Overview

overview

10

Static

static

1

URLScan

urlscan

https://github.com/k...

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05-06-2023 21:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://github.com/kh4sh3i/Ransomware-Samples/blob/main/Jigsaw/Ransomware.Jigsaw.zip

Score
10/10
jigsawpersistenceransomware

Malware Config

Signatures

  • Jigsaw Ransomware

    Ransomware family first created in 2016. Named based on wallpaper set after infection in the early versions.

    ransomwarejigsaw
  • Modifies extensions of user files 2 IoCs

    Ransomware generally changes the extension on encrypted files.

    ransomware
  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Drops file in Program Files directory 64 IoCs
  • Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 46 IoCs
    adwarespyware
  • Modifies registry class 35 IoCs
  • Opens file in notepad (likely ransom note) 1 IoCs
    ransomware
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 64 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence
  • Uses Volume Shadow Copy WMI provider

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://github.com/kh4sh3i/Ransomware-Samples/blob/main/Jigsaw/Ransomware.Jigsaw.zip
    1⤵
    • Modifies Internet Explorer Phishing Filter
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4568
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4568 CREDAT:17410 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:3096
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:3884
    • C:\Windows\system32\OpenWith.exe
      C:\Windows\system32\OpenWith.exe -Embedding
      1⤵
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1668
      • C:\Windows\system32\NOTEPAD.EXE
        "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.Jigsaw.zip\jigsaw
        2⤵
        • Opens file in notepad (likely ransom note)
        PID:4756
    • C:\Users\Admin\Downloads\Ransomware.Jigsaw\jigsaw.exe
      "C:\Users\Admin\Downloads\Ransomware.Jigsaw\jigsaw.exe"
      1⤵
      • Adds Run key to start application
      • Suspicious use of WriteProcessMemory
      PID:2260
      • C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe
        "C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe" C:\Users\Admin\Downloads\Ransomware.Jigsaw\jigsaw.exe
        2⤵
        • Modifies extensions of user files
        • Executes dropped EXE
        • Drops file in Program Files directory
        PID:2352

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
      Filesize

      471B

      MD5

      6776a455f2fbdb44133158e334a7de52

      SHA1

      1541ec3ec2ca8ca3a5b20bb69e2679e039729335

      SHA256

      c6dfc43ed1702124201722fb4f06d6d394c9e6ac34f371a6d186e409fa7b4e07

      SHA512

      fdcad566b8d11ec78e395d0593c3525070e420191ee332e0ab348c3f584a01c9bd10ea8c9bf727cb0a8e2e7b4acae51e28e024bae72d66b50a9e1cce1b1dfb45

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
      Filesize

      404B

      MD5

      4f8ce4039fe89a708f778c04f3c8d729

      SHA1

      371c4d3ace8707996bb32e4e204fec6678efae8f

      SHA256

      0f5e905cc9326fc9e89ad1f50db971a2fede784989734d5528c32df348ae8b3c

      SHA512

      6a76caefb0b80d1ae4f296c69fa79e554d68b07055e9befb539f6dd294e8e7aaab0610edf948ab34a440fdbdfed81350155de35074409558495e252065eb0177

      Download Submit

    • C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe
      Filesize

      283KB

      MD5

      2773e3dc59472296cb0024ba7715a64e

      SHA1

      27d99fbca067f478bb91cdbcb92f13a828b00859

      SHA256

      3ae96f73d805e1d3995253db4d910300d8442ea603737a1428b613061e7f61e7

      SHA512

      6ef530b209f8ec459cca66dbf2c31ec96c5f7d609f17fa3b877d276968032fbc6132ea4a45ed1450fb6c5d730a7c9349bf4481e28befaea6b119ec0ded842262

      Download Submit

    • C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe
      Filesize

      283KB

      MD5

      2773e3dc59472296cb0024ba7715a64e

      SHA1

      27d99fbca067f478bb91cdbcb92f13a828b00859

      SHA256

      3ae96f73d805e1d3995253db4d910300d8442ea603737a1428b613061e7f61e7

      SHA512

      6ef530b209f8ec459cca66dbf2c31ec96c5f7d609f17fa3b877d276968032fbc6132ea4a45ed1450fb6c5d730a7c9349bf4481e28befaea6b119ec0ded842262

      Download Submit

    • C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe
      Filesize

      283KB

      MD5

      2773e3dc59472296cb0024ba7715a64e

      SHA1

      27d99fbca067f478bb91cdbcb92f13a828b00859

      SHA256

      3ae96f73d805e1d3995253db4d910300d8442ea603737a1428b613061e7f61e7

      SHA512

      6ef530b209f8ec459cca66dbf2c31ec96c5f7d609f17fa3b877d276968032fbc6132ea4a45ed1450fb6c5d730a7c9349bf4481e28befaea6b119ec0ded842262

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\phzg4yt\imagestore.dat
      Filesize

      1KB

      MD5

      9e736457a763cafe5c296fbf44b7b33b

      SHA1

      e78f9758e291327d0da1b0d7c4ebce34e0918b57

      SHA256

      62eee4655ce5e09804bbb1b4b9b3204cc9233443a7afd131e9d366c066fab9b3

      SHA512

      b9ca70f5f52a080e20107929aec5c9bf66fc1d095f80b4cb0192ef0b42891256b1bbf91152310e9b1c6139243fafa2c65fbb4a0e7137658b9ca25c32c77de317

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\39K1WZBJ\app_assets_modules_github_behaviors_ajax-error_ts-app_assets_modules_github_behaviors_include-2e2258-7effad8d88d4[1].js
      Filesize

      13KB

      MD5

      e5e0ee4e4de0c843b03099c3b1aaa7d2

      SHA1

      eafbae47da31696b3c09a2e4d4d14f376a66a717

      SHA256

      3b81439b3860fac8d5bd56a7579ab2d91b68c66c42e14cda16aeb6d6f28924c1

      SHA512

      7effad8d88d47e07020e165d94325f23be53e5030165842c0fd8b44df717211934c2d0561ffd4fa2403114e09f182160ad0cf9c60e11878b9eefd1668a06e550

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\39K1WZBJ\app_assets_modules_github_behaviors_commenting_edit_ts-app_assets_modules_github_behaviors_ht-83c235-c97eacdef68a[1].js
      Filesize

      11KB

      MD5

      877af1a0f83cc799c024e324dde1c078

      SHA1

      e07d194bcdf77c01c0bb78903732babf0acc99f7

      SHA256

      85edcfe9717ca67aba8f94c45da5071c5bcf600b1431e5daec667d9463474877

      SHA512

      c97eacdef68aba2c690f85c669524ac13ef83c6c54cd3afe654d0c74f400887226a84be09da958c50a0581f9270aa5ed52b476c336c08d392cd67e4a53c513ee

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\39K1WZBJ\app_assets_modules_github_blob-anchor_ts-app_assets_modules_github_filter-sort_ts-app_assets_-e5f169-c54621d9e188[1].js
      Filesize

      6KB

      MD5

      7ee251a6f80c7f077f8d307c0f96f667

      SHA1

      3606d3715836bc5b0a9862ec37cfe00ea6a5f8e5

      SHA256

      d969c168035c946188b97f6cf8af2a71ad2d207a775e9b918ee6488d721c63fb

      SHA512

      c54621d9e18841f538bc2274b29cb272ef9ef1e5e282970c3467b739cceb5712c23db00c0c53f65a66880db3b744e2063250e1af206a7ccdcb1d6dd0ce2b9baa

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\39K1WZBJ\app_assets_modules_github_ref-selector_ts-8f8b76ecd8d3[1].js
      Filesize

      9KB

      MD5

      019ef7d910ab3ad87d523c379439ab31

      SHA1

      dd97c99ddd637832502230c904f6fe4e4cacf4d8

      SHA256

      9e6a2cf46f911f800edc46a13a14dbc4d867283c2f036942fd76d13c5c3f4be4

      SHA512

      8f8b76ecd8d340cc9d4a3a09ef686e0eb0c00549fd15d50199a20412f479f22026dd00dcb70367cc98e249734ce25d03cbb0b585a5156f439c91c29cda78e647

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\39K1WZBJ\behaviors-3647463f0628[1].js
      Filesize

      214KB

      MD5

      48c5480c68bdb9752025d4f413b2de96

      SHA1

      d2379970d39986f98204ee653d9c091a8e78d6e0

      SHA256

      ffec5af0cd49856f7d2bab405bee2d43e479f8021468fa49d720e913b9b64899

      SHA512

      3647463f0628339a2a080b69ef1f22b4622187fcaa7ba30ff5fae3bb2b30d674c0d0687cefa2d7c446f68638abc315c45d1b7bfba3ef419fed12f953edf8946b

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\39K1WZBJ\dark-3946c959759a[1].css
      Filesize

      53KB

      MD5

      2820c4c7c0513590c53d244c42fb6fe3

      SHA1

      e7512521010a3afcf5ca395457473e7963a23ed9

      SHA256

      c2982a111fe3270b0feec1917715b73a1ad11e04a918c3748a129fbedff88370

      SHA512

      3946c959759a620244e1e09847f1baaeb2e1aad20b8e0b84ca7652fa14a130d5b94af4047a1db76afa5abacc01bba4d87789d44f959e08f8524b864eb66f925f

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\39K1WZBJ\github-elements-6f05fe60d18a[1].js
      Filesize

      34KB

      MD5

      5b04df474e86da9d2cfb56c6a655e9fd

      SHA1

      7aa0801e4a25eb1fbc4ede60b3c7efe4904bd945

      SHA256

      ab9c8d519415855e6af5957980d48ce278e90551434feea0df9762c350c224bc

      SHA512

      6f05fe60d18a3fe5f40d7434a84513a182636e505df02bb40d0a78e4aff975d04b24a1c1f201b97c23d2f261b3a73964b239f1d3912f2896a26ff96453fa6f48

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\39K1WZBJ\notifications-global-4dc6f295cc92[1].js
      Filesize

      11KB

      MD5

      f9900e70cb1dcc8a67f9f446e5d718ae

      SHA1

      f7be42badef3fd51ae90deefbc913e74e81e705c

      SHA256

      3611cb16979f594f606f41f6537a27e431a29d8a883fc1b18cb309b3f5890e7a

      SHA512

      4dc6f295cc92706460d7f2f96dccbaf776474d47a47889ab69fb549011d0f76cffa0ec1c8f556f8a52dcefe755a4d7d4bc4473a47c710b27223ddced094ec160

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\39K1WZBJ\optimizely-1c55a525615e[1].js
      Filesize

      5KB

      MD5

      43b9692c8d52a401e01df297c8909f7e

      SHA1

      4e220e483ed578f5b584924376696b43182daf97

      SHA256

      1f023599685c7033bdc7c2177a0bae5511efb5ad603232f754abe14f6fd45c16

      SHA512

      1c55a525615eb64db055405b6d0842bc836850669059ac62779f7615ca61a5a82e0d2a96a5936938fb9e9d652431f4d6c73d8a47c404ca2a9e11ad524dcdf4da

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\39K1WZBJ\repositories-0355d3fe50ee[1].js
      Filesize

      64KB

      MD5

      92bc7cc04b72eabdc5d8dadea976a93a

      SHA1

      efa2b79ebd856edb93184d6548e57988f922ffa6

      SHA256

      87e182a2a527e7a4c994342d8c40d843a489096bc1fdc5282d42d4f24b39ff94

      SHA512

      0355d3fe50ee70f466793c0206964c89a67a6bc19a19d05a56577b50adffafb9f08b45c9857880ffc441dcf93de03825ed101ae69170d812bf76ec534bf0b2f0

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\39K1WZBJ\vendors-node_modules_delegated-events_dist_index_js-node_modules_github_auto-complete-element-5b3870-ff38694180c6[1].js
      Filesize

      26KB

      MD5

      aed57c5b19c71c3a620a8aa2abf9a69e

      SHA1

      e30ccdbeb880c3b8fc82cae3d1293354226f3c59

      SHA256

      a7c516e60d317d33dfa33e6f1ad396b0bdc096b9e2081572ee35be0fa7fb99bc

      SHA512

      ff38694180c6b07c0efffc27aae6ef9b02852a15b6ec0f6b92b4bc92ec5db0bb6ef46f8d3ef15910fc9bc64dc96af4415c8d2ed44499d0b39b64cffc9487d559

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\39K1WZBJ\vendors-node_modules_delegated-events_dist_index_js-node_modules_github_catalyst_lib_index_js-623425af41e1[1].js
      Filesize

      11KB

      MD5

      342a8882b7df201b3b1612ba41ac63e8

      SHA1

      f57b133d85bee8d94a041d0f5e0a1fb44e131496

      SHA256

      779f91df7aedd2267003709efc2dd3fc01abcaf461ac3f8b6ebbaed38fe9cbee

      SHA512

      623425af41e17a40a879a496612cb521e78721a79a014daa62c637c8c9bf99d52f70b69a5a82b853a6468e9579ab4cd21bc71d4d74a5b1648a6966e570bbb137

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\39K1WZBJ\vendors-node_modules_fzy_js_index_js-node_modules_github_markdown-toolbar-element_dist_index_js-e3de700a4c9d[1].js
      Filesize

      13KB

      MD5

      186933c0117b94c9b8aade71f6f310c0

      SHA1

      ae67ade0e920b536137b6e98bb5e9e6c34b96925

      SHA256

      1465e7c16987bcaf9bb6209172d23d157cba309e9c8b2e4751b77ce4feb1b14f

      SHA512

      e3de700a4c9d4e1a490d2daa45c518f837ba0f6e065274231627b3911c43faf07e365ba42dc6d110627987662366ea1cdebc9ed4f5a8b88a04b64a7980c7b5b5

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\39K1WZBJ\vendors-node_modules_github_file-attachment-element_dist_index_js-node_modules_github_filter--b2311f-15fe0f17a114[1].js
      Filesize

      20KB

      MD5

      a8f4a1a398acef2eee122fde824f9ef2

      SHA1

      440530ba71a7a5418ce1812d40e7bfd09d0df04b

      SHA256

      fb9621350585365742bffca023fc5e3462becdc2090c351eaa70620ad6a3746d

      SHA512

      15fe0f17a1148e338c28c1faec59a6cf86318c427a861425fc9fdf66c0ec85e118b020563161cda00099e3f73535f4b9c2075809547e3e9f6c6a359be75c41c6

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\39K1WZBJ\vendors-node_modules_github_file-attachment-element_dist_index_js-node_modules_github_text-ex-3415a8-7ecc10fb88d0[1].js
      Filesize

      11KB

      MD5

      bb1800636a88e2cf90f48ea181a1c3e9

      SHA1

      486238b0e8fbb84b4f92e462ba7f337f8c6c091d

      SHA256

      7bfa93a6b92eb9a2f1668a9b16ea5e1f7f2591d3664351788a48107ec879bf84

      SHA512

      7ecc10fb88d0dc86ce7d35b7a2be7b44f51904fbb1908b53c9afdf0d6d1fe9760753f6cf8f9ca1897bd537552d3f8238c68e9b993a167cc52f43b5f7a58b37e1

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\39K1WZBJ\vendors-node_modules_github_filter-input-element_dist_index_js-node_modules_github_remote-inp-8873b7-5771678648e0[1].js
      Filesize

      11KB

      MD5

      cc3b9d72861037e13bd0d0be98ef5ace

      SHA1

      ee4ffb8a335a106b2b784364f017e017f61d7398

      SHA256

      7b13afa92922980886b59316cbb313d4d4c05037979c1a49fbc99d6c4ff822ab

      SHA512

      5771678648e04c79885e4671ed343d33268564ca16a73d0a77dcba1dd1aee2b1ea303d6ab1b226e61f4c0bd5df6b33f28d86ba2ff72e959978e03f8f640a095e

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\39K1WZBJ\vendors-node_modules_github_mini-throttle_dist_decorators_js-node_modules_github_remote-form_-e3de2b-779fd9166293[1].js
      Filesize

      18KB

      MD5

      c5ed543ae8a311bdf58dccfc4cc18a8b

      SHA1

      311e3e19b0a308452d917a4db844c01c7a5386f8

      SHA256

      56e53054d7df85620ba0b07ec44cc41fbc64656897663ce49627803026e47106

      SHA512

      779fd91662936344b6e65eec18a60160a677df13d33cddc8708a70074355ca6ba8a704e27a9ec66ccf3d57cfd503fb50922ef08cd6968bc0141415278b9a526b

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\39K1WZBJ\vendors-node_modules_github_relative-time-element_dist_index_js-99e288659d4f[1].js
      Filesize

      14KB

      MD5

      f491d4f9b68507dfdf90a5ef6d4f70f8

      SHA1

      dac15fb588758d0cf24eb922931dc367d9f0458b

      SHA256

      6f7e23dd694a3e70ef7b0a8dd6b30161168039187a16bb1f8ad56c0e385fc2f2

      SHA512

      99e288659d4fae2fc48756d2bc57e0bbe2add23ed9ff370f8f9643ee09585f4bcacc6688cfe6380e60dbe883f614bbe2c61cd7d52fd5109f20aa79b70df6f079

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\39K1WZBJ\vendors-node_modules_github_selector-observer_dist_index_esm_js-2646a2c533e3[1].js
      Filesize

      9KB

      MD5

      e5411d902c14114345232eab0b388a2e

      SHA1

      a079ffbceba09465e2546881d6b963d05edd3add

      SHA256

      3dd71977f8bc77d1d340787b166bb300047f951a16e440f75c9fe2599659a70c

      SHA512

      2646a2c533e30cbd3c0ef653c306fdd6052f00fb9479ea664f791ee17c4a8d8321a0337dc9f79b9a0aa0a1d68a9cc84b46bda6b2285bc16a8434712b54794f75

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\39K1WZBJ\vendors-node_modules_optimizely_optimizely-sdk_dist_optimizely_browser_es_min_js-node_modules-089adc-2328ba323205[1].js
      Filesize

      104KB

      MD5

      9677b4415be57695d23cf01aff7514b3

      SHA1

      1352108c7e38b20693b7d9b0495d01168862507f

      SHA256

      4992f0543a0d909d6e48123c5c1499bf476e4cae4c1398712707857b50aee18f

      SHA512

      2328ba3232052ba1f75d4e89607bf6b030cc3889e6dc640a8a7b5005279be25ef1d00fd72c13227385ff8143852f57f7a2063ea6891c80cb3b033ca8c0ebd21a

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\39K1WZBJ\vendors-node_modules_primer_view-components_app_components_primer_primer_js-node_modules_gith-3af896-d8cf3e5f5813[1].js
      Filesize

      84KB

      MD5

      4d8ba4c37951dd52f66e0e34733a36e9

      SHA1

      c1ab4e1f09ebd165cffe8af3b5d414a21c826b22

      SHA256

      81d5e204e6971ac39280cbe9eb0b85b801b49b537ee789c0b0a5bd7adeeb6b19

      SHA512

      d8cf3e5f5813c726fb74d03f26ea7e7d5be180d39708ecaa1e567a40f89fa6c7c6bcffe476cf8e32486f848b93d5eb1ffbacc207926f350b7ff918426d1206df

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\39K1WZBJ\vendors-node_modules_virtualized-list_es_index_js-node_modules_github_template-parts_lib_index_js-c3e624db1d89[1].js
      Filesize

      16KB

      MD5

      e64f83d1a9f51f9c14c9ab8f3a50f8fb

      SHA1

      16e820a27942595273eded6a23ccfb20e47d5472

      SHA256

      4fde779475a942b75da84597dcf9650ae9eec74aa4718123b7b1d804267883dd

      SHA512

      c3e624db1d89f8a4598209f6e86f431371354696485067d4c97978b5d8258342e8d3c4079d89b7d1721e782f6749eadfcf4398d635507c8202f34c8e9540d5e2

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\4VT6R2QM\app_assets_modules_github_behaviors_keyboard-shortcuts-helper_ts-app_assets_modules_github_be-f5afdb-3f05df4c282b[1].js
      Filesize

      14KB

      MD5

      9200feadadbbca8309d5977b36e8ea6c

      SHA1

      5c1f182157d97fdc3c765f93d4e5d1ddc8d091a3

      SHA256

      c2703d901b7c6cba74a1e0e7179941d5aca8748c25ae79479a48f562d02e77a3

      SHA512

      3f05df4c282b95264abf3cef77b0dbf2bc00cfd3bd2af67073107f6d929a29c8015f6404da03b32fcb9b9ec70809a6b4f3b9e3107abf5f19f173c57a36d331d1

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\4VT6R2QM\app_assets_modules_github_sticky-scroll-into-view_ts-050ad6637d58[1].js
      Filesize

      9KB

      MD5

      472d32c51f1f61232b4067c6ce1db8e0

      SHA1

      6a10d4f7f28e48d06f86bd47f7a9f1bf678594fc

      SHA256

      2909936c658bd0564865d9dd672aeef5347af08b70d3e57bd4e2224cb7ca6904

      SHA512

      050ad6637d583c942bb7c8638eed0dacc4da3bbfcec8b1198091f40964de91dbe828fc6a24e74b7f27bd5a5ee28334caf223cb015eb8acf3e6595c832ec7483f

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\4VT6R2QM\app_assets_modules_github_updatable-content_ts-dadb69f79923[1].js
      Filesize

      8KB

      MD5

      ea38f9963d35351c101d238af3a3cf73

      SHA1

      9ab43d46fd1b2774ab8b1bd7d51b55a6a2a49c84

      SHA256

      8158702cd486d1cfaf584b4784649207f4c668e27d37c2c3c38fc70d0e30b24d

      SHA512

      dadb69f7992377066b58045ae7182c82eaf7d8c3233571020172bf70e11589447098c1766954df0c736df3def39f1e3f6f34e6153ad571eaf0f71e06477d29b7

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\4VT6R2QM\element-registry-84be4ef284ec[1].js
      Filesize

      42KB

      MD5

      37e97f57ebc8d5dc75173bf0befc79e9

      SHA1

      a8b24483abcfbe89774378531cc388608d1111d7

      SHA256

      e280bd8ecafe3d1ec9403c82b770d5f8917cd7f1e60b49668a5ac639b9eea4d1

      SHA512

      84be4ef284ec5999c9d52e262f2cab9e4b041abe5380abe64cb69b7bcb0be9b5b23eeafc8b8ee36f50232b045ea1aaa021a7ff4accc99508dc33f6ef8ca14a00

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\4VT6R2QM\vendors-node_modules_color-convert_index_js-node_modules_github_jtml_lib_index_js-40bf234a19dc[1].js
      Filesize

      20KB

      MD5

      335c0961babd1c1c0d898b5717f961ae

      SHA1

      104c5caf6c79e0a658ea309651ae75d734be92c9

      SHA256

      981215a3a3c0857405f95bab20d9e8d1eae8a0e757f787c62824bab1330a8cb8

      SHA512

      40bf234a19dc5a70430eb6893527d5320d850d63bac10e3789ac6ddaaf6bf1682a0ed81f2224bb1ea2154f9ddfe9afd929a1611078ae3b3f43fafe7d584221da

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\4VT6R2QM\vendors-node_modules_github_mini-throttle_dist_index_js-node_modules_github_alive-client_dist-bf5aa2-424aa982deef[1].js
      Filesize

      13KB

      MD5

      fa2bd9163204e6ced0bf13f169206c40

      SHA1

      ea2d13287aef46af1ad0f04b04eada4e8a8966af

      SHA256

      0c2a6aa4860bd3d3a135d59418bf4e7a00173c3e974842ae436a0a2fbe3da624

      SHA512

      424aa982deef4fc0969c58c54d1dfcf1b589d6c9da95575e4b5f88ffb03a8457954a19c03b00afbb5f4fa0d64a6d7b7361c0a4737c1d21490d2767eea227e0db

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\4VT6R2QM\vendors-node_modules_github_paste-markdown_dist_index_esm_js-node_modules_github_quote-select-743f1d-1b20d530fbf0[1].js
      Filesize

      36KB

      MD5

      005512a59c929cfe6857ae4aa5b4a445

      SHA1

      a4fc118a8e3ec2924ff18a65eb6af04c43b6c37d

      SHA256

      c17f95538fcdd61055b46582d0f102c66342fbfa173f6de5a53f26a1ed49f7b2

      SHA512

      1b20d530fbf0cdfb7bb55d3e9b89979216267176559260c36357842ddf30b866a249d7406c86d881dfa57b4f43c9a21cd05a2457005fa68956e19c14557a2c92

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\4VT6R2QM\vendors-node_modules_github_remote-form_dist_index_js-node_modules_scroll-anchoring_dist_scro-52dc4b-e1e33bfc0b7e[1].js
      Filesize

      12KB

      MD5

      6ed77e8843f620ad455509ea7f15e2f1

      SHA1

      6ca0ef769ba65722f22abb77936e917fe66136f2

      SHA256

      270e861a9bb0e815d2b57ab3fd881132b05eb9a39d1e9269f12529b03aa168b3

      SHA512

      e1e33bfc0b7ef7040dac38396663113672f27ae9c49e9517a18238dd67012d693ffc8e1b562487ed87dcc9ac91286cfe9bc2778e2b3eed044cb7dd0c6952622a

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\4VT6R2QM\vendors-node_modules_github_turbo_dist_turbo_es2017-esm_js-ba0e4d5b3207[1].js
      Filesize

      76KB

      MD5

      80de3fe499fabcd32f3eb5a1c8a080b9

      SHA1

      45c7a787dd927214b847550fcd44f37261413256

      SHA256

      0f0b5c21ea9467b911d1377fdff0272addf7fccc7a588f2f30ec6f07ffbdcb6f

      SHA512

      ba0e4d5b320783d52465d15d4a36113a8e10261eefc707314d7e6f211ebb57930b7cbf2568017febe5e47cb43749552e6992fcd652aec702110a330364e08506

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\4VT6R2QM\vendors-node_modules_lit-html_lit-html_js-9d9fe1859ce5[1].js
      Filesize

      15KB

      MD5

      29b126d180066f2cd72287a725af3dce

      SHA1

      da1a0918b337b6bcda086580271306fbb2d41ea0

      SHA256

      9417afb32e38d089ae0e18debddaec99629f25af815081ebf426a48066ef3438

      SHA512

      9d9fe1859ce5c02054af70a2435b2b137398d7f41f2b71cc138333f706bf3c175eccc001e8ba717e80508a10590fd40c91468a9ee60839cf2cf5464c2601deec

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\EY3KXMB3\code-9271f811184f[1].css
      Filesize

      20KB

      MD5

      a97786263f930175bb0542f465843367

      SHA1

      f0cd058057a53a85908f1760b95a022e56ea80f7

      SHA256

      12ba2b22246eab8f64c30be582dfe606ea888994b05839692a492aa42b613ab0

      SHA512

      9271f811184fe2af79f7d3695fe474490d9089d3ee056c0541263a08297c07003f562b1932391d08c36a8a71b50ae22554d46d0868aa4a0de412f5baf44f26ed

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\EY3KXMB3\environment-de3997b81651[1].js
      Filesize

      5KB

      MD5

      1b85079a9ba25d7ccfa2e6551f1f23da

      SHA1

      95807b2db9ddb55f1c2d063de80a21126396a938

      SHA256

      5ae5c1c250b930691353ec3310295d1ea8128ba6b1dd69a8bd0ac08aa3283aa5

      SHA512

      de3997b816515df468e65014eb9230e603f485f9bebbb1e8f9e28437bb64e15c62e2377b462605099c1f5778324da56f8712ae8419f27628188332283b9644a1

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\EY3KXMB3\github-c7a3a0ac71d4[1].css
      Filesize

      171KB

      MD5

      2eb35e9de28f967c32f4e8d8d9478db8

      SHA1

      b8c8ca1d54d2e33b13a2a8055c09d5a679bd4128

      SHA256

      980bb59f1d582b3955af0a6189ee08c3c345b699f91e6e7f55e92b0a317771e0

      SHA512

      c7a3a0ac71d460e702edf86b508c4509bb12543d39d19692f21e0c4ad5ad603b4523d2f46edd1c1ea3fc22b0793f78c3db53e770399d953a18f08a6176e089c3

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\EY3KXMB3\global-0d04dfcdc794[1].css
      Filesize

      254KB

      MD5

      2a5effbfaaf296ce901ce3f997149e08

      SHA1

      d3c9b0558d7933df3e1774236bf284bc947a5fa1

      SHA256

      b096c40efca7e00885cb78e1caeb4c31e4db9100662228f60c045b9f4b19e624

      SHA512

      0d04dfcdc79457770a9457282a9ce54184bd35a9aa8d17643564af15ee8dcaad5a453b744811dd53a4a6443ada50b0c7194f90e786c91cf0c7aa4184076045d2

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\EY3KXMB3\light-0946cdc16f15[1].css
      Filesize

      53KB

      MD5

      5235e806bcb88fed6c8c8cfb53348708

      SHA1

      ab71dbe80857d73ce2ca21a45ab4a216ab1cbce1

      SHA256

      89233262726664b22e2d2e8a742b89d7439d526394f7413b30a92f304a04775f

      SHA512

      0946cdc16f1502b0f9aad2daf13882a63691a93f7f9a6afb537da241ef6db703e1173a6591975026f826792a4ddbe79c07b863e2a6a41ec6e7894ef1fa920e40

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\EY3KXMB3\primer-0e3420bbec16[1].css
      Filesize

      316KB

      MD5

      30f2a06e17a202d8f8afe79405920683

      SHA1

      752460a09cbc2a5e9df46452659827f223492f21

      SHA256

      c8e8e6db20f7b9b971987bb79300f39db43bcad30fcb5f3df16ca951f006bd95

      SHA512

      0e3420bbec1654ff4f05cb07136a2803cb323fc876e2973d3c64c9b7bfd23ae328773af23626c20c1b2978a002da91b556363c9eb7d0725b7daaac4670780d62

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\EY3KXMB3\primer-primitives-fb1d51d1ef66[1].css
      Filesize

      7KB

      MD5

      75b4206d843040a7d81ac8639211cc5c

      SHA1

      2fcc5d28e05f27e822f4c79cd2ebcb3c55c93850

      SHA256

      ae074dc2c85a9557c8b646ffc5afb608a552b57066eecb791fe8f17f5fdfc1d8

      SHA512

      fb1d51d1ef660b84870b0a4970a8772dba4127aca9ab9fbaa29c734a83de07bd8a44b84b6bb22ed6b9b03ebe7a105bb9072a31a01fef987a6a64edc3b894ec32

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\EY3KXMB3\topic-suggestions-b547ddd02b8c[1].js
      Filesize

      6KB

      MD5

      56a0b15cf2513295c6f14339af991d0c

      SHA1

      85fe2eca7bafd92e8015f952f28435f6652e8fe4

      SHA256

      4239da6415761d11207adf82df3f145a52927ebbd7dddabc5b3350f3bcae5b76

      SHA512

      b547ddd02b8caf8309826253eddb11ff0b8af10a34d25027de0c9487e34a2a71305947eb875429cd77fdc9434ac89126d57168e723a0e5ddddc81e0614010633

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\EY3KXMB3\ui_packages_failbot_failbot_ts-b1f8e13beba5[1].js
      Filesize

      10KB

      MD5

      6b79e83a562f9cdb73e4305a0185f25f

      SHA1

      45ae942efac26bbc2600b59cbbf12fa2e61a843a

      SHA256

      43d13b7172b12ffc32782adb9074f55b67387e054d40c011bffc9384f781d5d9

      SHA512

      b1f8e13beba5fd553bc549366ad5e60fe90262b62130e9aaf79163944e6cebbad3067a4231f9e0b6f9d4db8e23b2258a6417c0867cdb6f148597dc48676cb264

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\EY3KXMB3\vendors-node_modules_github_remote-form_dist_index_js-node_modules_delegated-events_dist_index_js-0cc53ae22129[1].js
      Filesize

      7KB

      MD5

      8359d8112f4d1559e289cd7227062829

      SHA1

      3f659be81eef5240644c3da4bb41498fb2da0ab2

      SHA256

      5a95ace87439e6ae1cb6b4594725635040bf3c316dcaf5b4ad0ffa39f7327ddd

      SHA512

      0cc53ae22129ceb45ac8061b12201547d3016054eb7c6d72246169a89d954c4c7c55b6fec8115dcdbdfa3ff1468a4e9497b3a1fe85bb58d908167d06c827c0d3

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\EY3KXMB3\vendors-node_modules_stacktrace-parser_dist_stack-trace-parser_esm_js-node_modules_github_bro-a4c183-ae93d3fba59c[1].js
      Filesize

      12KB

      MD5

      e81d89b97d24210d1fed01b8c7527dff

      SHA1

      e9aeee63975aa26e1c18fb15e703fadef1044af3

      SHA256

      b3dd2be29f2c480a351a18ffbe7d3fb4b7f3c7636cddf273bcaaa4d355d479ef

      SHA512

      ae93d3fba59ca967f3bb0b0e6bc1867b903c647d389231e92e559eca742b7d9f5b1f1c9b79b682611ce40ef8fdb327c76b47646f4d4ae97ddbe531e5008c46a3

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\EY3KXMB3\wp-runtime-e731ddccc74f[1].js
      Filesize

      30KB

      MD5

      6c907b020d96bdf37ae0c6afad64e9cd

      SHA1

      4e0c9124d4ba3d01713b629ff71a2caf73b2d11f

      SHA256

      86be43c19f77470e84ca4cb589e5891e032b48050ae6b563e35eb4930de93a45

      SHA512

      e731ddccc74f7f0bada2dbdf9b88bee39429bcce3872537f8d002ca8f48565207f732d01fbcfd9e24d954b5828e65ae3bdc3969837191dddf37ce34a1d05fbef

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\U4IULL1L\Ransomware.Jigsaw[1].zip
      Filesize

      239KB

      MD5

      3ad6374a3558149d09d74e6af72344e3

      SHA1

      e7be9f22578027fc0b6ddb94c09b245ee8ce1620

      SHA256

      86a391fe7a237f4f17846c53d71e45820411d1a9a6e0c16f22a11ebc491ff9ff

      SHA512

      21c21b36be200a195bfa648e228c64e52262b06d19d294446b8a544ff1d81f81eb2af74ddbdebc59915168db5dba76d0f0585e83471801d9ee37e59af0620720

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\U4IULL1L\code-menu-da1cefc25b0a[1].js
      Filesize

      13KB

      MD5

      f6d880c309509987d43bc91637e519db

      SHA1

      504b065305834069a6b3c7acc07a726738bcf8c2

      SHA256

      e843b6d6cf094b7ce98cbb4bac745ca475a06f33b37285fcab29dec9aad82c5f

      SHA512

      da1cefc25b0a815ebe4d17fb811eec30b5f6b62418febafd443d374c8e889e5744526c7aa1cc04923b1209d7a255178134ead1c7c1ca0c480964fa55ec2a319a

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\U4IULL1L\codespaces-700c7a36b916[1].js
      Filesize

      25KB

      MD5

      157a53c51327316f0803dfb67994cd15

      SHA1

      cfe6827865583688ed57a564519739fc993a6c98

      SHA256

      49d3011a7fa1980a3234bf5a1a8445ebe68aab8e08d83d99e6c3d7079a6bbca1

      SHA512

      700c7a36b91658f24fd33392b31f94016b940011d5f05f7965a0542e21bdb4c59a001c56b83603d3a26788bb83af535782c5a3ef11f5d5d18d88fe953cd58829

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\U4IULL1L\favicon[1].png
      Filesize

      958B

      MD5

      346e09471362f2907510a31812129cd2

      SHA1

      323b99430dd424604ae57a19a91f25376e209759

      SHA256

      74cf90ac2fe6624ab1056cacea11cf7ed4f8bef54bbb0e869638013bba45bc08

      SHA512

      a62b0fcc02e671d6037725cf67935f8ca1c875f764ce39fed267420935c0b7bad69ab50d3f9f8c628e9b3cff439885ee416989e31ceaa5d32ae596dd7e5fedbd

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\U4IULL1L\sessions-2638decb9ee5[1].js
      Filesize

      10KB

      MD5

      bc5d5fea43b7e9661b50456a77478335

      SHA1

      6b8f6d93bfd302cd5ada9b40279205eb12556cdf

      SHA256

      a02d02064dbc21e677ef0474aa7e111cb55abf165febcdcbfe62d32056be29a4

      SHA512

      2638decb9ee5cef55a1829e394cfb0d0fff00835713ef1198e08468bbd6d0de25ffe8b78c3261d466cacdc245703118e78c098cd2e2598222e4560aba94cd2f7

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\U4IULL1L\suggestions[1].en-US
      Filesize

      17KB

      MD5

      5a34cb996293fde2cb7a4ac89587393a

      SHA1

      3c96c993500690d1a77873cd62bc639b3a10653f

      SHA256

      c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

      SHA512

      e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\U4IULL1L\vendors-node_modules_github_remote-form_dist_index_js-node_modules_delegated-events_dist_inde-911b971-b9c79ae563e3[1].js
      Filesize

      14KB

      MD5

      731b0ff5e38c65bbf3119df5ce8be8db

      SHA1

      03e3b569dee6810a82fa23e3e640194ef13bd8fb

      SHA256

      807f17a1a86efc5d3be0af6ef09addc7ef609da1347cbf2a4b1e91f402b5d8b7

      SHA512

      b9c79ae563e33e8e8795398b4df56c6fab7b5cbd9b86df7eb5d9937ddc00e5045b6cad5ebae7b20fbc599352360edf0c6c3276ae59e402692692c292a20eabb7

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\U4IULL1L\vendors-node_modules_github_remote-form_dist_index_js-node_modules_github_memoize_dist_esm_in-687f35-d131f0b6de8e[1].js
      Filesize

      9KB

      MD5

      07545d79324e61d14de7d47e9ca6b03e

      SHA1

      b73039cdd8e424960b0a8dc973788116bbcb11df

      SHA256

      ce89ceb01d12fa63f5a5edd4ce856335c85eaa59dcabe3cf38d90f6c0040fae3

      SHA512

      d131f0b6de8eb9ad4a24a9a4857d9b1eeb4a5004932a3b04ab9c6422a829f101c1b5089a0718a751103388d9eed36f52b9be218403da685e2611ad151432e6bf

      Download Submit

    • C:\Users\Admin\Downloads\Ransomware.Jigsaw.zip.k1cgvvw.partial
      Filesize

      239KB

      MD5

      3ad6374a3558149d09d74e6af72344e3

      SHA1

      e7be9f22578027fc0b6ddb94c09b245ee8ce1620

      SHA256

      86a391fe7a237f4f17846c53d71e45820411d1a9a6e0c16f22a11ebc491ff9ff

      SHA512

      21c21b36be200a195bfa648e228c64e52262b06d19d294446b8a544ff1d81f81eb2af74ddbdebc59915168db5dba76d0f0585e83471801d9ee37e59af0620720

      Download Submit

    • memory/2260-333-0x000000001C5B0000-0x000000001C64C000-memory.dmp

      Filesize

      624KB

      Download

    • memory/2260-329-0x0000000001690000-0x00000000016A0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2260-330-0x0000000000C30000-0x0000000000C80000-memory.dmp

      Filesize

      320KB

      Download

    • memory/2260-331-0x0000000001520000-0x0000000001558000-memory.dmp

      Filesize

      224KB

      Download

    • memory/2260-332-0x000000001C040000-0x000000001C50E000-memory.dmp

      Filesize

      4.8MB

      Download

    • memory/2352-347-0x00000000014A0000-0x00000000014B0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2352-348-0x0000000001150000-0x0000000001158000-memory.dmp

      Filesize

      32KB

      Download

    • memory/2352-349-0x00000000014A0000-0x00000000014B0000-memory.dmp

      Filesize

      64KB

      Download