bd2c75b2557f3c

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\7KQBJSM0\utc-telecom-tech-2024[1].png

MD5 b32ac9b2a7a49aac8df4a365c34fb71d
SHA1 02fe761b280cb216eb5dddd5b84e754d489c8aa5
SHA256 9a8ded7da2e96f0b1f1ba9a91e6e75be90941a5ef01e631eca8cb143d25e7d44
SHA512 86900cc2f14fdffd5bbfc9aa8a1c472a95d955bc4751a6b2b0ec5ec87cf4fc817ddfdd7856c2f71e56c8c170dbecc36a3064772d22232945cdc4b4e3844113b6

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\7KQBJSM0\icon-romain-attanasio[1].jpg

MD5 c4887a2681f276e549134571f2b26093
SHA1 2d386fd6e83234f38e7e4bf5924fce75470e3fcd
SHA256 0a16bb5641beb43da79176148f80ac479b6627890a45f126388de7af8421e2a7
SHA512 4a7f6dd8eda6698b67e7f298fb3ed882956d045b399f2a650db4839efbb5060d45f657680d6c2d27fa27cf1dcc5bb08fdb5261f9ef30b8f1e852f4dd6d665bb2

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\7KQBJSM0\pga-australia[1].jpg

MD5 fe653e89d41c57ca7a835a85a494fb7d
SHA1 4b4d72f31e97b0fa038bdade6a34d6e8ba65ca0f
SHA256 96728e9a85ba060827c4611ae8d67e0e064d2a8723fea71866b138cd4339683c
SHA512 81914a4f59b5c9c11a0ec3852ca904b4ac54d573a616ef001e86729249d9e1d18beae0d8fdf06015b165883cfcd1009d5491494c3f575ff95950513993abc95f

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\GOWSKSPC\icon-pga-australia[1].png

MD5 8edf66c16f20bd2865a0a79e23606d1d
SHA1 fb83e2cb9f9c0ee772cd2c23f6e94ad0a4af46ef
SHA256 789949192679c823d20fd09f7cb19c9aa3e0e775e7d0ad1ef7d5b2bf2c844380
SHA512 6d7bec031052224e9662ed9be03c26f7bd1173a8d9f8b1d95c718bd530beb36c1ca18adb878febbaf331f0879ae16d0f24469f9f0888b2ace6dce1ba3b917442

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\7KQBJSM0\pga-tour-canada[1].png

MD5 b4e7ee65fd8b9f13be234f219dd47805
SHA1 979531fcda1476cdca1bb5737d1d4b03f62e13bd
SHA256 aa845d07dc7ee9d19f0de37bf3c1058aaece9bfecf8b642b9e71c794d679a9c4
SHA512 acda7d7d15ec32195b3fc05e095d9ef1000aa3eada3ecf20b3d37a0e910e3ae7ede9c6a97310eb2efeab916f5e812bf091051343fd1e6eb9986b65e3fb34f3d9

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\GOWSKSPC\icon-pga-americas[1].png

MD5 502f98786a5abd17a41ba4402b617ae4
SHA1 737f72897736f446b4ed523951a1d0db646d85ad
SHA256 b151902e30ec258acab8de2556727d5aed8a4744af4b90b86190ebb4d7cc553c
SHA512 eb1e8618ff4072ce061b6b33e4cd28754f1fc7349f412cfd4e920365078fce949805b0b96385d77ecbb1b78206ee59c8dd538056412ee239fb5903ff826b1960

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\7KQBJSM0\dp-world-tour[1].png

MD5 d4281f0fc1da258599b406c1c88a9ae7
SHA1 e0152e300f609aea0398cf7315afbb5bd0cc353d
SHA256 7b20d15961ad92cacc95d4bf332628228b59174fdcefec42ab6809568f530c52
SHA512 99b6f19966c5ada01196e0d7182e18c9b66870d367208ddd6acfa6bfc814216b5bf0cb64239abb3b21f6a5e457143b2f12c75873bbd8d7138963f3281d1e6986

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\GOWSKSPC\icon-dp-world-tour[1].png

MD5 232aacf7b43e39b8c1fff00873548786
SHA1 669c5696180a1706f11ae4a5152dc14b05a2a099
SHA256 0553baf0851b7a0af175c3a75c4e96553a06235c9989c391ca60f7db9170d09f
SHA512 27da373812f4a61134eb2aea36dcdefb9684c23a8cda8ba5a9c618b2c5290ff3ca28afe9b5a5c2ce9cec30f2cc7b52a35283f17cafff93f71ec814086323f5ae

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\CMPDKH9Q\industries[1].svg

MD5 89eb1425a27e6ebef4d5d5d4b9c9c632
SHA1 fc1ee963ab5911a8a30ffbb854c8e2e471780b8b
SHA256 8639adb683d52e9721f518e050fe88e93708511b4b676daea2fd8386b935f7c7
SHA512 7ac710faf5273eb6cf8e4baf173fc17a7e76d43a10bdf69bc72df5dc44fa61fb20605c83faa0ae975089bd3aec795d7b5073e993dcb56caa88bb3bea51587e52

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\EO73ZF47\pharma[1].svg

MD5 d9e3b6668074731997af23fcf454c0db
SHA1 529c922875226e3e9a6aa43a7892c57f8b1024b0
SHA256 e01c5a2293d40121859cc952a51a58d1c0ca39f0ea25f8812eed95ee0b8e0c6f
SHA512 1311b8209c8bdaf3646738a2c3966b5b0ad396b887ad647868782bf9e0eda72b6cef6e6dde9c7fd408d6707bd4dd8ca511d5b4bbbba76ddd206ae910b83089d3

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\7KQBJSM0\communication-services[1].svg

MD5 8a4b3749e0602bbe677e92c27239f956
SHA1 7ef97302f21e327219f418d0855a5527e7e359c7
SHA256 adf6b4c4bef8e9df6d48e50cff0260f1e04a8fee91c8dc1326857ffd8ded58c5
SHA512 5566009e53518a3250bba595436ea2027583193db28f237a39f56590fa2db111a84f8811852fe4543a612b66a981dc3cd095ac57e12f2e587b3b806cc79c98da

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\CMPDKH9Q\technology[1].svg

MD5 31cf297463bc78ea32c03d65af66bc04
SHA1 f6cf2b3824a4220bc98d0c62a844cbfa130f151b
SHA256 ce42116f15066251fddba0ce45ae0eee6e65535eb20ca4c875626684fcd98a57
SHA512 ee90f471476e3ca19ee5ffd7b9ea062c5c69e9f00edc9c0fdbdfa1e5235bfce5ad878eced1295426c9006e32121587df456e390166593157ce4ee6acda392864

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\EO73ZF47\hospitality[1].svg

MD5 2a5596261d83677676a138405dadef0a
SHA1 abeb97ac0c47e9fcb480ab97ff141e7726f1e763
SHA256 475a7f21c495a6bf174a5858ca9ee76e339ddbcca303e56e7e3a92dcf34fb422
SHA512 42e27159861f018b8bac7b47ac614ab52df0a0e3abee45e420265b5a38ea09942c608affcfdca5a91e9fec8cbf86775d35338d183e5b69d902952ef491ed7bb4

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\7KQBJSM0\healthcare[1].svg

MD5 95d5104b581cf4614a920264d2f360f1
SHA1 5ce7a58577a000fa686cd17994e90ce29cf86241
SHA256 e5263531f1a78602426e0511b944c9af1600e24c5be32a1432602f5d585e2596
SHA512 280d5016fc6e99a97cb8281a46fafca2bf1b815b9a4ecdac42a4ca0e087678a73455b2a55228e73dd9637d5652077941021316d86eb5d92d54901ccb9bd1427e

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\GOWSKSPC\financial-service[1].svg

MD5 0823f0b94bdfdbe753e09856539b2aad
SHA1 3d1a3082310d5983825afeacadf731206fe69bc4
SHA256 51197fbb1d6bbcedcb6debd0053605dcf3e76248289e3613f295cc957674495c
SHA512 93f85d70c8b2969e2d9f0c604f6eb550b327676f0967497b25309384eb463a06db1a5204d33b9fc5f6d4b1a62f02a00d8bc164777d003e7a69cbafd209e5d27b

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\CMPDKH9Q\retail[1].svg

MD5 147e78a4590673a53bfa7b747a10bc65
SHA1 b0e52c652125b99b197b3048c9af40419755c3d0
SHA256 01b628ecabe34faabceabc3912a3db259679fa3f92a36b38937ee429f484ffaf
SHA512 4104013b1f6de511ff822fd19312c584523cc397529bd35b1cca6be50dcf432a220df984ab601cc921a1a0625f00cb826d6d266d3c5d1f8e1b83351694e3afb0

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\CMPDKH9Q\higher-education[1].svg

MD5 d28d695a13c8d220559bb159db820f1a
SHA1 df8d56c24ba3bf1628cbaf5c0a6eb8f93a8b7397
SHA256 dc8afe3c31758f0d6c5e2c6509ffea7d9003e17bdc46b2365b81f1bac217e8cd
SHA512 4f0574f59e5a539d13b763a6baa600d5c7b0f82a466db4e2c98f9e64d15a452f162b4de7d2a8b0d8be42a9978a4238ae7ea48c8e9d373e8d40d549fcf14e314e

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\CMPDKH9Q\education-k12[1].svg

MD5 caa37bb157504fe3901ff3f1c524d753
SHA1 9420931b8f08b98bbf87a736d601d505d2a542d7
SHA256 2a1e41e942e8129c2dc8d2331bfe33d396107ccec63a83dbeea300254f96c498
SHA512 2a2f77dff253499c266b6e3b79d6655ab033a885d556e35db8c56505cbc6965ed193e3c4ab6d654d7a5d17ea1ddf4229b3c9d2a84c5bff22f8afd409355db9ee

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\GOWSKSPC\scada-system-control[1].svg

MD5 eeea440b1dfd9a3631d30714a293b694
SHA1 b9d3332f08892e1111dd65d245d0cdebffcfd570
SHA256 6cf0986b6c19f7fb7093f0f0e4cc08f45ef9f010d672d888edab7d085b0abc8c
SHA512 dd6a9a6ae8b9f87e00546b94fc53415032383d9a973478b64b8c8ecae4039303be8dac04afdb67adc6b5a2217cbd2ad41412312cdaa711ef37e7663af2bfd58f

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\GOWSKSPC\featured-news-96-1[1].png

MD5 d5b6ce772501b44b98e99b8a3231fa58
SHA1 1fc7e998c1934431156f97e8fd6ffeeca4476d8d
SHA256 676e1295e903605dc3c2129f407ba6c4b313a1ebff129b315a012f4bceedeea8
SHA512 d79a51c2db16fd3a8b1f15b57d5caf11735e995072513ccd4559626b348388fc710d8bc67b16cd699133ec93d69ca0b4a1ff01245106cdc8b64d38f26beceacc

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\GOWSKSPC\featured-news-97[1].jpg

MD5 b14ae4fa0e67d934f68a4ce45fb11598
SHA1 a9699cf078a9bbb6894890cf5d8b9e52a057beba
SHA256 2fa564941684361e68a60794f6e50608a96520c051e0642a5948e53f659dd6b5
SHA512 385a30cff2c631c457bc8aa6ca3f47bbe0da189b651c04e6faa81fb8979e151bf5c450b52c73909576cf94490f571dbb0bf1a3ac751babfbc79a87d6cdc745e2

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\7KQBJSM0\featured-news-101[1].jpg

MD5 09927bf3123d99f84b11b392a79e790d
SHA1 356e98e1b60404e6f4449547048a22e7283bff9f
SHA256 eb95d154533dd04819a3fe29182f2cd8149aaf78cfd440c244d07a605b5c9f85
SHA512 9221e6e0982b760d51646afc6d4661fe0356f04b21cf270c651056928ff408ae3b43f2188efb708234fd50a07b08bcfd1c297aa98f61b1c4a0f2e41f84dc0924

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\GOWSKSPC\featured-news-103[1].jpg

MD5 246e7bb7c1113986153af61da0fccf1e
SHA1 76b9ff5031e94e8e901b1de2731cd91565f33031
SHA256 19b03d1f3e475121e5bee72b18d071e20d02e78810070c4da0b4c8a4a8bcc528
SHA512 dff944fa89bd5454ef63c4424c3639b1ab6f99813663b6eedc5357f0e56752919d6a2f10ad4bd5eca48b1ed550db6904602bd44614e7b9d75945d1d87bc9cb4b

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\7KQBJSM0\featured-news-102[1].jpg

MD5 0f6ae5146518e2a6a598d36aff211fd7
SHA1 b74bbc5345812b19472314ee7e24af44695e01d3
SHA256 c8bccc7ee87bc7e9ef7b6622e833f316c835b0c43dd8421ea38f3ab042cbd5c4
SHA512 e595e42f058a66586b08df649a144d74b3cc8f414782e60fbc0584c78a8b5c5d6682c136280a24d957f13c9b43dbf9dd8f7d89da81f2eac9e06109a9ac35d2a5

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\GOWSKSPC\featured-news-105[1].jpg

MD5 8048f83a3692a24312aaca33bccc41c1
SHA1 7b33d03aec5e593872d77f585b9f1d3e450642f2
SHA256 823a5f4f7e69eda1a6f2adc330748ceb968fe485fc7553f0b15084dd3c9fa28a
SHA512 d3ae2880625108b09844307e63646e0f3352a15911a2329a26c16ae0b9895f2870f5e729fdceb77b66e1a07ba6b39ee05787aac70de9d40661c03b9e5bcf5af6

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\EO73ZF47\featured-news-106[1].jpg

MD5 ef1d38168458e59bd9e3d84b02ca6f95
SHA1 d898d5e5a582f3b711e41dcb8230e796a14d0b65
SHA256 7b4282fb8431a8285ccfcb945b9fafa066bd92e2bab4230829af8846ba588810
SHA512 e2af3675ac547b3a793ae05a91eddf62be94406e16f54e03f82dab3fafc9d95fe8aa0f8b50397caecef6276d3e4b6746b15bb67b76595184a6f71fb369feeaff