Analysis Overview
SHA256
29274dfda5c7f2a3cd0c793f6128f7429fef834f142e226dc8df2d9ea184d524
Threat Level: Known bad
The file 29274dfda5c7f2a3cd0c793f6128f7429fef834f142e226dc8df2d9ea184d524N.exe was found to be: Known bad.
Malicious Activity Summary
Ramnit
Ramnit family
Loads dropped DLL
Executes dropped EXE
UPX packed file
Drops file in Program Files directory
Unsigned PE
System Location Discovery: System Language Discovery
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of FindShellTrayWindow
Modifies Internet Explorer settings
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-17 21:12
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-17 21:12
Reported
2024-11-17 21:15
Platform
win7-20241010-en
Max time kernel
69s
Max time network
74s
Command Line
Signatures
Ramnit
Ramnit family
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\29274dfda5c7f2a3cd0c793f6128f7429fef834f142e226dc8df2d9ea184d524NSrv.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\29274dfda5c7f2a3cd0c793f6128f7429fef834f142e226dc8df2d9ea184d524N.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\29274dfda5c7f2a3cd0c793f6128f7429fef834f142e226dc8df2d9ea184d524NSrv.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\Microsoft\pxE428.tmp | C:\Users\Admin\AppData\Local\Temp\29274dfda5c7f2a3cd0c793f6128f7429fef834f142e226dc8df2d9ea184d524NSrv.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | C:\Users\Admin\AppData\Local\Temp\29274dfda5c7f2a3cd0c793f6128f7429fef834f142e226dc8df2d9ea184d524NSrv.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | C:\Users\Admin\AppData\Local\Temp\29274dfda5c7f2a3cd0c793f6128f7429fef834f142e226dc8df2d9ea184d524NSrv.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\29274dfda5c7f2a3cd0c793f6128f7429fef834f142e226dc8df2d9ea184d524N.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\29274dfda5c7f2a3cd0c793f6128f7429fef834f142e226dc8df2d9ea184d524NSrv.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B80ADFD1-A528-11EF-AAD8-6AD5CEAA988B} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "438039846" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\29274dfda5c7f2a3cd0c793f6128f7429fef834f142e226dc8df2d9ea184d524N.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\29274dfda5c7f2a3cd0c793f6128f7429fef834f142e226dc8df2d9ea184d524N.exe
"C:\Users\Admin\AppData\Local\Temp\29274dfda5c7f2a3cd0c793f6128f7429fef834f142e226dc8df2d9ea184d524N.exe"
C:\Users\Admin\AppData\Local\Temp\29274dfda5c7f2a3cd0c793f6128f7429fef834f142e226dc8df2d9ea184d524NSrv.exe
C:\Users\Admin\AppData\Local\Temp\29274dfda5c7f2a3cd0c793f6128f7429fef834f142e226dc8df2d9ea184d524NSrv.exe
C:\Program Files (x86)\Microsoft\DesktopLayer.exe
"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2852 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | api.bing.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
memory/3000-1-0x00000000013A0000-0x0000000001723000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\29274dfda5c7f2a3cd0c793f6128f7429fef834f142e226dc8df2d9ea184d524NSrv.exe
| MD5 | ff5e1f27193ce51eec318714ef038bef |
| SHA1 | b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6 |
| SHA256 | fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320 |
| SHA512 | c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a |
memory/2240-7-0x0000000000400000-0x000000000042E000-memory.dmp
memory/3000-6-0x0000000000400000-0x000000000042E000-memory.dmp
memory/2240-10-0x0000000000400000-0x000000000042E000-memory.dmp
memory/2240-9-0x0000000000230000-0x000000000023F000-memory.dmp
memory/2980-18-0x00000000001D0000-0x00000000001D1000-memory.dmp
memory/2980-20-0x0000000000400000-0x000000000042E000-memory.dmp
memory/2980-19-0x0000000000400000-0x000000000042E000-memory.dmp
memory/3000-22-0x00000000013A0000-0x0000000001723000-memory.dmp
memory/3000-23-0x0000000000400000-0x000000000042E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\CabFEFB.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\TarFFB9.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2cad0cba62a4ff41e4d2e290cd6b2097 |
| SHA1 | 6c807e1c7be5ddd0772dfc5b47bd00fe6e4262d6 |
| SHA256 | 33c20477ec9a3404b6fdd3f70fd2a0af354a4ef94130215e140e2b10dd4d67c5 |
| SHA512 | 6e1b845d66eb159d74531cec1bd3fcd33341bbbe734873ed0018bae530027fe93289284f27afb34b6facc28d53a15e4cd9a1b1d8f7c7c73bc52b58ce7d8a8937 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0ae1b9f8f0791c3b9f4131d70792ed77 |
| SHA1 | 018f8d6b9de686d5cf31e77f73012ba978b0e65b |
| SHA256 | 3bb6894e2580e8503fa8e51185e18226e14b5c59c534e15e5cf376b083ce56db |
| SHA512 | 20403e93d5faeab0367485ce21b912eef8ab4f0921062cba75b12b113809a9a2510f516921e36a5f139b6ff85d387d4baa250b8fceafb7b42e421739476415e0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f1f8e245305c1de397ea20b05e9e65e2 |
| SHA1 | d1f1179add3056a9c82839123c4d3bfc73e18a65 |
| SHA256 | 6eb80e4f6b26dcb88a46f3a4ede44ff9b425bcfb3d5ece05e10e365eaf8b4b14 |
| SHA512 | 50ea04fba52031270682958aae9f44b1a49519a1105004ae363bc256e3acb9a4e0c04ab4eccf821d35c6fc2cd7f025400ec03081ca2f284fb24bce5a5231b516 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4779463811e6e38e82d37a59def99136 |
| SHA1 | 82b69464c018db3d1d8d0df3b45fdf069085a93b |
| SHA256 | 0260d43cc352f5e402b765f445c9de932fb7ba1efebe1cdefc3546a700151e5b |
| SHA512 | 1e355873aab8555052978aea0918d155d55e8eec4bec91bd17fc3d7d26449fc5390369691b0de3344edf561eb21195ca73b85c1188d210db5325b3760ac0bb5c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6624c8d6378dcd44507d122e3111b329 |
| SHA1 | 1af9a48eb53fb272a5a53d6b806611993a468710 |
| SHA256 | 0ea2e9107d27a3f5aff6699bcd9b23d407ba8065f20c28eda6fbb15d3a49db50 |
| SHA512 | 3344119a474fc944bd1941b283bd33bdb33e6fa488c9b3c38a30fd98cf7ede00330fdad47e01da92b69b8653467a4cf128aada7c2509a4951043b87053281998 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4c387b66647ea67c93ac6f11d27aad87 |
| SHA1 | 6ef9e4d7bc6e788080da8fb1175ec1ae813b6710 |
| SHA256 | 0f179ddcc120db8e13022b6e31b0dfd69d3223ccfdab998f13a0e49803887eaa |
| SHA512 | 3869496a692f28d8e1df51965c004b26b0ec2c2563156f5dbe9ca9f64136c486955e7ae33e35757bf9fb2e9f6bc45d73f647c2c3c16143324c9dde46902b7171 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7b2304c56ab6cad41fcdf39759c9477f |
| SHA1 | 244372d4abb1d9a52bfb01da974f3b6924f268e9 |
| SHA256 | 27e1ceb274a15a81894775ab9434fb000d1cf252e840d0621852371609258e87 |
| SHA512 | 60d1dec1ec78ffd995eb97a32d37b5acc9aadeab207e1ef3a049fec6d7b3df02bb7babd9be16291799416b174fd7581ecf8916c75873f778675ff919c14a4b33 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a3a43442c61c40170b95fdc679bacb05 |
| SHA1 | a5fe774a1fc9d7558f7e21d720584b0919184aaf |
| SHA256 | d1721698d82133d32e147fb91d6a1ee135e3bd4227ac589b3dc538dc427f59cd |
| SHA512 | 9c016610196ccdc59dbb06892d364866eae222ed68c21a285b12f3a97726b1bfd2754ba93501aba397436ecc6c54481919962aed9572aa76dc76436a153bdca5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9a92168f0995d49491c20f36c00efdca |
| SHA1 | f0bf938999a3df4ce15b3d15085a92e8a542330c |
| SHA256 | 56985255ba4ed77e2a8759e9bf14a659e8fe87eb9cfdf9d81b68b2d42d0838ec |
| SHA512 | d1d4b15235baa5cce35ab6389a9f8dedd20e89727a2438a680161c4db1d4911845b852ce857e98abe0c1a8aab18371ca5d510848e1dad127a70eeaa54d147f1c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3d9165760cd808b43c9a9e7e988b4b6a |
| SHA1 | 491d0d09600cd9a7385fcb981673a7c16aedbb30 |
| SHA256 | 905bddecb3fbfd416d2e1ad20feb85cb19f94ab3ccba3a34f8fb0d6899651379 |
| SHA512 | 3fb40615e91bcf76fe0b7449c4ca234cb2fd7e46a5f3d42aae76afa10b7840c8ba07fc19679c647d6fc89294bd2f4e169891fb26172dd08e8aa13f4c95a9ce2b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 89e7fd6ab64fb5258d37d5e90a8f5bb4 |
| SHA1 | d222e8d141afad0d4f61b25afc8d6fe5b7eaa281 |
| SHA256 | d56951cfe5cca5140e39dfc57aa2ed0ac233225ecd88df44c6d0335cd00b412c |
| SHA512 | 46a0ef80c20366d1f8a633e722273a7f63ad4c2d1c947469df94e170260e0030c0e97ade753b03d1c48e5fb20118f47f48affb68d1b4270747393f77371c18ca |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 06b69cf987fbcc9e97901a4698c7fbe8 |
| SHA1 | 55dc7ca3750602e5af34fe19d1071d1ef70da6d6 |
| SHA256 | 9742e8ec6508a96a3ca8e76347dcf945eb6efbef93a90d3c897b7ab0db5c2cff |
| SHA512 | 43794581703312e8218353ae9ea664ff2b28f6cb1d460863e68dc9f650d056afb7024343791554198b23c828d5487be16172b3869d96a5b9348611b6f9046d2b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6314b7841433b41fc4b1773cec7e6592 |
| SHA1 | 3b96dd0aa0d9705feccd7194cde0b12ab9b1969c |
| SHA256 | ca3684eea8726211b6ec9cd3fa309549112ebd90befa41ebc1f997afeffc29fc |
| SHA512 | 79a40467cc729d2d69915970df4d6a85d51183919288c76a618db13ae1f291132c8bd8975e79ed63d02a4b4152ef40e98d53cf54531f813cf15ff8db458d0517 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dd7b59658ae83948c7c170370b99af09 |
| SHA1 | 618dbbe400eb86bcab60141e4abcc8993c3546b6 |
| SHA256 | a6f7a59fcb2839f98d8c47026e65b37ac545c4f20527f52edf1d4e54bb3a82b5 |
| SHA512 | ea8a39efafee9f8afd8633c03eea6e820a0ed5919b5beb4616d2ab4c760f14d61410132f9b01c4795d82073e1812c5f970d497ad11c07cc4ae38cb3902e2ef5c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fed8276682cc2fa2524082122505855e |
| SHA1 | b5efeebb262c8f88cad803bb095722a6bd2994cb |
| SHA256 | ee56b7d731a611f32b6d5fad30551c0491a771d144924087e7a7bc7051e4e7e5 |
| SHA512 | c2466db74877e12a9d512a9a2bd8ea3068d30ab3a038b85c06cebe2292a446a2d2807aa704e825c262351a706c29a0154d4f7370795f82661d81478290c4e03f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8d7fb54aee842baf56edca661f3535eb |
| SHA1 | 83c40a3b4670d98c98e42bea299dc74bc03826c0 |
| SHA256 | d83eea9d62b0c86fd579032a0e2f1e2c672d423e92b80fb5abfe8f6182923bb4 |
| SHA512 | ea9588c967e17202a2f6d188da72b270ec04b233a24e72fb443230c4bd7497a0157fc37ea4e887b87a0de0cf9d0f85da36591fff98571d0f1b8a20fbff36dc4c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fe972576037f79186f9cb5ce60f144b4 |
| SHA1 | 34d2ec454bd324b9e237e4e083e258d08e7f1ee7 |
| SHA256 | a87bca8fa57463359f21114b18d302f15447b481a5b7e73b21ca79f09b68b16e |
| SHA512 | 473612ad41aa0af13b582e0645dafdfd068b45f5ab70f147f97c6d10b9c69b7a0289add24057de3c95ddd371dbb51a01842690826da6349b8bbe4fc501502eef |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bb1fd50994dd732e7246ed693c3ccdca |
| SHA1 | d3a52fac8ec75552f37ff1a4cb0f3317ebd1f5f5 |
| SHA256 | 5d02c66263fa0c078fc8f7880d7f70e918bb38579a6c02e3aaab6d903c084ca1 |
| SHA512 | 1ac1dec28b6b906a19620ad1c1949a8a26a450cb6a9e1a37c9549e0f8b63af461b8a63a7189f8d6a90580455d62190085a5116ad87df2f1fb4aa1c4ca9b5db76 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ba8256a54bd8241c5a7731a269a56a6c |
| SHA1 | d1461b6348c7e0be65af555af186779827a7ee72 |
| SHA256 | 2132bc41291701b6ad001e697ecf806677482be3aaee406209181e4f6b2fc2c2 |
| SHA512 | c328239ccb1dd8bc8a45163efade838aa44878e940a6e6880adc03200310eff8be47a6d7b04ec561ca4d5d3b16d50687390cdfdbd5c13eccf6e7a04220b8c499 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 16fa8e07dc28c9823fbc532fb9272861 |
| SHA1 | f9ecd0b785ee6d0d389aeaf26efe0a61d19d884e |
| SHA256 | 196228c61429927d0d1f0388fb3a3d754b1020d0b6a792f6ba5cd709ef655082 |
| SHA512 | 57a886b24dc879d9526e516f6fa7a82942fdd0d14b998127d3e1074f754e0b37c207e185e291cc0a4cdcc4c4ad11c402686cfbc770105981026bafe5a72a1951 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bdeb23cc76b459a3a23194dafc373c0c |
| SHA1 | 7a15b4dc3de5b4632f9e6cd6f244dab677fae3f0 |
| SHA256 | d2253d7249d2b37f9359cf19e5aac66bcce1e0f1cbad32dc3b99d6c643d1d592 |
| SHA512 | 39cc766e3b203e45f60732985800bf21b6c0694beaaa985a2d9a3778b2a03b6eed47e8b7a2a87baf6c7edf38e599cc524c938a065483493c8d4da24fe3e89c22 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f47f0a5c4abfdefadba7e154f332227f |
| SHA1 | 1667e98dfc79ca67a727991eca855c6b420e2e60 |
| SHA256 | 8fa8001673a2aa5452601fcff38bd2620790029b936924b70a2f68aba6da5a22 |
| SHA512 | c7663aa7b80f2165d1b996462e531f0b862d929feb85479ccee62c9ce0ad12091743d1c221b546742752d62bbb61998acf57611d88c345b175bce860bcedbb5e |
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-17 21:12
Reported
2024-11-17 21:15
Platform
win10v2004-20241007-en
Max time kernel
94s
Max time network
116s
Command Line
Signatures
Ramnit
Ramnit family
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\29274dfda5c7f2a3cd0c793f6128f7429fef834f142e226dc8df2d9ea184d524NSrv.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | C:\Users\Admin\AppData\Local\Temp\29274dfda5c7f2a3cd0c793f6128f7429fef834f142e226dc8df2d9ea184d524NSrv.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | C:\Users\Admin\AppData\Local\Temp\29274dfda5c7f2a3cd0c793f6128f7429fef834f142e226dc8df2d9ea184d524NSrv.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\pxBB41.tmp | C:\Users\Admin\AppData\Local\Temp\29274dfda5c7f2a3cd0c793f6128f7429fef834f142e226dc8df2d9ea184d524NSrv.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\29274dfda5c7f2a3cd0c793f6128f7429fef834f142e226dc8df2d9ea184d524N.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\29274dfda5c7f2a3cd0c793f6128f7429fef834f142e226dc8df2d9ea184d524NSrv.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "2720077293" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31144245" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Software\Microsoft\Internet Explorer\VersionManager | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2720077293" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2724295828" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31144245" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{CDA4750C-A528-11EF-BEF1-7E3D785E6C2E} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "438642988" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Software\Microsoft\Internet Explorer\VersionManager | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31144245" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\29274dfda5c7f2a3cd0c793f6128f7429fef834f142e226dc8df2d9ea184d524N.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\29274dfda5c7f2a3cd0c793f6128f7429fef834f142e226dc8df2d9ea184d524N.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\29274dfda5c7f2a3cd0c793f6128f7429fef834f142e226dc8df2d9ea184d524N.exe
"C:\Users\Admin\AppData\Local\Temp\29274dfda5c7f2a3cd0c793f6128f7429fef834f142e226dc8df2d9ea184d524N.exe"
C:\Users\Admin\AppData\Local\Temp\29274dfda5c7f2a3cd0c793f6128f7429fef834f142e226dc8df2d9ea184d524NSrv.exe
C:\Users\Admin\AppData\Local\Temp\29274dfda5c7f2a3cd0c793f6128f7429fef834f142e226dc8df2d9ea184d524NSrv.exe
C:\Program Files (x86)\Microsoft\DesktopLayer.exe
"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4916 CREDAT:17410 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.bing.com | udp |
| US | 8.8.8.8:53 | 182.129.81.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.19.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.12.20.2.in-addr.arpa | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
Files
memory/4196-0-0x00000000007C0000-0x0000000000B43000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\29274dfda5c7f2a3cd0c793f6128f7429fef834f142e226dc8df2d9ea184d524NSrv.exe
| MD5 | ff5e1f27193ce51eec318714ef038bef |
| SHA1 | b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6 |
| SHA256 | fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320 |
| SHA512 | c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a |
memory/1372-4-0x0000000000400000-0x000000000042E000-memory.dmp
memory/1372-5-0x00000000005A0000-0x00000000005AF000-memory.dmp
memory/1372-7-0x0000000000400000-0x000000000042E000-memory.dmp
memory/3604-16-0x0000000000400000-0x000000000042E000-memory.dmp
memory/3604-14-0x0000000000400000-0x000000000042E000-memory.dmp
memory/3604-13-0x0000000000590000-0x0000000000591000-memory.dmp
memory/4196-17-0x00000000007C0000-0x0000000000B43000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
| MD5 | 67b3270e9ee2455fec6e20353842018a |
| SHA1 | afb768285ecc4fad9cb171c6ec0247e54a645746 |
| SHA256 | a0e3067884f99355e97dd1979abe971940e233b6d8426ca2f9caedc7f5b25456 |
| SHA512 | 605ae45158f81452bfe383b3a8ec2407ce9c1bcd0d5b1372d13c870569105c764b89abf0a184fa3779770dba24e69b503ba7825026fcfd24fda06cce3ac9f3c5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
| MD5 | 2ba9468ec64ebb280330aa8a516bf7c1 |
| SHA1 | 4a7c537f0d7c5896dd3143c5487d77188bcab610 |
| SHA256 | b4cfdd496a01831b997c253ed7da0b42645cb2ffe726da9ea0d9a40ce9dcd406 |
| SHA512 | c142a74f8c0f61054412e812ea81143c90f978878085a280276a9dc77f88f4460bd2e3289fd3c819afb1d1736295b20abfa1ff39e0226579b3310b69fa9735d4 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0GUUC90F\suggestions[1].en-US
| MD5 | 5a34cb996293fde2cb7a4ac89587393a |
| SHA1 | 3c96c993500690d1a77873cd62bc639b3a10653f |
| SHA256 | c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad |
| SHA512 | e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee |