Overview
overview
10Static
static
7716335ba5c...ac.exe
windows7-x64
716335ba5c...ac.exe
windows10-2004-x64
Ransomware...ac.exe
windows7-x64
Ransomware...ac.exe
windows10-2004-x64
1BadRabbit.exe
windows7-x64
10BadRabbit.exe
windows10-2004-x64
10Ransomware...it.exe
windows7-x64
10Ransomware...it.exe
windows10-2004-x64
10tunamor.exe
windows7-x64
tunamor.exe
windows10-2004-x64
Ransomware...or.exe
windows7-x64
Ransomware...or.exe
windows10-2004-x64
XMoon.exe
windows7-x64
10XMoon.exe
windows10-2004-x64
7Ransomware...on.exe
windows7-x64
10Ransomware...on.exe
windows10-2004-x64
7GoldenEye.exe
windows7-x64
10GoldenEye.exe
windows10-2004-x64
10GoldenEye.js
windows7-x64
10GoldenEye.js
windows10-2004-x64
10Ransomware...ye.exe
windows7-x64
10Ransomware...ye.exe
windows10-2004-x64
10Ransomware...Eye.js
windows7-x64
10Ransomware...Eye.js
windows10-2004-x64
10NotPetya.exe
windows7-x64
10NotPetya.exe
windows10-2004-x64
10Ransomware...ya.exe
windows7-x64
10Ransomware...ya.exe
windows10-2004-x64
10Ransomware...om.exe
windows7-x64
1Ransomware...om.exe
windows10-2004-x64
1Ransomware...om.exe
windows7-x64
6Ransomware...om.exe
windows10-2004-x64
3General
-
Target
Ransomware.zip
-
Size
42.1MB
-
Sample
240302-yztxzsgh6x
-
MD5
1b1712d0f4cf97cdb10f7817fbe37628
-
SHA1
c6245e74e10ef228ccbd9bdb97ae26f8bb24b2be
-
SHA256
b7eb20bcbe42e9f14f813a19e07aea6482c7df7faf90054f27cda4dcfc28723c
-
SHA512
8a75634e543f18197eb89b4062bd9089c385326caf70275a1c82af779822f6311e5281ee1688b34d0ca02ae3cdca68ec6113b8c8fe1561ace9081d3a425310da
-
SSDEEP
786432:jSLN4jiwEj7mKm+hsZ7DYfzMRzZH27sgTQB8x4aSbJCUEKAhiDB9+DZwX1TpIb8Y:GLuY6KyHiz6ZH27xTQB8yAUEAHWZATpY
Behavioral task
behavioral1
Sample
716335ba5cd1e7186c40295b199190e2b6655e48f1c1cbe12139ba67faa5e1ac.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
716335ba5cd1e7186c40295b199190e2b6655e48f1c1cbe12139ba67faa5e1ac.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
Ransomware/Annabelle Ransomware/716335ba5cd1e7186c40295b199190e2b6655e48f1c1cbe12139ba67faa5e1ac.exe
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
Ransomware/Annabelle Ransomware/716335ba5cd1e7186c40295b199190e2b6655e48f1c1cbe12139ba67faa5e1ac.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral5
Sample
BadRabbit.exe
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
BadRabbit.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral7
Sample
Ransomware/BadRabbit Ransomware/BadRabbit.exe
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
Ransomware/BadRabbit Ransomware/BadRabbit.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral9
Sample
tunamor.exe
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
tunamor.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral11
Sample
Ransomware/Monster Ransomware (second new version)/tunamor.exe
Resource
win7-20240221-en
Behavioral task
behavioral12
Sample
Ransomware/Monster Ransomware (second new version)/tunamor.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral13
Sample
XMoon.exe
Resource
win7-20240221-en
Behavioral task
behavioral14
Sample
XMoon.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral15
Sample
Ransomware/Monster Ransomware/XMoon.exe
Resource
win7-20240221-en
Behavioral task
behavioral16
Sample
Ransomware/Monster Ransomware/XMoon.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral17
Sample
GoldenEye.exe
Resource
win7-20240221-en
Behavioral task
behavioral18
Sample
GoldenEye.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral19
Sample
GoldenEye.js
Resource
win7-20240221-en
Behavioral task
behavioral20
Sample
GoldenEye.js
Resource
win10v2004-20240226-en
Behavioral task
behavioral21
Sample
Ransomware/Trojan.Ransom.GoldenEye/GoldenEye.exe
Resource
win7-20240215-en
Behavioral task
behavioral22
Sample
Ransomware/Trojan.Ransom.GoldenEye/GoldenEye.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral23
Sample
Ransomware/Trojan.Ransom.GoldenEye/GoldenEye.js
Resource
win7-20240221-en
Behavioral task
behavioral24
Sample
Ransomware/Trojan.Ransom.GoldenEye/GoldenEye.js
Resource
win10v2004-20240226-en
Behavioral task
behavioral25
Sample
NotPetya.exe
Resource
win7-20240221-en
Behavioral task
behavioral26
Sample
NotPetya.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral27
Sample
Ransomware/Trojan.Ransom.NotPetya/NotPetya.exe
Resource
win7-20240221-en
Behavioral task
behavioral28
Sample
Ransomware/Trojan.Ransom.NotPetya/NotPetya.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral29
Sample
Ransomware/Trojan.Ransom.PetrWrap/Trojan.Ransom.exe
Resource
win7-20240221-en
Behavioral task
behavioral30
Sample
Ransomware/Trojan.Ransom.PetrWrap/Trojan.Ransom.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral31
Sample
Ransomware/Trojan.Ransom.PetrWrap/Trojan.Ransom.exe
Resource
win7-20240221-en
Behavioral task
behavioral32
Sample
Ransomware/Trojan.Ransom.PetrWrap/Trojan.Ransom.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
metasploit
windows/single_exec
Targets
-
-
Target
716335ba5cd1e7186c40295b199190e2b6655e48f1c1cbe12139ba67faa5e1ac.exe
-
Size
15.9MB
-
MD5
0f743287c9911b4b1c726c7c7edcaf7d
-
SHA1
9760579e73095455fcbaddfe1e7e98a2bb28bfe0
-
SHA256
716335ba5cd1e7186c40295b199190e2b6655e48f1c1cbe12139ba67faa5e1ac
-
SHA512
2a6dd6288303700ef9cb06ae1efeb1e121c89c97708e5ecd15ed9b2a35d0ecff03d8da58b30daeadad89bd38dc4649521ada149fb457408e5a2bdf1512f88677
-
SSDEEP
393216:UMwm0qBknxdEX+LbMUgoSZmWSmh4aaRN22ChHCMNku1y:UMcKX+Lbjgd7W1RNVC9ku1
Score10/10-
Modifies WinLogon for persistence
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Disables use of System Restore points
-
Modifies Windows Firewall
-
Sets file execution options in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
-
-
Target
Ransomware/Annabelle Ransomware/716335ba5cd1e7186c40295b199190e2b6655e48f1c1cbe12139ba67faa5e1ac.exe
-
Size
15.9MB
-
MD5
0f743287c9911b4b1c726c7c7edcaf7d
-
SHA1
9760579e73095455fcbaddfe1e7e98a2bb28bfe0
-
SHA256
716335ba5cd1e7186c40295b199190e2b6655e48f1c1cbe12139ba67faa5e1ac
-
SHA512
2a6dd6288303700ef9cb06ae1efeb1e121c89c97708e5ecd15ed9b2a35d0ecff03d8da58b30daeadad89bd38dc4649521ada149fb457408e5a2bdf1512f88677
-
SSDEEP
393216:UMwm0qBknxdEX+LbMUgoSZmWSmh4aaRN22ChHCMNku1y:UMcKX+Lbjgd7W1RNVC9ku1
Score10/10-
Modifies WinLogon for persistence
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Disables use of System Restore points
-
Modifies Windows Firewall
-
Sets file execution options in registry
-
Adds Run key to start application
-
-
-
Target
BadRabbit.exe
-
Size
431KB
-
MD5
fbbdc39af1139aebba4da004475e8839
-
SHA1
de5c8d858e6e41da715dca1c019df0bfb92d32c0
-
SHA256
630325cac09ac3fab908f903e3b00d0dadd5fdaa0875ed8496fcbb97a558d0da
-
SHA512
74eca8c01de215b33d5ceea1fda3f3bef96b513f58a750dba04b0de36f7ef4f7846a6431d52879ca0d8641bfd504d4721a9a96fa2e18c6888fd67fa77686af87
-
SSDEEP
12288:BHNTywFAvN86pLbqWRKHZKfErrZJyZ0yqsGO3XR63:vT56NbqWRwZaEr3yt2O3XR63
Score10/10-
BadRabbit
Ransomware family discovered in late 2017, mainly targeting Russia and Ukraine.
-
mimikatz is an open source tool to dump credentials on Windows
-
Executes dropped EXE
-
Loads dropped DLL
-
-
-
Target
Ransomware/BadRabbit Ransomware/BadRabbit.exe
-
Size
431KB
-
MD5
fbbdc39af1139aebba4da004475e8839
-
SHA1
de5c8d858e6e41da715dca1c019df0bfb92d32c0
-
SHA256
630325cac09ac3fab908f903e3b00d0dadd5fdaa0875ed8496fcbb97a558d0da
-
SHA512
74eca8c01de215b33d5ceea1fda3f3bef96b513f58a750dba04b0de36f7ef4f7846a6431d52879ca0d8641bfd504d4721a9a96fa2e18c6888fd67fa77686af87
-
SSDEEP
12288:BHNTywFAvN86pLbqWRKHZKfErrZJyZ0yqsGO3XR63:vT56NbqWRwZaEr3yt2O3XR63
Score10/10-
BadRabbit
Ransomware family discovered in late 2017, mainly targeting Russia and Ukraine.
-
mimikatz is an open source tool to dump credentials on Windows
-
Executes dropped EXE
-
Loads dropped DLL
-
-
-
Target
tunamor.exe
-
Size
71KB
-
MD5
e9fdc21bd273444925a4512166188e5b
-
SHA1
e398138686eedcd8ef9de5342025f7118e120cdf
-
SHA256
78972cdde1a038f249b481ea2c4b172cc258aa294440333e9c46dcb3fbed5815
-
SHA512
64989534f56fcd70f3ff08bb47a331d5624fc1e3b387420a885d6f32a537e05182de8c5890612cde03fdd312ad101955674d7455c84b900bf7eed97b402a2b08
-
SSDEEP
768:Uv3mq1oJQpwvZlXhVkcDsaoi9P9TJKvaoStYARRQwfwiIySf4BtIl82+hE8x:YmqMQoXhVN4aooJhDCSeyxel82WNx
Score6/10-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
-
-
Target
Ransomware/Monster Ransomware (second new version)/tunamor.exe
-
Size
71KB
-
MD5
e9fdc21bd273444925a4512166188e5b
-
SHA1
e398138686eedcd8ef9de5342025f7118e120cdf
-
SHA256
78972cdde1a038f249b481ea2c4b172cc258aa294440333e9c46dcb3fbed5815
-
SHA512
64989534f56fcd70f3ff08bb47a331d5624fc1e3b387420a885d6f32a537e05182de8c5890612cde03fdd312ad101955674d7455c84b900bf7eed97b402a2b08
-
SSDEEP
768:Uv3mq1oJQpwvZlXhVkcDsaoi9P9TJKvaoStYARRQwfwiIySf4BtIl82+hE8x:YmqMQoXhVN4aooJhDCSeyxel82WNx
Score6/10-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
-
-
Target
XMoon.exe
-
Size
669KB
-
MD5
a690cce59e21f5198ca304243b084f9e
-
SHA1
8aeb0b106dd21e2afb50c3f7ae78ca4f8f4b29c5
-
SHA256
ea0a5854aa6e91ebe816d256f34f820697a92d86b4f81e8855c84daeed40b9d4
-
SHA512
9e0eebf53d0ea424ae9aeb0da2e27e5be75391a5be2945d29137da12baff32184df3a223692bbabb4b64350d902bd6847284d982e62313f3402035e842f4b758
-
SSDEEP
12288:X6Wq4aaE6KwyF5L0Y2D1PqL6eqhBkEFY9ddNdzYaTW3aSDcyImRlL7zo:1thEVaPqL6JkF9YaTLSigL7c
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-
-
-
Target
Ransomware/Monster Ransomware/XMoon.exe
-
Size
669KB
-
MD5
a690cce59e21f5198ca304243b084f9e
-
SHA1
8aeb0b106dd21e2afb50c3f7ae78ca4f8f4b29c5
-
SHA256
ea0a5854aa6e91ebe816d256f34f820697a92d86b4f81e8855c84daeed40b9d4
-
SHA512
9e0eebf53d0ea424ae9aeb0da2e27e5be75391a5be2945d29137da12baff32184df3a223692bbabb4b64350d902bd6847284d982e62313f3402035e842f4b758
-
SSDEEP
12288:X6Wq4aaE6KwyF5L0Y2D1PqL6eqhBkEFY9ddNdzYaTW3aSDcyImRlL7zo:1thEVaPqL6JkF9YaTLSigL7c
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-
-
-
Target
GoldenEye.exe
-
Size
254KB
-
MD5
e3b7d39be5e821b59636d0fe7c2944cc
-
SHA1
00479a97e415e9b6a5dfb5d04f5d9244bc8fbe88
-
SHA256
389a7d395492c2da6f8abf5a8a7c49c3482f7844f77fe681808c71e961bcae97
-
SHA512
8f977c60658063051968049245512b6aea68dd89005d0eefde26e4b2757210e9e95aabcef9aee173f57614b52cfbac924d36516b7bc7d3a5cc67daae4dee3ad5
-
SSDEEP
3072:iTAjnioLO7WpLyLNZMcPSK7BaZ0NwAWMGc0HfmY4KsyyOiy12KJ3I4YgTl:i6nrD0ZMcPBAL7c0fTHs+2sYXg
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Executes dropped EXE
-
Loads dropped DLL
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
-
-
Target
GoldenEye.js
-
Size
365KB
-
MD5
c4e9fc349d5c8b24c0ddb1533de2c16b
-
SHA1
147e938bd06709b3c20eea4ac461093d573be037
-
SHA256
28fd3a1d9087d7b103b7f6cfca002798b6365fe6ebcc66fa02dbb4a9e6378e71
-
SHA512
fd0cf6f434e665aabc91f6095394a08483990c12a0b6ad3a1bd820b740af0ddbc02bc0a2592be429c7488b3cd2889afad8f758b4258009dfe51e9faac76842be
-
SSDEEP
6144:Jnm5mwYxm+DzkzFIDIWCy49ezGywT7PDSzT3enlJ1BJ0exGqkIb1Taha6e2T6Huv:FnaIEWeqWdnlhJ+eHHu+1Qk3C+MAQ
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
-
-
Target
Ransomware/Trojan.Ransom.GoldenEye/GoldenEye.exe
-
Size
254KB
-
MD5
e3b7d39be5e821b59636d0fe7c2944cc
-
SHA1
00479a97e415e9b6a5dfb5d04f5d9244bc8fbe88
-
SHA256
389a7d395492c2da6f8abf5a8a7c49c3482f7844f77fe681808c71e961bcae97
-
SHA512
8f977c60658063051968049245512b6aea68dd89005d0eefde26e4b2757210e9e95aabcef9aee173f57614b52cfbac924d36516b7bc7d3a5cc67daae4dee3ad5
-
SSDEEP
3072:iTAjnioLO7WpLyLNZMcPSK7BaZ0NwAWMGc0HfmY4KsyyOiy12KJ3I4YgTl:i6nrD0ZMcPBAL7c0fTHs+2sYXg
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Executes dropped EXE
-
Loads dropped DLL
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
-
-
Target
Ransomware/Trojan.Ransom.GoldenEye/GoldenEye.js
-
Size
365KB
-
MD5
c4e9fc349d5c8b24c0ddb1533de2c16b
-
SHA1
147e938bd06709b3c20eea4ac461093d573be037
-
SHA256
28fd3a1d9087d7b103b7f6cfca002798b6365fe6ebcc66fa02dbb4a9e6378e71
-
SHA512
fd0cf6f434e665aabc91f6095394a08483990c12a0b6ad3a1bd820b740af0ddbc02bc0a2592be429c7488b3cd2889afad8f758b4258009dfe51e9faac76842be
-
SSDEEP
6144:Jnm5mwYxm+DzkzFIDIWCy49ezGywT7PDSzT3enlJ1BJ0exGqkIb1Taha6e2T6Huv:FnaIEWeqWdnlhJ+eHHu+1Qk3C+MAQ
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
-
-
Target
NotPetya.exe
-
Size
390KB
-
MD5
b6cc1e4052f613e15a8b05439f5877b4
-
SHA1
9bb3cb5080ae18985d93a28faeca6ae06d768b21
-
SHA256
e2ea7f9581a7e1386fc6601d1421e1194373c1c891f2d406de6d49810fcc7737
-
SHA512
cd48f448cd355a1463ca090d8ad47100596e1ed1a1a771f26c672406669433e9d9d915268def0aad844511f65a3c69fbb3ab2e2dc610ecc0f66a8524a6a8ea73
-
SSDEEP
12288:rF/X4NTS/x9jNG+w+9OqFoK323qdQYKU3:BXATS/x9jNg+95vdQa
Score10/10-
mimikatz is an open source tool to dump credentials on Windows
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
-
-
Target
Ransomware/Trojan.Ransom.NotPetya/NotPetya.exe
-
Size
390KB
-
MD5
b6cc1e4052f613e15a8b05439f5877b4
-
SHA1
9bb3cb5080ae18985d93a28faeca6ae06d768b21
-
SHA256
e2ea7f9581a7e1386fc6601d1421e1194373c1c891f2d406de6d49810fcc7737
-
SHA512
cd48f448cd355a1463ca090d8ad47100596e1ed1a1a771f26c672406669433e9d9d915268def0aad844511f65a3c69fbb3ab2e2dc610ecc0f66a8524a6a8ea73
-
SSDEEP
12288:rF/X4NTS/x9jNG+w+9OqFoK323qdQYKU3:BXATS/x9jNg+95vdQa
Score10/10-
mimikatz is an open source tool to dump credentials on Windows
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
-
-
Target
Ransomware/Trojan.Ransom.PetrWrap/Trojan.Ransom.PetrWrap
-
Size
473KB
-
MD5
17c25c8a7c141195ee887de905f33d7b
-
SHA1
7fa8079e8dca773574d01839efc623d3cd8e6a47
-
SHA256
e079fa28ea51fa98644164caf585ae3231d25372fccca1245902fb57488d4660
-
SHA512
de95f18101b99d159fe459c5e5651e0db2b1c76e02c9c2741bfd920decc970abc6dc0b41651be0471b4c7c3deb8b5e9a6e956c6515f268f9dfee7b76087a1e2b
-
SSDEEP
12288:ZPaAhutLwUVsvLPcFZXYl0oIZdm9n50DNq:ZPjutLRuvLPcX8mC5S
Score1/10 -
-
-
Target
Ransomware/Trojan.Ransom.PetrWrap/Trojan.Ransom.PetrWrap(Patched)
-
Size
473KB
-
MD5
f9dc218f57d7ecf5a8664a6561a59a2e
-
SHA1
f9e15d4799c382a00b17c322826c0fbee7a7014b
-
SHA256
bb990e2307c5f1143f3b8fabd77e62a2754c25b1de45636b93b6c87d1dc12784
-
SHA512
00c3e39687bcd9951d63adb521c096120d1c81521bb56615b32c42a0f5126f31fea023a173a95230a0d1e74056cd84baad29ffd7615409ff8b07640c550d955a
-
SSDEEP
12288:9PaAhutLwUVsvLPcFZXYl0oIZdm9n50DNx:9PjutLRuvLPcX8mC5S
Score6/10-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Create or Modify System Process
2Windows Service
2Pre-OS Boot
1Bootkit
1Scheduled Task/Job
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Create or Modify System Process
2Windows Service
2Scheduled Task/Job
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify System Firewall
1Disable or Modify Tools
2Indicator Removal
2File Deletion
2Modify Registry
8Pre-OS Boot
1Bootkit
1