Analysis Overview
SHA256
1577d51aa666e9283eb6eacee5950b586c04abc57072863b9e3f59507569643c
Threat Level: Known bad
The file 2024-11-15_8dee32eb82cace9af4e7a0b39633686f_bkransomware_ramnit was found to be: Known bad.
Malicious Activity Summary
Ramnit
Ramnit family
Loads dropped DLL
Executes dropped EXE
UPX packed file
Drops file in Program Files directory
System Location Discovery: System Language Discovery
Unsigned PE
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Modifies Internet Explorer settings
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-15 11:44
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-15 11:44
Reported
2024-11-15 11:47
Platform
win7-20240708-en
Max time kernel
121s
Max time network
127s
Command Line
Signatures
Ramnit
Ramnit family
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-11-15_8dee32eb82cace9af4e7a0b39633686f_bkransomware_ramnitSrv.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-11-15_8dee32eb82cace9af4e7a0b39633686f_bkransomware_ramnit.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-11-15_8dee32eb82cace9af4e7a0b39633686f_bkransomware_ramnitSrv.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\Microsoft\pxEB1A.tmp | C:\Users\Admin\AppData\Local\Temp\2024-11-15_8dee32eb82cace9af4e7a0b39633686f_bkransomware_ramnitSrv.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | C:\Users\Admin\AppData\Local\Temp\2024-11-15_8dee32eb82cace9af4e7a0b39633686f_bkransomware_ramnitSrv.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | C:\Users\Admin\AppData\Local\Temp\2024-11-15_8dee32eb82cace9af4e7a0b39633686f_bkransomware_ramnitSrv.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-11-15_8dee32eb82cace9af4e7a0b39633686f_bkransomware_ramnit.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-11-15_8dee32eb82cace9af4e7a0b39633686f_bkransomware_ramnitSrv.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{FD5BA2B1-A346-11EF-80FE-5E235017FF15} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "437832944" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-11-15_8dee32eb82cace9af4e7a0b39633686f_bkransomware_ramnit.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-11-15_8dee32eb82cace9af4e7a0b39633686f_bkransomware_ramnit.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-11-15_8dee32eb82cace9af4e7a0b39633686f_bkransomware_ramnit.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-11-15_8dee32eb82cace9af4e7a0b39633686f_bkransomware_ramnit.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-15_8dee32eb82cace9af4e7a0b39633686f_bkransomware_ramnit.exe"
C:\Users\Admin\AppData\Local\Temp\2024-11-15_8dee32eb82cace9af4e7a0b39633686f_bkransomware_ramnitSrv.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-15_8dee32eb82cace9af4e7a0b39633686f_bkransomware_ramnitSrv.exe
C:\Program Files (x86)\Microsoft\DesktopLayer.exe
"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2772 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | api.bing.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
memory/1904-1-0x0000000000E60000-0x000000000105C000-memory.dmp
\Users\Admin\AppData\Local\Temp\2024-11-15_8dee32eb82cace9af4e7a0b39633686f_bkransomware_ramnitSrv.exe
| MD5 | ff5e1f27193ce51eec318714ef038bef |
| SHA1 | b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6 |
| SHA256 | fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320 |
| SHA512 | c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a |
memory/1904-4-0x0000000000170000-0x000000000019E000-memory.dmp
memory/2812-20-0x0000000000400000-0x000000000042E000-memory.dmp
memory/2812-18-0x0000000000240000-0x0000000000241000-memory.dmp
memory/2504-15-0x0000000000400000-0x000000000042E000-memory.dmp
memory/2504-7-0x0000000000400000-0x000000000042E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Cab12B.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar1CB.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 90fac036bf8bb37b2b9241ea26149ba1 |
| SHA1 | a480dad89a21ebd695a3fd9223c25189c13c01e5 |
| SHA256 | e2b1dbc27595cb4f51bce1e1ec6f49e4a87d5545303b4cf596947003a9b04a00 |
| SHA512 | f299b407433f08d34467938affde3d97fd3a249641e678b303e14e86e9d75a571b33c4dfa0f25bcd7524aa7f99b3ba616262383adaa4d4267934a9f9ff5825f1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 349bfaff41968cc3f0f543f78476764f |
| SHA1 | 95e7ed0350e8df23c95475db4d54e5bc95203d95 |
| SHA256 | d4741ae105a11055c93a8050064818ca4d786631d6e0a9aa50b431b432763d9c |
| SHA512 | 29f680b1bf08a69e10dadfcc0d93c84075b65a038b385bda4b0d4d1f2cb25a993a8038ecba5853c02a763618b3c60304acd6a414186264a8e5de00a1fa8346c0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5eaf6756ca58779c2e839494ec2bdbff |
| SHA1 | 6662036d9a472227b3f140182efb164d952dd46c |
| SHA256 | dfd780a171896df6195354602053e20aaafb2bf4afe82995eddef4b40cbe239c |
| SHA512 | b6c3dfc5b327f6f429b30286784206cc79faaeb0e6bd03cdf7b021a3521ff7cc0d6aed6836de335b16730e4945e62878f9e78e26fb67374e1f5096df8879246a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 93e2e76b5c392356c75115d0f7c222d3 |
| SHA1 | a78fecb3e951b1f96322a41e833cfae8476df016 |
| SHA256 | d4fe1dcc77547996dfd7ef0f269e179df5519f1c2226f2b068bde316153621a6 |
| SHA512 | 0cd52e9d7ec27cf203992abf9f68df72bcafdc62ba6f948fc51f7440612640f13fc1af439a77d5e130dfa72877e8b49fee5172121e6c1757bfc7e50c44bb47e9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 17cf95c1d024bae2b8e08b1bcb3a325d |
| SHA1 | 064b467b5eaa861146fc11e7ab1425e621644fb0 |
| SHA256 | 7c2767b2622bbb39462714de4354ec7c8bcfd842dd6a57975c5f9dc8f04425e3 |
| SHA512 | a0dd5ebcf7f3aaeca6ea8a73b8478cf7931c77bc36bc943ec99cdb995bfb55009ee665c41ebbd59de7de5d35eacf5f0a36c1f1a566499be14c7cbf8fc0283316 |
memory/1904-188-0x0000000000E60000-0x000000000105C000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c4672e8f0cac1233e853170797639cfc |
| SHA1 | a377a3c917b23e6ef3a39e3731b9df54325e7af8 |
| SHA256 | 0442dc992f427bf36b8370a4788cbceca883bb4ef888b76c8e76b900756815a1 |
| SHA512 | fbf8774adf90375703b6a55ff6979ad946de5c875de46ce480a60eff0683ed6c2a6171990f8dd6aaa891a6a29c9fb8775bc99663611ee967fd651e87b947e7d6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a885ca12cefd591cf3277e199fb4a32a |
| SHA1 | 5070bf2969de28e66ae9f869fbd369abcf5e1085 |
| SHA256 | 88035966351d76cf25b4b264e1e41b27b4cb580d32b8edb75b3d9bf25891f25b |
| SHA512 | c475459997ad2d6e1b6313a7001fa70fd0e5fcfe8ceec63834aa6254a175d0e737bcb116086bcdb459ebb0740b51557836ea972f5ce714e72591dc81bba04065 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c3cde2f28b2859e1a45719f77d554877 |
| SHA1 | 7ac6f35b83dbd69c90ec5c04be857126adbf6476 |
| SHA256 | 5aa41cf20f284b9bec56dc452dbfb4c0685bf8f64629bd4cbaefa9ba2014751f |
| SHA512 | ec8cadc3bdde145e9875d79b5fe5936f4a19537d97f752fa9a1cb3171d20abce2621a74e48a7624600efde6edb285be710c3476ab14741ed12d0eff1a5fb4f3b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f4a703b9a09c0b400be5982833a82ae1 |
| SHA1 | ec0c8c20c9a579678f3a84773f4d594cc2164b90 |
| SHA256 | 4494854799107bf038f52b239454f77adabb53ddda4a1a8cdc6e05115eac5623 |
| SHA512 | 56e4906f54c76af9901fa32302476d4fea76d27d25a45196b1ebd854021519bf973b5578100098b66ec9bf11d7977ad0230adfbd038d89afa7b0e76e876e14ef |
memory/1904-422-0x0000000000170000-0x000000000019E000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ef3d0f70908b023e78f5677f202d7560 |
| SHA1 | 6c3c60017b031a81a22fb8b069b90ae3e1fa2f30 |
| SHA256 | 15b83f04139e7f7fd6911249ae75f64880c15a2d0f46074ca7eea5515a78f57f |
| SHA512 | 4934e5ceca2bf5289900733fc99b4e9ec55f61d4b3da1587c4f880f5faa858fd8a6cecab2b3e8b653ab9fd2277cb07a2712dd8d2b415c7c6c1b75c08df2caf35 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | beff4e35333cc4cccb2e3a024871de13 |
| SHA1 | dcd895a9d0b196c7d1f36a602b5c69cf161db442 |
| SHA256 | 67f6f0b53253f275abd0aeb6b28fa0ceca7d6e8ea28ed9aba2750f23dc1fba09 |
| SHA512 | 9e956429750ac6b087f966232f5e868cd6a43127eab1db94e92a8bc8de2488f1ab1b6dd94a211299efd6fc1e36c3e22c69572e13a1d7ff8b49b4a4811724a618 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 283aca828bce5cbfc00223d8a5ea45f4 |
| SHA1 | 5cdb55497761f55760629172603b46908b19bfb2 |
| SHA256 | 607f14f7ffc5c1b69ec0e22403f8f1c2211adf10b05b03fe486b91342f591e2b |
| SHA512 | df6b63826cd9959e88bdd11bc1ec8a3140f67c7c77050cff4fb138b92d2da9f25dbe53dd1bf9f6d953c8d4f60f1f2fb67f0fab7c79deaee0ad24b97926d73d09 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 09ff8e1a8cd9c712ffbc8e9f638e59a2 |
| SHA1 | 7d047e29f8732d198aff69fd216a64ad8d64e655 |
| SHA256 | 91396a6b7daa69beb444a72936b562a32ddbe22e2e6be21c85da0b0a5a68f76b |
| SHA512 | faed5dc223372ce99bb80215808f3d908777b9b9002e916bd1deb7e8e5a59d9dcbf6722acd2a38e950d9ab0a96d0d3b072554e9e9eacd90f5ba29e702b245c69 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a1ca54676b89be27c75d0216ccf4eccc |
| SHA1 | a2faf33225c6ada271c87b46dfeb8db71d03e086 |
| SHA256 | c63ccd0004ade94de2bf474bb35cb9853d22101ac15cce1d8198b99e77874b5c |
| SHA512 | 46432a0c5f10cf36cb9aac3ee186809eccb93f848797ab36d87832b5fee03656f58ecd1d3f7dfaf31f7dfdf5e61ca1ffa8c16de92458c94620ac37c3a304ff02 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 440e9c58ca9ed374bd5d6bfbfaadbff6 |
| SHA1 | 37ee1fdd726f7ae6e000b16737183681676cb458 |
| SHA256 | 16110db22c8a0c6d652d614962ca7ef4971e795778d2ef92032ec35be4595195 |
| SHA512 | a486c6038f35d6608fc3bf33f04b327a87adad533322d80222434000f400d71525100202b6b72b677bb937c07042148d68140c218066bafeeaac5399f7c5a84b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 688949ddaebf4ab82fffdb1b1f1d8fda |
| SHA1 | a6cb08a774e8295537c836aa6c62ccea4e47c063 |
| SHA256 | 24c6041f88ab4b2db8c9abe8a4232a45a25f174142dcef14616232b2077a7d83 |
| SHA512 | 15e33859e22bd416b38573ffc3e876c4458be4b66dbb6ab1d51dce5507a53e238b9923cc93380948b41d061365e7b64be4ffcef2aedf320e577224022ea41ddb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 400c53d55a178ad1a782133ab19d8915 |
| SHA1 | c9e402d80791fbe917ab7a8c05809f747ee00f74 |
| SHA256 | e43bc96228722cef1515a813bb079c6cafa3a7265a498dcc1828385f06b89a47 |
| SHA512 | c8a0e975ad689158191e7231a374a5611eb3e168402f66c99eae7bbba96f590c229959a2546a1767512de89fbf060ac6af3b4c1e7117f008b657358115024960 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4816e9555fee687c8bbf0a52ee8846d7 |
| SHA1 | 26e99a41aed591ac3baa1532e391c92d66fdedb9 |
| SHA256 | c8f5a2341e6bf899cd78c582567ff7be116f80c0d18a2f35e051fa835916121c |
| SHA512 | 1097dba94f92f208fcc7d1170222ba5f6cf1f76402b8ec17d0ada31d653bab4e40383bd32bfd83aa3e4b3d195ded69ecf1173cf14388daa85409ec87afce3bcb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b051276d9067fc67eed9078650e406c0 |
| SHA1 | acb9f6813ba1cf2002e972d465eb127d5f4988a2 |
| SHA256 | c3dae326f571c7656aa6f75b3bbeb113c491fd3cb97faca53217ae18306e7c23 |
| SHA512 | 63363f7bbd4851a710fc70e86642ae96255c5a8bc5bfc20268eb537afc35979d2f5d66dcfa43294226466c3cf48627a10604aa5e4d9b4a52e1025fbb8d865ca7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cd418e857e5744abe852c11e4641a897 |
| SHA1 | c956f782d120c5509fc70ec07e80c66cf5e6cae0 |
| SHA256 | 23492beb040502d4ba9d27ecd4cfbb673b51fde1e47eb4b197e32074a2795b04 |
| SHA512 | 831feff1995f0b08cf9ea40e195cca2bc52a42e70a5e9f9a36875d84e2d95e806f502d02d02b94a7c63309bb085c2618fd13560d715ed5bdf9f4d90eff8c28d4 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-15 11:44
Reported
2024-11-15 11:47
Platform
win10v2004-20241007-en
Max time kernel
149s
Max time network
157s
Command Line
Signatures
Ramnit
Ramnit family
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-11-15_8dee32eb82cace9af4e7a0b39633686f_bkransomware_ramnitSrv.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\Microsoft\pxC2B4.tmp | C:\Users\Admin\AppData\Local\Temp\2024-11-15_8dee32eb82cace9af4e7a0b39633686f_bkransomware_ramnitSrv.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | C:\Users\Admin\AppData\Local\Temp\2024-11-15_8dee32eb82cace9af4e7a0b39633686f_bkransomware_ramnitSrv.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | C:\Users\Admin\AppData\Local\Temp\2024-11-15_8dee32eb82cace9af4e7a0b39633686f_bkransomware_ramnitSrv.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-11-15_8dee32eb82cace9af4e7a0b39633686f_bkransomware_ramnit.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-11-15_8dee32eb82cace9af4e7a0b39633686f_bkransomware_ramnitSrv.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{01A4041A-A347-11EF-A7EA-DA67B56E6C1B} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Software\Microsoft\Internet Explorer\VersionManager | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3591056052" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3595743494" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "3591056052" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31143763" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Software\Microsoft\Internet Explorer\VersionManager | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31143763" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31143763" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "438436058" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-11-15_8dee32eb82cace9af4e7a0b39633686f_bkransomware_ramnit.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-11-15_8dee32eb82cace9af4e7a0b39633686f_bkransomware_ramnit.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-11-15_8dee32eb82cace9af4e7a0b39633686f_bkransomware_ramnit.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-11-15_8dee32eb82cace9af4e7a0b39633686f_bkransomware_ramnit.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-15_8dee32eb82cace9af4e7a0b39633686f_bkransomware_ramnit.exe"
C:\Users\Admin\AppData\Local\Temp\2024-11-15_8dee32eb82cace9af4e7a0b39633686f_bkransomware_ramnitSrv.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-15_8dee32eb82cace9af4e7a0b39633686f_bkransomware_ramnitSrv.exe
C:\Program Files (x86)\Microsoft\DesktopLayer.exe
"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:924 CREDAT:17410 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.bing.com | udp |
| US | 8.8.8.8:53 | 73.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.87.175.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.19.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.134.221.88.in-addr.arpa | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.16.208.104.in-addr.arpa | udp |
Files
memory/3828-0-0x00000000000B0000-0x00000000002AC000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\2024-11-15_8dee32eb82cace9af4e7a0b39633686f_bkransomware_ramnitSrv.exe
| MD5 | ff5e1f27193ce51eec318714ef038bef |
| SHA1 | b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6 |
| SHA256 | fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320 |
| SHA512 | c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a |
memory/1416-4-0x0000000000400000-0x000000000042E000-memory.dmp
memory/1416-7-0x0000000000400000-0x000000000042E000-memory.dmp
memory/1416-6-0x0000000000480000-0x000000000048F000-memory.dmp
memory/1356-15-0x0000000000400000-0x000000000042E000-memory.dmp
memory/1356-13-0x0000000000590000-0x0000000000591000-memory.dmp
memory/1356-16-0x0000000000400000-0x000000000042E000-memory.dmp
memory/3828-18-0x00000000000B0000-0x00000000002AC000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
| MD5 | 4716dbab6f2ab2afcbaf76db5f0b38c9 |
| SHA1 | 9ff921c8611055814c46c2f6040cc4212879907b |
| SHA256 | 14e6269329dc675b9c53db477169c352464cdcbf50d9653a22620720fcfd6573 |
| SHA512 | 3ceb67375c9023369d37b78cc52157c6c3c540b3aef9dc470ccd562b9046a3883fc27a7f193550230987927db461d7e7b0a8cddfec12f45817268499bb78d02d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
| MD5 | f59ce7b2253a7db1f34ef62f1ead5775 |
| SHA1 | 465870430edd371a2b7fd7d5d6302790328b6709 |
| SHA256 | c3361d7ea1f684c1f5578c6e1789908a8852c0ef3e8f958b5b570cb2cdbfc959 |
| SHA512 | e1ad8877323937af2e8c17057d5d097ccf1390ad4310ed8e45d503bdb9bd4a6550fab9aeed4c78a56697b59cc8483790b6443aa44ba07bfa0cb45484cf82198b |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\VKYZDMA5\suggestions[1].en-US
| MD5 | 5a34cb996293fde2cb7a4ac89587393a |
| SHA1 | 3c96c993500690d1a77873cd62bc639b3a10653f |
| SHA256 | c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad |
| SHA512 | e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee |