Analysis Overview
SHA256
f60a3419526ee1d0632d51c086927fa6eece2e5a4909b47f7f681ba96b6f1643
Threat Level: Known bad
The file 87c7381ffbe8103cbcbfddbe1bf3cc2a_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
Ramnit
UPX packed file
Loads dropped DLL
Executes dropped EXE
Drops file in Program Files directory
Unsigned PE
Modifies Internet Explorer settings
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-31 17:36
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-31 17:36
Reported
2024-05-31 17:39
Platform
win7-20240215-en
Max time kernel
148s
Max time network
148s
Command Line
Signatures
Ramnit
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\87c7381ffbe8103cbcbfddbe1bf3cc2a_JaffaCakes118Srv.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\87c7381ffbe8103cbcbfddbe1bf3cc2a_JaffaCakes118.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\87c7381ffbe8103cbcbfddbe1bf3cc2a_JaffaCakes118Srv.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\Microsoft\pxABA.tmp | C:\Users\Admin\AppData\Local\Temp\87c7381ffbe8103cbcbfddbe1bf3cc2a_JaffaCakes118Srv.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | C:\Users\Admin\AppData\Local\Temp\87c7381ffbe8103cbcbfddbe1bf3cc2a_JaffaCakes118Srv.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | C:\Users\Admin\AppData\Local\Temp\87c7381ffbe8103cbcbfddbe1bf3cc2a_JaffaCakes118Srv.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423338863" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{53C639F1-1F74-11EF-B20D-42D1C15895C4} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main | C:\Users\Admin\AppData\Local\Temp\87c7381ffbe8103cbcbfddbe1bf3cc2a_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\87c7381ffbe8103cbcbfddbe1bf3cc2a_JaffaCakes118.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\87c7381ffbe8103cbcbfddbe1bf3cc2a_JaffaCakes118.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\87c7381ffbe8103cbcbfddbe1bf3cc2a_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\87c7381ffbe8103cbcbfddbe1bf3cc2a_JaffaCakes118.exe"
C:\Users\Admin\AppData\Local\Temp\87c7381ffbe8103cbcbfddbe1bf3cc2a_JaffaCakes118Srv.exe
C:\Users\Admin\AppData\Local\Temp\87c7381ffbe8103cbcbfddbe1bf3cc2a_JaffaCakes118Srv.exe
C:\Program Files (x86)\Microsoft\DesktopLayer.exe
"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2604 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
memory/2220-0-0x0000000000400000-0x0000000000444000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\87c7381ffbe8103cbcbfddbe1bf3cc2a_JaffaCakes118Srv.exe
| MD5 | ff5e1f27193ce51eec318714ef038bef |
| SHA1 | b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6 |
| SHA256 | fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320 |
| SHA512 | c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a |
memory/2220-8-0x0000000000220000-0x000000000024E000-memory.dmp
memory/2564-10-0x0000000000230000-0x000000000023F000-memory.dmp
memory/2564-9-0x0000000000400000-0x000000000042E000-memory.dmp
memory/2216-16-0x0000000000400000-0x000000000042E000-memory.dmp
memory/2220-19-0x0000000000400000-0x0000000000444000-memory.dmp
memory/2216-22-0x0000000000400000-0x000000000042E000-memory.dmp
memory/2216-20-0x0000000000400000-0x000000000042E000-memory.dmp
memory/2216-18-0x0000000000250000-0x0000000000251000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar2342.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 650bf795d532aec859ac4d33d9209953 |
| SHA1 | c8721c58ac34a96f8d6ddc16e0d104d152681b07 |
| SHA256 | c6f11231fd02587320d1a212c3d45de98fd02e46849fa52fcecf7431dd638ccd |
| SHA512 | ee33f7c1cec316662bbb1a2d55ab9b2b7516de2d54cb4d08301bb4f2157bc6d52235cd48ec584cbb9dac195c0995bd42dc46ed9dfb2e02dd7693d80d2bea1a27 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 96dd19a5cba6bf3e7bded40038966b4e |
| SHA1 | c99b9fd674edfc41eed380c16aa9126573de65f6 |
| SHA256 | 1c1ea560e559bfc2980b22e03a6442dffee659ef342e3e3691f3f2df0d47dd77 |
| SHA512 | 7001e68a4f244371f826ed2e0c74e4c715cf53ae228252192ff2d3af2b0144019da791b9eaaba627c960ee3c73b775a116cb4035e1d6272281ae4885a9df75e6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 55621525c703dc101aedf2e8729fe29d |
| SHA1 | a382b3f7a5d3b735dff4a593fdbce7a72c63e619 |
| SHA256 | e97ec2eef5d2c8e57a41888248862ca4cce9c8c2ea4f3e7ab8cf5402504cedc2 |
| SHA512 | 04fd384f257fb69ba340a18afb49bf00ca3c89ca0aed15723c9a89a82e2e5254d78373a47deb1b98de47366b645b952b719a5340e033f166d10414b114f2660c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 316dc4d38e4ef51cf631accfeaf7274f |
| SHA1 | ddf09fae44e846a63e28724cf79cf69a5a6dc668 |
| SHA256 | 36dad33862fbf0a28976e76cefbaa645db16ac165481e44a78680e23ef523590 |
| SHA512 | 3fc7f0339c3460f1180ea0acd39835880dd6780f099048c4fea6e6a03cf12929753cfbe28980e4b2d192ccd3fc510396a8eb119d8dfe0eed09e464aabaa79823 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bca0fe23f9652eab3e6326b54f3749a1 |
| SHA1 | af1a4f6697bd068ea14fa96868edbc7994ee7ff3 |
| SHA256 | 384e539389abacb7377ebc9f7d15f1089188b14cf6b51a8b8227a76f1641df17 |
| SHA512 | 65768c5df26b3c0fa88c84d77dc9a7889330b4a969b0cfa5a92fc6d1b2c78fa69712b8645944e7f3ef2ed23d440efd3732245bc9773b491f812f3748bcae2be7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3e7464fd756b9b76cb333211d01ad96c |
| SHA1 | 54bb82cc7bcbd2209301035b538d37c90789c8d3 |
| SHA256 | 4dea6a0fc309942f0725c4c453636a18ab4129f60bdbb564477fae1e77a0a434 |
| SHA512 | ed7f80f2b42d5e978272f2d4094de1085ef8093f6bf46155152c965499e0fe0a486743699372799b1f82388af756b75b8e2faba42c0ea312679913ee46d15634 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cd7b483a61b7a0fbbc01261726dd4599 |
| SHA1 | 5f9f7691941f48edd91e99db212d4c2e827ffa6f |
| SHA256 | b71e22a23096330f83f3b314f57715cc4a26886a2576ca74e4746aab27f2251b |
| SHA512 | 9d73a7c7d4c59e63fde7272e210556ddf55b176419d9857d59985b6028dc05c359ec1f86f03e6083ecefaa2931f35f66c149539b86f49249d0c7e80f902b7be7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 98d7ad16023466df593223229b8c7918 |
| SHA1 | ac94b3571435322d9158ec7ca847e9ca68d18fad |
| SHA256 | ba1a4560b7fd0141565bd4b5e23110195f8ac19eb0736e48d86410bab495dfd9 |
| SHA512 | fbcd1446dfbb677144f8b5e9c0d7ce1fabb615ba8b0e253e2356d761500361afa99c2a355c8f143c9c74c59d9caa26c859608173bfdc4c2b8c0b7c96e9b08fda |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1070f47b59f8926e74e8a99b09338f16 |
| SHA1 | b916ef80ed0456eced5111c7b656e827f35fe2a7 |
| SHA256 | 86c8e08b1739b1c97e32e3fbc426644b51eed3c13817c268907785fb82c82187 |
| SHA512 | fc4e002776ce20257cf933f4b8d65af16225c1b702033b4fe883d38436f8ded879a21d94212c6a46ba8588ef57363e73ce2d10f54b4d690d08c72208dd234293 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4f339366122fddaacc8af28318837359 |
| SHA1 | a7071a1ec7e1621173aca52eda2f9b8ea623e38d |
| SHA256 | dec2f929f42b76dfe5a47d89080abcf2b0cddeca9b2a059b9f8457cb05291517 |
| SHA512 | 5d8d25cb61230829e36838349e6532ebfe2fc8c95a1dcdfa2f27ef1b4888603edbbf71b40b113d9f93ef7cb7f66e9dd561e9a798fccfaf06ee4c2166870e7ec9 |
memory/2220-512-0x0000000000400000-0x0000000000444000-memory.dmp
memory/2220-513-0x0000000000220000-0x000000000024E000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 59290561bf5bc770fe82e6c5b02dd9ce |
| SHA1 | b44d628fffb4a79d89e644a5924bc6e7c897b7de |
| SHA256 | d8737c0af0048c98c8135591aaf71bb68598cbc73564dda116a47165d848193a |
| SHA512 | 717bfa3e7f495ae4bbc59a9c94ed2672a482c6712588217f6a78346899154934af39396435f7e299675a9e010adb559c01df2a828db0e0ff5542fe55c42aec4c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 514aa2d7732d47f2374bbe34d717e34c |
| SHA1 | f003a17b42d2c8a11a9113899b6a5109bee3120b |
| SHA256 | cf713626b36628cb27610b6dbbf6aec0d17cdafad284dd3c81fe35b910496f7e |
| SHA512 | c7a3df2e70fcef5f56196b5ce972934b7527a4c91fd1bab4413a37d89eba9d73edd0c88460121b637e96eec65cdfeadd019d466c7a5424a42a1635dbdf047eb1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a921f2b8cf20e12af9f0baeecda1643c |
| SHA1 | d2c4cae3c286f9c93440e58c851e39cb80af74b7 |
| SHA256 | 669c9143d0b37fa1955ca8d9da29ef479efc83b4b6de46e59ea4e94ffb82f6e2 |
| SHA512 | d6be85ee7187fdef1956b3ae24670ab8e3f89076e8d9f6907825c7f34a3b970e04eacff85590d86823ff958e7cfea2245b9bfd10dfbca46be482c91bd32087e2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 62eb4f42893641246176f5f49935b334 |
| SHA1 | 5265be8d7ff0c85eaeb552d46c37ede46e2835d4 |
| SHA256 | 0de3a88d990ef393bbd12fe36158425448816688d39d5cd890dc0635cb60a1d1 |
| SHA512 | 65c5865db5f309e392acaea80ba46583748d55ca1aec907b5ebc8e49bf9b907fc3f77cac115ecd2c22ffbcb5977eabb6dbe4c49d24df10a2353bd57e4a95bd0c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dfc99f38752d409fc43b08f9f38a7fa4 |
| SHA1 | 358e9503c1c09eedd0d8f33e678ad84a27353d18 |
| SHA256 | 03847adc1aa88efbc156723aadac3431c2ac15f5873b48a3cd9f70cfe9d1170e |
| SHA512 | ddd0aa28223c0546d8e237579f3c712834ac4ab574ba24bf6058b1d85547a6257e94e63e9f12e801654b28a8f7c7e09c8b702f875a3b1d7687b96582b77d48f8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ef38298a3a7ec807b97982f06a7e9e1e |
| SHA1 | 6723a1b0d8b76020699b9a6fac6249be5eb47854 |
| SHA256 | 3e832c54ad093bb7d9beb675b7fa80609b2965e4dc0cdcffe270de8d1f54bebc |
| SHA512 | 73d379cea1d977ad491601af0ab0125b10aee4d234c0a0458f5b304f34f15061048cb0328c688880389c7a6f257b0468ea3898813a9556cf3615d5d91cc398db |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 20aa6dad5aad49434e8b6d167ff64404 |
| SHA1 | 56c0de053a06712428ebd56127dfaf4e756206bf |
| SHA256 | 810d7df80d014b07123aa2e8777415881622c743369c6b1a6d5b7f0b5c70096d |
| SHA512 | c760d6165abf4b4abaaa642f7ee82238a6628c8644b764c9c74c4be8edabb5128b11e79c36cd39e786d90da3f5ad3d6cad3f19e1da914cce31f2e0489742bd03 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2e9439cf76562a7e170493668e70fec4 |
| SHA1 | d6b9a657bb4937df017569f6f00d9cbbe654b38c |
| SHA256 | 9e460b1f9669d48304ca5936982b08ad7f5d9efe95ae4ed370e12a492e8b0475 |
| SHA512 | a942ea069ca6bff63b7f0679f47a87ce9a3f1ca07cf7a186f93cc6a82963ed1731d053641a94dda681578e456361b7f19115a49ce845d56bc289b29b77f3d3ee |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7ac38d4c3baf4c7f841b807ba3c84d6f |
| SHA1 | dcd01b4b33198a841332fbc26b085913ed6eb992 |
| SHA256 | b9211c9fe244a6ba2a50f4445d97e08d9cd9e88d7c7c151fac8f700b64459187 |
| SHA512 | 51200c2d83ba6898c595140f432509061ba683e6077caa39e9d6f35cbe68b22229cc7c12b17acae593ef8f5ee179de8cadab35f4a7d35a428120f7a2f1753702 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8655ce88734b8269dc24c45f54d1d2c2 |
| SHA1 | cbda20438bdfebbf3b4766e5fd031523176e358e |
| SHA256 | 7eb0bb9d52c3939d9517e10ae81e20f84c99c74f75253f438d111a0822cda0ed |
| SHA512 | 3c0459cf8ae8d542555225f5a3bb151bedf74005cde0993ac2a0376f88937ab5832418827cd2e9cf12e02863b640130ea0ebcbdb9f054e44cd5ffa83bb6b6f2e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5ab7b03848efbbae272be820d0f00f7e |
| SHA1 | a06303b39b8b7d522e81b0e13c062dd877d023d4 |
| SHA256 | 67fb1dfa9457b65a385279dfc37d11c04fb7b5b52ec1c366a45776f1c49c92d5 |
| SHA512 | 44afdc0637baced53aa4ff445df2302b82916b063a1ad37aacf7e44ced39f49ffd660bf84cffa410eb3c48caa9f59291584ad492705d5d7196868e7912e194dd |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-31 17:36
Reported
2024-05-31 17:39
Platform
win10v2004-20240426-en
Max time kernel
141s
Max time network
146s
Command Line
Signatures
Ramnit
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\87c7381ffbe8103cbcbfddbe1bf3cc2a_JaffaCakes118Srv.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | C:\Users\Admin\AppData\Local\Temp\87c7381ffbe8103cbcbfddbe1bf3cc2a_JaffaCakes118Srv.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\px7BB8.tmp | C:\Users\Admin\AppData\Local\Temp\87c7381ffbe8103cbcbfddbe1bf3cc2a_JaffaCakes118Srv.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | C:\Users\Admin\AppData\Local\Temp\87c7381ffbe8103cbcbfddbe1bf3cc2a_JaffaCakes118Srv.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "696489212" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{54F182A7-1F74-11EF-8FD7-4A9F9762F996} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Software\Microsoft\Internet Explorer\VersionManager | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31110017" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "694770883" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31110017" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Software\Microsoft\Internet Explorer\VersionManager | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "694770883" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31110017" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423941972" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31110017" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "696489212" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\87c7381ffbe8103cbcbfddbe1bf3cc2a_JaffaCakes118.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\87c7381ffbe8103cbcbfddbe1bf3cc2a_JaffaCakes118.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\87c7381ffbe8103cbcbfddbe1bf3cc2a_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\87c7381ffbe8103cbcbfddbe1bf3cc2a_JaffaCakes118.exe"
C:\Users\Admin\AppData\Local\Temp\87c7381ffbe8103cbcbfddbe1bf3cc2a_JaffaCakes118Srv.exe
C:\Users\Admin\AppData\Local\Temp\87c7381ffbe8103cbcbfddbe1bf3cc2a_JaffaCakes118Srv.exe
C:\Program Files (x86)\Microsoft\DesktopLayer.exe
"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3228 CREDAT:17410 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.bing.com | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.19.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.90.14.23.in-addr.arpa | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
Files
memory/1792-1-0x0000000000400000-0x0000000000444000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\87c7381ffbe8103cbcbfddbe1bf3cc2a_JaffaCakes118Srv.exe
| MD5 | ff5e1f27193ce51eec318714ef038bef |
| SHA1 | b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6 |
| SHA256 | fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320 |
| SHA512 | c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a |
memory/4748-7-0x0000000000660000-0x000000000066F000-memory.dmp
memory/4748-6-0x0000000000400000-0x000000000042E000-memory.dmp
memory/3520-11-0x0000000000400000-0x000000000042E000-memory.dmp
memory/3520-15-0x0000000000400000-0x000000000042E000-memory.dmp
memory/3520-14-0x0000000000400000-0x000000000042E000-memory.dmp
memory/3520-13-0x0000000000450000-0x0000000000451000-memory.dmp
memory/1792-28-0x0000000000400000-0x0000000000444000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
| MD5 | c6440d653995acea2a63cd83b7c4d444 |
| SHA1 | 5c5b83061ac0f31ff83d3a472fd77899c3bab3f0 |
| SHA256 | 73e12cf5c60f5dc8dc6ad13d2d8581e5dfbbfdbd3848caa564745c19bc584d37 |
| SHA512 | d79dc9496f78dc4eb8d0376bcdca421ed8b8fb8653f654d7d3ae84afa05bbc9571589413677a4d989a04558d3bb2381ffcdabb639ce231ccd7e0cd558696d75b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
| MD5 | 91a44fd42c89f15c1f1a3bc7f26a6a9e |
| SHA1 | 708952cd2ea8ab247823eb5048ab6114929bcbf6 |
| SHA256 | 1895ea7c0548a28453f6afb64eeb008846204caf05583a5fc3651017e38b5922 |
| SHA512 | 568b236da6a238a1edf25367eab70a8f98e9aa608254ed52baf4df946bd8111411776ef8e54ed9d44dc0b2e3548747d5935bea216f1ea304ec54656f025dd6d6 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\verF388.tmp
| MD5 | 1a545d0052b581fbb2ab4c52133846bc |
| SHA1 | 62f3266a9b9925cd6d98658b92adec673cbe3dd3 |
| SHA256 | 557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1 |
| SHA512 | bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\NCVVYLW7\suggestions[1].en-US
| MD5 | 5a34cb996293fde2cb7a4ac89587393a |
| SHA1 | 3c96c993500690d1a77873cd62bc639b3a10653f |
| SHA256 | c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad |
| SHA512 | e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee |