Overview
overview
10Static
static
3AntivirusD...t3.exe
windows7-x64
6AntivirusD...t3.exe
windows10-2004-x64
6AntivirusD...t4.exe
windows7-x64
10AntivirusD...t4.exe
windows10-2004-x64
10AntivirusD...te.exe
windows7-x64
1AntivirusD...te.exe
windows10-2004-x64
1AntivirusD...er.exe
windows7-x64
10AntivirusD...er.exe
windows10-2004-x64
AntivirusD...er.exe
windows7-x64
10AntivirusD...er.exe
windows10-2004-x64
10AntivirusD...er.exe
windows7-x64
AntivirusD...er.exe
windows10-2004-x64
AntivirusD....2.bat
windows7-x64
10AntivirusD....2.bat
windows10-2004-x64
8AntivirusD...re.exe
windows7-x64
1AntivirusD...re.exe
windows10-2004-x64
10AntivirusD...st.exe
windows7-x64
1AntivirusD...st.exe
windows10-2004-x64
1AntivirusD...re.exe
windows7-x64
10AntivirusD...re.exe
windows10-2004-x64
10AntivirusD...t3.exe
windows7-x64
6AntivirusD...t3.exe
windows10-2004-x64
6AntivirusD...t3.exe
windows7-x64
6AntivirusD...t3.exe
windows10-2004-x64
6AntivirusD...re.exe
windows7-x64
10AntivirusD...re.exe
windows10-2004-x64
10AntivirusD...us.exe
windows7-x64
9AntivirusD...us.exe
windows10-2004-x64
9AntivirusD.../c.exe
windows7-x64
1AntivirusD.../c.exe
windows10-2004-x64
1AntivirusD.../f.exe
windows7-x64
1AntivirusD.../f.exe
windows10-2004-x64
1Analysis
-
max time kernel
144s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20240419-en -
resource tags
arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system -
submitted
28-04-2024 03:37
Static task
static1
Behavioral task
behavioral1
Sample
AntivirusDefender-main/AntivirusDefender/AntivirusDefender/Resources/antivirusfalsepositivetest3.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
AntivirusDefender-main/AntivirusDefender/AntivirusDefender/Resources/antivirusfalsepositivetest3.exe
Resource
win10v2004-20240419-en
Behavioral task
behavioral3
Sample
AntivirusDefender-main/AntivirusDefender/AntivirusDefender/Resources/antivirusfalsepositivetest4.exe
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
AntivirusDefender-main/AntivirusDefender/AntivirusDefender/Resources/antivirusfalsepositivetest4.exe
Resource
win10v2004-20240419-en
Behavioral task
behavioral5
Sample
AntivirusDefender-main/AntivirusDefender/AntivirusDefender/Resources/usbwrite.exe
Resource
win7-20240215-en
Behavioral task
behavioral6
Sample
AntivirusDefender-main/AntivirusDefender/AntivirusDefender/Resources/usbwrite.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral7
Sample
AntivirusDefender-main/AntivirusDefender/AntivirusDefender/bin/Debug/AntivirusDefender.exe
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
AntivirusDefender-main/AntivirusDefender/AntivirusDefender/bin/Debug/AntivirusDefender.exe
Resource
win10v2004-20240419-en
Behavioral task
behavioral9
Sample
AntivirusDefender-main/AntivirusDefender/AntivirusDefender/bin/Debug/defender.exe
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
AntivirusDefender-main/AntivirusDefender/AntivirusDefender/bin/Debug/defender.exe
Resource
win10v2004-20240419-en
Behavioral task
behavioral11
Sample
AntivirusDefender-main/AntivirusDefender/AntivirusDefender/obj/Debug/AntivirusDefender.exe
Resource
win7-20240221-en
Behavioral task
behavioral12
Sample
AntivirusDefender-main/AntivirusDefender/AntivirusDefender/obj/Debug/AntivirusDefender.exe
Resource
win10v2004-20240419-en
Behavioral task
behavioral13
Sample
AntivirusDefender-main/AntivirusDefender3.2.bat
Resource
win7-20240221-en
Behavioral task
behavioral14
Sample
AntivirusDefender-main/AntivirusDefender3.2.bat
Resource
win10v2004-20240419-en
Behavioral task
behavioral15
Sample
AntivirusDefender-main/JigsawRansomware/JigsawRansomware/JigsawRansomware/bin/Release/JigsawRansomware.exe
Resource
win7-20240215-en
Behavioral task
behavioral16
Sample
AntivirusDefender-main/JigsawRansomware/JigsawRansomware/JigsawRansomware/bin/Release/JigsawRansomware.exe
Resource
win10v2004-20240419-en
Behavioral task
behavioral17
Sample
AntivirusDefender-main/JigsawRansomware/JigsawRansomware/JigsawRansomware/bin/Release/JigsawRansomware.vshost.exe
Resource
win7-20240221-en
Behavioral task
behavioral18
Sample
AntivirusDefender-main/JigsawRansomware/JigsawRansomware/JigsawRansomware/bin/Release/JigsawRansomware.vshost.exe
Resource
win10v2004-20240419-en
Behavioral task
behavioral19
Sample
AntivirusDefender-main/JigsawRansomware/JigsawRansomware/JigsawRansomware/obj/Release/JigsawRansomware.exe
Resource
win7-20240221-en
Behavioral task
behavioral20
Sample
AntivirusDefender-main/JigsawRansomware/JigsawRansomware/JigsawRansomware/obj/Release/JigsawRansomware.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral21
Sample
AntivirusDefender-main/antivirusfalsepositivetest3/antivirusfalsepositivetest3/bin/Debug/antivirusfalsepositivetest3.exe
Resource
win7-20240220-en
Behavioral task
behavioral22
Sample
AntivirusDefender-main/antivirusfalsepositivetest3/antivirusfalsepositivetest3/bin/Debug/antivirusfalsepositivetest3.exe
Resource
win10v2004-20240419-en
Behavioral task
behavioral23
Sample
AntivirusDefender-main/antivirusfalsepositivetest3/antivirusfalsepositivetest3/obj/Debug/antivirusfalsepositivetest3.exe
Resource
win7-20231129-en
Behavioral task
behavioral24
Sample
AntivirusDefender-main/antivirusfalsepositivetest3/antivirusfalsepositivetest3/obj/Debug/antivirusfalsepositivetest3.exe
Resource
win10v2004-20240419-en
Behavioral task
behavioral25
Sample
AntivirusDefender-main/antivirusfalsepositivetest4/antivirusfalsepositivetest4/Resources/JigsawRansomware.exe
Resource
win7-20240215-en
Behavioral task
behavioral26
Sample
AntivirusDefender-main/antivirusfalsepositivetest4/antivirusfalsepositivetest4/Resources/JigsawRansomware.exe
Resource
win10v2004-20240419-en
Behavioral task
behavioral27
Sample
AntivirusDefender-main/antivirusfalsepositivetest4/antivirusfalsepositivetest4/Resources/blacklotus.exe
Resource
win7-20240221-en
Behavioral task
behavioral28
Sample
AntivirusDefender-main/antivirusfalsepositivetest4/antivirusfalsepositivetest4/Resources/blacklotus.exe
Resource
win10v2004-20240419-en
Behavioral task
behavioral29
Sample
AntivirusDefender-main/antivirusfalsepositivetest4/antivirusfalsepositivetest4/Resources/c.exe
Resource
win7-20240220-en
Behavioral task
behavioral30
Sample
AntivirusDefender-main/antivirusfalsepositivetest4/antivirusfalsepositivetest4/Resources/c.exe
Resource
win10v2004-20240419-en
Behavioral task
behavioral31
Sample
AntivirusDefender-main/antivirusfalsepositivetest4/antivirusfalsepositivetest4/Resources/f.exe
Resource
win7-20231129-en
Behavioral task
behavioral32
Sample
AntivirusDefender-main/antivirusfalsepositivetest4/antivirusfalsepositivetest4/Resources/f.exe
Resource
win10v2004-20240419-en
General
-
Target
AntivirusDefender-main/JigsawRansomware/JigsawRansomware/JigsawRansomware/bin/Release/JigsawRansomware.exe
-
Size
60KB
-
MD5
14a2065165fca7f48b20123ea1ca8d2d
-
SHA1
f6371909e9b9751d3f7539a75ec0f024cd3094bf
-
SHA256
cb8068f6f5623b19fea0e5e8657ea059283dc7fbb04ac61c204b8fcf9b09cc3c
-
SHA512
eadd1e658b19805cc64a8a9a391f42fcae5c410c89b95a1b2e5d8615aadc1e873fb67e214fff5f96163b8340bc37443cfbb4d50eccd2b8e06b6294f503adf103
-
SSDEEP
1536:f2Dyv30ZpBzKmGIZUY1sIzYi7D10Py7j:+Dy2pBzbZUYxYID6a
Malware Config
Signatures
-
Jigsaw Ransomware
Ransomware family first created in 2016. Named based on wallpaper set after infection in the early versions.
-
Renames multiple (3911) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-3411335054-1982420046-2118495756-1000\Control Panel\International\Geo\Nation JigsawRansomware.exe -
Executes dropped EXE 1 IoCs
pid Process 2864 drpbx.exe -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-3411335054-1982420046-2118495756-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\firefox.exe = "C:\\Users\\Admin\\AppData\\Roaming\\Frfx\\firefox.exe" JigsawRansomware.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\cs-cz\ui-strings.js.fun drpbx.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\en-il\ui-strings.js drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-black\iheart-radio.scale-100_contrast-black.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\Stickers\Sticker_Spiral.png drpbx.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\images\rhp_world_icon_hover_2x.png drpbx.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\de-de\ui-strings.js.fun drpbx.exe File created C:\Program Files\7-Zip\Lang\ca.txt.fun drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\images\FilePowerPoint32x32.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-64_contrast-black.png drpbx.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\nb-no\ui-strings.js.fun drpbx.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.scale-80.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\contrast-black\MixedRealityPortalAppList.targetsize-32_altform-unplated_contrast-black.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\BadgeLogo.scale-200_contrast-white.png drpbx.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\fr-ma\ui-strings.js drpbx.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\FetchingMail-Dark.scale-100.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxMailLargeTile.scale-100.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-72_altform-unplated_contrast-white.png drpbx.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\1033\AccessRuntime2019_eula.txt drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Images\no_camera_dialog_image01.jpg drpbx.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxA-Yahoo-Light.scale-125.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_2020.1906.55.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\AppxBundleManifest.xml drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\WideTile.scale-200_contrast-white.png drpbx.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\ICU\icudt26l.dat drpbx.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-black_scale-100.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_2019.19071.12548.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\PhotosMedTile.contrast-black_scale-125.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-96_altform-unplated_contrast-white.png drpbx.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\sk-sk\ui-strings.js.fun drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-30_altform-unplated_contrast-white.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\AppIcon.targetsize-64_altform-unplated_contrast-white.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherImages\210x173\1.jpg drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderLogoExtensions.targetsize-40.png drpbx.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.scale-180.png drpbx.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\nb-no\ui-strings.js.fun drpbx.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\images\themes\dark\digsig_icons_2x.png drpbx.exe File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-black_scale-80.png.fun drpbx.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\security\policy\unlimited\local_policy.jar.fun drpbx.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\images\s_radio_unselected_18.svg.fun drpbx.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\cs-cz\ui-strings.js drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_neutral_split.scale-100_8wekyb3d8bbwe\images\Wide310x150Logo.scale-100.png drpbx.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Scan_visual.svg drpbx.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\sk-sk\ui-strings.js.fun drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-black\StoreLogo.scale-100_contrast-black.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\StoreAppList.targetsize-256.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-256_altform-unplated_contrast-black.png drpbx.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_invite_24.svg drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe\Win10\Classic\TriPeaks.Wide.png drpbx.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\en-gb\ui-strings.js.fun drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\BadgeLogo.scale-100.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsSoundRecorder_10.1906.1972.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\VoiceRecorderWideTile.contrast-black_scale-200.png drpbx.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\js\nls\fi-fi\ui-strings.js drpbx.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\illustrations.png drpbx.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\Client2019_eula.txt.fun drpbx.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\ui-strings.js.fun drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftEdge.Stable_92.0.902.67_neutral__8wekyb3d8bbwe\AppxBlockMap.xml drpbx.exe File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsFeedbackHub_1.1907.3152.0_neutral_split.scale-125_8wekyb3d8bbwe\AppxManifest.xml drpbx.exe File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.XboxApp_48.49.31001.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\GamesXboxHubLargeTile.scale-125_contrast-white.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\TrafficHub\contrast-white\SmallTile.scale-200.png drpbx.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Download_on_the_App_Store_Badge_en_135x40.svg.fun drpbx.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxCalendarSplashLogo.scale-400.png drpbx.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\root\ui-strings.js drpbx.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\LinkedInboxLargeTile.scale-100.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\OutlookMailSmallTile.scale-200.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\MapsAppList.targetsize-96.png drpbx.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\it-it\ui-strings.js drpbx.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 2 IoCs
description pid Process procid_target PID 4648 wrote to memory of 2864 4648 JigsawRansomware.exe 85 PID 4648 wrote to memory of 2864 4648 JigsawRansomware.exe 85
Processes
-
C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\JigsawRansomware\JigsawRansomware\JigsawRansomware\bin\Release\JigsawRansomware.exe"C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\JigsawRansomware\JigsawRansomware\JigsawRansomware\bin\Release\JigsawRansomware.exe"1⤵
- Checks computer location settings
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:4648 -
C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe"C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe" C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\JigsawRansomware\JigsawRansomware\JigsawRansomware\bin\Release\JigsawRansomware.exe2⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:2864
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_remove_18.svg.fun
Filesize720B
MD561947d0907c945a6df0f1d86b894e4c7
SHA1fd488589b551ef61957bc329d1a10a4dd20481db
SHA256cfa663ff1da533b46726d1761848a327ff515ee7dd4bb395a9430f6cbc568bdd
SHA512296a37e91d1fbce5e951413e09b240db31eef5ff88ce783a506cb40151dfc394465e0ba617f8d2ce4310a1432b969d88873e74905012b65492cdccd11a874981
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\icons.png.fun
Filesize7KB
MD5a842db7ac1990b29e2c453d22188eafc
SHA1562adae12978c15a03c541c86a930d306d1a3618
SHA256577aceff95acfa55f729b8c56d5a5848d55d76ac0664b7ad4e32f1ffbc6729f3
SHA51221639cb95779a49f24fa1fc74e2c26eba8040800b2f3fcba8815b41a915cb7710d2d528d00fb9d3acce8a74ce155a83e0f1b24fd7f4614934405d10211a19554
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\icons_ie8.gif.fun
Filesize7KB
MD5f13b68445c6a611c58b69d0663adcd41
SHA1f4405939a8ce9d73be0b9e95bc694c0e3187d4f5
SHA256dfa70d2305ea3cc4ceedf503877087e358697aba61f28e6afe310af68dddfcee
SHA512c2e8e3fda0588bf6bf8385c654a245a597ba146e5877943db63d0f2177833de3a1e0f6118d318071f07a2c0a107001bfeac901119e036b15ebf5dfa6b7795f28
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\icons_retina.png.fun
Filesize15KB
MD5c8fc25207f8ceecd9227242be2efbac3
SHA146f774b5a0f7cbd381d4434ce8e50de84c3c0c12
SHA256bab54850e29f9ebc93b283187ef71904745c380cf99f7b2fa75de22a59ed3d97
SHA5128ebfe4584beb21ad2a82da8ad799aebb00e52b5c819775f4df6dbf6dd2435f45514cbb15747baaea6018d476f43ea2c7ba66f6103b551ccf55ae3642167bc653
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\new_icons.png.fun
Filesize8KB
MD5b5d8672c3a1c0c03ea94ed8e7545b730
SHA195dc280bb5e13b9979952cc20f30f6830f184901
SHA256fca20ec5c665941480e92223fc4719aac0b3235a7f115d2574d7129e7e6ee348
SHA512de8da4e24416eda326404a717e77a8d810aa6f995c5fd545c9da1ef8cb47fa9786628d3ac3273f165167e4ea4f63532303f07518c85f8198adbfd89f0342f7c3
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\new_icons_retina.png.fun
Filesize17KB
MD5ce629e483860631759ed4b212ade9bfb
SHA1f5b4a74fcd8a4c203febcbcf808d2581959ab442
SHA2565091a8ca0d8b0b72af4059110ad2197a423e2ddf8c8cc15e6a7f468c3fb2a78e
SHA512d530e96e76b674605c4cf5ec30288ad4ea93399021ba88d68961cee3b158aed0e56729925a025ab355a888dda8d668780723aa3decfdebbeabfb6d5109504b42
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon.png.fun
Filesize448B
MD5cab6c8585046fdcc0b2600cef0cb22aa
SHA12b0ce8b6523310938dceeec9fb9c9d864acc2f6b
SHA256628b2ec6f6336318df443543de6a8a1d16e3b3400753e75a54e7a68cac604720
SHA5128a88ceb9ec69d8f3cb6ac5965d7498fecb83e9c64f18d96c385ffffd9eae8fcebdc382c8a2c4b4b45581995fd1bc77e0afb0d3c568a6ce2907543092b3e6f992
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_2x.png.fun
Filesize624B
MD5363b1b98d976980f0af736f587e99651
SHA14c9dbdd0523152e757c445a0495cb0572306b5f9
SHA256bb70106809438ed5d550b69ae3d5119ecb46c75f7d8e0dddddd18e2967df73d0
SHA512ca1c0b3690e7c9ce985a7f6ff2af321685d365d5ce61d700d2d17afd231cce067c01372faf43e2634414e3e6aa0c1ebdcadbdcab7c46eab759d6e4e584030e7a
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover.png.fun
Filesize400B
MD5296b9b5580cc931820d1a1e62c29c41a
SHA1484d786dc7196520072ec4a4952ec96d88ed6e26
SHA256a36df9606a73c204e04696b1930d23c3581d33876d2b1510c9d324996186247c
SHA51258e4b6c8014c9413540733003a2075c74ce9170bfdcfc27db79b795616988d91f58b7f3234183850a24a6b38ef2b4befdc61bae828a0d50bb79e729e51e458ca
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover_2x.png.fun
Filesize560B
MD5355f9c4064151c7089fbe1126af0cb77
SHA1b138c3b0563efc29dc3ed24180dcd46cec5819b4
SHA2560d8584a9d9fbf7c7b0b54f69b308da3204281c93aa1bf2f83c02e129c73a987e
SHA512cc39d40c5058cee42fd451210b64def65499a5e2abe1475426aa88b65305e3b0a7572b7a0de15756ab68660d899bfd0c28fb62c2b6920c98d0a7e1896e292905
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon.png.fun
Filesize400B
MD5b9928ad5ffa158894354df8b8ff6b23f
SHA1e228563a9873a502801dda31c3d33be880080251
SHA256e1a2e7cd9fe8586b95860da7c13d7b9407797ab253573c24fe423c8bc4485cf7
SHA512d18f4fe5500a0cd70092f22f414895782cb8f3f3040c627a21ddafb1295faa146bf158e8b71ed4741f53c096b13d24d1046f7c6d6753fe0fe9a72b496f1093a6
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png.fun
Filesize560B
MD52e7765187796a13a10d805e0ee978a6a
SHA1c7a8e4989068703a552b2cfe13e2411a621114f2
SHA256cf050c014f972d74e2e9ef5aab5dab5ca46fb1344d07539aa4071305f51d2b9e
SHA51273fd7b93efc84fb8a7c63eca4b51c85a33c85db58c2e98161bb2045ad06fc60479a0cf672346a0fd9ee30ed4cd28e565310921315180400cab56561ce0f9ed40
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png.fun
Filesize400B
MD5d86ab3c169ebf736f5109312a9ce1c27
SHA1513eacceed79aeba7c7ef521759d65e73edb368b
SHA256aca7c25306834d60e990bbff5a59d35171811a4cd764cd6f19ed7f3d60678a6c
SHA512ae27bd93e06be3c9e392ad9ed852e5b06828ab298a7e91ea58411b04cc7997858f6d3e891212a044dde51307f9cf759fb18e90c6d3afa7e78ed8f404116ec0c4
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png.fun
Filesize560B
MD5ba92eb229413a4997d609cb7c32a262b
SHA17e3d458cb15bdd2b4dfb48cd636b915f1e216d69
SHA256307ed4b76842f00b9b5ccbdfee3dbe845027badaf9fefa0f270ffdb37d053195
SHA5124d532be35dbee30672cc2734717c827cc1ba3e9961fe5068bc21b0826edfceaabbf9e8511ed60b03522fa8f02f3c028c5c815727628a29217a8a843200ae3925
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\images\example_icons.png.fun
Filesize688B
MD579928359f473ca412b6619daa126ea4a
SHA155d1f1d741b2327b2853a26b9c55712460ab6433
SHA25626bc3338fa8e8f825c0e8fef85c572df98afa06dfd09dcbf6be0be93a0e7644e
SHA5126e976147cec5201ed7d9543db2b335d007dc159f571e7df373d4efd28625255c53e47d76e21ff514de08887b15995111ba68ae0b047678d5c64387465729e52e
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\images\example_icons2x.png.fun
Filesize1KB
MD527c2ae5ec13d9be007de8f3bd3577b19
SHA10b4fb7f92ed8c9a72bb48a2b6ff4dd0eeac45f5c
SHA2569bc2e43816cd6586b50b94902b7beac1291a4123b9ca38fa2f3cb6bf647cb9a8
SHA512832d67e486247748c3eafff6c9c0b3a039203c349c31677d26361e0f66c1e0e1e671f637be9c6dc22687b7ec77cd3ac4bc1a2d7eeac3e67204b79dfc2f664e4d
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\bg_pattern_RHP.png.fun
Filesize192B
MD5840221d27a09a3080a93c1f4bb265f5e
SHA16ed12d47df1500f7ad56ce0e3e43fa803dc040c0
SHA2569999fa3e8b7b136d9688bc0bb42a144fab43263998c28850facdcf0def8d6360
SHA512cc4afa07c610dba58ac80779196edaf2a745c733bcbb3b1a581ddf36c0a3f4e79a70e93ee448074d3f06f25362919140288ba59e71fc21a89ba46688434db7d7
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\bg_patterns_header.png.fun
Filesize704B
MD5a967c33396482152971c0a3dd54053a2
SHA12d8cf663746ad928d0ebfcf87af685988f540aca
SHA256107c2a1239238755e33ce29ef7b000935ede80dc9fdf544182d01e5c330a5a6e
SHA51263e990a4d044c2414571481e6fd40bf30d1bc59c009b6b497eef062c9b2b3443005caf0dd014055d2da08e2f7e8a12d7c324f6c63430b1bfd95d14088c9b7162
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\illustrations.png.fun
Filesize8KB
MD5a48c79d6485aa84f70909e0deac5afc6
SHA15885dd3d8553862554312632d40b04ecc583e09e
SHA25602f138096bc96757a83a6b42e855007d6f4fd1c8390c220fb5f428219253d573
SHA5123615eba5102df9ad4bc8aafa4c43ad3a43afb617f49607789c8a6c0fb80d0fc4f5a625ba27600b5e7f6ef302dfdedee3022d61ae202dfa6c319762befc31ca46
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\illustrations_retina.png.fun
Filesize19KB
MD5a5b25141ae69df8e8627814bc7da55e7
SHA1862ab0471f3d3415ded16e77f2542f84023fe8ad
SHA256bc2276d83723961e25e621e4400a2aadefb95f1e38642ba2fd8c4e7f83dda6a1
SHA512b9b0b0c3e5bf9026e684ef38ee576aab142ccb9a19759834d30771df121a0f87167d298bfda2d341055c1949e203102e88d5195a53ab96eb18ec2c6e70d614cc
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\en-gb\ui-strings.js.fun
Filesize832B
MD5f9d942430d103eb14bb89a8b06dd354c
SHA128c8f183fc1c03eb2f69dfc662c0d47f25dceb9c
SHA25630f745264662bb65ea8e073548faa9cbb594394fe6bb8f238fd463cd4b19a16b
SHA51251994cfee07ebe1f030eb609f5d70c42b15f7f4d7a7e7e82c44682048b405ccc52cc33aed16ac21ac189d378eb93db093e32c50ece0d1c6bb5687fa1451ffea5
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\ui-strings.js.fun
Filesize1KB
MD5254e6e1f919c82e7e6386148f4fd8b85
SHA14b16f83c625875047f0e397bd22c318e3dc401f5
SHA2566fd7ad452179754ac6fe6ee17a1e9ca7277173e23096153ab776cb5c572f19f5
SHA512b9d8f88e89da06a98685ef2dab1f85115defd342d09527fcdf81712b000800fa1350db0ba085e2fc9df29ba0da394346a9d2c68395a3f9509d525e155d986ca4
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\ui-strings.js.fun
Filesize1KB
MD5c8df49bb4bbdc9da2bcab074f61beb09
SHA17bec3ca11d7533d9853d2a9a6ba2dfeb7d8201a8
SHA256ef67108356c94c9c8826ab0a667fb88add02381715a352f9be62ee92ad781647
SHA51253b472bdc116931819173f7385d23a8becfce39f63fcd451962bc3c6d0e117fc5f2e7ae6dac3297bf778bb35b06d5d514c10dc882ed3a5d958f8f5cdd979a213
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\bun.png.fun
Filesize2KB
MD55a7c257c74c8c7d5352b57cde2f0b55c
SHA1ef9cac32cb1329bef6857173abee2fff4cac3ac6
SHA256b2a557b40c73eb81ca22b167c4a6ac1f43622c59b2d85e5f43119769c6d6b6f5
SHA512031764f3fb1194d778a84a294df4e0509ba00e50ddefe3a6cf7a655f48219cc38e53f5c47a56646d6ea63275ed56d19328c7b82f14e717a688d6181093764928
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview.png.fun
Filesize2KB
MD52ac07813a74d6adaa3e44db55e899e09
SHA1a0447b0b95d442c2d770987b1e007826cdae98a2
SHA256b770a96d153a9e662d5a586e571ba9687a0995b9dccf3f50afdb5dba8da465d9
SHA512940e4a99d233d99b1b342c4a8d032ce70f66ef0134d57b3c13f1cdde780453e32f54f442fe9255cfe73cc9e478f72f707a383a156aa924a95ffbd3cfc840a94c
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview2x.png.fun
Filesize4KB
MD52613b34bca30302406bbfa57c93b6c0f
SHA104a4e32759eb78be5d4397916bc9e51090fa4333
SHA25653bbcb949a287d7ac25e7a31d671cd9eb11ac609f7344a38aaa5c2f165dc4093
SHA5124c170f25c9d3238cc6572ff5522495effab28c7e0047a44eaba8939d2da46950ff9f8f1329b923d82b0b8a3e28de735dd41ebaf83711eb20b2fa52ba82f23855
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small.png.fun
Filesize304B
MD5e4e7837a4f0c71864f2ed00e23aae8e0
SHA1c35796c887fb94fc2112caf3921ba504570dde1e
SHA256e69aa05159c50cb7dc9083dcd34a21f811aa80ca24e67eda8fca86c244d9a483
SHA512296817bbf0f9faafa16577edb105f560be7a27ded19370efbbe9e14657fca5c202d3f19d0f001de5d9119fdef304e099bafda922135f679b487afe05e36d4fbb
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small2x.png.fun
Filesize400B
MD530c5fafcb889cfdfef7a7373c623221b
SHA1e4a12b7ef07ca5780ebe205201be538a34fc6154
SHA256b2bf549220418c47e80507084b43eeccd85c0a43f4da74de6858fc96dd3020af
SHA5124a621fa79335711dab7dbde3bf0fd30979b15c2f48eff9b867a0cde99ddc67a97d612ea0472db9903c5cb5555800907b8a183cf499f55d186a42fe0ad6fb023b
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\nub.png.fun
Filesize1008B
MD53c501b84ed7912d164470fb2024d29ba
SHA1f54ec8a32fe7a67acfcbd48e789c0b5d2c0b6816
SHA256d1ba5eb730cc20b906290b76d64d2697896cc25ab4d782588f98c62c9b7ea1bc
SHA512cf9adc56a6685c7f5131d703238752700cfe9b32133ee38f6e828b658dbd64af9732509a47abee3958c5cc22f3685f10cc27a1d5d76f7459b99498310fb6cdb9
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons.png.fun
Filesize1KB
MD5242c795c3e07e4f7e1db97121e007727
SHA1c0704070f2026d817b82f71878e334be06bab551
SHA2562ab2f7f6b540d3bcab915e7626db8db6ed71736ba7da94ce2ca4366d440cd822
SHA5128b990d5a35b324ebbd5ee6d6d88d74e783e211f3c778162dfdf1577e2d3c6cc32693117fbfd1175ad34d7bb46e05504e8ccdcdc116a6895eee31f50d583289cb
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons2x.png.fun
Filesize2KB
MD5a06ee81cc9009bcac3c9a5af0dab2b1d
SHA1b95ada870dd0ebfd4058b6710076d750186ca151
SHA256c82b8a9a8fa45f93bc000a754e07e9922fc1788f9d54bcdd0b4c6869145c613e
SHA512b4271b58a89b37e2c48584778eeb08668e2d32026f98990fb017215e854a7006184f09149e478bd95a5b15027e308b61982f5a2275b998174bdf281736edece8
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\nl-nl\ui-strings.js.fun
Filesize848B
MD5fe2afee9fcdf2d43940944ebd1145480
SHA1986b8b7ce80ec8b8e223f95b508532e69cd49c05
SHA256116b7fbce50c3c08cc73efca3439106f4f2e00012794fbad81ebff4598066a42
SHA512b66aec41ffabc4d1566b2316de80efe3528d2ad5dd8b0030d1a127d58c0f9257c8b76ca7c301199e92213eb35f1d557a85062dc8c432e5c554590f0a91d2ceaf
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_US_POSIX.txt.fun
Filesize32KB
MD5aec7bd7c96948d97d13c7df53988e89c
SHA17b906b88009e7509324ae92dc8a32ae4fb38626c
SHA25615fcb7c77cf60f287e9c81ec8053a9cdd1aa8bc0413734e8a1499a9de635c6d0
SHA51227d12f825c16d1d5349f53a23d57f71eb8d4534a1ae4af2c4eead9cda09a4440dadc518a8887a3ea818494cb6319fc82ab8147cdb85958e9b344400b7d6b2803
-
Filesize
160B
MD5000e8c41d4a15fb34d0be0dbb56e3778
SHA100c4eae64ee6239d7c65d819c6ce1ac329224f8c
SHA2568bdfa6a5b7de345cf0d4fe0e9c17d8b0e9db26d58b05b1b2ebbb3a05a068ff28
SHA512775d832eb8ab73e4a93789917dca69edb6c91fbb426e02acf7c6e213ffb4575776187209d1c471fbf57c4621ea3c23d9850f6dfc2770d62c17de9d66710800af
-
Filesize
60KB
MD514a2065165fca7f48b20123ea1ca8d2d
SHA1f6371909e9b9751d3f7539a75ec0f024cd3094bf
SHA256cb8068f6f5623b19fea0e5e8657ea059283dc7fbb04ac61c204b8fcf9b09cc3c
SHA512eadd1e658b19805cc64a8a9a391f42fcae5c410c89b95a1b2e5d8615aadc1e873fb67e214fff5f96163b8340bc37443cfbb4d50eccd2b8e06b6294f503adf103
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat.fun
Filesize8KB
MD5420960c4b17842a24bbf117222c60e47
SHA14e2f5bc3a3fe7da4ea60dfaae851b1b88e48751d
SHA256e94c37d7dc8dd954bfee8e340abc882bc361baf0d3771ed442ed625a3bcb0174
SHA512b42f16f6fca9b66d49a2ad7c80e56c51e04d023a4ae50e984dbd267e204682ecbb929fefb5c7ee67775597773b08b6bd39416f13b87f1782cf8c5d553ecd7ce5
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{f5f563ab-8370-4daa-939e-05085f5b46bb}\0.1.filtertrie.intermediate.txt.fun
Filesize16B
MD59817c637ea440822e5d3ff2144d17467
SHA184080fede70d3544aad82976cec9b51c83c472ec
SHA256df1b3b60351e48245d6ac589c68ddf77dba1aa9ba12427405b90daa9143d8252
SHA512399bd0074e50829c3f5b5000c5e6da863de969adab921b5244da53ae35661ffbc24687176ecc1411f0da78d6a186c999846d454c365500f9833607095a0f2373
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{f5f563ab-8370-4daa-939e-05085f5b46bb}\0.2.filtertrie.intermediate.txt.fun
Filesize16B
MD52a89b7646b4d795f4bfc5bb4269138e7
SHA1ff1ffe4b11ab6094419b961bcdc9b923369293bf
SHA2569dd722337fac6f6363c0697082384f6866d27ad7f5f3d541cb494c91afe14c16
SHA5124a2cfc5c842227c576b3f93962fa38001db85ae56f5989880e6938c31cc77718b69d94c900cbe150d2126d1952242450981bf2f3f148909b5e056d69579bf3d9
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133579837687940046.txt.fun
Filesize77KB
MD584543c6c709f9c2009f20f824343b548
SHA1a852056ba71f5358386d42faf953d8360a54b059
SHA25696960cc8afb0a7eb80ea1adaf4054d1840858bb8b9344a92ea0c6dc3ca45a109
SHA512382d5176adf3bf6f4c5a0c1a424d7aeaafde28a5fb346559d77cc1dfd1ee5d64abd5cf346133d3ebf2150af4a51a87665725015bb4f8282e3c8a0c5065132159
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133579839712016426.txt.fun
Filesize47KB
MD58eb33deb070dea083fc1dc981b741048
SHA13879ea8e64264780832ce8b1578c0ce246654f7f
SHA256cd39723e3ce468f5e47f0e901d6b08a11408b22673091a04b047441b2363a696
SHA512d190b64314a4bfcf6b2e207978bd85e69ce2c8dbf320608cafe74db10f47457e6de5ec57f80f1e94410d40214207d227f5f360f85786285ce4ca720db3e12ea9
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133579846092837203.txt.fun
Filesize66KB
MD596c01ecfb4fc486b64b7e292c1b1a8d4
SHA18bcec94ebd884f137d9792dfd964176d9430ab87
SHA256fe7aea111c602983ebdbd966f47bad5b9a4da03f1b52b794860ef39634eed69a
SHA51289df28f533cd3d14e4f0366952d1b4a220e9874388264576084d9e9b2bdbde8bd5d001e43d245bd2fa8ed64210fad02294c2a76d302d23e4dbd4d0bd9679eb02
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133579877339107394.txt.fun
Filesize75KB
MD551ede7239da9b23b67073354dacb8064
SHA122fc847bbb7b72b55e7ecd6e1c39de3d26b796f3
SHA25668b331e1b26339f4ae120f2a83fb3f9876c46433281bb6622ace34f95e3de9d6
SHA5129d05397371f8c44a1e7b1bb455ad75c6758ac7b5672dd712b8749372281bd8e2bd47b221aa021967ce07ae07f13b14d89cc54b70e52a7b4294144f381ecde77c
-
C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\JigsawRansomware\JigsawRansomware\packages\Newtonsoft.Json.10.0.3\lib\net45\Newtonsoft.Json.xml.fun
Filesize658KB
MD5e3ab3f6e3dd3856197ef93ab05bc2048
SHA105a5ebab502ac54af84109bf361cfbab147d4eb4
SHA25689ab2878576875ad4b5f06ef7ee0f76311a86d87a50c17ec2d2e34dbe9c15fa1
SHA5124047bea983fa05ee89257fcfa060fb6ec4c01e33f948a3277792f9f1a643a0f20d9b8c0f2dafd5619d7fd9d8d03f89ba36bcd681a0bb61d3265a388451a4ce5b
-
Filesize
16B
MD5cfdae8214d34112dbee6587664059558
SHA1f649f45d08c46572a9a50476478ddaef7e964353
SHA25633088cb514406f31e3d96a92c03294121ee9f24e176f7062625c2b36bee7a325
SHA512c260f2c223ecbf233051ac1d6a1548ad188a2777085e9d43b02da41b291ff258e4c506f99636150847aa24918c7bbb703652fef2fe55b3f50f85b5bd8dd5f6e3