Analysis
-
max time kernel
68s -
max time network
65s -
platform
windows10-ltsc 2021_x64 -
resource
win10ltsc2021-20241211-en -
resource tags
-
submitted
28-12-2024 00:59
General
-
Target
https://github.com/orangegrouptech/Biohazards-from-orangegrouptech/raw/refs/heads/master/Ransomware/JigsawRansomware/JigsawRansomware.exe
Malware Config
Signatures
-
Jigsaw Ransomware
Ransomware family first created in 2016. Named based on wallpaper set after infection in the early versions.
-
Jigsaw family
-
Renames multiple (805) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Downloads MZ/PE file
-
Checks computer location settings 2 TTPs 2 IoCs
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE 12 IoCs
-
Adds Run key to start application 2 TTPs 10 IoCs
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
-
Drops file in Program Files directory 64 IoCs
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies registry class 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 8 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
-
Suspicious use of FindShellTrayWindow 35 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
-
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
-
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://github.com/orangegrouptech/Biohazards-from-orangegrouptech/raw/refs/heads/master/Ransomware/JigsawRansomware/JigsawRansomware.exe1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffa232446f8,0x7ffa23244708,0x7ffa232447182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,17698825317618014797,7744246936647878702,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,17698825317618014797,7744246936647878702,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,17698825317618014797,7744246936647878702,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2664 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,17698825317618014797,7744246936647878702,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,17698825317618014797,7744246936647878702,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2064,17698825317618014797,7744246936647878702,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4672 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,17698825317618014797,7744246936647878702,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,17698825317618014797,7744246936647878702,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6228 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings2⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x7ff68f1b5460,0x7ff68f1b5470,0x7ff68f1b54803⤵
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,17698825317618014797,7744246936647878702,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6228 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2064,17698825317618014797,7744246936647878702,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6456 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2064,17698825317618014797,7744246936647878702,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6336 /prefetch:82⤵
-
-
C:\Users\Admin\Downloads\JigsawRansomware.exe"C:\Users\Admin\Downloads\JigsawRansomware.exe"2⤵
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
-
C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe"C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe" C:\Users\Admin\Downloads\JigsawRansomware.exe3⤵
- Executes dropped EXE
- Drops file in Program Files directory
-
-
-
C:\Users\Admin\Downloads\JigsawRansomware.exe"C:\Users\Admin\Downloads\JigsawRansomware.exe"2⤵
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
-
C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe"C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe" C:\Users\Admin\Downloads\JigsawRansomware.exe3⤵
- Executes dropped EXE
- Drops file in Program Files directory
-
-
-
C:\Users\Admin\Downloads\JigsawRansomware.exe"C:\Users\Admin\Downloads\JigsawRansomware.exe"2⤵
- Executes dropped EXE
- Adds Run key to start application
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,17698825317618014797,7744246936647878702,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,17698825317618014797,7744246936647878702,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4576 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,17698825317618014797,7744246936647878702,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6680 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,17698825317618014797,7744246936647878702,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:12⤵
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Users\Admin\Downloads\JigsawRansomware.exe"C:\Users\Admin\Downloads\JigsawRansomware.exe"1⤵
- Executes dropped EXE
- Adds Run key to start application
-
C:\Users\Admin\Downloads\JigsawRansomware.exe"C:\Users\Admin\Downloads\JigsawRansomware.exe"1⤵
- Executes dropped EXE
- Adds Run key to start application
-
C:\Users\Admin\Downloads\JigsawRansomware.exe"C:\Users\Admin\Downloads\JigsawRansomware.exe"1⤵
- Executes dropped EXE
- Adds Run key to start application
-
C:\Users\Admin\Downloads\JigsawRansomware.exe"C:\Users\Admin\Downloads\JigsawRansomware.exe"1⤵
- Executes dropped EXE
- Adds Run key to start application
-
C:\Users\Admin\Downloads\JigsawRansomware.exe"C:\Users\Admin\Downloads\JigsawRansomware.exe"1⤵
- Executes dropped EXE
- Adds Run key to start application
-
C:\Users\Admin\Downloads\JigsawRansomware.exe"C:\Users\Admin\Downloads\JigsawRansomware.exe"1⤵
- Executes dropped EXE
- Adds Run key to start application
-
C:\Users\Admin\Downloads\JigsawRansomware.exe"C:\Users\Admin\Downloads\JigsawRansomware.exe"1⤵
- Executes dropped EXE
- Adds Run key to start application
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
430B
MD5625000a42d165f2ca3320a4f3b4ed133
SHA19b1344a4a5af842a6722c257de51bf654c458871
SHA256407f08a36156ecd7d93317888a463c0390f31ff9cc81b4c23019f0b02bfbafe0
SHA5125f7f39294d181d7e538c8096c8d54862f4b084cab0f80d62ea6bcd140ca777740a2c059eeca757a624aa4f778648ccb361b3f9eba204154e3f72b1a640dbbbea
-
Filesize
152B
MD57b19b7ecb6ee133c2ff01f7888eae612
SHA1a592cab7e180cc5c9ac7f4098a3c8c35b89f8253
SHA256972bc0df18e9a9438dbc5763e29916a24b7e4f15415641230c900b6281515e78
SHA51216301409fee3a129612cfe7bdb96b010d3da39124aa88b2d111f18d5ae5d4fc8c3c663809148dd07c7f3cd37bb78bd71e25be1584bd2d0bacf529fa7f3461fd8
-
Filesize
152B
MD523fa82e121d8f73e1416906076e9a963
SHA1b4666301311a7ccaabbad363cd1dec06f8541da4
SHA2565fd39927e65645635ebd716dd0aef59e64aacd4b9a6c896328b5b23b6c75159e
SHA51264920d7d818031469edff5619c00a06e5a2320bc08b3a8a6cd288c75d2a470f8c188c694046d149fa622cbb40b1f8bf572ac3d6dfc59b62a4638341ccb467dcf
-
Filesize
70KB
MD5e5e3377341056643b0494b6842c0b544
SHA1d53fd8e256ec9d5cef8ef5387872e544a2df9108
SHA256e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25
SHA51283f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef
-
Filesize
261B
MD52c2e6472d05e3832905f0ad4a04d21c3
SHA1007edbf35759af62a5b847ab09055e7d9b86ffcc
SHA256283d954fa21caa1f3b4aba941b154fab3e626ff27e7b8029f5357872c48cbe03
SHA5128c4ce1ea02da6ffb7e7041c50528da447d087d9ee3c9f4a8c525d2d856cf48e46f5dd9a1fedd23dd047634e719c8886457f7e7240aa3cc36f1a6216e4c00ee37
-
Filesize
59B
MD52800881c775077e1c4b6e06bf4676de4
SHA12873631068c8b3b9495638c865915be822442c8b
SHA256226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b
-
Filesize
5KB
MD5ed250d2231e24763b80fd0653f12fef2
SHA1f7f36841347a9aad0ebf2df3a3cd9d9f7d154f05
SHA256f1a4253a34de5d1173d078a5d8b52a0bb738095d414697acc13bbd7eff5442fd
SHA51219460065ef74eeb281265e698b171c152c8709ef5eb838164673ec33d58245cfcbeb6a2a9e541870be7a29c49635b49ab1f75a94d0ba6874c5f4e3477e4c03e6
-
Filesize
5KB
MD5b3cd348f8d30e298f431568682ca0366
SHA1e319193c3cc5dee04c5b61e59e79851c67625ce8
SHA25644881dc5fa842ec980c5205f4dd70f56cb396768e6210a6d5ea9cd6c447a8b1c
SHA51238a8e058e3e2c4b031b19df59f0102a46ec235e438d184249928e0709bd269bdeb2a1a0cddf332605ef8efdf0c1d5e6c72ff1b9db990218863831455add8d0de
-
Filesize
5KB
MD5331479dfd3d2287ea7757c933cd6d240
SHA1c3b1d09e120b5772f19adac5a0593a7a6aabce78
SHA25675edc9ba503631897381ca3393c5bac2779bd47ae765c0b5de6e89c436b1a02a
SHA512e0ab4953e7022ac2859d003cbc999afdb7896b87cfb7e6f00bd1ef5d64bf0838bf54b38f4690550c1a82cba48b79d94f6180bf230b016b37de50d3b8d5f39d67
-
Filesize
5KB
MD5900ca60f34aa2afc3af8950cc8a6a7a3
SHA12d6bb31e2569be9160b8d90cde8a2c3a93a98b4a
SHA25680fd9cac8f5df29b875b31a2999288239df8c85585dd7d1a7d3e281fa78cc59d
SHA512747fa914d296759d2e1a398a7d1df0f0ac1f8effdfa73fdafcd0f0e51ff3e35909047edf96d08560cc745ca59610a5d94827aa5f397444a23c4388aa4c2dea8a
-
Filesize
24KB
MD58cd513127214e252edf0454f329bc002
SHA16f47fac6be8e7331e54203a7865e86b32cddf16b
SHA2563df220380a8bf881117c17102a5c70ae7deea18ec92e7c478df2ee904d882108
SHA5120b6d2f2e12bb8b15175875b7118778e57475934dee0476bc3ec989c5408d1ff5cf1c2d5dce4bd980a3ef9bfee232f974fa90050171826f3f0847f9682ae7e4c9
-
Filesize
24KB
MD5371edf34cc4edfe5fc16d906571e1a49
SHA12b0f160569aff513f7ac25a16adf02758cca07fc
SHA256ee07b7e150c132312f076f2fe4c58445fcf86aea9eda0468b6ee040b5f690d35
SHA5129598bca019b2acf65bc0511062e8edf53e00b3801d7a9b49f9c6b7209bcf7ff782ec215716955d5f378f952d77435bccf210384909f28bffa83fa9ac8589cdb7
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
9KB
MD59c963f93036caa2e547c308adb3963d7
SHA1ac29468fe7cf23a50b19e215f2569a82970c665b
SHA2560e8f96a66204c86f945552caa57f65da5e3661099ddfe1184b78d54460be940c
SHA5126c7f80d0739bdaf173cb5e36e67db1ffdc0fd9717ae7134b9378056b830f33414eb583f6dceacd9aa9339d9b8c8e01e2a04efc9c0bd99c7adacfea2b102ed306
-
Filesize
11KB
MD5b0363c4ea6959e84c3508fcb757cd69c
SHA17e4a4bbe86ef6385e0975166dbb1ea89bc76280d
SHA25691875c25cc221a1a778992959a3b5cf9713c8e7ee7484618e67b496d00db0fcd
SHA5128360ece5c466d88bb5534771f8ed7a73b84ed0d592859092ee2c4997adfcb23038056018a0029887b19dee6171b788e91de04208e0b04f83c940cf3732ac3468
-
Filesize
53B
MD54417ea874c1c4f3c1be6db28d36897c0
SHA19e6fe715d238c77c863be508e1c8e342c9622768
SHA256f883d0cc8f1483e3d0fa9ed4fa147cbae0eb69c5adc927588faa9c8c970d683e
SHA512bb6ef1c319c8430ca9762954cdde3aa4f0ac72bcf5dafd9c99978213ee6808082eb4b16360811d4f9d174056c3b1ea6838a4ec57cccd4a276cab4ebd950d76cc
-
Filesize
16B
MD5cfdae8214d34112dbee6587664059558
SHA1f649f45d08c46572a9a50476478ddaef7e964353
SHA25633088cb514406f31e3d96a92c03294121ee9f24e176f7062625c2b36bee7a325
SHA512c260f2c223ecbf233051ac1d6a1548ad188a2777085e9d43b02da41b291ff258e4c506f99636150847aa24918c7bbb703652fef2fe55b3f50f85b5bd8dd5f6e3
-
Filesize
3KB
MD5e7f254fcf37f4ca314166d04d395092b
SHA15cc64bd3daf5f37f1388b3febecc13043ed92300
SHA2564ade8ab90422237227bb9cb7ec92431c570f4f79ffac29a64849a27551ea7035
SHA5127b31672d658ad2477672c0ea9a74d26df99cf509d4b7a54779e15840d11528d828243af2ea143b9feee2f7602603d5aee1859599bc8ba215f497ac508ff2d96a
-
Filesize
3KB
MD57cd2c834eb88a9bdf1125e5acea34661
SHA1bf622c2be086acfb58905618d9c9ddcc7ae86f7a
SHA256bdd11c59792d9b24698c83144c1fe092d8d90f2be0b60e62d56566f79bbccd5c
SHA5128753e342ce4d373fd4e44bd444b02206747300d48f78135ae2ee62d5eeb3dab8090ccfaf39ecea2af9fc487a7e3e339d5c8a887fda0ee7d226e2b68a1262fd6f
-
Filesize
60KB
MD572c2cc3ab874b3cb59bca4724cf0c1e7
SHA1f57625becb7513623ce1dc4a18f30a8df0c5763b
SHA25605f42b673ebd0d13220a1ec382ddc830892c5ca3376089dfea0b72d601483d7a
SHA512f9772b4fc46ae66cdcc110de1f5429f4c5f233373e13b0da839788aff076f29a5a93d16664ab91cb0664227f34d39698e112cff3c5d2db8b5eab1dd9cb6c583a
-
Filesize
624KB
-
Filesize
4.8MB
-
Filesize
32KB