Malware Analysis Report

2024-11-30 19:02

Sample ID 240321-jaz1daee35
Target https://youtube.com
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

Threat Level: No (potentially) malicious behavior was detected

The file https://youtube.com was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-03-21 07:28

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-03-21 07:28

Reported

2024-03-21 07:31

Platform

win7-20240221-en

Max time kernel

72s

Max time network

98s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" https://youtube.com

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{CF015441-E754-11EE-B671-4AE872E97954} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000112dd71d930ff24b8b2b71a2c228122b000000000200000000001066000000010000200000008beefa49a421a4e49ef3bc21ce99f32d8e801cc4aa00975d5d878ac60f03c1cc000000000e8000000002000020000000719e23b7313d237ae2d751eecde020a913aec085dccbf25d328e6c8d6c1cad8b20000000b4aca90a5629975c3577e88cee173da92827de4635e4dd3c4bb37c4796c40d194000000032d31daaf9b119e9a795d2c0fb1b7bbd40c92f15c4ea3dca5203b36ca564bfcd1d8c8386ba53f56d1288ff12ae06d725f3c57bef7200b6f668b9bb3fba5dfa55 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "417168066" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 00f416a5617bda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000112dd71d930ff24b8b2b71a2c228122b00000000020000000000106600000001000020000000f50298de9d70079c7badaa85113287340918391f737c4f86ec08bcfe92a1c447000000000e8000000002000020000000ceef54d21e6372d0b9ae5a3a5e4a45f4069531d15f885302c9e71e7a8f1caab3900000009520d4f3d4573e1ac3bcfd673a8a04b9b163f72711afd8daa4a791e8527362b1241bb7f2d8299a2b84c9c886e94a9e535300848d9a1f3e5ab3a52af882673df4a956cd9515e6dc8591386333661cb71959c28b5888adda95a8e97e83fe3de253d1c126564b86536dafd3699a0c4b56c374910dd8e36d6752b4ad0e5623fb86befe55135b91a5077b6f7fc80dabd84b104000000032c81a367ac45dab6d1c1e07ce9a70bc1eac815ebbba42c5ba683141073c3319a265e1b1eb490141be0f72aeac9de769abbde8e6c57fbb56d582b3849542e809 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://youtube.com

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2460 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 youtube.com udp
NL 142.250.179.174:443 youtube.com tcp
NL 142.250.179.174:443 youtube.com tcp
US 8.8.8.8:53 www.youtube.com udp
NL 142.250.179.206:443 www.youtube.com tcp
NL 142.250.179.206:443 www.youtube.com tcp
NL 142.250.179.206:443 www.youtube.com tcp
NL 142.250.179.206:443 www.youtube.com tcp
NL 142.250.179.206:443 www.youtube.com tcp
NL 142.250.179.206:443 www.youtube.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9M0HR0P6\favicon[2].ico

MD5 f2a495d85735b9a0ac65deb19c129985
SHA1 f2e22853e5da3e1017d5e1e319eeefe4f622e8c8
SHA256 8bb1d0fa43a17436d59dd546f6f74c76dc44735def7522c22d8031166db8911d
SHA512 6ca6a89de3fa98ca1efcf0b19b8a80420e023f38ed00f4496dc0f821cea23d24fb0992cee58c6d089f093fdefca42b60bb3a0a0b16c97b9862d75b269ae8463b

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\q905y6j\imagestore.dat

MD5 0413183e50832e0966e8400d9b84845b
SHA1 55a46d15e9b3797a0e6b2b3c0a3dbf6918d16865
SHA256 0acf748d15bdb70a593878e14c51b26a92d490c508d736194933d559989e661f
SHA512 f08d705236ef6e25c7384bbe25aef3bfbd929f03efebf2e059de7ce6b054ab8b1d065e4c5726a75b74a46847bad91bb1baca6348e507bdd1c47dd71c877b4dbd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 818408e68c0183edeb102bd3ddf47c07
SHA1 7443f5993ff385137722f1f3c4b1aaa049785a9f
SHA256 a865e7dd6150f21112fc34dbe2cdb8106a7a511415dab1c9d26f0e2aa02fbe36
SHA512 fdab5ffd41be672e1698e9420e5e87c0bd871ff6a7779335e1a45bc54284251ad7a0e91991dd7a7f276405481518d6176de27facbb6a07561522725b68fcbdec

C:\Users\Admin\AppData\Local\Temp\CabAD31.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 753df6889fd7410a2e9fe333da83a429
SHA1 3c425f16e8267186061dd48ac1c77c122962456e
SHA256 b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78
SHA512 9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

C:\Users\Admin\AppData\Local\Temp\TarAF5A.tmp

MD5 dd73cead4b93366cf3465c8cd32e2796
SHA1 74546226dfe9ceb8184651e920d1dbfb432b314e
SHA256 a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22
SHA512 ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 40449a78100cdaa1ac661cd0fa90c72c
SHA1 2ad2dc80cee4bacab3056cb1de6db3f1dcf1ab3e
SHA256 b43c1ba4c7b916c96632a2f2d71ba6aab01ef7e4f5e6d0a8ff6af2d5856a2de1
SHA512 8932cd43791ac26f0355b6daa690e6beed1e90273bf1e1a606c42c2d18be47e4e2bab47c286a7719dba9ca97a906ceeb3b2038308e49faeee546bbe95bfce210

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dc7a7565f0428fd58427ac517a2f6f7f
SHA1 25b30ba015537d44e579ed4e165fafcd2fab1189
SHA256 86b6c339c18a39314889e4722ed20202aa84bb2c8fa091f14087893fe7a37060
SHA512 8eb035e4e94192f0dc31cf75ef9f9abd4852b4a333e12adb54db98080fc3ef5da9d83d2768f0d3b76bfe4840fdd4effddd16f2c58b8592b4124877863b98ee58

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 1edb2d6c435ff475808ed28df0076c4c
SHA1 312fa10abd467b4dbe6bba9849c9e17a4e40cae3
SHA256 8b788aa82c5875cf72cc2dde802006cd5686e822430a9f902a364e27979a093c
SHA512 bce0117f45cd56e5f340991c35607bf5dc7a06df56c7ffa0e3367ed80c3df525bfa2485292dc4636a257770d7b50d78064ffe5c730a3977cbf43f3b1a191cdbf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 956dc9941e54f22677cd6ca1c4b8c3cf
SHA1 1f86924370bfce6287b548f56c9dced655bfd44a
SHA256 a27075ac58036665c48665c571622c708c148a651fa25c038f52acf46e957cd4
SHA512 7ae7db09b37adaea19d9342096d1a569e634a9f1483ec6fdde4d02123a087bfd718b6fc63a59e2a464fb6572d86e81ae5e4403c7276fbf27bba64ae3bc0dd4ad

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b415157c1834783fb3b8904bc52cd8cd
SHA1 2c98f8b5baaa1a28829d3676130996e9d5b712e8
SHA256 650aa775af3d38c5e0262f8761516155c7205711dc9adbdf4d89d2c16dfd2133
SHA512 02a36249e4dc5c367c42aedc163831089d139e807980d4a4127d5981a678c0b330e6a7a84c21dfb19080365670100c60a009768c01091a84a5d553c4af4b57f8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4f1f6f09f5ad1c54734cf7e92914d3f5
SHA1 ba2a3867ff306a9f71825a78a280a3da81f23e24
SHA256 bee2cff2ab614b54681e7dacfe50257dfdf8d515eafd08bd274304f5edd104b8
SHA512 60b669718bb0dbee181013bcd2da8750109be1c80a354d8239450893023f2b642317755f95465aa2abc469692607a84bc5720c9c6fcd65f86df4cfbf9dfe5cf1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2c1a48eb54aa00e54d91f50faabf1294
SHA1 aafb529d5c541f9d60ca18d4625393ead19e42a5
SHA256 faae8ab0e6cfc10609e087143007efd955145495ff08b4afd5238745a4d49b5d
SHA512 38f67978b99e88a5312905b85c2b60c5f13b40c54ee692d91f264921da1681856216f4f468f868b9b8674c8e3300d22500ffad19cf9fe6f82ac13e108e1ba3a0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 083bf7afae6bdba4e90f262f82577f22
SHA1 c6dbb2713b5e61d02cde80f5594a5701469827f0
SHA256 e72f8ed10554198644ab66c00d2f29b2a50fb2cf449015d7bdbc4439013c6a1b
SHA512 de0d3beebed0971172bf20f74cc4b868a1246f76e20f337af526e855dec70ec7698744bddda230aeb0c24a61556c54f2fc119dd8377264d9b8f8e2f88facfb35

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cfeb549e5d52c3cf6d6ec7259a29cb0f
SHA1 d64741aee2bd9fec758ca438adc12756d9e68465
SHA256 a8ce75f31f058954b14b2f640cdab175deef7d616c78f96f294d06756ac084b0
SHA512 8b844fd8d099981f69935e549c67b5d837b5b1856dcd0c0d13a6358b74b19fd045ebdccc392ce0f26205c175d0305a386ddc54bf63d33420ccbadd98093fea3c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 dbe2e226c0be2d1e877e473ea54423f1
SHA1 1f50b275cbd7d6d5d9863c19e4a9f7f8f950687a
SHA256 66dcf9a4a9e91d81822000ccc2c5d6a128671ce86d229d5d1e58b17ede921989
SHA512 bf19bc4e31018b0767d2a346061356812948918d80a796af6a7da9ebbd1b110dd7f1d768ba6c816f05aa61334284a4c4cbc68d60d8afdd72316d11264d9083e5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 771b25d0131523d5e9c320e97ec511bd
SHA1 cf65373403f03950e4efc18d8d904fa1a3c74442
SHA256 74d3be1e1af43138b9dc9e8380db3f8c9c2a26b3dfbb6d2657cd0de3bb678cb6
SHA512 6835cf60aa898b8614af165fdafe6220f3f28537d1e3854681e342b8f0409bcf6a2e7ae1a4de1bef528755b7a6f8889abd314dce920fec256fc603ced32495ba

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 40f484fc3de0d36f03d5003c1a554919
SHA1 054d7c073d45240a42c93a90254fba9ed184c94e
SHA256 add71b98a21d4322a4e19eba9ca5337709f5bc29a6bf64b5f0f6b7858a1bf7d1
SHA512 4af21f8043541989938a6b87c4d02ba68c55aabe7ffa2ce29542ee600795e91fcc0adccdd81f82da4e1875bbd03d07a07e076fca2c5e789b6c288d7ad2383ba2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2ad0df7d25d5e24b0ca7214f79eb9fc8
SHA1 3158d13d2fe2edc6ff1fbd4aeaa1b7d1e96e1ffb
SHA256 ae621684a03dcb86b8734a30f9531c14baeea81ba9167c399fb5cc9fce9b26c0
SHA512 99becf3929f19ab838f2e85b386cd1b010573c412d7c98719c12e3c169216a8fd9709189762428f6b4c6ed61918ae7e2239a470967ef0efe2f7dfd282324bae8