Analysis Overview
SHA256
1cb3fb7a24363f4dffb9554f42c76a06a7ce4bb2e2c2a45206aacd34f88eae7b
Threat Level: Known bad
The file 1cb3fb7a24363f4dffb9554f42c76a06a7ce4bb2e2c2a45206aacd34f88eae7bN was found to be: Known bad.
Malicious Activity Summary
Ramnit
Ramnit family
Executes dropped EXE
Loads dropped DLL
UPX packed file
Drops file in Program Files directory
Unsigned PE
System Location Discovery: System Language Discovery
Suspicious use of WriteProcessMemory
Suspicious use of SetWindowsHookEx
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Modifies Internet Explorer settings
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-26 00:31
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-26 00:31
Reported
2024-10-26 00:33
Platform
win10v2004-20241007-en
Max time kernel
110s
Max time network
120s
Command Line
Signatures
Ramnit
Ramnit family
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1cb3fb7a24363f4dffb9554f42c76a06a7ce4bb2e2c2a45206aacd34f88eae7bNSrv.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\Microsoft\px9097.tmp | C:\Users\Admin\AppData\Local\Temp\1cb3fb7a24363f4dffb9554f42c76a06a7ce4bb2e2c2a45206aacd34f88eae7bNSrv.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | C:\Users\Admin\AppData\Local\Temp\1cb3fb7a24363f4dffb9554f42c76a06a7ce4bb2e2c2a45206aacd34f88eae7bNSrv.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | C:\Users\Admin\AppData\Local\Temp\1cb3fb7a24363f4dffb9554f42c76a06a7ce4bb2e2c2a45206aacd34f88eae7bNSrv.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\1cb3fb7a24363f4dffb9554f42c76a06a7ce4bb2e2c2a45206aacd34f88eae7bN.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\1cb3fb7a24363f4dffb9554f42c76a06a7ce4bb2e2c2a45206aacd34f88eae7bNSrv.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1923964464" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Software\Microsoft\Internet Explorer\VersionManager | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1923808433" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31139646" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31139646" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "436667653" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{9E05D60C-9331-11EF-B319-520873AEBE93} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "1923808433" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Software\Microsoft\Internet Explorer\VersionManager | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31139646" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "1923964464" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31139646" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1cb3fb7a24363f4dffb9554f42c76a06a7ce4bb2e2c2a45206aacd34f88eae7bN.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1cb3fb7a24363f4dffb9554f42c76a06a7ce4bb2e2c2a45206aacd34f88eae7bN.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\1cb3fb7a24363f4dffb9554f42c76a06a7ce4bb2e2c2a45206aacd34f88eae7bN.exe
"C:\Users\Admin\AppData\Local\Temp\1cb3fb7a24363f4dffb9554f42c76a06a7ce4bb2e2c2a45206aacd34f88eae7bN.exe"
C:\Users\Admin\AppData\Local\Temp\1cb3fb7a24363f4dffb9554f42c76a06a7ce4bb2e2c2a45206aacd34f88eae7bNSrv.exe
C:\Users\Admin\AppData\Local\Temp\1cb3fb7a24363f4dffb9554f42c76a06a7ce4bb2e2c2a45206aacd34f88eae7bNSrv.exe
C:\Program Files (x86)\Microsoft\DesktopLayer.exe
"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1108 CREDAT:17410 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.bing.com | udp |
| US | 8.8.8.8:53 | 210.108.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.87.175.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.19.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.108.222.173.in-addr.arpa | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
Files
memory/4804-0-0x0000000000400000-0x00000000004CE000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\1cb3fb7a24363f4dffb9554f42c76a06a7ce4bb2e2c2a45206aacd34f88eae7bNSrv.exe
| MD5 | ff5e1f27193ce51eec318714ef038bef |
| SHA1 | b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6 |
| SHA256 | fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320 |
| SHA512 | c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a |
memory/4656-4-0x0000000000400000-0x000000000042E000-memory.dmp
memory/4656-8-0x0000000000400000-0x000000000042E000-memory.dmp
memory/4656-6-0x0000000002040000-0x000000000204F000-memory.dmp
memory/2052-15-0x0000000000490000-0x0000000000491000-memory.dmp
memory/2052-14-0x0000000000400000-0x000000000042E000-memory.dmp
memory/2052-13-0x0000000000400000-0x000000000042E000-memory.dmp
memory/2052-16-0x0000000000400000-0x000000000042E000-memory.dmp
memory/4804-18-0x0000000000400000-0x00000000004CE000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
| MD5 | 869da487f57ca890b7d5508a1735a336 |
| SHA1 | 15a38ff912ccf3fb2719f518430ba3ea452ad681 |
| SHA256 | 995890a58d52fe3408904ffe71aa056344353ac77a62cb68ff7b4654a586cd85 |
| SHA512 | 59468bcd6de396717b1a6f0535dfd49bb6782214fe20157a5bbbec67df9a501efc24d872fbd9b14072a82b91647a6a95250def65fdfc126e11746532796506bb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
| MD5 | b51a34b2a0f62df2579b658491034a47 |
| SHA1 | 201b665bf031e09ab3ee4f8839725cee151921da |
| SHA256 | 48994f82409a33bdb76107cc373fd893a89d61d61f668b0222eb440837c2c0e8 |
| SHA512 | fe8b9dc3d4cc09282dfc64a284ebab6e10f40c0d5ba7dcb551531b8e1fddb09763f94dc009352480aa64d991a6db1a8766eed16d98867eb01ee940bf983ccfde |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\ver913.tmp
| MD5 | 1a545d0052b581fbb2ab4c52133846bc |
| SHA1 | 62f3266a9b9925cd6d98658b92adec673cbe3dd3 |
| SHA256 | 557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1 |
| SHA512 | bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8R55UT9S\suggestions[1].en-US
| MD5 | 5a34cb996293fde2cb7a4ac89587393a |
| SHA1 | 3c96c993500690d1a77873cd62bc639b3a10653f |
| SHA256 | c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad |
| SHA512 | e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee |
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-26 00:31
Reported
2024-10-26 00:33
Platform
win7-20241023-en
Max time kernel
110s
Max time network
68s
Command Line
Signatures
Ramnit
Ramnit family
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1cb3fb7a24363f4dffb9554f42c76a06a7ce4bb2e2c2a45206aacd34f88eae7bNSrv.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1cb3fb7a24363f4dffb9554f42c76a06a7ce4bb2e2c2a45206aacd34f88eae7bN.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1cb3fb7a24363f4dffb9554f42c76a06a7ce4bb2e2c2a45206aacd34f88eae7bNSrv.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\Microsoft\pxBC6C.tmp | C:\Users\Admin\AppData\Local\Temp\1cb3fb7a24363f4dffb9554f42c76a06a7ce4bb2e2c2a45206aacd34f88eae7bNSrv.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | C:\Users\Admin\AppData\Local\Temp\1cb3fb7a24363f4dffb9554f42c76a06a7ce4bb2e2c2a45206aacd34f88eae7bNSrv.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | C:\Users\Admin\AppData\Local\Temp\1cb3fb7a24363f4dffb9554f42c76a06a7ce4bb2e2c2a45206aacd34f88eae7bNSrv.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\1cb3fb7a24363f4dffb9554f42c76a06a7ce4bb2e2c2a45206aacd34f88eae7bN.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\1cb3fb7a24363f4dffb9554f42c76a06a7ce4bb2e2c2a45206aacd34f88eae7bNSrv.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "436064546" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{9DEB7871-9331-11EF-9D85-5E63E904F626} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1cb3fb7a24363f4dffb9554f42c76a06a7ce4bb2e2c2a45206aacd34f88eae7bN.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1cb3fb7a24363f4dffb9554f42c76a06a7ce4bb2e2c2a45206aacd34f88eae7bN.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\1cb3fb7a24363f4dffb9554f42c76a06a7ce4bb2e2c2a45206aacd34f88eae7bN.exe
"C:\Users\Admin\AppData\Local\Temp\1cb3fb7a24363f4dffb9554f42c76a06a7ce4bb2e2c2a45206aacd34f88eae7bN.exe"
C:\Users\Admin\AppData\Local\Temp\1cb3fb7a24363f4dffb9554f42c76a06a7ce4bb2e2c2a45206aacd34f88eae7bNSrv.exe
C:\Users\Admin\AppData\Local\Temp\1cb3fb7a24363f4dffb9554f42c76a06a7ce4bb2e2c2a45206aacd34f88eae7bNSrv.exe
C:\Program Files (x86)\Microsoft\DesktopLayer.exe
"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2076 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | api.bing.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
memory/2988-0-0x0000000000400000-0x00000000004CE000-memory.dmp
\Users\Admin\AppData\Local\Temp\1cb3fb7a24363f4dffb9554f42c76a06a7ce4bb2e2c2a45206aacd34f88eae7bNSrv.exe
| MD5 | ff5e1f27193ce51eec318714ef038bef |
| SHA1 | b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6 |
| SHA256 | fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320 |
| SHA512 | c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a |
memory/2988-4-0x0000000000220000-0x000000000024E000-memory.dmp
memory/848-7-0x0000000000400000-0x000000000042E000-memory.dmp
memory/848-9-0x0000000000230000-0x000000000023F000-memory.dmp
memory/848-10-0x0000000000400000-0x000000000042E000-memory.dmp
memory/2292-19-0x0000000000400000-0x000000000042E000-memory.dmp
memory/2292-17-0x0000000000400000-0x000000000042E000-memory.dmp
memory/2292-21-0x0000000000400000-0x000000000042E000-memory.dmp
memory/2292-20-0x00000000002C0000-0x00000000002C1000-memory.dmp
memory/2292-23-0x0000000000400000-0x000000000042E000-memory.dmp
memory/2988-24-0x0000000000220000-0x000000000024E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\CabDC9A.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\TarDD6A.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 994306e5d723462492b904038abcae43 |
| SHA1 | da9d587024290e00e4162c4359273c7811789ec4 |
| SHA256 | 19ed85c4bf1ddfda6aca73ca22169b03bc3f7056158057517eb6e639031fd6e5 |
| SHA512 | 17b53bff8a28fe414cfddc7454dfeec3610c24a618009e8c5dd31d4b386c0658b14423214c81717f76e42eb3959f5d6c49199095660bb9b5a593c9d85d01d081 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d4d00918e1981adeb3385ed20e2d0289 |
| SHA1 | c11ca71bdf08eec036ed64a9883e5ee19e18bf3c |
| SHA256 | 3bfd4e2f1f2f3bee0eeac7191d21a25270acdc4b6b07d22770c3dd9d671d1017 |
| SHA512 | 4474fb637ce6596e7fbe7eec028bd8b260a4861e53da599ea683d383df6d8ea115332629d920872563fe454bc9558f5831a8269481112b62a2de384d24da6947 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4fd912dd5fa69f0bc3997ffa9a1eed32 |
| SHA1 | 00667cfcaaab65052c90c0ee147a757d4e3dbc95 |
| SHA256 | b3f432b502efaa927d20b5bd0494bccaac55b79c999b7d7245a5cbd7122a4708 |
| SHA512 | 7d029dc723ae4ae52906ca4b54c2676d5d644cafff0db8a6dc265a7c8b30ee6586c54d9a163aa81ea5433c9bc9e2878aed5c0dccc60668b14a3661e71dcc1a33 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9cdf2feaa9e28731617cb25eb5156ad8 |
| SHA1 | 2fb9924926b856103825c91bf1924efe666f51b0 |
| SHA256 | 22036acfa755d929a7fd126c6591ed3e77eb7b017dd8e47de0b348addde2ddb7 |
| SHA512 | 5b7209607a8ac9221830a981a12c532929cdce228da1a6dbd72da3e04d6dd7190ff5a9e54267c6381c48a7b559ea1fee8e8d7fc56fcf16db52b7d3cc0aa50154 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0d3e88ffb4959c403f86e034f0f7711c |
| SHA1 | b5a45e657cb156113d746b72cbc97589c3c45938 |
| SHA256 | 5ed00d031f9110982b8ca8118ac81fcfd84a480e7c6e1d57c042dd9a2ff49b6f |
| SHA512 | 555b2b35d9b1e6e9ffe590dce8aa0902d36bfdc76e60b298d7f36bc28bc9644f66d47494fa9f9425e43f15d76176dbcb64ad30699ae0c1efb61c176b51f99382 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3f8b4974ad9a33c2a038aa958e67e27c |
| SHA1 | 13970c1f75508a55a2285f5b97cf7a532dd4d0be |
| SHA256 | 41ce4f1367ad8980c0750f7c5cee107298e55ff9b27007567cbeb8dba641fe65 |
| SHA512 | 3921e85f4d3c04d675df64fce35a4f446bceb34758ebd810430dd9efced0678349f107986724083d743df1debd0b97ce30843dd91572526dfdf6f06741be2e26 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 85ff6929f7e6e54e5323d9875107dd55 |
| SHA1 | 344a100138f2de8468c8319e3d006f1d30947612 |
| SHA256 | 79cbeaa16ea76e1fdaaa386d4f282ce9bdcbb226e58a24e97c25937209a3154d |
| SHA512 | 43aea6e91922349022f56ee23904e27e2828b427de2a5c68c7bbe633f090bce86dc075308c5897051216dbae674e3bf879fc982376d073bb71c05234879e17a9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7b2487beaa745edc96e7ca185bf919fa |
| SHA1 | 3129871a7b991868de8b645be9a1604e71ff5894 |
| SHA256 | 39cf6c8be1302e9673a4c0cd3f98fb3c29dde9b4961509b6b82c6cec913f66ca |
| SHA512 | 0161a5f453cd465ea0703dece698d8c8c10d71bc76e32f15ab997edf1c774affbc304bccc04dfad903d478d28eab551cb738c8f19a9ad1828ed48843c4e27c79 |
memory/2988-453-0x0000000000400000-0x00000000004CE000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0099d20b7c07376f4048deb25fed07c7 |
| SHA1 | 52801f8b9d132c0e67df9867a585edd97c9ee90b |
| SHA256 | 615db7d14ff7396395637bf80f54c437a49b8211b691b2c504f3cbed4f7fbadf |
| SHA512 | f2766b00488ffd1a283f1ad5af1d18339d1cec4274f1db06d7d5b74d5b8f19fdd55294d96fd68a6d7a94958e3829d72079dffe2f714438b5dc40a8958a7322e9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f021aa8f0defc3eb6bbce6ada9b1905c |
| SHA1 | 0f69f36a50a03fc62142f5a568c74a59c693df36 |
| SHA256 | 669ad18a1fa08bb920de6fdbd99f42e40a8cae1efa52cdf7e521deb9231fdd27 |
| SHA512 | cfbd069a71eeb960f9cc212f4141b69cabf13fa60d569471f03b64b153bd017aca901a0baeb2e054fd3250e59e109f305b40727efd9d139b29051d99650af116 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5833fdf7a25b2bcce15dffa0ddcb6380 |
| SHA1 | 467db5f52dc93802848a5fd9b93ed63b9d2408f7 |
| SHA256 | 30d93cc08fe5a6ad2d5fb871b65a81c3b3a8173737bf3d1fb3e9eb69a42d946c |
| SHA512 | 3a784b7be153ef884fa0a8503edf228a10db3552d55deb38471c4b7060eb92cc2c20af3c108adb1ac5ff544c348e2f2aa7e642b1c081c30f53376e0a16102c4b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 93ae3d9d7287e3748f5bd6e3540e035c |
| SHA1 | fb51b47f04d3e0c085c09e6ad8cd5344735078a6 |
| SHA256 | ea3ee8fcfbc2720ed94fcd32400fbb3c76850a0d24cfb4bb00c00851fc868554 |
| SHA512 | 3ec49a056108ea41990d5999ac1ab73850005433c31e78313b312c4a65470ae1f3cb8d59eeed4a66b06f09e25998f5125ebe5a26ba11079537d5d0cb2ebf2b57 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0e2be79974bcafdbcc1cf9a847564a61 |
| SHA1 | c0b3741ea7b16a0ef133e32bfedba736967bb445 |
| SHA256 | ffb16a488fc2aaaf6ff6de7591450725fc6507a1c1ab74d8aea92bf31015dba4 |
| SHA512 | c8447e14b14b1e0bdeeed4a699bf1dbb167c2b2d920da6444851053611fa403a23519bef996c9bbe77c10a8309589b2eb21c6a4df88a037f515b45b3efe46f8b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dad5de6fae778386f71268d5c61bffcb |
| SHA1 | 0dd47e05975398e934ea734d762737433d931a86 |
| SHA256 | d62b5e31fcb149d825ecac6a78d5a909990dacb8a8f8d05ef0def14b2229a83e |
| SHA512 | f924aca3785695ea6c2ee9f657e2d3d51f581ef247e51cb0347e662a035d6af7f2bb40b6b9d58922fd6a52627a25d640ab274c773870a73db26b8da7d85f33f2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b4a960ea2c98f02040e522a2b174aef7 |
| SHA1 | 98fd386efd845e73cdfa10acf611969c26498a30 |
| SHA256 | d96376b4437ba5a679380a77014a0890d0b3e4af9e7d214f1830fe5451dcad81 |
| SHA512 | f70474782cfd5350c5cddcdccc3aedde2a142a20a0f74a0a88fe5bc5f11c6a733a70e81dba6f68f5baca37ebba18ea25f7ecfcc474e9069f37eeb70fdefd2254 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6bc1c7548a3766b60c47bf4a1ed3e063 |
| SHA1 | 62397ff8d1e5555a92564378e31b1502d8f3586b |
| SHA256 | 0deda261947bfe565770f1560bbb0dfdae698fadc50732e79c718a0da9d6a477 |
| SHA512 | 8d7e112055a852686c9dc68ab4216abc431869ef1a3e4b1daf70d37e78bf5237b89de46da9fa6cec50aa1b026c281ae1e591fe83c2edcb856affdecf37c1d7ef |