Analysis Overview
SHA256
d2be74b100d5c0f3f7f44759b136125c1fb5b90de739e1eaf4420822a5aaa33d
Threat Level: Known bad
The file d2be74b100d5c0f3f7f44759b136125c1fb5b90de739e1eaf4420822a5aaa33d.exe was found to be: Known bad.
Malicious Activity Summary
Ramnit
Ramnit family
Loads dropped DLL
Executes dropped EXE
UPX packed file
Drops file in Program Files directory
System Location Discovery: System Language Discovery
Unsigned PE
Suspicious use of SetWindowsHookEx
Suspicious use of FindShellTrayWindow
Suspicious behavior: EnumeratesProcesses
Modifies Internet Explorer settings
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-18 01:40
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-18 01:40
Reported
2024-11-18 01:42
Platform
win7-20240903-en
Max time kernel
119s
Max time network
121s
Command Line
Signatures
Ramnit
Ramnit family
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\d2be74b100d5c0f3f7f44759b136125c1fb5b90de739e1eaf4420822a5aaa33dSrv.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\d2be74b100d5c0f3f7f44759b136125c1fb5b90de739e1eaf4420822a5aaa33d.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\d2be74b100d5c0f3f7f44759b136125c1fb5b90de739e1eaf4420822a5aaa33dSrv.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | C:\Users\Admin\AppData\Local\Temp\d2be74b100d5c0f3f7f44759b136125c1fb5b90de739e1eaf4420822a5aaa33dSrv.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\px9C30.tmp | C:\Users\Admin\AppData\Local\Temp\d2be74b100d5c0f3f7f44759b136125c1fb5b90de739e1eaf4420822a5aaa33dSrv.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | C:\Users\Admin\AppData\Local\Temp\d2be74b100d5c0f3f7f44759b136125c1fb5b90de739e1eaf4420822a5aaa33dSrv.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\d2be74b100d5c0f3f7f44759b136125c1fb5b90de739e1eaf4420822a5aaa33dSrv.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\d2be74b100d5c0f3f7f44759b136125c1fb5b90de739e1eaf4420822a5aaa33d.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "438055924" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{27C12C11-A54E-11EF-B2BA-D686196AC2C0} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\d2be74b100d5c0f3f7f44759b136125c1fb5b90de739e1eaf4420822a5aaa33d.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\d2be74b100d5c0f3f7f44759b136125c1fb5b90de739e1eaf4420822a5aaa33d.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\d2be74b100d5c0f3f7f44759b136125c1fb5b90de739e1eaf4420822a5aaa33d.exe
"C:\Users\Admin\AppData\Local\Temp\d2be74b100d5c0f3f7f44759b136125c1fb5b90de739e1eaf4420822a5aaa33d.exe"
C:\Users\Admin\AppData\Local\Temp\d2be74b100d5c0f3f7f44759b136125c1fb5b90de739e1eaf4420822a5aaa33dSrv.exe
C:\Users\Admin\AppData\Local\Temp\d2be74b100d5c0f3f7f44759b136125c1fb5b90de739e1eaf4420822a5aaa33dSrv.exe
C:\Program Files (x86)\Microsoft\DesktopLayer.exe
"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1916 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | api.bing.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
memory/1700-1-0x0000000000400000-0x0000000000570000-memory.dmp
\Users\Admin\AppData\Local\Temp\d2be74b100d5c0f3f7f44759b136125c1fb5b90de739e1eaf4420822a5aaa33dSrv.exe
| MD5 | ff5e1f27193ce51eec318714ef038bef |
| SHA1 | b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6 |
| SHA256 | fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320 |
| SHA512 | c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a |
memory/1244-7-0x0000000000400000-0x000000000042E000-memory.dmp
memory/1700-6-0x0000000000160000-0x000000000018E000-memory.dmp
memory/1244-11-0x0000000000400000-0x000000000042E000-memory.dmp
memory/1244-10-0x0000000000230000-0x000000000023F000-memory.dmp
memory/1744-17-0x0000000000400000-0x000000000042E000-memory.dmp
memory/1744-19-0x00000000001E0000-0x00000000001E1000-memory.dmp
memory/1744-20-0x0000000000400000-0x000000000042E000-memory.dmp
memory/1744-22-0x0000000000400000-0x000000000042E000-memory.dmp
memory/1700-23-0x0000000000160000-0x000000000018E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\CabBCFC.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\TarBDAA.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d29fe65c95b2d78437314aac26464d44 |
| SHA1 | 4b134dd246b1b519b3aa3b81a37faeacf724d4a0 |
| SHA256 | 8e7e292e9cd7190615d10eb6bbd1391667eac8df1aeabe026c659bdbbbb79037 |
| SHA512 | 58ea6c7657f0e7e6e35adf9c6575bcc3aa65572500f63f4001d0d5703897a0edbe1ab604ff907f090dbfe4f40647135853dee0a155c7fceca12419f7ef20dbc6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0b9bfc8799bee509027b1a41bb55f91f |
| SHA1 | 26d7b02e254413b990065e794937278c1b38cf6b |
| SHA256 | 2f2f8dad532d84d73d395d7899ff53ec3ecece23f2deedd89755a7df6d1b60ba |
| SHA512 | e48f5e5ec6fd80973896685adc1b1a45e86cc8fb408dd8168407d09d6546dc231b138abba14f95a9cf05a4d846893ed2ccf023365ee5b0127ed46fc53db76772 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 17b2a3f1ab069cccb54ee5fc815e293e |
| SHA1 | 9ac69cc5d0e87e74f82365124d951e517d90d407 |
| SHA256 | 8aef8947febda0c31aa04c1a938ff6c806e5053f922bb6c21659c0704fbdd4da |
| SHA512 | 5c6529b8b0a631469df24f84c41037b37109a0822f28a119a3fb616a59435b7dce6df74b7e78216146d294d95fe41a2566a537a72f45c8e3e4a06e8f0ffde77e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8960b8fcd4ca09dfc135f687d5c1a980 |
| SHA1 | c780178e3c43ed9bd4ac8516c1ac73434fe3a9c1 |
| SHA256 | c9a0cb1206debb825fac42ba2e72b245e3fe8c3eb1d81ccdc3b938033e9c3b19 |
| SHA512 | 446bd388a61662467b3d958a7f4776ebac8b521d3941c442886e571d61d23b7d1179f597d3d750ab014f9f8920cf9ccd4dcc9046f9d5caf41c40ef0f5832495e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4db4feda299399e53c468211f4491582 |
| SHA1 | ac660314a92bdd02c2c07083be62c1d4b68f0e27 |
| SHA256 | 819956becfd418a7f96ff78525af6c681a1e90fc79f26ab306e7b2a80699ce2a |
| SHA512 | 799ae3aa1266794eaacdd2a9455d33eff1b052f2eceb26f922f4b4f7d6a78bccff4fa9053c6ba72447f6bb19fcf182f385a0a15514fc896cb4555ef45aff6237 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 964f48bce5d6e4e7b3ebd710fa3f3a03 |
| SHA1 | 72709e792305f0e3a265485a204dec3cabbe987d |
| SHA256 | da1cdb4863c931d86d6909cc1315e20dbd3777e4b264686cd7f8b47656a3c775 |
| SHA512 | 3b0be48070aa3af46af9c20f2d2a1daee5ba857cc45be89e06f19ea02b6346d56e9ab0af2144401f9e255cc14a490c960e1e6e93e523fbcad2a26ffd376e2686 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a5f437193a2b7e70c845eb0a3a06ac96 |
| SHA1 | cb8647f0bcf79b4c809fcc22db8d5facb87dc574 |
| SHA256 | d3a5b7faf389b9fd69fb1cf8139ee81db12e2c95da6bc8eb47b71e3819743298 |
| SHA512 | eac8b4f20252c5d706e08455a12186df787a763eea9da0f3a8309bab2af20205319c24e015a3b09fd1cd23ef1649df23345e744b9721d11446bd7bc9e08c64e9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 978626c3c61f4f897e00810a256b06f3 |
| SHA1 | ae3e5a0a441f2528a8b2e589dc7fb08baf5f70f5 |
| SHA256 | 09aeeed0b4a3206856d60b007b484e8fb455d002325ca12ed0fb57ab232e121b |
| SHA512 | a99d6bf3aa672cde5c620c2de94e92bf8386f8299c07b5637f4f685c8072e61f0c95e9e5a4f78a17c6672d0f7d8fbbd9d7bb000e72fe949a653c489b1c22c440 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f80092806a58621fc349fbd97714bb84 |
| SHA1 | 1a2a3327b75e940b81c4c67f1fa9b818f7e6f58d |
| SHA256 | 3689e969866766cb653f604310ee6ef7821fefbf35b91437b2c1968ac6fbd666 |
| SHA512 | b0b9b1edceaa7de4a1d84c949fc639f55ee8ef53b52ecafd15356262cc67c9d46926a647daed0664c668b4649b3a4cdf63064fc5670e953995f45618fcd50bfe |
memory/1700-452-0x0000000000400000-0x0000000000570000-memory.dmp
memory/1700-453-0x0000000000160000-0x0000000000162000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fe017ed4309f70a329bcf90841ff5fb5 |
| SHA1 | 90b0baadc5a86ea8e2fd659ad5f1faa5f21f9120 |
| SHA256 | a371a203847c9888dafb196399b3f28bff4684fbb17afb695851aba4512f7788 |
| SHA512 | be22830a2dcce439ff5e3128c980090a177380a4e4dc2322ce307b3ee1e7e9cf6f5df361d73faf64b0fb3ca0bcf9eb510e0acf10634725c343e84a9f6b30ccc4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9713174b75be1e3af41327e221549cca |
| SHA1 | 54c4cf3a78f489fbbf717310b3772b397ba4847b |
| SHA256 | b8888f3b1d71221de86a41a100ad25356e93e36d566e58ddaccfaf955ba2acaf |
| SHA512 | 63a27cfe1d7a4e75b0dd25c823456b41f19cc439fd85dfdc6a573cce84b6d646cd092caa7bff2b74ea250d86ac6cdceb81fb83d17d1891d2203e12f1b650888d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9d0e731c75fd416fb3bce4996b4d6f4a |
| SHA1 | 794c9719e0eaa3b02b3c237e875b085f6a4ffd70 |
| SHA256 | 3ffdfec50d9e0b3e63aac89c8e81c3c44402e2a13f79e51498ffa4c6681201e7 |
| SHA512 | 94c359f03cf2dc49b3bcc2982ab646e8172f61b52acfc99972c7945c639b98195a6c2ee00d307b886b0ec0c5b5940e5ca6651468ae15de217bd6b94f854bd572 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 76e2bf775dda6ee625ae7e82b645d399 |
| SHA1 | cb624d286de5b98ecce71438851ba5cd208dc3b8 |
| SHA256 | f8a10461aa27ac18f6f266ce34c86f146f1176385bdcde17e4681a300edcaaf2 |
| SHA512 | 375ea16416157b1a9dd113bff85af7abc0db145cf93582936fd9a751b2ba1c55322952df7cf74676ac4a20f708f847df68ffad003eee78e50e2c068c3c9f13b5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 08407ce80ab0ad1496ccf2ba35991bdb |
| SHA1 | b648947ca2d6df2bcfd431cba88af162843109e1 |
| SHA256 | e19e488ad77b141192e860ee2f501c04841a47d4159f11c2e0086c99bc625edd |
| SHA512 | c38502d6a5626a4545ff9f92096c49a39c20c741683d298b4b40880b3ba3a382440a989b2725c0bd3ac02868e28c1b9f13bceced17566c9d95815abbde15c85f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 70868afe90123f4ab857c18d451fa719 |
| SHA1 | 5bd7d6ffd518c22f59d4709869944197bfd90450 |
| SHA256 | 95cb314664e76bdbc5044637e0e3d2eab44738c4fefb296246b7be310df1aca5 |
| SHA512 | d7007c6bd2786e7141be9fc7363428bec272a9109a2aebf7c1e11810127cac2746c6b6c9d594ff34315a4543a92798139782b0b687acafa070584257572787ae |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 31c7bf273f13a355e2aa75766fb386a3 |
| SHA1 | 2c495a2a9eb2279ff76009eccc224a4e08312992 |
| SHA256 | 3c16a96fe39673cbc629b52487a41b8419984ea227366962d1342617556a0cdc |
| SHA512 | 91974a2581b9c4c6059114d2aece22b511182faf341e4c5b521dbaa5a068e10e5927ae85b30dc7a158d4f5806e682f8d4c3ff5d01e0cd05a7089a6ac3d9f408e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e97d071b6edb8c20393760200b72f247 |
| SHA1 | 0ff2ab18d1baa16829f4f68d2f280339df0adb98 |
| SHA256 | 36241e99c3a7f60c9b47aa0f992b7ff06eacd4c4903a96a3adbc7a99f7b7f7e2 |
| SHA512 | 7edaf2abe85ce2ffea8db7defa6636e51fdac1dbc0619a5032e43505f252863992514e0950e2260550fc40d9ecc21d73eaba43c3f8b9bd6c3ccb3b49d5ce8b18 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 49f45fe80c7bc5c66d622a50f0859fac |
| SHA1 | 01861f52195e645db063e78bb776a32b60c15b12 |
| SHA256 | 24d5cd448756defeee58d04fa1760f4de99d2bcab2e933f2ee34e6028f458983 |
| SHA512 | 6664f328e2e758ad83347d5e92bd5730a98db7846fb9c033ffc28b2b3a3d54ccdc1da7356ae502df4ff57d6e31b042d68fdefd61eba32d4ba5f373dc48fc1d06 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | aab3e2070876539a0f37c4bb902db5b3 |
| SHA1 | fbf7d8efa0c0c5cc1a9f8c177c01a93322601e6f |
| SHA256 | 4122e0cf86a3136ac203ba47cd56baf7c9b94bfee968a64a217e8112bf4b8f02 |
| SHA512 | edbccfa0daf1dca001fa42565520a9fb4bed1506e0f45cd90f02ddea848c934ea55efb7492a8f145f1dfb000a87734c49de00dd881e2e704f6f3015d0b76ca8c |
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-18 01:40
Reported
2024-11-18 01:42
Platform
win10v2004-20241007-en
Max time kernel
94s
Max time network
113s
Command Line
Signatures
Ramnit
Ramnit family
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\d2be74b100d5c0f3f7f44759b136125c1fb5b90de739e1eaf4420822a5aaa33dSrv.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | C:\Users\Admin\AppData\Local\Temp\d2be74b100d5c0f3f7f44759b136125c1fb5b90de739e1eaf4420822a5aaa33dSrv.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\pxB083.tmp | C:\Users\Admin\AppData\Local\Temp\d2be74b100d5c0f3f7f44759b136125c1fb5b90de739e1eaf4420822a5aaa33dSrv.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | C:\Users\Admin\AppData\Local\Temp\d2be74b100d5c0f3f7f44759b136125c1fb5b90de739e1eaf4420822a5aaa33dSrv.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\d2be74b100d5c0f3f7f44759b136125c1fb5b90de739e1eaf4420822a5aaa33d.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\d2be74b100d5c0f3f7f44759b136125c1fb5b90de739e1eaf4420822a5aaa33dSrv.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31144282" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "4144668362" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Software\Microsoft\Internet Explorer\VersionManager | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31144282" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "4148262014" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Software\Microsoft\Internet Explorer\VersionManager | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "438659022" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "4144668362" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{2292C469-A54E-11EF-B9B6-FA89EA07D49F} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31144282" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\d2be74b100d5c0f3f7f44759b136125c1fb5b90de739e1eaf4420822a5aaa33d.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\d2be74b100d5c0f3f7f44759b136125c1fb5b90de739e1eaf4420822a5aaa33d.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\d2be74b100d5c0f3f7f44759b136125c1fb5b90de739e1eaf4420822a5aaa33d.exe
"C:\Users\Admin\AppData\Local\Temp\d2be74b100d5c0f3f7f44759b136125c1fb5b90de739e1eaf4420822a5aaa33d.exe"
C:\Users\Admin\AppData\Local\Temp\d2be74b100d5c0f3f7f44759b136125c1fb5b90de739e1eaf4420822a5aaa33dSrv.exe
C:\Users\Admin\AppData\Local\Temp\d2be74b100d5c0f3f7f44759b136125c1fb5b90de739e1eaf4420822a5aaa33dSrv.exe
C:\Program Files (x86)\Microsoft\DesktopLayer.exe
"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2796 CREDAT:17410 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.bing.com | udp |
| US | 8.8.8.8:53 | 134.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.19.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
Files
memory/864-0-0x0000000000400000-0x0000000000570000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\d2be74b100d5c0f3f7f44759b136125c1fb5b90de739e1eaf4420822a5aaa33dSrv.exe
| MD5 | ff5e1f27193ce51eec318714ef038bef |
| SHA1 | b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6 |
| SHA256 | fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320 |
| SHA512 | c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a |
memory/3260-4-0x0000000000400000-0x000000000042E000-memory.dmp
memory/3260-7-0x0000000000400000-0x000000000042E000-memory.dmp
memory/3260-6-0x0000000000590000-0x000000000059F000-memory.dmp
memory/632-14-0x0000000000400000-0x000000000042E000-memory.dmp
memory/632-16-0x0000000000400000-0x000000000042E000-memory.dmp
memory/632-15-0x00000000004D0000-0x00000000004D1000-memory.dmp
memory/632-12-0x0000000000400000-0x000000000042E000-memory.dmp
memory/632-17-0x0000000000400000-0x000000000042E000-memory.dmp
memory/864-19-0x0000000000400000-0x0000000000570000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
| MD5 | 67b3270e9ee2455fec6e20353842018a |
| SHA1 | afb768285ecc4fad9cb171c6ec0247e54a645746 |
| SHA256 | a0e3067884f99355e97dd1979abe971940e233b6d8426ca2f9caedc7f5b25456 |
| SHA512 | 605ae45158f81452bfe383b3a8ec2407ce9c1bcd0d5b1372d13c870569105c764b89abf0a184fa3779770dba24e69b503ba7825026fcfd24fda06cce3ac9f3c5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
| MD5 | 30238bc436124bf6ec61df08152dbf7d |
| SHA1 | 1c83a737e2fff04ed5282dc31242619d0e19aa4a |
| SHA256 | 56e27bce5f0c08a8255d16200fe8d55e560ec841cb0ec650de0250584128a863 |
| SHA512 | f2515de1256b4a0e025e85ba3cc338a9cf22373fcd32dcd8ca51647bc5304f8f0ada9cb65b56e5d903453fa3a32b0ffcc39b29d222f089c069ae844b772b624e |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\9MFSIIMR\suggestions[1].en-US
| MD5 | 5a34cb996293fde2cb7a4ac89587393a |
| SHA1 | 3c96c993500690d1a77873cd62bc639b3a10653f |
| SHA256 | c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad |
| SHA512 | e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee |