Analysis
-
max time kernel
1690s -
max time network
1799s -
platform
windows11-21h2_x64 -
resource
win11-20240214-en -
resource tags
arch:x64arch:x86image:win11-20240214-enlocale:en-usos:windows11-21h2-x64system -
submitted
21/02/2024, 13:38
Static task
static1
Behavioral task
behavioral1
Sample
kkk.txt
Resource
win10v2004-20240221-en
Behavioral task
behavioral2
Sample
kkk.txt
Resource
win11-20240214-en
General
-
Target
kkk.txt
-
Size
11B
-
MD5
5eb63bbbe01eeed093cb22bb8f5acdc3
-
SHA1
2aae6c35c94fcfb415dbe95f408b9ce91ee846ed
-
SHA256
b94d27b9934d3e08a52e52d7da7dabfac484efe37a5380ee9088f7ace2efcde9
-
SHA512
309ecc489c12d6eb4cc40f50c902f2b4d0ed77ee511a7c7a9bcd3ca86d4cd86f989dd35bc5ff499670da34255b45b0cfd830e81f605dcf7dc5542e93ae9cd76f
Malware Config
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs
flow ioc 30 raw.githubusercontent.com 40 raw.githubusercontent.com 46 raw.githubusercontent.com -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 AcroRd32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz AcroRd32.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1002246581-1510179080-2205450789-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION AcroRd32.exe -
Modifies registry class 4 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1002246581-1510179080-2205450789-1000_Classes\Local Settings cmd.exe Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1002246581-1510179080-2205450789-1000\{161A44DF-D4B0-4ECB-A151-4269E23B4583} msedge.exe Key created \REGISTRY\USER\S-1-5-21-1002246581-1510179080-2205450789-1000_Classes\Local Settings msedge.exe Key created \REGISTRY\USER\S-1-5-21-1002246581-1510179080-2205450789-1000_Classes\Local Settings OpenWith.exe -
NTFS ADS 1 IoCs
description ioc Process File opened for modification C:\Users\Admin\Downloads\Ransomware.Jigsaw.zip:Zone.Identifier msedge.exe -
Opens file in notepad (likely ransom note) 1 IoCs
pid Process 3052 NOTEPAD.EXE -
Suspicious behavior: EnumeratesProcesses 36 IoCs
pid Process 3968 msedge.exe 3968 msedge.exe 3804 msedge.exe 3804 msedge.exe 1180 msedge.exe 1180 msedge.exe 2308 identity_helper.exe 2308 identity_helper.exe 2084 msedge.exe 2084 msedge.exe 2016 msedge.exe 2016 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 4752 AcroRd32.exe 4752 AcroRd32.exe 4752 AcroRd32.exe 4752 AcroRd32.exe 4752 AcroRd32.exe 4752 AcroRd32.exe 4752 AcroRd32.exe 4752 AcroRd32.exe 4752 AcroRd32.exe 4752 AcroRd32.exe 4752 AcroRd32.exe 4752 AcroRd32.exe 4752 AcroRd32.exe 4752 AcroRd32.exe 4752 AcroRd32.exe 4752 AcroRd32.exe 4752 AcroRd32.exe 4752 AcroRd32.exe 4752 AcroRd32.exe 4752 AcroRd32.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs
pid Process 3804 msedge.exe 3804 msedge.exe 3804 msedge.exe 3804 msedge.exe 3804 msedge.exe 3804 msedge.exe 3804 msedge.exe 3804 msedge.exe 3804 msedge.exe 3804 msedge.exe 3804 msedge.exe 3804 msedge.exe 3804 msedge.exe 3804 msedge.exe 3804 msedge.exe 3804 msedge.exe -
Suspicious use of FindShellTrayWindow 33 IoCs
pid Process 3804 msedge.exe 3804 msedge.exe 3804 msedge.exe 3804 msedge.exe 3804 msedge.exe 3804 msedge.exe 3804 msedge.exe 3804 msedge.exe 3804 msedge.exe 3804 msedge.exe 3804 msedge.exe 3804 msedge.exe 3804 msedge.exe 3804 msedge.exe 3804 msedge.exe 3804 msedge.exe 3804 msedge.exe 3804 msedge.exe 3804 msedge.exe 3804 msedge.exe 3804 msedge.exe 3804 msedge.exe 3804 msedge.exe 3804 msedge.exe 3804 msedge.exe 3804 msedge.exe 3804 msedge.exe 3804 msedge.exe 3804 msedge.exe 3804 msedge.exe 3804 msedge.exe 3804 msedge.exe 3804 msedge.exe -
Suspicious use of SendNotifyMessage 12 IoCs
pid Process 3804 msedge.exe 3804 msedge.exe 3804 msedge.exe 3804 msedge.exe 3804 msedge.exe 3804 msedge.exe 3804 msedge.exe 3804 msedge.exe 3804 msedge.exe 3804 msedge.exe 3804 msedge.exe 3804 msedge.exe -
Suspicious use of SetWindowsHookEx 26 IoCs
pid Process 1632 OpenWith.exe 1632 OpenWith.exe 1632 OpenWith.exe 1632 OpenWith.exe 1632 OpenWith.exe 1632 OpenWith.exe 1632 OpenWith.exe 1632 OpenWith.exe 1632 OpenWith.exe 1632 OpenWith.exe 1632 OpenWith.exe 1632 OpenWith.exe 1632 OpenWith.exe 1632 OpenWith.exe 1632 OpenWith.exe 1632 OpenWith.exe 1632 OpenWith.exe 1632 OpenWith.exe 1632 OpenWith.exe 1632 OpenWith.exe 1632 OpenWith.exe 4752 AcroRd32.exe 4752 AcroRd32.exe 4752 AcroRd32.exe 4752 AcroRd32.exe 4752 AcroRd32.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4808 wrote to memory of 3052 4808 cmd.exe 80 PID 4808 wrote to memory of 3052 4808 cmd.exe 80 PID 3804 wrote to memory of 432 3804 msedge.exe 86 PID 3804 wrote to memory of 432 3804 msedge.exe 86 PID 3804 wrote to memory of 3056 3804 msedge.exe 87 PID 3804 wrote to memory of 3056 3804 msedge.exe 87 PID 3804 wrote to memory of 3056 3804 msedge.exe 87 PID 3804 wrote to memory of 3056 3804 msedge.exe 87 PID 3804 wrote to memory of 3056 3804 msedge.exe 87 PID 3804 wrote to memory of 3056 3804 msedge.exe 87 PID 3804 wrote to memory of 3056 3804 msedge.exe 87 PID 3804 wrote to memory of 3056 3804 msedge.exe 87 PID 3804 wrote to memory of 3056 3804 msedge.exe 87 PID 3804 wrote to memory of 3056 3804 msedge.exe 87 PID 3804 wrote to memory of 3056 3804 msedge.exe 87 PID 3804 wrote to memory of 3056 3804 msedge.exe 87 PID 3804 wrote to memory of 3056 3804 msedge.exe 87 PID 3804 wrote to memory of 3056 3804 msedge.exe 87 PID 3804 wrote to memory of 3056 3804 msedge.exe 87 PID 3804 wrote to memory of 3056 3804 msedge.exe 87 PID 3804 wrote to memory of 3056 3804 msedge.exe 87 PID 3804 wrote to memory of 3056 3804 msedge.exe 87 PID 3804 wrote to memory of 3056 3804 msedge.exe 87 PID 3804 wrote to memory of 3056 3804 msedge.exe 87 PID 3804 wrote to memory of 3056 3804 msedge.exe 87 PID 3804 wrote to memory of 3056 3804 msedge.exe 87 PID 3804 wrote to memory of 3056 3804 msedge.exe 87 PID 3804 wrote to memory of 3056 3804 msedge.exe 87 PID 3804 wrote to memory of 3056 3804 msedge.exe 87 PID 3804 wrote to memory of 3056 3804 msedge.exe 87 PID 3804 wrote to memory of 3056 3804 msedge.exe 87 PID 3804 wrote to memory of 3056 3804 msedge.exe 87 PID 3804 wrote to memory of 3056 3804 msedge.exe 87 PID 3804 wrote to memory of 3056 3804 msedge.exe 87 PID 3804 wrote to memory of 3056 3804 msedge.exe 87 PID 3804 wrote to memory of 3056 3804 msedge.exe 87 PID 3804 wrote to memory of 3056 3804 msedge.exe 87 PID 3804 wrote to memory of 3056 3804 msedge.exe 87 PID 3804 wrote to memory of 3056 3804 msedge.exe 87 PID 3804 wrote to memory of 3056 3804 msedge.exe 87 PID 3804 wrote to memory of 3056 3804 msedge.exe 87 PID 3804 wrote to memory of 3056 3804 msedge.exe 87 PID 3804 wrote to memory of 3056 3804 msedge.exe 87 PID 3804 wrote to memory of 3056 3804 msedge.exe 87 PID 3804 wrote to memory of 3968 3804 msedge.exe 88 PID 3804 wrote to memory of 3968 3804 msedge.exe 88 PID 3804 wrote to memory of 3420 3804 msedge.exe 89 PID 3804 wrote to memory of 3420 3804 msedge.exe 89 PID 3804 wrote to memory of 3420 3804 msedge.exe 89 PID 3804 wrote to memory of 3420 3804 msedge.exe 89 PID 3804 wrote to memory of 3420 3804 msedge.exe 89 PID 3804 wrote to memory of 3420 3804 msedge.exe 89 PID 3804 wrote to memory of 3420 3804 msedge.exe 89 PID 3804 wrote to memory of 3420 3804 msedge.exe 89 PID 3804 wrote to memory of 3420 3804 msedge.exe 89 PID 3804 wrote to memory of 3420 3804 msedge.exe 89 PID 3804 wrote to memory of 3420 3804 msedge.exe 89 PID 3804 wrote to memory of 3420 3804 msedge.exe 89 PID 3804 wrote to memory of 3420 3804 msedge.exe 89 PID 3804 wrote to memory of 3420 3804 msedge.exe 89 PID 3804 wrote to memory of 3420 3804 msedge.exe 89 PID 3804 wrote to memory of 3420 3804 msedge.exe 89 PID 3804 wrote to memory of 3420 3804 msedge.exe 89 PID 3804 wrote to memory of 3420 3804 msedge.exe 89
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\kkk.txt1⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:4808 -
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\kkk.txt2⤵
- Opens file in notepad (likely ransom note)
PID:3052
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3804 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9c21b3cb8,0x7ff9c21b3cc8,0x7ff9c21b3cd82⤵PID:432
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1900,7047409490998612147,72435834087163973,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1908 /prefetch:22⤵PID:3056
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1900,7047409490998612147,72435834087163973,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3968
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1900,7047409490998612147,72435834087163973,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2748 /prefetch:82⤵PID:3420
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,7047409490998612147,72435834087163973,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:12⤵PID:4160
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,7047409490998612147,72435834087163973,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:12⤵PID:4896
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,7047409490998612147,72435834087163973,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4604 /prefetch:12⤵PID:4508
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,7047409490998612147,72435834087163973,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4040 /prefetch:12⤵PID:4344
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1900,7047409490998612147,72435834087163973,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5124 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1180
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,7047409490998612147,72435834087163973,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:12⤵PID:4740
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,7047409490998612147,72435834087163973,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:12⤵PID:692
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,7047409490998612147,72435834087163973,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3804 /prefetch:12⤵PID:2808
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1900,7047409490998612147,72435834087163973,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5856 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2308
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,7047409490998612147,72435834087163973,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4664 /prefetch:12⤵PID:2904
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,7047409490998612147,72435834087163973,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4636 /prefetch:12⤵PID:3568
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1900,7047409490998612147,72435834087163973,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4000 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:2084
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1900,7047409490998612147,72435834087163973,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3552 /prefetch:82⤵PID:4952
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,7047409490998612147,72435834087163973,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:12⤵PID:1764
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,7047409490998612147,72435834087163973,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5944 /prefetch:12⤵PID:2792
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,7047409490998612147,72435834087163973,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:12⤵PID:4760
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,7047409490998612147,72435834087163973,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:12⤵PID:3620
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1900,7047409490998612147,72435834087163973,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5276 /prefetch:82⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
PID:2016
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,7047409490998612147,72435834087163973,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:12⤵PID:716
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1900,7047409490998612147,72435834087163973,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4800 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2316
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,7047409490998612147,72435834087163973,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3504 /prefetch:12⤵PID:3756
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,7047409490998612147,72435834087163973,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4648 /prefetch:12⤵PID:4980
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3272
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2420
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc1⤵PID:3200
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:2828
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1632 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.Jigsaw.zip\jigsaw"2⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:4752 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=165140433⤵PID:1760
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=1BF7835A49B00EC1EE529E0EFE6CC563 --mojo-platform-channel-handle=1776 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:24⤵PID:948
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=AF234AD43B9AFA385005C83DB257FEC8 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=AF234AD43B9AFA385005C83DB257FEC8 --renderer-client-id=2 --mojo-platform-channel-handle=1644 --allow-no-sandbox-job /prefetch:14⤵PID:2732
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=9E6C7A887FD7904E30FB0BAB73D66C46 --mojo-platform-channel-handle=2296 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:24⤵PID:3868
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=3CF9B9C145CFE67C32A04DD57F349E9B --mojo-platform-channel-handle=2344 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:24⤵PID:4460
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=02EDC2B770748F834355C5CC48315DF1 --mojo-platform-channel-handle=2452 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:24⤵PID:2944
-
-
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3496
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
36KB
MD5b30d3becc8731792523d599d949e63f5
SHA119350257e42d7aee17fb3bf139a9d3adb330fad4
SHA256b1b77e96279ead2b460de3de70e2ea4f5ad1b853598a4e27a5caf3f1a32cc4f3
SHA512523f54895fb07f62b9a5f72c8b62e83d4d9506bda57b183818615f6eb7286e3b9c5a50409bc5c5164867c3ccdeae88aa395ecca6bc7e36d991552f857510792e
-
Filesize
56KB
MD5752a1f26b18748311b691c7d8fc20633
SHA1c1f8e83eebc1cc1e9b88c773338eb09ff82ab862
SHA256111dac2948e4cecb10b0d2e10d8afaa663d78d643826b592d6414a1fd77cc131
SHA512a2f5f262faf2c3e9756da94b2c47787ce3a9391b5bd53581578aa9a764449e114836704d6dec4aadc097fed4c818831baa11affa1eb25be2bfad9349bb090fe5
-
Filesize
64KB
MD5c993ab6e12db3fbb4f0e34e129df1a10
SHA12fbd89af602b165a910a63b78882a7d82f98b215
SHA2568bf76c0b574cba0a8116f4120ebacf00cbdf07221c6bf8ed1020daebf6d2e147
SHA512c0e632a8954a6b5564ba11d5f4a8b1f42217946f0fca4d71ad51e56d4411295330afa49cb084d35756f0c485aeccf942074aaebed9fe7a614fa5506d12c2cb44
-
Filesize
12KB
MD53277198395b1d00235c8bebbb3b4a59f
SHA12059507d3f453473a8e847201092615954f4377c
SHA256007b33e142ae79ddcb543f60e4053148b3150df084f76fb1bcecdf54a4531db2
SHA5126f3c1b5097ea450de88ffcb65b322d3df8bf37a2eb046eafb87ea3b3400c96524494365153a9b8e1f7a3176e3722cf9beff51c78b6b545ba585e5dd5955f1f0f
-
Filesize
152B
MD590bbaa873cb1024ace83f887dfde38ae
SHA1922416490e14f9098df969a56b75e7523f108e53
SHA2562ff8abbbdad2acf5f04a3b47624055a0f2c36a09b0db3945b494f7eb92ae87bc
SHA51260587031845ee5ae354c760bd2714a47ff561d3bd6e8aab7b2073d1b9c6b544c7eca94078d9cdefcd87b44adce4e814852c1e8f6af8ca3bdd5b0ddd0312e57b6
-
Filesize
4KB
MD56a19a5a0ff3a2e29546d4b96c8f0a6b6
SHA11d8acc1619041f77a32fd667eaab4fdb21216836
SHA25681f0872d83f740fc7c4e71b4705e07ddef4d0e9b6e2e254c12f639dcb29da6ee
SHA512bbfaa3bfcd192efaffb5106e14c068baebbd923695fc85fec31f44d9bce978b65a79fd370e849547a1fc8e446ac4d660fc261751fa91d795e504b223e10caac8
-
Filesize
4KB
MD5c59a844693e7fc74bfa12116053bec04
SHA196ba195685092cb019ddece612964cc93e1b9d2f
SHA25691417148ffe4a46133cd46aa178d9bb10f50440e4aa9039b540a230b957d1af5
SHA5126da33733bc61c1986966a46012ed3f910a4d7220b7de7dc55e712d7f07b5c4e9011749985020b1daaf101d63414c7c942d84e5735d6338c66cb70254c05020dc
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize3KB
MD59226e4cd4914635224249b9be033fcc9
SHA1f645da885e93eecc836b7607727c17b2f26eb427
SHA25616cdfb7f1816e068b771ec7d653e9b70aabb04ed4a8c8b8e70bb955c39ad7fd0
SHA512cdd150f57cdc262e50cc2d0f17f7de60a5b675faabe8cddef9069e2d714b6cf69f77ab550e5e97c149251d75b830040a9c51b021996bec464c5f0b688a9fd116
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize3KB
MD59e254cbd018469f5f134450d7a7103bb
SHA11cd17b3471c3ceba0a5562144bf99d8f0a2dd807
SHA2568925e27393eab224598be1a06b280b79ba7a4b87e1969487a339129e3fe8006c
SHA512cfae6b2b48505805ca304364a11bd80a55d1f1265f8d9122417d81548409bbf2a14f22f1cf8447923e9204608ec63bceb19e697cb14e85cae6edf9bcaf935f3c
-
Filesize
1KB
MD568e30c28556a114e2d4f6333c025c7d8
SHA1d3c1213b8d34c7c41c346ed9ccd7ed777f02783a
SHA256eceb103b6685af6b7b524284db484ca7171f4348169ea37ce23bab6f7ce6969e
SHA512c4ca90ae834fae3b3a87a291d831f99910b29865742af17d12e26a89fcd0eb675e64d9f00b30f655543a6e3da2eb75306b0c4fd518aa044bfa355b951d4fce9c
-
Filesize
1019B
MD575122a0f33a7ca981410aad3a6dec4dc
SHA19ee3703b937ecf079d1b74f80c77fc137a0f5aae
SHA256619ab2fddeaf1a2104fe3f05f6770ca2c309b97326c1218e3ed929a39a3097ea
SHA5128b6f2b4c31961fbc6cc6de776da7c746a274594f1c727a3cd8878ef9a38b547d16664c650f1458a4a406235c66740f5ef5c2282cbe3e520cda5a1d7e053f1f8e
-
Filesize
5KB
MD5e85df6b4305b095b55ef1e1cc066ae7b
SHA11f263c38f27a18864c10a4baf697cb16828b433c
SHA2563f2e3a77e593b4eb3e7da294100432b562f006d0bf47fca81a063008b295a2ed
SHA512de8e3137f32bddd434495e0bc08a0ae9e185bd0b0433303a6efb06131cb4b7cccfd59a62dce237b59956fd023744c90044af3829ec421281681603f4ceb86304
-
Filesize
6KB
MD5eb99337c3dee70b11b220f78c4e549b0
SHA13ea65d3522f60ecf193d2cd12a7807698b2ea3c5
SHA256f06f180d98172ae60f171a25555220cd4ac9e73b5cea2119ef0033c2714c80ab
SHA512795b10477c85d627786b6c99412756e213a7deea023209917b9f1d56dbd2bab95abfd12f0fc55f864cc52cc0263115004e35dfe3e55d38570fdee7b4a577865f
-
Filesize
6KB
MD535c8c9d929b07fdaf18fd4448aaab5c3
SHA18ddd681b7a2078d49d21735c0448941d13449920
SHA256fddf8670f31d7a6b2a23cb0bdb6a698dc31fcf8bf1ab7bede7afc79ef90e68e3
SHA5123c85e0a33a2cc0326d80e36eb19ad86cec2225a1b74e0d245e564297d67de810037e80f53b181c771e407d9ab244e2aade01e8a91ffadcd6dc0024372191b400
-
Filesize
5KB
MD59880e74f61b0bdefbc4cf9ce24780b34
SHA15087c798bc88adc7a96d4d56f9802205478a70d4
SHA2568af742097d541c5931a806fff8b0d302695eff742b0d484a6f561232a08535db
SHA5120214d7b2b9af4b7695eaf424900f7befe792c5e970ffb827a6785fca3a9cb023096674f4e349c3d41d7ce48f9bb9f7aadb9a52643fe0a5b8a85d1b508b290d04
-
Filesize
5KB
MD5d7250556ad5389a03c2a966793a229f2
SHA1112d64447296baf21dc48ad003a764c5721ccc01
SHA2563fd071a5c45eb932ce1508a474f15230752b345d68ab5f15778b41f8425a368f
SHA5120ff510bb648fea13641e46856a1aaf98c6744ec72ccca5f81164344b50d8fc2b7cc724a8804a1efa37642696904041c12aa0c7390ada3d125d69c5e798f9203a
-
Filesize
5KB
MD562c430373087f3ee58ff6b564bb70bda
SHA14d47aefb93292dc71a7afe2630be2f77764a9d9b
SHA256ee4be05862de628a83d597381d9a5d4c7ea071e33029c49f9e710aa9795a2e5c
SHA51244dbce25ab4682709744e723fc867e3bc23dd9f83b9d655122294fc7a6520794ae87bc890a8519af3fefcf61c0914dfd1e982cb3badc31dbcdf97f5933ab03c6
-
Filesize
6KB
MD554ba1b2d7cbf78c5f16dac68f3b6533b
SHA12cdfa835a6a6f36d7b2f022e66f28b9b0b0e7df8
SHA2566ff5dc3c4d1a303f27df502c52a2058159ef41a99d56693a052b64a24cac4f9e
SHA5124dc43b7fd15d1f690f9d214cb410a1561f54f793925ab63000fe780f6df1a7f4f02e8f1084b932a0aee01ccccde465c75840d3e2322010dcc00a61e6a4aa7ffc
-
Filesize
25KB
MD538e0f825a71c236dde48aa2f551fc800
SHA11aff06111b765ed4e382b9216101e1f54a09d73e
SHA2568018002d860e6370cd760a83b61d41f77cfb9473aeafbf630b27e4b4a7c100bf
SHA51228fc9207402287a3742a8b409aa0db3d570cbd8e456c4ece1ced7b34b6d22f8fd0a2f699142090a9fe54062b35082560012ae80aa9785ce2b21da0aa9bd40399
-
Filesize
1KB
MD54b017c7b5d2c2fd034141e0a0536fd15
SHA18d39b648694a59d9bced9d7d77dc74853033bd21
SHA256fe447163bdbd1d318cf557f49b24f10507f8f57482023a3536db6e17d25be700
SHA512fe30d2c8c1b449b83f909e390b87270531ec6ec93d7b333ad7321602aa340aec341009293cee8df4630d4a67cc55eb26eb4114fe8503568829c784e6ac6f6813
-
Filesize
1KB
MD5e2aa22e344d18986bced4aceabe1c211
SHA14b510888754b1ddb91c5b53a5ec37ed8930cdb5e
SHA25697c365e7b500acd98203d14c6e77f23f41638454e120a58b93045ed3cbd04858
SHA512666b887d41dca24db38d1d1b6af005bdf01e3e32be469c33ae2012551b395defca244126cc3509807b1818b62be3e8cf1b46c87948807d8c447ab5767842cd59
-
Filesize
1KB
MD5a482f4a51c9be310f415494ee0068c5a
SHA17cbe249005455524a476525e2a77088347917850
SHA256caee525ac598b0f96f74e48bc496b7bfb9856bfa48b4f852c05a4684918cf477
SHA512206054f77298d37cea9dbffe4dea40eb0a000d506365203462cae7863283e0c398870308bc021bb9d97c952dda860b64b152e083431633c5a00304d484006fab
-
Filesize
1KB
MD5c42bbe1db820e237f8a04c9bb354bfa4
SHA16d72af443e6db71326300e288cb04fcf9790eb4b
SHA256272392d3e7fa0a16eb00b9da7c7d746f59f5ab48694ecf48edde7a4828300788
SHA512bfbfce0276c6211b25a5ab16e156a4e15495bc0b57d829732332e4f3f4cd2b6a4e4146822558d2bad52fa302cc6c4bb4e7839bd0ce17eda718288acd7fe5e439
-
Filesize
1KB
MD59b91ba787c292063663f1407986b3b19
SHA1ef62bdecf5cd4ba8dc0c24f2209d7948150487f7
SHA256c4d83f35feb29e88e857d1a947a61119064a5b323a088067e845c3237b18f586
SHA5127b97b20f4d2dc572c785ade7a2a1349997af8ca9077a3cfbb53a8a78e93191922ecd670a66462448ea339e1e82d2088093b4229933e7c339ed42aee2513b6aa9
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
9KB
MD5dee75ec94ab88974165ab60a08984b7a
SHA16cda8b289d8df73b760ca8abffbf28bdb9772732
SHA256a7903dbfb9dedad48502947d2742b3255319586c7182d30bb371c16b2aeff2e0
SHA5127d6e18f136c578a2b9e4210d46c2ef55a4af782fd2efbb36d1c3e831994538d5d71bd7e57c138e620236a0e4fdf1d3ae342d22f2fe9ca2bf5d486fa73874d94b
-
Filesize
10KB
MD591da4d55b0bf00f6da61378899a85862
SHA19d8a6f6a65f00a7a4997ac58303eb994e6128d2b
SHA256e95f1240157285ef687f201ea220a770732b77536a4185dae28a5243f9027452
SHA512dd6943ef600b97e4c0ccdb34fba70c31cd6fb014b7a07dc1ac0df2841b36ad3ff342d1f8d522ccd095fdeb6003ecd1cb15c7af955574961454c257a6b6a1bab9
-
Filesize
11KB
MD5d8444cd232471a6d13a74ac495501ffe
SHA167414573c20e0e13e04bf1fa59b8397724d78157
SHA256c29e9aaab78c5c87e2b617078b84c2314fff9094b4b559d23e5de3ded897fc58
SHA5121fe5b3da1b0e01b8a0d87566fc376f7aab36ba054373231996a2da62885db7ec8565ad3413096179a269b6c193032f8913d5e67bb6a78f64f7c208bc2f1bc831
-
Filesize
11KB
MD5be4fe1277dd32b10a4be0976312858cc
SHA1896ae55b8c653680f917641078cfe976b662160b
SHA256623c3955bde878c145f9fe8f1bd17bad3238af08dbdce9545c36b210a138aa53
SHA512f895dadbb69001f4eacf0352df21d24f4cc4fc4928d9ae7c45475eb0949a5a46721f27789c9bdb56aa7389ff8ebc0fea488fd627ed33ac045dd03a3aa39fa17f
-
Filesize
11KB
MD5d35662961c509d17659b5dd01bf5cf9d
SHA10c7164315d14a8476adbc5dce5876d7faca37882
SHA25623c8161e400942cf120a9389f305ae31f1c09a4e29157e61c5f1bf9119799f9d
SHA512507f112ab8d3d1790f6c5083ae79fa6d53cce81c1ec5b8426699346baa5bba548e5721428227cb0a4c37718f5b458e0ff5099c4a1346af2f0cd67ee1ce55b358
-
Filesize
10KB
MD5761daf7863e527aa50b924b04ffb828b
SHA1a9eb5ac678008335c9e6267759a903c1e5ba483a
SHA256aeb84c414e3e0ec34d73d12fb93f2daf440656237fe1c69dc2c0e7d2550ca473
SHA512511495ca18da1bed20de76dbc088fb0d9328500ea6764d37b915bb735e8a527ac5d441520103dd2465f89847d22e52908a1d103447ea88555f96eb26eb780b4d
-
Filesize
239KB
MD53ad6374a3558149d09d74e6af72344e3
SHA1e7be9f22578027fc0b6ddb94c09b245ee8ce1620
SHA25686a391fe7a237f4f17846c53d71e45820411d1a9a6e0c16f22a11ebc491ff9ff
SHA51221c21b36be200a195bfa648e228c64e52262b06d19d294446b8a544ff1d81f81eb2af74ddbdebc59915168db5dba76d0f0585e83471801d9ee37e59af0620720
-
Filesize
55B
MD50f98a5550abe0fb880568b1480c96a1c
SHA1d2ce9f7057b201d31f79f3aee2225d89f36be07d
SHA2562dfb5f4b33e4cf8237b732c02b1f2b1192ffe4b83114bcf821f489bbf48c6aa1
SHA512dbc1150d831950684ab37407defac0177b7583da0fe13ee8f8eeb65e8b05d23b357722246888189b4681b97507a4262ece96a1c458c4427a9a41d8ea8d11a2f6