Analysis
-
max time kernel
437s -
max time network
438s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
16-05-2024 07:46
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://github.com/LeechxSys/Jigsawsource
Resource
win10v2004-20240508-en
General
-
Target
https://github.com/LeechxSys/Jigsawsource
Malware Config
Signatures
-
Jigsaw Ransomware
Ransomware family first created in 2016. Named based on wallpaper set after infection in the early versions.
-
Renames multiple (3773) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation JigsawRansomware.exe -
Executes dropped EXE 4 IoCs
pid Process 2576 JigsawRansomware.exe 5748 drpbx.exe 5156 JigsawRansomware.vshost.exe 4472 JigsawRansomware.exe -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 2 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\firefox.exe = "C:\\Users\\Admin\\AppData\\Roaming\\Frfx\\firefox.exe" JigsawRansomware.exe Set value (str) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\firefox.exe = "C:\\Users\\Admin\\AppData\\Roaming\\Frfx\\firefox.exe" JigsawRansomware.exe -
Drops file in System32 directory 11 IoCs
description ioc Process File created C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSStmp.log svchost.exe File created C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSSres00001.jrs svchost.exe File created C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.jfm svchost.exe File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat svchost.exe File created C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat svchost.exe File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.chk svchost.exe File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.jcp svchost.exe File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.log svchost.exe File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.jtx svchost.exe File created C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSSres00002.jrs svchost.exe File created C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.chk svchost.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppPackageSmallTile.scale-200_contrast-white.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\contrast-black\MixedRealityPortalAppList.targetsize-48_altform-unplated_contrast-black.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-20_contrast-black.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\commerce\taster_post_call_illustration.png drpbx.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\SearchEmail.png drpbx.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\it-it\ui-strings.js.fun drpbx.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\zh-tw_get.svg.fun drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\BadgeLogo.scale-100.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-60.png drpbx.exe File created C:\Program Files\Microsoft Office\root\Templates\1033\TimelessResume.dotx.fun drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\Spacer\10px.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-black\StoreLogo.scale-150_contrast-black.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\MediumTile.scale-200.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.DesktopAppInstaller_1.0.30251.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-black\AppPackageWideTile.scale-100_contrast-black.png drpbx.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\hr-hr\ui-strings.js drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\webviewBoot.min.js drpbx.exe File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.XboxApp_48.49.31001.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\GamesXboxHubStoreLogo.scale-125_contrast-white.png drpbx.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\sl-si\ui-strings.js.fun drpbx.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\ipscat.xml drpbx.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-white_scale-100.png drpbx.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\ru-ru\ui-strings.js.fun drpbx.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\js\nls\nl-nl\ui-strings.js drpbx.exe File opened for modification C:\Program Files\Microsoft Office\root\vreg\excel.x-none.msi.16.x-none.vreg.dat drpbx.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\da-dk\ui-strings.js.fun drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.contrast-white_targetsize-60.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxCalendarAppList.scale-200.png drpbx.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\config.js drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Car\LTR\contrast-black\LargeTile.scale-100.png drpbx.exe File opened for modification C:\Program Files\7-Zip\Lang\af.txt drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_neutral_split.scale-125_8wekyb3d8bbwe\AppxBlockMap.xml drpbx.exe File opened for modification C:\Program Files\Microsoft Office\root\rsod\dcfmui.msi.16.en-us.boot.tree.dat drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe\Win10\MicrosoftSolitaireAppList.targetsize-16_altform-unplated.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxMailAppList.targetsize-48_altform-unplated.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Microsoft.Msn.Controls\EndOfLife\Assets\farewell.jpg drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_neutral_split.scale-100_8wekyb3d8bbwe\images\splashscreen.scale-100.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxA-Advanced-Light.scale-300.png drpbx.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-black_scale-80.png drpbx.exe File created C:\Program Files\Microsoft Office\root\Office16\ONENOTE.VisualElementsManifest.xml.fun drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppPackageAppList.targetsize-32_contrast-black.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\Assets\contrast-white\PeopleAppList.targetsize-24.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\ExchangeLargeTile.scale-200.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\AppIcon.targetsize-80_altform-unplated_contrast-black.png drpbx.exe File opened for modification C:\Program Files\Windows Media Player\Media Renderer\RenderingControl_DMP.xml drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\StoreAppList.targetsize-32.png drpbx.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\es-es\ui-strings.js.fun drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.contrast-white_targetsize-48_altform-unplated.png drpbx.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\ja-jp\ui-strings.js drpbx.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxCalendarLargeTile.scale-150.png drpbx.exe File created C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_glass_100_f6f6f6_1x400.png.fun drpbx.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\en-gb\ui-strings.js drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosLogoExtensions.targetsize-256.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\Assets\contrast-white\PeopleAppList.targetsize-16.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.targetsize-60_altform-lightunplated.png drpbx.exe File created C:\Program Files\Microsoft Office\root\fre\StartMenu_Win8_RTL.mp4.fun drpbx.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxAccountsSmallTile.scale-100.png drpbx.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_filterselected-dark-hover_32.svg.fun drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteSectionGroupSmallTile.scale-100.png drpbx.exe File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-black_scale-180.png.fun drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-80_altform-unplated_contrast-white.png drpbx.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\s_empty_folder_state.svg.fun drpbx.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\tool\selector.js drpbx.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\ca-es\ui-strings.js.fun drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteNewNoteLargeTile.scale-100.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\GenericMailWideTile.scale-400.png drpbx.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 taskmgr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A taskmgr.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName taskmgr.exe -
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz dw20.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString dw20.exe Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 dw20.exe -
Enumerates system info in registry 2 TTPs 5 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU dw20.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS dw20.exe -
Modifies registry class 17 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\cs_auto_file OpenWith.exe Set value (str) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\cs_auto_file\shell\edit\command\ = "%SystemRoot%\\system32\\NOTEPAD.EXE %1" OpenWith.exe Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\cs_auto_file\shell\open OpenWith.exe Set value (str) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\cs_auto_file\shell\open\command\ = "%SystemRoot%\\system32\\NOTEPAD.EXE %1" OpenWith.exe Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings msedge.exe Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings OpenWith.exe Set value (str) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\.cs\ = "cs_auto_file" OpenWith.exe Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\屗谀耋 OpenWith.exe Set value (str) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\屗谀耋\ = "cs_auto_file" OpenWith.exe Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings mspaint.exe Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\.cs OpenWith.exe Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\cs_auto_file\shell\edit\command OpenWith.exe Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\cs_auto_file\shell\open\command OpenWith.exe Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings OpenWith.exe Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings taskmgr.exe Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\cs_auto_file\shell\edit OpenWith.exe Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\cs_auto_file\shell OpenWith.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 4692 msedge.exe 4692 msedge.exe 1436 msedge.exe 1436 msedge.exe 4128 identity_helper.exe 4128 identity_helper.exe 3336 msedge.exe 3336 msedge.exe 5816 mspaint.exe 5816 mspaint.exe 3536 msedge.exe 3536 msedge.exe 3536 msedge.exe 3536 msedge.exe 2460 taskmgr.exe 2460 taskmgr.exe 2460 taskmgr.exe 2460 taskmgr.exe 2460 taskmgr.exe 2460 taskmgr.exe 2460 taskmgr.exe 2460 taskmgr.exe 2460 taskmgr.exe 2460 taskmgr.exe 2460 taskmgr.exe 2460 taskmgr.exe 2460 taskmgr.exe 2460 taskmgr.exe 2460 taskmgr.exe 2460 taskmgr.exe 2460 taskmgr.exe 2460 taskmgr.exe 2460 taskmgr.exe 2460 taskmgr.exe 2460 taskmgr.exe 2460 taskmgr.exe 2460 taskmgr.exe 2460 taskmgr.exe 2460 taskmgr.exe 2460 taskmgr.exe 2460 taskmgr.exe 2460 taskmgr.exe 2460 taskmgr.exe 2460 taskmgr.exe 2460 taskmgr.exe 2460 taskmgr.exe 2460 taskmgr.exe 2460 taskmgr.exe 2460 taskmgr.exe 2460 taskmgr.exe 2460 taskmgr.exe 2460 taskmgr.exe 2460 taskmgr.exe 2460 taskmgr.exe 2460 taskmgr.exe 2460 taskmgr.exe 2460 taskmgr.exe 2460 taskmgr.exe 2460 taskmgr.exe 2460 taskmgr.exe 2460 taskmgr.exe 2460 taskmgr.exe 2460 taskmgr.exe 2460 taskmgr.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 4056 OpenWith.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 1436 msedge.exe 1436 msedge.exe 1436 msedge.exe 1436 msedge.exe 1436 msedge.exe 1436 msedge.exe 1436 msedge.exe -
Suspicious use of AdjustPrivilegeToken 11 IoCs
description pid Process Token: SeRestorePrivilege 5744 7zG.exe Token: 35 5744 7zG.exe Token: SeSecurityPrivilege 5744 7zG.exe Token: SeSecurityPrivilege 5744 7zG.exe Token: SeBackupPrivilege 4420 dw20.exe Token: SeBackupPrivilege 4420 dw20.exe Token: SeDebugPrivilege 2460 taskmgr.exe Token: SeSystemProfilePrivilege 2460 taskmgr.exe Token: SeCreateGlobalPrivilege 2460 taskmgr.exe Token: 33 2460 taskmgr.exe Token: SeIncBasePriorityPrivilege 2460 taskmgr.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 1436 msedge.exe 1436 msedge.exe 1436 msedge.exe 1436 msedge.exe 1436 msedge.exe 1436 msedge.exe 1436 msedge.exe 1436 msedge.exe 1436 msedge.exe 1436 msedge.exe 1436 msedge.exe 1436 msedge.exe 1436 msedge.exe 1436 msedge.exe 1436 msedge.exe 1436 msedge.exe 1436 msedge.exe 1436 msedge.exe 1436 msedge.exe 1436 msedge.exe 1436 msedge.exe 1436 msedge.exe 1436 msedge.exe 1436 msedge.exe 1436 msedge.exe 1436 msedge.exe 1436 msedge.exe 1436 msedge.exe 1436 msedge.exe 1436 msedge.exe 1436 msedge.exe 1436 msedge.exe 1436 msedge.exe 1436 msedge.exe 1436 msedge.exe 5744 7zG.exe 1436 msedge.exe 5748 drpbx.exe 2460 taskmgr.exe 2460 taskmgr.exe 2460 taskmgr.exe 2460 taskmgr.exe 2460 taskmgr.exe 2460 taskmgr.exe 2460 taskmgr.exe 2460 taskmgr.exe 2460 taskmgr.exe 2460 taskmgr.exe 2460 taskmgr.exe 2460 taskmgr.exe 2460 taskmgr.exe 2460 taskmgr.exe 2460 taskmgr.exe 2460 taskmgr.exe 2460 taskmgr.exe 2460 taskmgr.exe 2460 taskmgr.exe 2460 taskmgr.exe 2460 taskmgr.exe 2460 taskmgr.exe 2460 taskmgr.exe 2460 taskmgr.exe 2460 taskmgr.exe 2460 taskmgr.exe -
Suspicious use of SendNotifyMessage 64 IoCs
pid Process 1436 msedge.exe 1436 msedge.exe 1436 msedge.exe 1436 msedge.exe 1436 msedge.exe 1436 msedge.exe 1436 msedge.exe 1436 msedge.exe 1436 msedge.exe 1436 msedge.exe 1436 msedge.exe 1436 msedge.exe 1436 msedge.exe 1436 msedge.exe 1436 msedge.exe 1436 msedge.exe 1436 msedge.exe 1436 msedge.exe 1436 msedge.exe 1436 msedge.exe 1436 msedge.exe 1436 msedge.exe 1436 msedge.exe 1436 msedge.exe 2460 taskmgr.exe 2460 taskmgr.exe 2460 taskmgr.exe 2460 taskmgr.exe 2460 taskmgr.exe 2460 taskmgr.exe 2460 taskmgr.exe 2460 taskmgr.exe 2460 taskmgr.exe 2460 taskmgr.exe 2460 taskmgr.exe 2460 taskmgr.exe 2460 taskmgr.exe 2460 taskmgr.exe 2460 taskmgr.exe 2460 taskmgr.exe 2460 taskmgr.exe 2460 taskmgr.exe 2460 taskmgr.exe 2460 taskmgr.exe 2460 taskmgr.exe 2460 taskmgr.exe 2460 taskmgr.exe 2460 taskmgr.exe 2460 taskmgr.exe 2460 taskmgr.exe 2460 taskmgr.exe 2460 taskmgr.exe 2460 taskmgr.exe 2460 taskmgr.exe 2460 taskmgr.exe 2460 taskmgr.exe 2460 taskmgr.exe 2460 taskmgr.exe 2460 taskmgr.exe 2460 taskmgr.exe 2460 taskmgr.exe 2460 taskmgr.exe 2460 taskmgr.exe 2460 taskmgr.exe -
Suspicious use of SetWindowsHookEx 26 IoCs
pid Process 5816 mspaint.exe 3692 OpenWith.exe 4056 OpenWith.exe 4056 OpenWith.exe 4056 OpenWith.exe 4056 OpenWith.exe 4056 OpenWith.exe 4056 OpenWith.exe 4056 OpenWith.exe 4056 OpenWith.exe 4056 OpenWith.exe 4056 OpenWith.exe 4056 OpenWith.exe 4056 OpenWith.exe 4056 OpenWith.exe 4056 OpenWith.exe 4056 OpenWith.exe 1036 OpenWith.exe 1036 OpenWith.exe 1036 OpenWith.exe 1036 OpenWith.exe 1036 OpenWith.exe 1036 OpenWith.exe 1036 OpenWith.exe 1036 OpenWith.exe 1036 OpenWith.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1436 wrote to memory of 3108 1436 msedge.exe 83 PID 1436 wrote to memory of 3108 1436 msedge.exe 83 PID 1436 wrote to memory of 3708 1436 msedge.exe 84 PID 1436 wrote to memory of 3708 1436 msedge.exe 84 PID 1436 wrote to memory of 3708 1436 msedge.exe 84 PID 1436 wrote to memory of 3708 1436 msedge.exe 84 PID 1436 wrote to memory of 3708 1436 msedge.exe 84 PID 1436 wrote to memory of 3708 1436 msedge.exe 84 PID 1436 wrote to memory of 3708 1436 msedge.exe 84 PID 1436 wrote to memory of 3708 1436 msedge.exe 84 PID 1436 wrote to memory of 3708 1436 msedge.exe 84 PID 1436 wrote to memory of 3708 1436 msedge.exe 84 PID 1436 wrote to memory of 3708 1436 msedge.exe 84 PID 1436 wrote to memory of 3708 1436 msedge.exe 84 PID 1436 wrote to memory of 3708 1436 msedge.exe 84 PID 1436 wrote to memory of 3708 1436 msedge.exe 84 PID 1436 wrote to memory of 3708 1436 msedge.exe 84 PID 1436 wrote to memory of 3708 1436 msedge.exe 84 PID 1436 wrote to memory of 3708 1436 msedge.exe 84 PID 1436 wrote to memory of 3708 1436 msedge.exe 84 PID 1436 wrote to memory of 3708 1436 msedge.exe 84 PID 1436 wrote to memory of 3708 1436 msedge.exe 84 PID 1436 wrote to memory of 3708 1436 msedge.exe 84 PID 1436 wrote to memory of 3708 1436 msedge.exe 84 PID 1436 wrote to memory of 3708 1436 msedge.exe 84 PID 1436 wrote to memory of 3708 1436 msedge.exe 84 PID 1436 wrote to memory of 3708 1436 msedge.exe 84 PID 1436 wrote to memory of 3708 1436 msedge.exe 84 PID 1436 wrote to memory of 3708 1436 msedge.exe 84 PID 1436 wrote to memory of 3708 1436 msedge.exe 84 PID 1436 wrote to memory of 3708 1436 msedge.exe 84 PID 1436 wrote to memory of 3708 1436 msedge.exe 84 PID 1436 wrote to memory of 3708 1436 msedge.exe 84 PID 1436 wrote to memory of 3708 1436 msedge.exe 84 PID 1436 wrote to memory of 3708 1436 msedge.exe 84 PID 1436 wrote to memory of 3708 1436 msedge.exe 84 PID 1436 wrote to memory of 3708 1436 msedge.exe 84 PID 1436 wrote to memory of 3708 1436 msedge.exe 84 PID 1436 wrote to memory of 3708 1436 msedge.exe 84 PID 1436 wrote to memory of 3708 1436 msedge.exe 84 PID 1436 wrote to memory of 3708 1436 msedge.exe 84 PID 1436 wrote to memory of 3708 1436 msedge.exe 84 PID 1436 wrote to memory of 4692 1436 msedge.exe 85 PID 1436 wrote to memory of 4692 1436 msedge.exe 85 PID 1436 wrote to memory of 3964 1436 msedge.exe 86 PID 1436 wrote to memory of 3964 1436 msedge.exe 86 PID 1436 wrote to memory of 3964 1436 msedge.exe 86 PID 1436 wrote to memory of 3964 1436 msedge.exe 86 PID 1436 wrote to memory of 3964 1436 msedge.exe 86 PID 1436 wrote to memory of 3964 1436 msedge.exe 86 PID 1436 wrote to memory of 3964 1436 msedge.exe 86 PID 1436 wrote to memory of 3964 1436 msedge.exe 86 PID 1436 wrote to memory of 3964 1436 msedge.exe 86 PID 1436 wrote to memory of 3964 1436 msedge.exe 86 PID 1436 wrote to memory of 3964 1436 msedge.exe 86 PID 1436 wrote to memory of 3964 1436 msedge.exe 86 PID 1436 wrote to memory of 3964 1436 msedge.exe 86 PID 1436 wrote to memory of 3964 1436 msedge.exe 86 PID 1436 wrote to memory of 3964 1436 msedge.exe 86 PID 1436 wrote to memory of 3964 1436 msedge.exe 86 PID 1436 wrote to memory of 3964 1436 msedge.exe 86 PID 1436 wrote to memory of 3964 1436 msedge.exe 86 PID 1436 wrote to memory of 3964 1436 msedge.exe 86 PID 1436 wrote to memory of 3964 1436 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/LeechxSys/Jigsawsource1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1436 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff825a646f8,0x7ff825a64708,0x7ff825a647182⤵PID:3108
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2004,3001572512232636042,16480535380084939621,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2244 /prefetch:22⤵PID:3708
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2004,3001572512232636042,16480535380084939621,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2316 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4692
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2004,3001572512232636042,16480535380084939621,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:82⤵PID:3964
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,3001572512232636042,16480535380084939621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:12⤵PID:3580
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,3001572512232636042,16480535380084939621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:12⤵PID:3128
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2004,3001572512232636042,16480535380084939621,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5148 /prefetch:82⤵PID:5100
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2004,3001572512232636042,16480535380084939621,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5148 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4128
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2004,3001572512232636042,16480535380084939621,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5572 /prefetch:82⤵PID:4724
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,3001572512232636042,16480535380084939621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:12⤵PID:3884
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2004,3001572512232636042,16480535380084939621,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5936 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3336
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,3001572512232636042,16480535380084939621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:12⤵PID:2012
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,3001572512232636042,16480535380084939621,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6052 /prefetch:12⤵PID:3020
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,3001572512232636042,16480535380084939621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5992 /prefetch:12⤵PID:5224
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,3001572512232636042,16480535380084939621,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5828 /prefetch:12⤵PID:5232
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2004,3001572512232636042,16480535380084939621,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4852 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3536
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5088
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3652
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:5444
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Jigsawsource-master\Jigsawsource-master\" -an -ai#7zMap28969:174:7zEvent152941⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:5744
-
C:\Windows\system32\mspaint.exe"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Downloads\Jigsawsource-master\Jigsawsource-master\JigsawRansomware\JigsawRansomware\Resources\Jigsaw.jpg" /ForceBootstrapPaint3D1⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:5816
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s DsSvc1⤵
- Drops file in System32 directory
PID:4524
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Suspicious use of SetWindowsHookEx
PID:3692
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Jigsawsource-master\Jigsawsource-master\JigsawRansomware\JigsawRansomware\Resources\ExtensionsToEncrypt.txt1⤵PID:3724
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Jigsawsource-master\Jigsawsource-master\JigsawRansomware\JigsawRansomware\Resources\vanityAddresses.txt1⤵PID:5404
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Jigsawsource-master\Jigsawsource-master\JigsawRansomware\JigsawRansomware\obj\Release\JigsawRansomware.csproj.FileListAbsolute.txt1⤵PID:4672
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4056 -
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Jigsawsource-master\Jigsawsource-master\JigsawRansomware\JigsawRansomware\Properties\Settings.Designer.cs2⤵PID:4568
-
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Jigsawsource-master\Jigsawsource-master\JigsawRansomware\JigsawRansomware\Properties\AssemblyInfo.cs1⤵PID:3332
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Jigsawsource-master\Jigsawsource-master\JigsawRansomware\JigsawRansomware\Properties\Resources.Designer.cs1⤵PID:3764
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Jigsawsource-master\Jigsawsource-master\JigsawRansomware\JigsawRansomware\Properties\Settings.Designer.cs1⤵PID:2092
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1036 -
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Jigsawsource-master\Jigsawsource-master\JigsawRansomware\JigsawRansomware\Properties\Settings.settings2⤵PID:5652
-
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Jigsawsource-master\Jigsawsource-master\JigsawRansomware\JigsawRansomware\Config.cs1⤵PID:3796
-
C:\Users\Admin\Downloads\Jigsawsource-master\Jigsawsource-master\JigsawRansomware\JigsawRansomware\bin\Release\JigsawRansomware.exe"C:\Users\Admin\Downloads\Jigsawsource-master\Jigsawsource-master\JigsawRansomware\JigsawRansomware\bin\Release\JigsawRansomware.exe"1⤵
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
PID:2576 -
C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe"C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe" C:\Users\Admin\Downloads\Jigsawsource-master\Jigsawsource-master\JigsawRansomware\JigsawRansomware\bin\Release\JigsawRansomware.exe2⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of FindShellTrayWindow
PID:5748
-
-
C:\Users\Admin\Downloads\Jigsawsource-master\Jigsawsource-master\JigsawRansomware\JigsawRansomware\bin\Release\JigsawRansomware.vshost.exe"C:\Users\Admin\Downloads\Jigsawsource-master\Jigsawsource-master\JigsawRansomware\JigsawRansomware\bin\Release\JigsawRansomware.vshost.exe"1⤵
- Executes dropped EXE
PID:5156 -
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 13642⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious use of AdjustPrivilegeToken
PID:4420
-
-
C:\Users\Admin\Downloads\Jigsawsource-master\Jigsawsource-master\JigsawRansomware\JigsawRansomware\obj\Release\JigsawRansomware.exe"C:\Users\Admin\Downloads\Jigsawsource-master\Jigsawsource-master\JigsawRansomware\JigsawRansomware\obj\Release\JigsawRansomware.exe"1⤵
- Executes dropped EXE
- Adds Run key to start application
PID:4472
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
- Checks SCSI registry key(s)
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2460
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_remove_18.svg.fun
Filesize720B
MD561947d0907c945a6df0f1d86b894e4c7
SHA1fd488589b551ef61957bc329d1a10a4dd20481db
SHA256cfa663ff1da533b46726d1761848a327ff515ee7dd4bb395a9430f6cbc568bdd
SHA512296a37e91d1fbce5e951413e09b240db31eef5ff88ce783a506cb40151dfc394465e0ba617f8d2ce4310a1432b969d88873e74905012b65492cdccd11a874981
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\icons.png.fun
Filesize7KB
MD5a842db7ac1990b29e2c453d22188eafc
SHA1562adae12978c15a03c541c86a930d306d1a3618
SHA256577aceff95acfa55f729b8c56d5a5848d55d76ac0664b7ad4e32f1ffbc6729f3
SHA51221639cb95779a49f24fa1fc74e2c26eba8040800b2f3fcba8815b41a915cb7710d2d528d00fb9d3acce8a74ce155a83e0f1b24fd7f4614934405d10211a19554
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\icons_ie8.gif.fun
Filesize7KB
MD5f13b68445c6a611c58b69d0663adcd41
SHA1f4405939a8ce9d73be0b9e95bc694c0e3187d4f5
SHA256dfa70d2305ea3cc4ceedf503877087e358697aba61f28e6afe310af68dddfcee
SHA512c2e8e3fda0588bf6bf8385c654a245a597ba146e5877943db63d0f2177833de3a1e0f6118d318071f07a2c0a107001bfeac901119e036b15ebf5dfa6b7795f28
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\icons_retina.png.fun
Filesize15KB
MD5c8fc25207f8ceecd9227242be2efbac3
SHA146f774b5a0f7cbd381d4434ce8e50de84c3c0c12
SHA256bab54850e29f9ebc93b283187ef71904745c380cf99f7b2fa75de22a59ed3d97
SHA5128ebfe4584beb21ad2a82da8ad799aebb00e52b5c819775f4df6dbf6dd2435f45514cbb15747baaea6018d476f43ea2c7ba66f6103b551ccf55ae3642167bc653
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\new_icons.png.fun
Filesize8KB
MD5b5d8672c3a1c0c03ea94ed8e7545b730
SHA195dc280bb5e13b9979952cc20f30f6830f184901
SHA256fca20ec5c665941480e92223fc4719aac0b3235a7f115d2574d7129e7e6ee348
SHA512de8da4e24416eda326404a717e77a8d810aa6f995c5fd545c9da1ef8cb47fa9786628d3ac3273f165167e4ea4f63532303f07518c85f8198adbfd89f0342f7c3
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\new_icons_retina.png.fun
Filesize17KB
MD5ce629e483860631759ed4b212ade9bfb
SHA1f5b4a74fcd8a4c203febcbcf808d2581959ab442
SHA2565091a8ca0d8b0b72af4059110ad2197a423e2ddf8c8cc15e6a7f468c3fb2a78e
SHA512d530e96e76b674605c4cf5ec30288ad4ea93399021ba88d68961cee3b158aed0e56729925a025ab355a888dda8d668780723aa3decfdebbeabfb6d5109504b42
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon.png.fun
Filesize448B
MD5cab6c8585046fdcc0b2600cef0cb22aa
SHA12b0ce8b6523310938dceeec9fb9c9d864acc2f6b
SHA256628b2ec6f6336318df443543de6a8a1d16e3b3400753e75a54e7a68cac604720
SHA5128a88ceb9ec69d8f3cb6ac5965d7498fecb83e9c64f18d96c385ffffd9eae8fcebdc382c8a2c4b4b45581995fd1bc77e0afb0d3c568a6ce2907543092b3e6f992
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_2x.png.fun
Filesize624B
MD5363b1b98d976980f0af736f587e99651
SHA14c9dbdd0523152e757c445a0495cb0572306b5f9
SHA256bb70106809438ed5d550b69ae3d5119ecb46c75f7d8e0dddddd18e2967df73d0
SHA512ca1c0b3690e7c9ce985a7f6ff2af321685d365d5ce61d700d2d17afd231cce067c01372faf43e2634414e3e6aa0c1ebdcadbdcab7c46eab759d6e4e584030e7a
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover.png.fun
Filesize400B
MD5296b9b5580cc931820d1a1e62c29c41a
SHA1484d786dc7196520072ec4a4952ec96d88ed6e26
SHA256a36df9606a73c204e04696b1930d23c3581d33876d2b1510c9d324996186247c
SHA51258e4b6c8014c9413540733003a2075c74ce9170bfdcfc27db79b795616988d91f58b7f3234183850a24a6b38ef2b4befdc61bae828a0d50bb79e729e51e458ca
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover_2x.png.fun
Filesize560B
MD5355f9c4064151c7089fbe1126af0cb77
SHA1b138c3b0563efc29dc3ed24180dcd46cec5819b4
SHA2560d8584a9d9fbf7c7b0b54f69b308da3204281c93aa1bf2f83c02e129c73a987e
SHA512cc39d40c5058cee42fd451210b64def65499a5e2abe1475426aa88b65305e3b0a7572b7a0de15756ab68660d899bfd0c28fb62c2b6920c98d0a7e1896e292905
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon.png.fun
Filesize400B
MD5b9928ad5ffa158894354df8b8ff6b23f
SHA1e228563a9873a502801dda31c3d33be880080251
SHA256e1a2e7cd9fe8586b95860da7c13d7b9407797ab253573c24fe423c8bc4485cf7
SHA512d18f4fe5500a0cd70092f22f414895782cb8f3f3040c627a21ddafb1295faa146bf158e8b71ed4741f53c096b13d24d1046f7c6d6753fe0fe9a72b496f1093a6
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png.fun
Filesize560B
MD52e7765187796a13a10d805e0ee978a6a
SHA1c7a8e4989068703a552b2cfe13e2411a621114f2
SHA256cf050c014f972d74e2e9ef5aab5dab5ca46fb1344d07539aa4071305f51d2b9e
SHA51273fd7b93efc84fb8a7c63eca4b51c85a33c85db58c2e98161bb2045ad06fc60479a0cf672346a0fd9ee30ed4cd28e565310921315180400cab56561ce0f9ed40
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png.fun
Filesize400B
MD5d86ab3c169ebf736f5109312a9ce1c27
SHA1513eacceed79aeba7c7ef521759d65e73edb368b
SHA256aca7c25306834d60e990bbff5a59d35171811a4cd764cd6f19ed7f3d60678a6c
SHA512ae27bd93e06be3c9e392ad9ed852e5b06828ab298a7e91ea58411b04cc7997858f6d3e891212a044dde51307f9cf759fb18e90c6d3afa7e78ed8f404116ec0c4
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png.fun
Filesize560B
MD5ba92eb229413a4997d609cb7c32a262b
SHA17e3d458cb15bdd2b4dfb48cd636b915f1e216d69
SHA256307ed4b76842f00b9b5ccbdfee3dbe845027badaf9fefa0f270ffdb37d053195
SHA5124d532be35dbee30672cc2734717c827cc1ba3e9961fe5068bc21b0826edfceaabbf9e8511ed60b03522fa8f02f3c028c5c815727628a29217a8a843200ae3925
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\images\example_icons.png.fun
Filesize688B
MD579928359f473ca412b6619daa126ea4a
SHA155d1f1d741b2327b2853a26b9c55712460ab6433
SHA25626bc3338fa8e8f825c0e8fef85c572df98afa06dfd09dcbf6be0be93a0e7644e
SHA5126e976147cec5201ed7d9543db2b335d007dc159f571e7df373d4efd28625255c53e47d76e21ff514de08887b15995111ba68ae0b047678d5c64387465729e52e
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\images\example_icons2x.png.fun
Filesize1KB
MD527c2ae5ec13d9be007de8f3bd3577b19
SHA10b4fb7f92ed8c9a72bb48a2b6ff4dd0eeac45f5c
SHA2569bc2e43816cd6586b50b94902b7beac1291a4123b9ca38fa2f3cb6bf647cb9a8
SHA512832d67e486247748c3eafff6c9c0b3a039203c349c31677d26361e0f66c1e0e1e671f637be9c6dc22687b7ec77cd3ac4bc1a2d7eeac3e67204b79dfc2f664e4d
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\bg_pattern_RHP.png.fun
Filesize192B
MD5840221d27a09a3080a93c1f4bb265f5e
SHA16ed12d47df1500f7ad56ce0e3e43fa803dc040c0
SHA2569999fa3e8b7b136d9688bc0bb42a144fab43263998c28850facdcf0def8d6360
SHA512cc4afa07c610dba58ac80779196edaf2a745c733bcbb3b1a581ddf36c0a3f4e79a70e93ee448074d3f06f25362919140288ba59e71fc21a89ba46688434db7d7
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\bg_patterns_header.png.fun
Filesize704B
MD5a967c33396482152971c0a3dd54053a2
SHA12d8cf663746ad928d0ebfcf87af685988f540aca
SHA256107c2a1239238755e33ce29ef7b000935ede80dc9fdf544182d01e5c330a5a6e
SHA51263e990a4d044c2414571481e6fd40bf30d1bc59c009b6b497eef062c9b2b3443005caf0dd014055d2da08e2f7e8a12d7c324f6c63430b1bfd95d14088c9b7162
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\illustrations.png.fun
Filesize8KB
MD5a48c79d6485aa84f70909e0deac5afc6
SHA15885dd3d8553862554312632d40b04ecc583e09e
SHA25602f138096bc96757a83a6b42e855007d6f4fd1c8390c220fb5f428219253d573
SHA5123615eba5102df9ad4bc8aafa4c43ad3a43afb617f49607789c8a6c0fb80d0fc4f5a625ba27600b5e7f6ef302dfdedee3022d61ae202dfa6c319762befc31ca46
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\illustrations_retina.png.fun
Filesize19KB
MD5a5b25141ae69df8e8627814bc7da55e7
SHA1862ab0471f3d3415ded16e77f2542f84023fe8ad
SHA256bc2276d83723961e25e621e4400a2aadefb95f1e38642ba2fd8c4e7f83dda6a1
SHA512b9b0b0c3e5bf9026e684ef38ee576aab142ccb9a19759834d30771df121a0f87167d298bfda2d341055c1949e203102e88d5195a53ab96eb18ec2c6e70d614cc
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\en-gb\ui-strings.js.fun
Filesize832B
MD5f9d942430d103eb14bb89a8b06dd354c
SHA128c8f183fc1c03eb2f69dfc662c0d47f25dceb9c
SHA25630f745264662bb65ea8e073548faa9cbb594394fe6bb8f238fd463cd4b19a16b
SHA51251994cfee07ebe1f030eb609f5d70c42b15f7f4d7a7e7e82c44682048b405ccc52cc33aed16ac21ac189d378eb93db093e32c50ece0d1c6bb5687fa1451ffea5
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\ui-strings.js.fun
Filesize1KB
MD5254e6e1f919c82e7e6386148f4fd8b85
SHA14b16f83c625875047f0e397bd22c318e3dc401f5
SHA2566fd7ad452179754ac6fe6ee17a1e9ca7277173e23096153ab776cb5c572f19f5
SHA512b9d8f88e89da06a98685ef2dab1f85115defd342d09527fcdf81712b000800fa1350db0ba085e2fc9df29ba0da394346a9d2c68395a3f9509d525e155d986ca4
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\ui-strings.js.fun
Filesize1KB
MD5c8df49bb4bbdc9da2bcab074f61beb09
SHA17bec3ca11d7533d9853d2a9a6ba2dfeb7d8201a8
SHA256ef67108356c94c9c8826ab0a667fb88add02381715a352f9be62ee92ad781647
SHA51253b472bdc116931819173f7385d23a8becfce39f63fcd451962bc3c6d0e117fc5f2e7ae6dac3297bf778bb35b06d5d514c10dc882ed3a5d958f8f5cdd979a213
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\bun.png.fun
Filesize2KB
MD55a7c257c74c8c7d5352b57cde2f0b55c
SHA1ef9cac32cb1329bef6857173abee2fff4cac3ac6
SHA256b2a557b40c73eb81ca22b167c4a6ac1f43622c59b2d85e5f43119769c6d6b6f5
SHA512031764f3fb1194d778a84a294df4e0509ba00e50ddefe3a6cf7a655f48219cc38e53f5c47a56646d6ea63275ed56d19328c7b82f14e717a688d6181093764928
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview.png.fun
Filesize2KB
MD52ac07813a74d6adaa3e44db55e899e09
SHA1a0447b0b95d442c2d770987b1e007826cdae98a2
SHA256b770a96d153a9e662d5a586e571ba9687a0995b9dccf3f50afdb5dba8da465d9
SHA512940e4a99d233d99b1b342c4a8d032ce70f66ef0134d57b3c13f1cdde780453e32f54f442fe9255cfe73cc9e478f72f707a383a156aa924a95ffbd3cfc840a94c
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview2x.png.fun
Filesize4KB
MD52613b34bca30302406bbfa57c93b6c0f
SHA104a4e32759eb78be5d4397916bc9e51090fa4333
SHA25653bbcb949a287d7ac25e7a31d671cd9eb11ac609f7344a38aaa5c2f165dc4093
SHA5124c170f25c9d3238cc6572ff5522495effab28c7e0047a44eaba8939d2da46950ff9f8f1329b923d82b0b8a3e28de735dd41ebaf83711eb20b2fa52ba82f23855
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small.png.fun
Filesize304B
MD5e4e7837a4f0c71864f2ed00e23aae8e0
SHA1c35796c887fb94fc2112caf3921ba504570dde1e
SHA256e69aa05159c50cb7dc9083dcd34a21f811aa80ca24e67eda8fca86c244d9a483
SHA512296817bbf0f9faafa16577edb105f560be7a27ded19370efbbe9e14657fca5c202d3f19d0f001de5d9119fdef304e099bafda922135f679b487afe05e36d4fbb
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small2x.png.fun
Filesize400B
MD530c5fafcb889cfdfef7a7373c623221b
SHA1e4a12b7ef07ca5780ebe205201be538a34fc6154
SHA256b2bf549220418c47e80507084b43eeccd85c0a43f4da74de6858fc96dd3020af
SHA5124a621fa79335711dab7dbde3bf0fd30979b15c2f48eff9b867a0cde99ddc67a97d612ea0472db9903c5cb5555800907b8a183cf499f55d186a42fe0ad6fb023b
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\nub.png.fun
Filesize1008B
MD53c501b84ed7912d164470fb2024d29ba
SHA1f54ec8a32fe7a67acfcbd48e789c0b5d2c0b6816
SHA256d1ba5eb730cc20b906290b76d64d2697896cc25ab4d782588f98c62c9b7ea1bc
SHA512cf9adc56a6685c7f5131d703238752700cfe9b32133ee38f6e828b658dbd64af9732509a47abee3958c5cc22f3685f10cc27a1d5d76f7459b99498310fb6cdb9
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons.png.fun
Filesize1KB
MD5242c795c3e07e4f7e1db97121e007727
SHA1c0704070f2026d817b82f71878e334be06bab551
SHA2562ab2f7f6b540d3bcab915e7626db8db6ed71736ba7da94ce2ca4366d440cd822
SHA5128b990d5a35b324ebbd5ee6d6d88d74e783e211f3c778162dfdf1577e2d3c6cc32693117fbfd1175ad34d7bb46e05504e8ccdcdc116a6895eee31f50d583289cb
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons2x.png.fun
Filesize2KB
MD5a06ee81cc9009bcac3c9a5af0dab2b1d
SHA1b95ada870dd0ebfd4058b6710076d750186ca151
SHA256c82b8a9a8fa45f93bc000a754e07e9922fc1788f9d54bcdd0b4c6869145c613e
SHA512b4271b58a89b37e2c48584778eeb08668e2d32026f98990fb017215e854a7006184f09149e478bd95a5b15027e308b61982f5a2275b998174bdf281736edece8
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\nl-nl\ui-strings.js.fun
Filesize848B
MD5fe2afee9fcdf2d43940944ebd1145480
SHA1986b8b7ce80ec8b8e223f95b508532e69cd49c05
SHA256116b7fbce50c3c08cc73efca3439106f4f2e00012794fbad81ebff4598066a42
SHA512b66aec41ffabc4d1566b2316de80efe3528d2ad5dd8b0030d1a127d58c0f9257c8b76ca7c301199e92213eb35f1d557a85062dc8c432e5c554590f0a91d2ceaf
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_US_POSIX.txt.fun
Filesize32KB
MD5aec7bd7c96948d97d13c7df53988e89c
SHA17b906b88009e7509324ae92dc8a32ae4fb38626c
SHA25615fcb7c77cf60f287e9c81ec8053a9cdd1aa8bc0413734e8a1499a9de635c6d0
SHA51227d12f825c16d1d5349f53a23d57f71eb8d4534a1ae4af2c4eead9cda09a4440dadc518a8887a3ea818494cb6319fc82ab8147cdb85958e9b344400b7d6b2803
-
Filesize
160B
MD5000e8c41d4a15fb34d0be0dbb56e3778
SHA100c4eae64ee6239d7c65d819c6ce1ac329224f8c
SHA2568bdfa6a5b7de345cf0d4fe0e9c17d8b0e9db26d58b05b1b2ebbb3a05a068ff28
SHA512775d832eb8ab73e4a93789917dca69edb6c91fbb426e02acf7c6e213ffb4575776187209d1c471fbf57c4621ea3c23d9850f6dfc2770d62c17de9d66710800af
-
Filesize
430B
MD5de04f2e81c0501dee6d2f449fb6f3885
SHA1761a51e13b7958c5ec2e51de258428eedec0ae51
SHA25692e5dd3c966959c5a39d98226668f5a2745e16db2ebf034eb5ee5d5f160ed8bb
SHA51265e64986ec8b0681d72b7ec9590abe4ed443be492a4085dc4d9a6428e8f2e92d9bf46733f95bdf6de8e9efc97f035ab66d4400e83ac75d359dacecd7870161a8
-
Filesize
152B
MD5a8e767fd33edd97d306efb6905f93252
SHA1a6f80ace2b57599f64b0ae3c7381f34e9456f9d3
SHA256c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb
SHA51207b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241
-
Filesize
152B
MD5439b5e04ca18c7fb02cf406e6eb24167
SHA1e0c5bb6216903934726e3570b7d63295b9d28987
SHA256247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654
SHA512d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2
-
Filesize
48KB
MD50f2b395cc63db1bd8a5d093e558cbdd1
SHA1833d0657cb836d456c251473ed16dfb7d25e6ebe
SHA256f3797115dd01a366cce0fbd7e6148b79559767164d2aa584b042d10f1ffd926d
SHA512e8a4ada76efb453c77a38d25d2bbd3a7f03df27b85e26ba231791d65d286fe654c024b64f9d6869824db5d1cf59e4d4eb662f5a55c326e5e249144ae1a66b798
-
Filesize
24KB
MD5a5bb3bb3eda1301f6ac876a49d4b2f62
SHA11786309cdc2fb5c1d29cdac00dbdf13711f19f3a
SHA256316ba0d916f3d3d945b42e589de9a0326836664f9a06e9680bb853c828c2bf35
SHA512f2ab2d40d2ccd43c5e5bf2150ea79d575e0d4a41381a8fba3beb47a8944adeac0bd19dacdbe237f8dd1c06fc04403f0bda3fca1ec0fc429357dc705c6db1eea4
-
Filesize
44KB
MD5f95fd5730957cd943bf29bf0b0a73827
SHA1b59576226c1b783f20debfaa447b2c59dcf3306f
SHA2560015131aa5ceafba86173db3dcec9771f74398b09f0f5b9922d4adb29d2b8192
SHA5120bfdfb2879c07cfeea8f5d6a456858dff7be04693fa4c0bd68a13c64faf286d25441f4439cef8ed9aed68f86a8ea5b03d47bfdefe1167a7ad1561ccd961b848f
-
Filesize
19KB
MD5bfff9d83b00a5aa9b944286ea3654726
SHA1aac4c6e9f26a09c38aa59742b86313d4fed8a4c0
SHA25690fe1ef718caa668c13dff783a028dcf133d7d9c5ceec7226312a182afe6cbd6
SHA512ebe8fde5b6cd266a29bc731077ed905247bb6e9948996aeb38a91f200f77e588e514662713875db34279629b70ecf2bab326b6e152fe8dc4b7a595892e64a28c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize2KB
MD5dd8da5ba6667ff5b2e947ad7811e0cdd
SHA1583ebfe64530066c7919b4f22b8e4960b7881443
SHA256372d9e2ab78dfb5c72f199bb1ac553522484d9598c9f66cc23a506eea888b391
SHA5129a098c0eb666205b375bed157595c08bc6e8f9b1153af7a5f130c0cc7addd28ac624ce7771b037b133eb4f88d7e43ecaa51c3c5f5d94b43d5446a3d0c4ece62b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize2KB
MD583f59be6e856ef956a307d8cfe1f1fc3
SHA1c7748a1102a4a8516a5c948c3167d38e3427786f
SHA25652c1cd17d7e9bd72c4799560c0223176f36a06faddaa66845e067979e0e2940a
SHA5129feed5fda32717cac723d57106e01902d2f0cad3cd952ed24ceb03bef8a40bf7ea9139ecebf2bc1587543331314d0faa22467a8f79d54db5d9f8820f803985fd
-
Filesize
573B
MD520e041da8c431d3d55f63c926e8f4a98
SHA135cba7582110626ad33824766cd5c8dc68c46d2c
SHA256f0784beb52c502c458bd3a50d6f72bdd93549a58fa14a26290506852fa34b2a2
SHA512f4306728f1a6eb17d1c999395a5a938cfcf0b7fc35e8ce7d35d0d2b47b8fe4e7eda333aab02160d22e2fb3694db7c5217f9a34859df629e7b40f758c4dcfefe0
-
Filesize
5KB
MD56d08508dc2554e1942026749d995d884
SHA1840c4e6b75ac332836a5d95c46c34fb5f39caaf4
SHA2562cbcf991de44093e031e4fa70ee27d044f134d7bf6db17368ffa890f637260ee
SHA5122972be73ee116dba3f4507ea07def303183008b103592b1e6e56867569664f5ffbef1c6794d319b7494619109744b865a4af9283aa52f2deb0c109b75e089ea9
-
Filesize
6KB
MD59ea0873366e07aec68156ed67c12efc3
SHA16c5223b246f1dcaa89be3ef58298394de4839a67
SHA256f4948f43871c39c5e0418ca9a0514160ae1f879becb5aef434c50ec32c832d9d
SHA51205bee3345a2c37542fd3fed01a93cfbf09d0355d956f3ba1f7959e66c40abff65c1ec53e2ce171d685bf908e8d7ebc2922c1f43ae3d4ab083662c8a4027b2ba3
-
Filesize
6KB
MD56b118d296146c34034512d7959e244ad
SHA1464bdfa703cc1e7f77e87c3fb41ffc210305f8e8
SHA25649c6dfbb6ff22d65ef1c612bd280143e5f69dd720fcabd72cb9572a3fea56401
SHA512434db661cb1b531655430a158ddd16f4dbaa795b683fa0eb420928138f163703ab449d5643ac00d7d70dbcc38697eebda6b477a03954f300c93a19eec3127906
-
Filesize
6KB
MD5021d18e8ed8de78b3f8857d276cb88c2
SHA1e0629dfbc6708da6ef068728b71b09f9f13cdea4
SHA256ed541fd93ba336bd3bf926d5bcb687a06b629333d16c257543629b54d8ec67ec
SHA51238a3bf205c1047d0935026d2a5495a38284a0ba32d41945700da95be328734fe679c4581e35e9982153cfdd05e183d32d4778cddb0e4c58e3232690c325df6fd
-
Filesize
1KB
MD5fd1350b5a6986a132a1d45ff65ca257c
SHA14fa8690c67e78ee43d00de04f674cd3c1c7602fe
SHA2564559be7d67a56a204ee854ea9c1a3c356098340e9f1efd6d51d83187599c7f1a
SHA51297db9c82b393ee5546a9e33852832ee9f0903dcfe599b494c424bfe1c0e1437c2c81fab9abb1245869a9618300e1adca92c71debc5f0ba1f0699765137ffbbdd
-
Filesize
1KB
MD576ea9f0352f17afe6ad501c933882e4f
SHA165e93be223aeef825b1dda32073ad03787759a4c
SHA256f1b1781578ed07e3b37c2e87a8928e07923eb5ecf15a8bbb7b98184c009f5f02
SHA5129a7cc0a411cfb9e5023b11436324b916665768a69f23c3c649e63966221d52e6bd7cc532b41589972dd99750eaa2d37b3fb98d46cb20cad05d8a70b92b00840d
-
Filesize
1KB
MD5dfbf5e704ddef070209145ac732be34c
SHA1f3b246f1ff81a85f071e5bef4468ea298e4992f7
SHA25601e1b0baf3fafd8c8034e83751df66cf701cbc427ac5ee3ef3d129d5c5a5a89b
SHA512eca6d6fa8093c1d7bef797dfc603c21efa4a5db96f2029d2102eb7a2e7b61f387808d9e4983e7a7b43817f3d97d1fe5f14e387c11dac85b2ea3a81041247cb47
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
76KB
MD5e60ab2ec803ae4e027ebf60c3504d459
SHA1fe8ff1e7df08193f01247e95049d518e88da42db
SHA256fb346b34e3f170fe8aa85be23afc91c3f1e13175b4df0496e35c7eafd71fc870
SHA512a9cf738e7d18f5f3565df707b21cc05f806515823a9bae1442b5c0ae96e082b8fa91529b1d04bf608f84615afeb8f99b1a2476750c9ac09ac50365795a4df97a
-
Filesize
11KB
MD5f7639a981d8600f0e64225db33db9b36
SHA1510f00743d651c8a53f6a73c5f9f25e8fb41a5ab
SHA256ed3afb8a9ab91594bc2639dde053a2cc895efb9b8865fa5fd96db5ac75ef0b20
SHA512b4a618c9a84753f3a45acb1a4c1b309c9c8f2b2bb12078ae4d643ca12b913a5ea92f49bd4aa5eefdd1ff7c93b32942b7a2ffc0e5805aa3b1c70c6e1ce9ae7d0d
-
Filesize
11KB
MD581e4d1b88de5f78c3a1907a9aecdc480
SHA124a901c0464e299bd17ad949997afe6fdb63bd42
SHA256ca8aeb5912721adf9e6d86417a20f01ed18234ccd791f469f0e9200340b8f977
SHA51203c88450ffe9cecb855d2681e3f918f32dd5e3ef25de535154e4715d825b8868244a70ec8f7f5c09012b285b228b7d0077bda16fbbe3b0af64e717031b24b8a4
-
Filesize
11KB
MD57257e3d7ab6a0ce3d0174ce10434644b
SHA1f01481a5df5ee3ecb2b15e3d0fff897972657b3a
SHA2564dbc2e009331972891aed9932607472c3b541d3ff732fa9d666ff57dd2a6cf4a
SHA512a28d94d40002f48db9e2830e7aa9ffcdbf58b2af6f0eb1e66c52782babc4f5759164bdf1bf41d3ec5ce22a392ee23600be8da3f8e006fe2e00e1da882748de2a
-
Filesize
12KB
MD541a7fb2239a293ab57f176fb81a04481
SHA1d9e356292a5f1590ffa98adcf53f474690d506ba
SHA2561dfc17ca40442b3d7360bb7207eca8a7fd90f8141f2beed3546efe5609cb6e04
SHA512cb18e76fe172f798c579344018c865694ce0aefcb1082b09507e6fc86e9f970ee42d6a58de087fc89ed8a10e1096e9e9f4797427dbae293e42d0ec1240fd4cf3
-
Filesize
4B
MD52f5c24eba0a47f1e64ccc127238b5220
SHA16f9f8358e42dfc004b13e8f5e8528ac652c0162d
SHA25601711400cad908cd4b9a7e8460dfffbe5b380abe86d0194380b920dc5be737fe
SHA512b62c7eebbc3f3dde652bf6cae55bc83d1689d99a564844cccbba7240421722b3c9f770c3dcde200102563f20fffc728ea5d35c9d2fb49a9c6a8ba336630a8586
-
Filesize
16B
MD5cfdae8214d34112dbee6587664059558
SHA1f649f45d08c46572a9a50476478ddaef7e964353
SHA25633088cb514406f31e3d96a92c03294121ee9f24e176f7062625c2b36bee7a325
SHA512c260f2c223ecbf233051ac1d6a1548ad188a2777085e9d43b02da41b291ff258e4c506f99636150847aa24918c7bbb703652fef2fe55b3f50f85b5bd8dd5f6e3
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat.fun
Filesize8KB
MD5420960c4b17842a24bbf117222c60e47
SHA14e2f5bc3a3fe7da4ea60dfaae851b1b88e48751d
SHA256e94c37d7dc8dd954bfee8e340abc882bc361baf0d3771ed442ed625a3bcb0174
SHA512b42f16f6fca9b66d49a2ad7c80e56c51e04d023a4ae50e984dbd267e204682ecbb929fefb5c7ee67775597773b08b6bd39416f13b87f1782cf8c5d553ecd7ce5
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{5ad19b1b-600e-4a94-9f1d-df48f742e3e2}\0.1.filtertrie.intermediate.txt.fun
Filesize16B
MD59817c637ea440822e5d3ff2144d17467
SHA184080fede70d3544aad82976cec9b51c83c472ec
SHA256df1b3b60351e48245d6ac589c68ddf77dba1aa9ba12427405b90daa9143d8252
SHA512399bd0074e50829c3f5b5000c5e6da863de969adab921b5244da53ae35661ffbc24687176ecc1411f0da78d6a186c999846d454c365500f9833607095a0f2373
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{5ad19b1b-600e-4a94-9f1d-df48f742e3e2}\0.2.filtertrie.intermediate.txt.fun
Filesize16B
MD52a89b7646b4d795f4bfc5bb4269138e7
SHA1ff1ffe4b11ab6094419b961bcdc9b923369293bf
SHA2569dd722337fac6f6363c0697082384f6866d27ad7f5f3d541cb494c91afe14c16
SHA5124a2cfc5c842227c576b3f93962fa38001db85ae56f5989880e6938c31cc77718b69d94c900cbe150d2126d1952242450981bf2f3f148909b5e056d69579bf3d9
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133596439083295209.txt.fun
Filesize77KB
MD58420b818460df2e6beb4bca49a0f0cc0
SHA133d849ab548a15172410cf17b4b6c2fed4d10d31
SHA2567a37c4e2a86d4007ccc8a648f32d2a8e240ae4cb9266e0d49f6efe731782bfe2
SHA512f02cf9d9811829d481f6e9832fbd33b6fee99c73203b3119955096dd32149f7fdf2704d46ffaa3a14bcf0ce062624cf85efaf2a6b99932d6f9574aaca232fd20
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133596440479376967.txt.fun
Filesize47KB
MD506fce1ee4f40b3e0b9d825bb6d47ddf4
SHA180a1fb28e4a713e318c529dfa630670629dd95d7
SHA256f100465f328ec4e0170b319569f7d281b4cd219dd750b9b33a74a7047d7ccbf0
SHA5127b79835495fdfeb32ad1609e400913670efd5542eb3c443c6c03d1e3b8c66a8d281e70360b74d95d646eb1ee14fee1057b503325b06bd712b64339dcdd76c1d1
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133596447864304096.txt.fun
Filesize66KB
MD584f225fa913d1ff7a1d1200751b30a0e
SHA17554984ebebed818a1daee816a89bf63438a9b2d
SHA25626c3808ad5a38e6a1ba29a175dc1632ef86e441358f7c9e174ec087d74561fe3
SHA5122003f1d906833575f56cb803a5957c6821ca69c8ad8796c5c56a481bd130cb542f654e69bbaa5562cecf43438c0abf42c721c68452efb771253facadebcaac98
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133603192110731948.txt.fun
Filesize75KB
MD5d8d517a266c7b8fb6cd02b49912a4e74
SHA11c61fc2a205918bcb913ff2a05c6d1dcb950153f
SHA256a6addaa77e13e87f38e1a0a749e8313850fb0c2d94409355f8bbfc3e05df364b
SHA512250e173b91d1799f9fe71cd24773a98392caf39f3f2ba28d6cb9aee48e5d33223253120aae956bad4790a3b5cfe854462e0aa7edbc7fbd7de02155c521db1fc2
-
Filesize
53B
MD58e2cb7a7eed51a66b10d2e883fc9c3c8
SHA1470786c287b258f17e79d58ea2ee95d1083bbb1a
SHA256b53389236370e74c7666d5fa5d0c4ae6d4ade62e552b9a43167e95d4bc051a93
SHA51236ff273ab33b806437e435fff55016c264a2363e42dd04969aece455ea987bb4161261f746c0402f1a865736bfe157368283d5dea65c09ddda77cfcd56f77b76
-
Filesize
4.5MB
MD5db3dfa800da5f96fe1f53497d3ec6a48
SHA1f5639cbef48bc3ded2a54a7654b8b226bad9e5f2
SHA2567728ccee7992aa4703cc25d565c3a81efdc4e9ce8010aba0a5e8109135333025
SHA512bb0be1b703b5fd0d39131514793976b4c9ba359593840f83b091378316aa35cf917335fa51cb602c0bad38ee1e4571654ace2a3c06c897b4143d70e8cc38ee69
-
C:\Users\Admin\Downloads\Jigsawsource-master\Jigsawsource-master\JigsawRansomware\JigsawRansomware\Config.cs
Filesize7KB
MD54f3265743a4802ba9844297d18929c5b
SHA1a3be5bddaf0b82bdbd614d9bd72a6116cceb0b42
SHA25632e1c6f6376ed33b890830afd94c210859d22b8604de9a0cb4c4a093c0c4876d
SHA51215b59a5defbb1cf7158e3ba890dc0c6cdf7741d2189ec9014e9360351859e5ccb8c046594a1c0e964e9386af4f4965af2455eae98bed15719e8fa1182f3ae9d4
-
C:\Users\Admin\Downloads\Jigsawsource-master\Jigsawsource-master\JigsawRansomware\JigsawRansomware\FodyWeavers.xml
Filesize77B
MD5e0cb16820add8e38e6414c1e29c7c837
SHA1b96d29c5a4e387c0d8f91a0c8a2d61f39345cef9
SHA2560e728120832888f4b60ab28b95a10b998d9f23846fffcd68861afe986d21f705
SHA5125b40fe375123c7cf03b44beaf444e7d12230c822436e05bda9da6cc9fe0528baeb15d89149ad1763053e25ae4db74aa506050c72916ea262ecc50cbef8b18ee3
-
C:\Users\Admin\Downloads\Jigsawsource-master\Jigsawsource-master\JigsawRansomware\JigsawRansomware\FormBackground.Designer.cs
Filesize1KB
MD53ab02d8f93110fc003b409a1a079da8f
SHA1a9344ff737932fe827dd9a3bd3dea73120db15e2
SHA25644df8f98df1d30f442c5f02277c3471d3fc7fed26dacecfbd7c60df3d30f29ae
SHA5121a6c684bdd109ee8662166d6fa5e2bf60c530e054ab54f43b0d3a6a31ad7f70a2644f0ec44ff2f6a57cf6a91eb8eafdbb54ac4799ae1ab00e1b35650c6cb4535
-
C:\Users\Admin\Downloads\Jigsawsource-master\Jigsawsource-master\JigsawRansomware\JigsawRansomware\FormBackground.cs
Filesize827B
MD53d93a0857bf41569989ea5513b79d289
SHA1d6c301baf852c8a605f4788c9731cc5ac12b1d9f
SHA256198b4b3845f2b6aaa0c707368993dfcceec935d028577f838bb89b800a11aa58
SHA51240010decc37b3b5f9f31484b382d91d939d29e90835395ec5cbae83508701d65cadfb6f9342e478c5ae980aa14d6e3ce854ac7fb9eb319ddfee96b5f97ed14ab
-
C:\Users\Admin\Downloads\Jigsawsource-master\Jigsawsource-master\JigsawRansomware\JigsawRansomware\FormEncryptedFiles.Designer.cs
Filesize3KB
MD526c26d6bcad16eb5cffe1d1f5b58cef5
SHA11ffb1bcfe2506126aca3356f167a5b13a3b24e61
SHA256e3e9c3f79eee92c7c680bb28224dcca6908d662a182af20776b38a2624be4ee7
SHA5129db724114bd7742abdf2a39b4d9b6204c5879a4ee7c79ffc6721d59d1a5c60e1d8dbd5afe91de6e1bde12d8920c64fd7b50ea025afd21c6ae0ce6bb18818cf90
-
C:\Users\Admin\Downloads\Jigsawsource-master\Jigsawsource-master\JigsawRansomware\JigsawRansomware\FormEncryptedFiles.cs
Filesize762B
MD570bd56d4aeab60e4147f08dd20d12f08
SHA125aae5c7cf4f78e86c71c91b865dd503975ccb3f
SHA2560d284c4e1381aa056b6d32c9608ecadaa1df96d6da5c34dc66b5e7cc6a2c268e
SHA512cc673cefd89d7b99a45087047272e33f3d9f655673e2b6a336cfbfc914204d0bd3caaa64466fba311ed4e5e9ab926e1ca71b838c3bdacd4dfd7f32f6ee00396b
-
C:\Users\Admin\Downloads\Jigsawsource-master\Jigsawsource-master\JigsawRansomware\JigsawRansomware\FormGame.Designer.cs
Filesize8KB
MD5691641bcb9e99e324ef760eba7b3ec8a
SHA14fad9401b9f0bd6cf8df5a2ffdead83eed7f42da
SHA2564c97886a22cf08a871e17396ea812a6294ce8dbe1bb8524f27081da0c0638315
SHA512796e0770c1389ac415b2172cbdaba2ab04ebfda08bd071eb5ace9e5736ce47dbef3a274af27621f6013f80f1ac5cbe749d5ca50ad4f253693efb72d6f9e20586
-
C:\Users\Admin\Downloads\Jigsawsource-master\Jigsawsource-master\JigsawRansomware\JigsawRansomware\FormGame.cs
Filesize7KB
MD5264a875db71aee046cf139d1c75ad7a1
SHA158ca3d272e65aa44e3b77839ba59691c35952b6c
SHA2568a49c18393604857693d19df2e2d8d568b873a768daeef76fee405e4d75e653d
SHA5126218f2bbf051335107ee509a9440e17087d646baaf9204ffe642ce1a95c5a9c99a04534af74f68d17f85d7454d1ffa5e4effaf8f22d17a311040a7e95c260671
-
C:\Users\Admin\Downloads\Jigsawsource-master\Jigsawsource-master\JigsawRansomware\JigsawRansomware\Program.cs
Filesize748B
MD57ab4c441d106aaccbbd16a0b17f7f19b
SHA141097b830624aac6d8d555259db42dcc1e8d7c56
SHA25630c709eb5dccb4a0a125ca99aa2076e93324a4be63482f6a5d196012751c0ff3
SHA512b93cd769a20ae3e2c00161ad4cbe3b83501f31a27f73c73688da2f5e429f2ceb5d316864f1b5c7852a226b9cf85a25dfe16a4b95822583cf4b605f0f13e0c9f5
-
C:\Users\Admin\Downloads\Jigsawsource-master\Jigsawsource-master\JigsawRansomware\JigsawRansomware\Properties\AssemblyInfo.cs
Filesize1KB
MD5ca0e1e478483a6189c1487ff4d1767cb
SHA16a8ecead1289c57adc2e99e305ac6424552750b1
SHA2564415c86e8794bb018f1d7ac54d4a873fda4ee83765eae6f4524eefe3cabd26ec
SHA51217611eaeac26afb7307e4640741e95202fd61608ddf0634e10f18c7ee8ef69e4c5a6bc44ccafac06f8f1885813256a099b04651557edc3d97b2f48b268b33d30
-
C:\Users\Admin\Downloads\Jigsawsource-master\Jigsawsource-master\JigsawRansomware\JigsawRansomware\Properties\Resources.Designer.cs
Filesize5KB
MD5764a1a8b3f18ca4dbfa67ff24c436555
SHA1e5f6b41a84a433760c9fbcc3173d2eccdc5d33a8
SHA25665caa32358d7dad3ee21b5a1c56435cea416182f0d35803a1a7d15394a05a2d1
SHA5129dc1e450f098ceb0c38596cc017adfbd55b92090fec4024f0564715778180a24eea50d87fff44c52f5244afc29d4cd786d83e633078e339a91fd5e236726647c
-
C:\Users\Admin\Downloads\Jigsawsource-master\Jigsawsource-master\JigsawRansomware\JigsawRansomware\Properties\Settings.Designer.cs
Filesize1KB
MD503174f186c7d441c7e2c63c63af71a96
SHA1740f322883b9284eddb4c900b9855d0303618cac
SHA25685a4ae2d0636d74cc2102f2ee05aee8d7fd99091c842bcccef60b71033a65e16
SHA512cd5c39eb0391f48b5aae6941890aba1d7eaf45bd1f47418b46abb52cee81851222ff1f74f3115109eff9f4567f8c4abc088ac0c2573f4eb52841d91b3bbcb209
-
C:\Users\Admin\Downloads\Jigsawsource-master\Jigsawsource-master\JigsawRansomware\JigsawRansomware\Properties\Settings.settings
Filesize249B
MD58c0f00d7d9b0046695a0255f1b11b061
SHA15e1d04de66ffcc5dfd813530ab6992e6daaae417
SHA256f6a4290723520caddd934b8800319c7ca6cc7eeab647059ec89b7a13b1513265
SHA512a95c07dc3241b7c9f37b7f0a5c143c9c133c3bcbfa16e4a689cf47f45b3e9d0ccf5c965143a6848237e7a9fa8deecb89837dc12b12fabd8231fe94f3ccba26aa
-
C:\Users\Admin\Downloads\Jigsawsource-master\Jigsawsource-master\JigsawRansomware\JigsawRansomware\Resources\ExtensionsToEncrypt.txt
Filesize664B
MD5e7bfe05c7274bf9c9435806a17c0d865
SHA1c47e51d3bf87ffabdbd91a8148d9e3ffa40ef55b
SHA2566d629e443e50bb4dccbb7bfe0cad600bc6cdcb133224c2e469b9088cfd146cca
SHA51231ccaeee5b9890d12b776f276084c72d825ffbda0aa529c9e3dca2ae364c12169ac05da6e77843273555484fa4a5061ece23d092e6ea302ff69ab705bab4d6ba
-
C:\Users\Admin\Downloads\Jigsawsource-master\Jigsawsource-master\JigsawRansomware\JigsawRansomware\Resources\Jigsaw.jpg
Filesize25KB
MD5c67b677f59c2702f91772cda8050a009
SHA14de94fd16dcf06a90c6c43672a65573ada806071
SHA2564cb768435f03722823fce419445acc7c485a2dc78bd575ace1567bd0962811c0
SHA512014d308496c185265c20e9e230ffd52fc39e3b35a9d540d4ea4958c2e0e0681d85e8edd409ba7f3970d53238bf41cd5bfb6c2da8b1f0bf39fa67ad63307eb4e2
-
C:\Users\Admin\Downloads\Jigsawsource-master\Jigsawsource-master\JigsawRansomware\JigsawRansomware\Resources\vanityAddresses.txt
Filesize34B
MD5d0ed0eb65e34bcf5d7f6bc3b73f70d66
SHA15fd846855bc0f82f4776a4f68d065de0c7d4e174
SHA256e3a58e194f93976b3ce43b7b114e49334fc8a157234d1ed1271b708510e98fbd
SHA512d63def415ec6adbcb742e6b1a1960c95f2cde12e655d7e990007a6a07c06dd5b35320dc340dfab488f8e80ee046c5b9ffa927382c31ba5b89d4df3188b37daf3
-
C:\Users\Admin\Downloads\Jigsawsource-master\Jigsawsource-master\JigsawRansomware\JigsawRansomware\Tools\Blockr.cs
Filesize1KB
MD544c03aea0f8f96a630b2c56819346c1d
SHA151d0249d2667f2f4c9867b41d611ac2b3b5196f8
SHA256954ab1b7c6506c48894f4f3cbd653ed497266ba9edc436cc98a638b5109b0773
SHA512a4e1d7fbaa22338b851f2590e279eb969307d6fda7af804544f3e9835b98ff925d0081f55cf8735fde361e7b731635ced89b059b19d0da9284ed302a8c39d2e2
-
C:\Users\Admin\Downloads\Jigsawsource-master\Jigsawsource-master\JigsawRansomware\JigsawRansomware\Tools\Hacking.cs
Filesize6KB
MD5c35fd53b2e6e7a6561ef3a9fad2f2fa6
SHA1a30f84dbef407dd01bb5742cd84425a30a123946
SHA25605055724ebe550d474acf8271ab0d06ce03512793dc198f5f785570ab6018104
SHA5123cdbade1cd43a846071d1a13c4e2dcd4c7523dc1c7f85cd83cb71ad3b90c34b87d9f85d854b7d40fe2b0e86e1ad2f392357f56f644ef57313e3605978187e1d6
-
C:\Users\Admin\Downloads\Jigsawsource-master\Jigsawsource-master\JigsawRansomware\JigsawRansomware\Tools\Locker.cs
Filesize9KB
MD59323f4d543154604d6a4ac99610e5ef1
SHA1d3c832af877ffca2d9b46db0b4d161abc84557a7
SHA2567f1c24c87887d152b9db0c22c8ac16208b54b5853cd0f6f8b5a0fa530a6d3eae
SHA512c018212ccb16c1d7320afd61e5ef3642c1f46d80ed5c03ba2065ea55bb2dfd481c316b18ed1200909c79dbab01337203ac612a43840d4215021c6d0d905a8079
-
C:\Users\Admin\Downloads\Jigsawsource-master\Jigsawsource-master\JigsawRansomware\JigsawRansomware\Tools\Windows.cs
Filesize2KB
MD5bd4c11699d55e4bc75dc8c02a944a975
SHA1d417fbbc2d8460cb16788c479c26c512628f3fe6
SHA2564b14c887885f62ff10dcbce799a15ac8de2277241912a2591ec3cc7f66b9f483
SHA512bc91fd1883b9243ffa856d80dc5d7bccceb93309c91cb2f8e59cd3df72a9c1ca1cfee49f57c95f5c92c45b0c1be968a7c0cf9579ad00330b81616857aa20bdd9
-
C:\Users\Admin\Downloads\Jigsawsource-master\Jigsawsource-master\JigsawRansomware\JigsawRansomware\bin\Release\JigsawRansomware.exe
Filesize47KB
MD5ed3a9817328547480076ef8e1e48bc0b
SHA1218a7b659078f07892d3e9a9905324b0eb95a5ba
SHA2560e70bac97f8a8d4eda6347afe83c870b6f87f05f2fe3e7fb0bfcad7b29d0c5e5
SHA512f0e44829ac76c832bf67bd11193f9d3fb91e13f34110c6dd9f751dc79e2605811a99f149e942509d8dfbb7e461adb6d95735ff6fd378527ea4755fbf98034bf4
-
C:\Users\Admin\Downloads\Jigsawsource-master\Jigsawsource-master\JigsawRansomware\JigsawRansomware\bin\Release\JigsawRansomware.pdb
Filesize61KB
MD55869db93396b92d613c237250651c1c4
SHA16487309f25077dddee8da1979a4f4fcbd021d91c
SHA25673f6eb2821daf4e81fd28b1e6caccdb5a1a5a70cf6058df343c245966c4b0893
SHA51299147bda44dfe820787784a79ae77cdb033ac74275a873ca7cb3afa30ebb9212393acd6620122dfe953a57884a74a97437472bb31579eb05ae706153c0bb57a8
-
C:\Users\Admin\Downloads\Jigsawsource-master\Jigsawsource-master\JigsawRansomware\JigsawRansomware\bin\Release\JigsawRansomware.vshost.exe
Filesize22KB
MD5da4e23aceac38213052dd9dead13571d
SHA166e689243342762dd64f9bab998505d7cc453b6b
SHA256327983cff9c61c976b1cd64386a40ca18858178a2029ff4ece2c19388d0c61bd
SHA5127b957cda964a27c2c0b3a5ecf48fe2b01710dea3d01f444c0fa865d1c2bb8a0fb50faca55cb698bfb661de33fbc9d02119029f863905c644db7c013eba4432e6
-
C:\Users\Admin\Downloads\Jigsawsource-master\Jigsawsource-master\JigsawRansomware\JigsawRansomware\obj\Release\JigsawRansomware.csproj.FileListAbsolute.txt
Filesize1KB
MD5dea6d9fb4932032e0ef98c6a4528099a
SHA17f20eacf993d550d4ba5d84589b8a9a470ea07f4
SHA2562da01b069b7e59989130254587a6d55187bab6a90e75b2163c6019d913087718
SHA5121923a8f29997b0c5b5cdc3b3d8249452a010285ebedf69171eb55bbc12e92f9bdc138e6c59a911c2bbef284f22cc1ecbe6549b4a737121da9b90e683f22b3702
-
C:\Users\Admin\Downloads\Jigsawsource-master\Jigsawsource-master\JigsawRansomware\JigsawRansomware\obj\Release\JigsawRansomware.exe
Filesize60KB
MD5237bc384a15ba17a4f575b17029c9005
SHA126b26f6f4fda65e3a6e576b28b6da52ffa0dd3d3
SHA256211f358cd55058fc0ddae8e6607d387ba44b6f3c8f510bcf292103eab958a41a
SHA512fd985aed11525fb9953e5e28c71ff93f7fb7fc75d2c826ee7a060401267e23563a828756f199509379bf28fe63ab514cd524f862370a7a66e59ba793c3b62a67
-
C:\Users\Admin\Downloads\Jigsawsource-master\Jigsawsource-master\JigsawRansomware\packages\Costura.Fody.1.3.3.0\Costura.Fody.pdb
Filesize61KB
MD5d799a6f84419569f23797266a649cc7b
SHA1e0933b0cc2dad8da0cdb24ef5069e6a6bbdd541f
SHA2566d4932ca85537f7a99af463f6246ac77fb508426caf966d3841a80dcc8982244
SHA512eb5596c710a6784038fcb41912ae7e1ffdae730133252673e58bfba8209fb55b67dde64299cc92eb498b48e5aaf6e26ce2c6e0c39425e7fb2338e473594c3808
-
C:\Users\Admin\Downloads\Jigsawsource-master\Jigsawsource-master\JigsawRansomware\packages\Fody.1.28.3\Content\FodyWeavers.xml
Filesize63B
MD5c0aa719a5115e1f753d71212b9876589
SHA11c239e6b6d8da88de0e18091a22ddaad77509703
SHA256a387a6a0b2bbf916b5af8e5f9d6f23be211be2e269506e78d558b8acbeba1736
SHA512a9201d550c2cf7073a61159835209a8671b7252ef66bc66b9aa8af9c77460d37d9a49e509dc58a392861baa86244178d27b560c1414febd46e0cf97420290865
-
C:\Users\Admin\Downloads\Jigsawsource-master\Jigsawsource-master\JigsawRansomware\packages\Fody.1.28.3\Fody.pdb
Filesize77KB
MD5bab68419d9b1f99a5450d69d2ca96df7
SHA1cd1b8e41a46e67363f45fe64523f0c4b82de5c0d
SHA256423bae61fe8deaa87c807d7135ad83f470c97302b5dd3fd861cb010fde4e7432
SHA512af76ea2d749e51e9cf53548268abee5870dcb9083eed43b43918f3373fa780104462c3316564bcb07d0dfcf3afdf9c52b05e892423dacca4075387179c6a81cc
-
C:\Users\Admin\Downloads\Jigsawsource-master\Jigsawsource-master\JigsawRansomware\packages\Fody.1.28.3\FodyCommon.pdb
Filesize13KB
MD5cb77355c3e07ff42bdaca960760ba579
SHA1f17f11112f6a81c2b0a5c3a566fef64549ba6407
SHA256646805e0deacdbb909c107f65e2a336e709af0b063e4e441ba0d5901fcca6ab9
SHA51251561228b508b4f009fdcad59725557519b8e4b96784581c048d149a5af609926dab5bce5c52b8c027c0aecbe936c73bc946392face62008bbc6d2810a332428
-
C:\Users\Admin\Downloads\Jigsawsource-master\Jigsawsource-master\JigsawRansomware\packages\Fody.1.28.3\FodyIsolated.pdb
Filesize57KB
MD507466411993068d4ac123c3e976f51fd
SHA1bb261d0b587c4132cfcc2ef5bb24b2abf7d2024b
SHA25668a0a3104411801cbc8fe8442203d9d101d1e8195be87a3abccf13aeebc99caf
SHA5127a7fbecc7102bdbce2f7a379db8b463e310cc6fa3933459aab704dc518db2c44d205841ad54112aa21cdb0983fd0286f517b99e0420aef046ed8161f7c9b45dc
-
C:\Users\Admin\Downloads\Jigsawsource-master\Jigsawsource-master\JigsawRansomware\packages\Newtonsoft.Json.10.0.3\lib\net20\Newtonsoft.Json.xml
Filesize558KB
MD592f39bc46894dc4a7a8cc8bdf53ce21a
SHA1c94bdbe2f9fceb3b0ec4d5d989afebd5f745db28
SHA256e4220cff891cbe84b18c5d35abfd888c03f2591ae7a2b922425c733ac1d6090f
SHA512d5766b670c4a3f785ad576625681c31c195d214266bc9b9fb8da91044f1219835d8f11502b06d9a3536003d75ec41b0bccb279b54d00e3cd69aa226ce0c70677
-
C:\Users\Admin\Downloads\Jigsawsource-master\Jigsawsource-master\JigsawRansomware\packages\Newtonsoft.Json.10.0.3\lib\net35\Newtonsoft.Json.xml
Filesize503KB
MD56c3875873b2275390e2de0786d145c50
SHA1388dd44dfc5acd8055a4e77c8ac12da7cebae165
SHA256e3e0978edc9f357a4b7b1089a6c1fec9386bbc503bc15dcdfafe5b7629984ca7
SHA512d65d06c22c95a7a19ec6179d2fdb4c877f26cd8c22cae705bde7712c2fc9831ecdcc4bf171bf4bbd63ba1db9800d61bf9a1726d906816cfeaf16bf57ebac93df
-
C:\Users\Admin\Downloads\Jigsawsource-master\Jigsawsource-master\JigsawRansomware\packages\Newtonsoft.Json.10.0.3\lib\net40\Newtonsoft.Json.xml
Filesize515KB
MD5e7841470f741868a4e959295f255e951
SHA149771219b04b7b92f39a356ba91f82f334d49fa8
SHA256a31f40dadcaedb110605197ada84c4ba803a0eb67bf90a24ca1eaecfdbcdb254
SHA512f5d99827fef3800727a658170e996da9b3178cbf5d108de6b7e2fdd8bf4c7307fd75a8b008fba73ef921ef3e4dd2b545b2d2b52f68286b551548f645a4af6e7d
-
C:\Users\Admin\Downloads\Jigsawsource-master\Jigsawsource-master\JigsawRansomware\packages\Newtonsoft.Json.10.0.3\lib\net45\Newtonsoft.Json.xml
Filesize658KB
MD52866a8e5449957c9b303ad800e55bf04
SHA1bb17da813966ea01437f608847d5ab70f82893f3
SHA25642a557f912e050e91f255942c6e6948f6ae3ae5928000ad1dcef88666bb77a2f
SHA5124d38a9013485bb6f0ffb70aea2734899972396edeed6721c5c25d47af602943c4deb0c0a459b49440c0c52e12b4176afc6adc68d716132e5f4657901a634fbbe
-
C:\Users\Admin\Downloads\Jigsawsource-master\Jigsawsource-master\JigsawRansomware\packages\Newtonsoft.Json.10.0.3\lib\net45\Newtonsoft.Json.xml.fun
Filesize658KB
MD5e3ab3f6e3dd3856197ef93ab05bc2048
SHA105a5ebab502ac54af84109bf361cfbab147d4eb4
SHA25689ab2878576875ad4b5f06ef7ee0f76311a86d87a50c17ec2d2e34dbe9c15fa1
SHA5124047bea983fa05ee89257fcfa060fb6ec4c01e33f948a3277792f9f1a643a0f20d9b8c0f2dafd5619d7fd9d8d03f89ba36bcd681a0bb61d3265a388451a4ce5b
-
C:\Users\Admin\Downloads\Jigsawsource-master\Jigsawsource-master\JigsawRansomware\packages\Newtonsoft.Json.10.0.3\lib\netstandard1.0\Newtonsoft.Json.xml
Filesize638KB
MD5bb48e33eb0f0fee19a8122df488ba7cd
SHA1b2518672a9f205c1d4305eed2f3f9df7cefde996
SHA256fb6f833443d650d4b9a62f7d10baca218a43d3e1b908b2508b5a3177fbad4366
SHA512a6eab3e511a78f34fbbd2af0d6c847f5ca754aacac11ba5288cb9b7f4be01aecd8916bce08ba739adea78f8b291a20aeb78ec3ff463314eb5493a99a578752fa
-
C:\Users\Admin\Downloads\Jigsawsource-master\Jigsawsource-master\JigsawRansomware\packages\Newtonsoft.Json.10.0.3\lib\netstandard1.3\Newtonsoft.Json.xml
Filesize644KB
MD5fa1e8a17704629b409d66df70fb85ab7
SHA1b5615d73b6e7622ea0b5e0cd2e465e5d6b6199e4
SHA25664e9be0e899464249e47417286c19192c26db422221bbac43fae6fe82a8a64ee
SHA512de32685dffd53353f767b552e3cbb60db097cc7ab201d7c324f7ce3d264ffa7f0c2d9db04f1f0cd5a76d68ec95c131ad1a58af9f8f9012910615f1ee1693d924