Malware Analysis Report

2025-08-06 01:41

Sample ID 241005-bs7h6s1grb
Target adfbd9d6e11ea80257fb01489cfe6afd2276c7158fe3c45bb1392e828fcd4ca4N
SHA256 adfbd9d6e11ea80257fb01489cfe6afd2276c7158fe3c45bb1392e828fcd4ca4
Tags
ramnit banker discovery spyware stealer trojan upx worm
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

adfbd9d6e11ea80257fb01489cfe6afd2276c7158fe3c45bb1392e828fcd4ca4

Threat Level: Known bad

The file adfbd9d6e11ea80257fb01489cfe6afd2276c7158fe3c45bb1392e828fcd4ca4N was found to be: Known bad.

Malicious Activity Summary

ramnit banker discovery spyware stealer trojan upx worm

Ramnit

Loads dropped DLL

Executes dropped EXE

UPX packed file

System Location Discovery: System Language Discovery

Unsigned PE

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Modifies Internet Explorer settings

Suspicious use of AdjustPrivilegeToken

Suspicious use of UnmapMainImage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-05 01:25

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-05 01:25

Reported

2024-10-05 01:27

Platform

win7-20240708-en

Max time kernel

67s

Max time network

68s

Command Line

"C:\Users\Admin\AppData\Local\Temp\adfbd9d6e11ea80257fb01489cfe6afd2276c7158fe3c45bb1392e828fcd4ca4N.exe"

Signatures

Ramnit

trojan spyware stealer worm banker ramnit

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\adfbd9d6e11ea80257fb01489cfe6afd2276c7158fe3c45bb1392e828fcd4ca4N.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\adfbd9d6e11ea80257fb01489cfe6afd2276c7158fe3c45bb1392e828fcd4ca4Nmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B5A0B401-82B8-11EF-AD51-4E66A3E0FBF8} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "434253398" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\adfbd9d6e11ea80257fb01489cfe6afd2276c7158fe3c45bb1392e828fcd4ca4Nmgr.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of UnmapMainImage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\adfbd9d6e11ea80257fb01489cfe6afd2276c7158fe3c45bb1392e828fcd4ca4Nmgr.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2360 wrote to memory of 1968 N/A C:\Users\Admin\AppData\Local\Temp\adfbd9d6e11ea80257fb01489cfe6afd2276c7158fe3c45bb1392e828fcd4ca4N.exe C:\Users\Admin\AppData\Local\Temp\adfbd9d6e11ea80257fb01489cfe6afd2276c7158fe3c45bb1392e828fcd4ca4Nmgr.exe
PID 2360 wrote to memory of 1968 N/A C:\Users\Admin\AppData\Local\Temp\adfbd9d6e11ea80257fb01489cfe6afd2276c7158fe3c45bb1392e828fcd4ca4N.exe C:\Users\Admin\AppData\Local\Temp\adfbd9d6e11ea80257fb01489cfe6afd2276c7158fe3c45bb1392e828fcd4ca4Nmgr.exe
PID 2360 wrote to memory of 1968 N/A C:\Users\Admin\AppData\Local\Temp\adfbd9d6e11ea80257fb01489cfe6afd2276c7158fe3c45bb1392e828fcd4ca4N.exe C:\Users\Admin\AppData\Local\Temp\adfbd9d6e11ea80257fb01489cfe6afd2276c7158fe3c45bb1392e828fcd4ca4Nmgr.exe
PID 2360 wrote to memory of 1968 N/A C:\Users\Admin\AppData\Local\Temp\adfbd9d6e11ea80257fb01489cfe6afd2276c7158fe3c45bb1392e828fcd4ca4N.exe C:\Users\Admin\AppData\Local\Temp\adfbd9d6e11ea80257fb01489cfe6afd2276c7158fe3c45bb1392e828fcd4ca4Nmgr.exe
PID 1968 wrote to memory of 2716 N/A C:\Users\Admin\AppData\Local\Temp\adfbd9d6e11ea80257fb01489cfe6afd2276c7158fe3c45bb1392e828fcd4ca4Nmgr.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1968 wrote to memory of 2716 N/A C:\Users\Admin\AppData\Local\Temp\adfbd9d6e11ea80257fb01489cfe6afd2276c7158fe3c45bb1392e828fcd4ca4Nmgr.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1968 wrote to memory of 2716 N/A C:\Users\Admin\AppData\Local\Temp\adfbd9d6e11ea80257fb01489cfe6afd2276c7158fe3c45bb1392e828fcd4ca4Nmgr.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1968 wrote to memory of 2716 N/A C:\Users\Admin\AppData\Local\Temp\adfbd9d6e11ea80257fb01489cfe6afd2276c7158fe3c45bb1392e828fcd4ca4Nmgr.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2716 wrote to memory of 2972 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2716 wrote to memory of 2972 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2716 wrote to memory of 2972 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2716 wrote to memory of 2972 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Processes

C:\Users\Admin\AppData\Local\Temp\adfbd9d6e11ea80257fb01489cfe6afd2276c7158fe3c45bb1392e828fcd4ca4N.exe

"C:\Users\Admin\AppData\Local\Temp\adfbd9d6e11ea80257fb01489cfe6afd2276c7158fe3c45bb1392e828fcd4ca4N.exe"

C:\Users\Admin\AppData\Local\Temp\adfbd9d6e11ea80257fb01489cfe6afd2276c7158fe3c45bb1392e828fcd4ca4Nmgr.exe

C:\Users\Admin\AppData\Local\Temp\adfbd9d6e11ea80257fb01489cfe6afd2276c7158fe3c45bb1392e828fcd4ca4Nmgr.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2716 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 api.bing.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

memory/2360-0-0x0000000000400000-0x0000000000466000-memory.dmp

\Users\Admin\AppData\Local\Temp\adfbd9d6e11ea80257fb01489cfe6afd2276c7158fe3c45bb1392e828fcd4ca4Nmgr.exe

MD5 a61ea5f2325332c52bff5bce3d161336
SHA1 3a883b8241f5f2efaa76367240db800d78a0209c
SHA256 e6f8a54ed663061527ab46b8e8efc2a0f3c99ae77829c0be0e50eb5b1b48415b
SHA512 fae031e0e7dcd719240bfe94a3f78d1aac73060324d5b65e0cbe564ce6d6781aaa5e930f0729293e3b502b7d07f53f3a72fb2048d44d93d36851aab8330479e5

memory/2360-4-0x0000000000250000-0x0000000000270000-memory.dmp

memory/1968-17-0x0000000000340000-0x0000000000341000-memory.dmp

memory/1968-16-0x0000000000400000-0x0000000000420000-memory.dmp

memory/1968-15-0x0000000000400000-0x000000000041A000-memory.dmp

memory/1968-14-0x0000000000400000-0x000000000041A000-memory.dmp

memory/1968-13-0x0000000000400000-0x000000000041A000-memory.dmp

memory/1968-12-0x0000000000400000-0x000000000041A000-memory.dmp

memory/2360-11-0x0000000000400000-0x0000000000466000-memory.dmp

memory/1968-18-0x0000000000400000-0x000000000041A000-memory.dmp

memory/1968-20-0x0000000000400000-0x000000000041A000-memory.dmp

memory/1968-19-0x0000000000400000-0x000000000041A000-memory.dmp

memory/1968-21-0x0000000000400000-0x000000000041A000-memory.dmp

memory/1968-22-0x0000000000050000-0x0000000000051000-memory.dmp

memory/1968-23-0x0000000077E3F000-0x0000000077E40000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Cab57A5.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar5844.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9352b874fc13cc1a54ad3da803294cc1
SHA1 588e8b4e7b7cdf968acc024a7498c1224f0c31f4
SHA256 bd8b6e8b4a509a0ca669cca83fb0033355ec75fe8c1e40f52ce7733d135ba844
SHA512 731cf2714d4d667b7071c0fca0ffb04bcefb6c3a87597ac77905d79b611cf530e1e16f196fe780a78f7ff0804e82b01cc1f132a8a3cde7ebf71964ffcbc25235

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1843d4bc68ebca73cb3df4766eceeb22
SHA1 700374b1cebfcc8789ebaef6ad084dc2a9975b2d
SHA256 fdec5d04dcf5476c528cfed57f140405bdd92e9dbc1b5a109718d70751a5806a
SHA512 202ed9ed6526106584793fe3469c1fcbc7184b711d4639e49a2d6357c54149c67c6903273f4fb44ce0eb47efe7a76bc7e8afeab57c4a5397752fdb1c8c27cada

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cd53eaa44ae52c2ab2aad846b966d439
SHA1 dddcb6ebc3c4f0cc5f28f993c081f36e1d3e6eff
SHA256 f0c0ec56191510c2991e3d27bf7301d5ddf4e4450295f3d5913dd9c175c4bc90
SHA512 71ceafa2d356a37e10f26504085350c8288528ede31d7188c351a93d65c9253c23a7176001697784ba4da4f064e9e722cfde5af31aa046061182b3cb134dcecf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 58feab3dcf45ef3c3c6717a7efe41508
SHA1 1e40dd6de1b9391d8223ec8d2954015b3327592b
SHA256 7e450dd98429e34fa4062adf5febca9bdfaa539031c42fcc66c697dc62bb583f
SHA512 98d641e6f1596217104b29fece3f14f36e3cff977dfc64011edc3916e5deceefb6f2aa5886d842a88a70b2543107f9443c48dee11e892f494c5d13a64b147178

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6c70d80205c6b02e3ec31a8a16277ead
SHA1 81072bc4aa72c72069c094358b7f44c1f8ab561f
SHA256 758188c5311af7bee4802bab37c780673b037707fa27b55edda9ef13d7286a61
SHA512 020ace290268ce49d6e8dc74f2f0f3de2c9f551102ef8c9a8af572192ebc2516114eb1309d4cb53d9966c143f07f9b59646110ad0d958ce2d42bf6aaab8abd70

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6ff10c2290ffea8259ba3ec114fd64ad
SHA1 4df26456a32b89237a3b06f9e5a53ec75896fc9c
SHA256 4dbbee0f06aedb9bba20e66972eacd9116c2051fd9993c8725147045a9a88fd3
SHA512 e2baddd01663e36dcd603ecf5b53ca571cf8128b8e20923e1b923df866e6a44cbc7f884448cf7416c9530673c9b4d37797788f13cf0b74f6d91ce1d50e7e552b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7661ecda248ea05c2749ac9d84cd40a5
SHA1 1e51c4b2db156b8e4479c187139f61a106daf691
SHA256 a9c6f0616b092259cc2cd704ea1674f1beeed0186e6c25fedb9ba71d78ceb4f0
SHA512 abbac84972323b52449d91345199701432b4beced4780532f219b6dae4d5106b61d551a78e4957c1c64abaae550b3171223ad05cad9a08319f9260f659de3176

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1f4925b2c32ce0b76fd603e7deaa6b72
SHA1 74f34554e68c9188b256f5860f647c4464df6d49
SHA256 170daa20c79db39b2a97f651261711d834b53a7ef13cc93a9de4db50d2d42b8f
SHA512 c126ab1f945692132ba9bd488adf6d56e0c4e8599c592ecfb7cfd93d2ac4219c492f48d0d7dac22600ff544d8546c35793f50ea0e0f80756511c4bf8f6de829e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8e61b1424f013ce6e402d5ad57b0101b
SHA1 9b2ca2e8e89757b47cd294077b544e180c549060
SHA256 e74c8b4f880eff9be0d9368d48f40576f1102488663330a4e6f291b7bb269eaf
SHA512 7c2d359d864f87e95339da2338fddc8777dc002b966b67dd3ee56553efa9fa7f1a4e2deda3b2b9dfeae2b13ea343577b24561a80f0556cebe1b468056c1dc20c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 98f2537f2e0f7cff5359ffe92e3267bb
SHA1 d4fbfbd2a6e8e39f80ef0c6d4f53e8c4ab2de074
SHA256 2e8ea20abf33a9ca0112f40360ceed2e244c913016b255459e6eeb23e41528cb
SHA512 4dc0242865f01fa300e479668319601c280b333bc4c2846d1f8f90cc2967873c28b0265c21563d97cf4a7e013d106f47f4a5cdd16b1f3747e994ac4f3756f563

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e51d312c2272e2f8bc36af7cde07183d
SHA1 495ec796cf05cd4442ba5b48d09515e9d7a07a66
SHA256 6a0f8c79c0c08526bc4216a2ea455e2db8440069672b1eedb99dd47b8407e7e0
SHA512 08aba62d39debf8fdefa5d2fa4b96c5b3cc26d602b1c3dc675fc5abba4627997a0557861612482efcb3c5328560a8bb681d64dabdb1f3f52f28d21cbc2bb37b1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4d64e3d7beafe20f0e34a09900503df0
SHA1 8c7f963736acd1226ea72a65093dd3d157b2d7bb
SHA256 0748b4d77d964aae690c469fa3771b98c3abd8fa2b0be43ed16bd51f619f4284
SHA512 7de45b75c1949249e54e6b029e2e25810508316b13e8e595be1a7e410830680416eccb8fe2ec32526282e210087ced2c36d252b820bbff32dabe031b47acd4a6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 88e587151c087a72f1a6f197ae2df1dd
SHA1 e3bc251afea041b964b77cdd3a521fe9a9e398f6
SHA256 a48c5eb081b9f390289eadc9aaba7c7ea9c76628bf06a0e5ac9411dfafe453f1
SHA512 90a05f26cc5525d2ec7b5ea82d0c4c029d9246897cdde90e70150030860f4de90997b59ca3a5c5fad355289836fcd3842cd897b3eb42cfb9e6b98b46ec7315a2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 095e0bd8aaf0b5150ef1bd3ba97f1710
SHA1 e42e77cdf619f511939d7f7c6e804fc48dced32e
SHA256 027111a34a037f2562d50504c2074dc667b14c29b75084058b3fc45d2300b0fc
SHA512 ac9b163db874e69c40b58762ccc3c1adf7afba27ba5f38f79fba3c1b4d7774de0809392dc71c86c312e2e7cc31cbe8df6a342c2a4cb98e8c3355c62eb30c6499

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c20d37fd39a075402cfb0c6ae5fd2239
SHA1 f324db7e93d7c4d09b069f0e0f8501ee465bd3c2
SHA256 b3b2c3ca420e95c6d402ea26348549247d1b56796732b38660f2f5a7d0a73874
SHA512 3d0f0666f7d937eaedd9c005f7fa464f9e2aa66c79a7a70d10602a16ac1b4f3a8763bc31dfd7d55894f273731a60bd93b94543b256d5df2dc1da4ed06889e6e5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 94bfd4b7766c359ea1cfd5b631aa7db2
SHA1 034c06eb30e2a7baa0cd0d6be7dd86cc9bad8e67
SHA256 4b7043a4afe867d3b82c4883ddb3cb6746fc9af8d0202906cf55bbbca9251070
SHA512 0e6fc294ef61c1294ea71d1deb6a1a993a5610aebe82a2e61cbcbcc5292217ec96503a16a2a259870210bab9334109a88588f5f575cba1743c619fb16562fba1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 93b137ac9da1a5834bb6d8c46d705cc6
SHA1 44d6e51a8982d6df52b04e30a523c619027f8894
SHA256 5220b344f1a97400f511cc8916f4697da5d256d13162790b135d3290a0962b3b
SHA512 8d1200982d0437ea8eeddbc4a55567cfc13a81ffdb4f2b8cb4951d3e1709779014df71081c9320f280d284beb9acf756a556ef8be848908a6fcfe9073cc61fe9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d9c3c09931413b3e76a741fcc5197bd5
SHA1 21f0abb678fab4b8b68a94c30acc344202ae10fb
SHA256 084823a715cd24d739f89a08585182fae186c7cb12629d82ec3351273e29847c
SHA512 e2ff6d31ce11738b45a2344c198930cf0712c8f3b244129ca0ada64bc65dfbebbdf21476ed89bdbf711c65e454be4d39c2d9b96f5ae365b00e5e96fdd083d5f5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dfc5c5ad6407a16e78633817d4b71ab4
SHA1 34ef7accbd3607b49e118393469eb4a6fa9a42c1
SHA256 1f3ce5a096ae1e67b4d6b7ca8c290d09efc98e03d7e0ae9d926623138224e4a1
SHA512 be54ad709819ff2d614a28880446225c62190fc3506d27cddfdd0e22317ebc79729cf221c573ba08af5729e0a9b33b0b147b9b209a628cac9cc7a9d9a7842a2c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b311396abc2bdb9a343176c0206899f8
SHA1 5de996f817b1dd0bbe9845327a64a01e55d92384
SHA256 cc0b759bb0638562947d155591302a37253c7a9f25c37d3c9e30cc7dac14ad84
SHA512 f1c7b92e96df60a84381ebc137a4006d8dd877ee2cd8deb563479292c4599d536354a29825135b0233c181430aeb0d6f77e13cf34e81145386632139866677f6

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-05 01:25

Reported

2024-10-05 01:27

Platform

win10v2004-20240802-en

Max time kernel

93s

Max time network

113s

Command Line

"C:\Users\Admin\AppData\Local\Temp\adfbd9d6e11ea80257fb01489cfe6afd2276c7158fe3c45bb1392e828fcd4ca4N.exe"

Signatures

Ramnit

trojan spyware stealer worm banker ramnit

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\adfbd9d6e11ea80257fb01489cfe6afd2276c7158fe3c45bb1392e828fcd4ca4N.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\adfbd9d6e11ea80257fb01489cfe6afd2276c7158fe3c45bb1392e828fcd4ca4Nmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (data) \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31135429" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31135429" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "2327122811" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "434856506" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31135429" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2327122811" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2330717197" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{B63D3A90-82B8-11EF-84CD-D6586EC96307} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\adfbd9d6e11ea80257fb01489cfe6afd2276c7158fe3c45bb1392e828fcd4ca4Nmgr.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of UnmapMainImage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\adfbd9d6e11ea80257fb01489cfe6afd2276c7158fe3c45bb1392e828fcd4ca4Nmgr.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1404 wrote to memory of 3388 N/A C:\Users\Admin\AppData\Local\Temp\adfbd9d6e11ea80257fb01489cfe6afd2276c7158fe3c45bb1392e828fcd4ca4N.exe C:\Users\Admin\AppData\Local\Temp\adfbd9d6e11ea80257fb01489cfe6afd2276c7158fe3c45bb1392e828fcd4ca4Nmgr.exe
PID 1404 wrote to memory of 3388 N/A C:\Users\Admin\AppData\Local\Temp\adfbd9d6e11ea80257fb01489cfe6afd2276c7158fe3c45bb1392e828fcd4ca4N.exe C:\Users\Admin\AppData\Local\Temp\adfbd9d6e11ea80257fb01489cfe6afd2276c7158fe3c45bb1392e828fcd4ca4Nmgr.exe
PID 1404 wrote to memory of 3388 N/A C:\Users\Admin\AppData\Local\Temp\adfbd9d6e11ea80257fb01489cfe6afd2276c7158fe3c45bb1392e828fcd4ca4N.exe C:\Users\Admin\AppData\Local\Temp\adfbd9d6e11ea80257fb01489cfe6afd2276c7158fe3c45bb1392e828fcd4ca4Nmgr.exe
PID 3388 wrote to memory of 1004 N/A C:\Users\Admin\AppData\Local\Temp\adfbd9d6e11ea80257fb01489cfe6afd2276c7158fe3c45bb1392e828fcd4ca4Nmgr.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 3388 wrote to memory of 1004 N/A C:\Users\Admin\AppData\Local\Temp\adfbd9d6e11ea80257fb01489cfe6afd2276c7158fe3c45bb1392e828fcd4ca4Nmgr.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1004 wrote to memory of 1408 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1004 wrote to memory of 1408 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1004 wrote to memory of 1408 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Processes

C:\Users\Admin\AppData\Local\Temp\adfbd9d6e11ea80257fb01489cfe6afd2276c7158fe3c45bb1392e828fcd4ca4N.exe

"C:\Users\Admin\AppData\Local\Temp\adfbd9d6e11ea80257fb01489cfe6afd2276c7158fe3c45bb1392e828fcd4ca4N.exe"

C:\Users\Admin\AppData\Local\Temp\adfbd9d6e11ea80257fb01489cfe6afd2276c7158fe3c45bb1392e828fcd4ca4Nmgr.exe

C:\Users\Admin\AppData\Local\Temp\adfbd9d6e11ea80257fb01489cfe6afd2276c7158fe3c45bb1392e828fcd4ca4Nmgr.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1004 CREDAT:17410 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 api.bing.com udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 20.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 98.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp

Files

memory/1404-0-0x0000000000400000-0x0000000000466000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\adfbd9d6e11ea80257fb01489cfe6afd2276c7158fe3c45bb1392e828fcd4ca4Nmgr.exe

MD5 a61ea5f2325332c52bff5bce3d161336
SHA1 3a883b8241f5f2efaa76367240db800d78a0209c
SHA256 e6f8a54ed663061527ab46b8e8efc2a0f3c99ae77829c0be0e50eb5b1b48415b
SHA512 fae031e0e7dcd719240bfe94a3f78d1aac73060324d5b65e0cbe564ce6d6781aaa5e930f0729293e3b502b7d07f53f3a72fb2048d44d93d36851aab8330479e5

memory/3388-5-0x0000000000400000-0x0000000000420000-memory.dmp

memory/3388-8-0x0000000000400000-0x0000000000420000-memory.dmp

memory/3388-9-0x0000000000400000-0x000000000041A000-memory.dmp

memory/3388-10-0x0000000000400000-0x000000000041A000-memory.dmp

memory/3388-12-0x0000000000680000-0x0000000000681000-memory.dmp

memory/3388-11-0x0000000000400000-0x000000000041A000-memory.dmp

memory/3388-7-0x0000000000401000-0x0000000000402000-memory.dmp

memory/3388-14-0x0000000000400000-0x000000000041A000-memory.dmp

memory/3388-15-0x0000000000400000-0x000000000041A000-memory.dmp

memory/3388-13-0x0000000000400000-0x000000000041A000-memory.dmp

memory/3388-20-0x0000000077172000-0x0000000077173000-memory.dmp

memory/3388-19-0x0000000000400000-0x000000000041A000-memory.dmp

memory/1404-18-0x0000000000400000-0x0000000000466000-memory.dmp

memory/3388-17-0x00000000006E0000-0x00000000006E1000-memory.dmp

memory/3388-16-0x0000000000400000-0x000000000041A000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

MD5 db7c83e09ebc4317f2bf2df7f66b8513
SHA1 29d58ef43f72ce7cf79ce6109d038a6c9b4873f0
SHA256 1ae4c8aa37bf433bc5b3b45e017c95bf843c7dbbe348c78c7ab6f3cad0fda4b8
SHA512 6eb46ae0c3e091ba13b1c0e3fb6de568882940df7968d0e1297568ea5356a4691f2a869c7c9ac9e9642bcc2e4e1388d00b15c663276143e8cb5015ab89c27867

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

MD5 0b1701d4c4327358c1e9db69506e1185
SHA1 c7e7617ea59320abc8b1643458ba4dad2f8cd24d
SHA256 9f5c5c5e70a4950577a9c57a15aa3557672da7d3d1071fb271a6fd559c296365
SHA512 bf7e23f65806ca3d249d499e60f8f3a5fb40052caf454d1a7a18c3d1b6a3fcdc25a90f09422025cee4539f55e984aaced7cf6492de9c5996fe780827366db039

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\JACP9GNT\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee