Overview

overview

10

Static

static

1

URLScan

urlscan

https://github.com/L...

windows7-x64

10

Analysis

  • max time kernel
    82s
  • max time network
    78s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    19-09-2024 21:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://github.com/LJ9859/Malware-Database/raw/refs/heads/main/Ransomware/Jigsaw.zip

Score
10/10
jigsawdiscoverypersistenceransomwarespywarestealer

Malware Config

Signatures

  • Jigsaw Ransomware

    Ransomware family first created in 2016. Named based on wallpaper set after infection in the early versions.

    ransomwarejigsaw
  • Renames multiple (2025) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Executes dropped EXE 6 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 5 IoCs
    persistence
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 7 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence
  • Uses Volume Shadow Copy WMI provider

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://github.com/LJ9859/Malware-Database/raw/refs/heads/main/Ransomware/Jigsaw.zip
    1⤵
    • Modifies Internet Explorer Phishing Filter
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2508
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2508 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2916
  • C:\Windows\explorer.exe
    "C:\Windows\explorer.exe"
    1⤵
      PID:1460
    • C:\Program Files\7-Zip\7zG.exe
      "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Jigsaw\" -spe -an -ai#7zMap7548:74:7zEvent24564
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      PID:2692
    • C:\Users\Admin\Downloads\Jigsaw\Jigsaw.exe
      "C:\Users\Admin\Downloads\Jigsaw\Jigsaw.exe"
      1⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious use of WriteProcessMemory
      PID:1764
      • C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe
        "C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe" C:\Users\Admin\Downloads\Jigsaw\Jigsaw.exe
        2⤵
        • Executes dropped EXE
        • Drops file in Program Files directory
        PID:1852
    • C:\Users\Admin\Downloads\Jigsaw\Jigsaw.exe
      "C:\Users\Admin\Downloads\Jigsaw\Jigsaw.exe"
      1⤵
      • Executes dropped EXE
      • Adds Run key to start application
      PID:2392
    • C:\Users\Admin\Downloads\Jigsaw\Jigsaw.exe
      "C:\Users\Admin\Downloads\Jigsaw\Jigsaw.exe"
      1⤵
      • Executes dropped EXE
      • Adds Run key to start application
      PID:1080
    • C:\Users\Admin\Downloads\Jigsaw\Jigsaw.exe
      "C:\Users\Admin\Downloads\Jigsaw\Jigsaw.exe"
      1⤵
      • Executes dropped EXE
      • Adds Run key to start application
      PID:2388
    • C:\Users\Admin\Downloads\Jigsaw\Jigsaw.exe
      "C:\Users\Admin\Downloads\Jigsaw\Jigsaw.exe"
      1⤵
      • Executes dropped EXE
      • Adds Run key to start application
      PID:1864

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\invalid32x32.gif.fun
      Filesize

      160B

      MD5

      580ee0344b7da2786da6a433a1e84893

      SHA1

      60f8c4dd5457e9834f5402cb326b1a2d3ca0ba7e

      SHA256

      98b6c2ddfefc628d03ceaef9d69688674a6bc32eb707f9ed86bc8c75675c4513

      SHA512

      356d2cdea3321e894b5b46ad1ea24c0e3c8be8e3c454b5bd300b7340cbb454e71fc89ca09ea0785b373b483e67c2f6f6bb408e489b0de4ff82d5ed69a75613ba

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
      Filesize

      914B

      MD5

      e4a68ac854ac5242460afd72481b2a44

      SHA1

      df3c24f9bfd666761b268073fe06d1cc8d4f82a4

      SHA256

      cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

      SHA512

      5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
      Filesize

      1KB

      MD5

      a266bb7dcc38a562631361bbf61dd11b

      SHA1

      3b1efd3a66ea28b16697394703a72ca340a05bd5

      SHA256

      df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

      SHA512

      0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
      Filesize

      252B

      MD5

      7f1d31449370c90dd95c25c53b7c0b59

      SHA1

      d5b119f14eeea82bb43e5defcc46452ef8129bcb

      SHA256

      cb19d12ab18ee66bcce2923b7149ff275cd712a96bd94ecc3da2354783c9ed71

      SHA512

      77b148e4c9bc694fe52159264b921d31f208469228ddb846dc9a7018df05e8ed889a3e8d3d7afc1c4be01724c4ec63022ef66385ae90184e2ff1906b24d8be00

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      a627cf6f3e25cd9a18283891c2bd4ba7

      SHA1

      26766ed96c021515155bbfeb9e7b38b9aebc9d2e

      SHA256

      a5f2dbb26450e201abb99b2bec990a840ab285ca952809f522a9a18b119f7bdb

      SHA512

      ab73ae684992e69591987e5bbd33ac095a5ad553d91f43b14b967ff90c712913aa168d8fbc5395e8575140f687843c9e7f83d489681caa2b674ca1476d69f1ac

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      2c98c526b021dbd91fd8448b08cc9e63

      SHA1

      db639a1436fa875d6ee14b56c9c387822f225616

      SHA256

      a182c43eba646f48814367c4bd55f2b45e2b06d69c92d4385142c2a881891b5c

      SHA512

      def1916cbfb3cd950405d9f9638906785f2e8a9c1d98632f39e37aa1b754725900cf140f3d514c8c73d74811e3d2c2b7d15cdd779310928a7bda520572bddd29

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      e48496e2699760ab8c766361e9aed5e9

      SHA1

      40dff841dc199454a1bc9ddedca53462f6c7314a

      SHA256

      462111f9af6582b34219ac296e952ca001765d4d0bc1b5e040d940a89ba11db2

      SHA512

      3a976e6df80090de94fc9c3ccd38d95d401b5b44954bb273548e72cd70e68d5ba0a2ddf5bc409a4144aecc5ee9b2d17a8eb81e68eb43b3609f55e128e49f643a

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      20802f1a28e0d87e0606a0b7e7d62b65

      SHA1

      30c0837b6e743c231d0c77ee1f07ad030ddb00d4

      SHA256

      a6e47f9f4191f080d79b495a61a6f2ae92ca3c93255227b424229db7ab6b98e3

      SHA512

      ff7fa138f3d1db00443185c31cf3382d762a37839b88fb3c572775fcd2f0823a1eea5541e02b69c10eb53604a09ea5d840df06d19c9c809ebcba7fa40bf5fce1

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      f1df06c44278a73a4309e89b41af255a

      SHA1

      586e6ed29bc8ad8799425e1550c998bcc9f60c64

      SHA256

      988f593ac91035638e4251c86f4e6ec2a75f39c7d5948c4406558573ebbb8049

      SHA512

      63eb82f5b26309753e512a254db4474bb82c33d4eabc09801463cdbebd3e87a6f8b35a01d07e27edffed825d3cd1431c086c3c0c6ad8c73d1a55d973ce5e4307

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      0d56106e0cb6fcd7ffdc0558b2b5afa4

      SHA1

      79e1e38107f6a537a532de550769ab703bc89b5d

      SHA256

      49a5ad7cb2cc7d518184f1d52669cea48261c6f9dd82462426d9ace986d77314

      SHA512

      905abb4be62750246624d1ed96090478d549be16eb16656cc7f6e6e9a642f3a97133716f551edceb1c5e0f93340fe68b8102638ccfe3879dee0312431877d01a

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      da0477abdb2fe849a28906b68b403959

      SHA1

      9d84f184082277cb3bfb62604f7063f31a61e691

      SHA256

      1dba46421b5628c89be0a12c1fef03aac999e0ec57b87449649af9d26bbed910

      SHA512

      dfb9430856178803c8e25555f5c3344b828ed88984616ff4e94ded655b88d2fc819143f1e89488c54b740617be673f7e050005d28c630e9b7fd718c1599c2323

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      cb114bf054c62780eae7041840383962

      SHA1

      a5d202d07ab1081c27ad1e231594a39668d55350

      SHA256

      4a48fa6c568bc910d4007e3d7851edd4268c8d7343fe7549bbaeb2bb8b474763

      SHA512

      db89bf42ac85c678f99a2bef7f79e4f29ee8444f46c1e50dd89744502172fb74c828659eda9dfdfc5fe0d6a5057c6b06f8d5c1ea672995c1f1cea4363fe4ce5a

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      3003c21536a0a980a5b021af05019a16

      SHA1

      161513f575962366c651b428f102c3c4872f0153

      SHA256

      bee61384ae9bf9a8db68cfd3d35c4319515ae3356f21b752e63dafe000a19912

      SHA512

      356a298c316d502d4da46dbc79deb2e50d7b185ea9067f347a3f6043f060958397d853a3c1fac9025ba14ef62660344f0f963d2b81bd077a3f99c22970450411

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      9311f5df3038f16c66b8015590aa75d1

      SHA1

      ae60cd1ec7bcdeb55cb307fcef258495429b6aac

      SHA256

      9204f7ce26df186cc704a7a6599d4990387ecccabbed8f7fd42a760a1c068db3

      SHA512

      74c1c5dedf0c9a56d0e371d118560e07e89e53e0822e40d2b8f58d1a1a23cb201d2a4807e01d094e2081a954d8656e282a55a8efda11c1563dad3a98eb0ee7e4

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      d34063e657e2151d3af7985debe1e3e7

      SHA1

      3baf415df4572a7254ecb2c4eba0a205a8fa51ab

      SHA256

      8a6cf1cdbff7f17c08142ccb97ee00eaccc60aee3382c0a277dbcef83d79b83e

      SHA512

      e764489228f478c7b876693ced516ec737c52f077116b7c700c09c5595bfe64b1605ae28db681450668bc0a4eb64a73b3437a49ee62cd095a378a9f5e511b433

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      cdb0ab22ceb1b31b47a73fe4b8335f30

      SHA1

      50d86da1d30ca229302f6432369d7379f66369f4

      SHA256

      c634725257d442e53af1e47b478b73f09c59acfa0c880d03b701013ccf4c37e4

      SHA512

      374c8707b8a4c7ef86056c2605d643a283242a4ed7e94826fd10c0649771777c6bb52c21286bebeee08d6ab37f52644177ae5094e045844400c380858f3d551d

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      2b35053ce519aa914a2958a285e21f96

      SHA1

      a1d7efad6184320cea955e36e87cdd997512f8f9

      SHA256

      8afca7558ef295f83b45ff0649850ac822526872c60fb4eb71d6c4c2f987cbf3

      SHA512

      a50e3e34151fd1ef1c8260e9ac2337ab9ec770fc20f2d719dcd6012770c6e20bf79308752bb6762a318a22100e09d9fe7bb1e46ac7bc9fce1983cb19843ed188

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      75c570e47d9445d30bcfe8bc3743e5cd

      SHA1

      af66e86cb8d8b79520b522f6f8933173fd145b2d

      SHA256

      adef88b204c883f26d30488b833c40be0030009226f58c73dd3297c4f6fe2a13

      SHA512

      be30456c5a777c0bf7ef28b33ea014c58efb2ed4e4a0142869a20d68f2a9b2aa35b977ed52f0833416917e223d5b2aed3a16186afd7c67862113b8978d646351

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      219ae9f0e1b7da80c5fb968413a514d8

      SHA1

      eabc85ca8cbcfdc8e684c7707f7b62bd1f26834e

      SHA256

      6ed8611f52bbaf03dc3f107a6085ec85dfe7d94ee3a72935c6103e3c491d5ccf

      SHA512

      8319af8705c39e922faac0f64721b33beae89df4ac47cb58597f9b38114954783f30c4bd74d2350871ead0b9418ff75911cda0595ce2bbc693841c07de20a887

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      6af3c575c979a10a6843b10e4afc1217

      SHA1

      b66e47b703a5dd4e24ee360d564cc2742570977a

      SHA256

      bf272aea8b0631e6cf869e68bdb6d69ab7dc0b965601823157bed6b7464680db

      SHA512

      1d3bc8ebce37380f41868e3ef72eda980edf1324306555bd5e63104b4d7172e775168531ce1ae1d8aca260fbb6175d015d7d90f25dc38a85f2f34b56e1963c67

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      42f370404e95aad9fdb1f2a92583bda1

      SHA1

      64746efc539249bd872294714c370651ea47cef8

      SHA256

      01940fe8c5f84d70b49dacdf4749ab92d2112988f0e2c9d8c399b4d22f5770b8

      SHA512

      8e2954e94014a8189a06dae33503b20b7ee5398fb5c6f16db64175e4032d1d9480a397e9c60f9bbd4c57ecf3f959f2b322c632a16e628f8a08cc89e3193dd4b4

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      974d1c352a458aa9aac30c3cdb8db8f1

      SHA1

      eb6f3474f17aec22afe409300ea630f263a87df0

      SHA256

      6f77aabb412a654b88941faa80af1477f1f230bde7d2e46fb013e37917a5ea18

      SHA512

      c4f1b9f2c256862821a250ae9b8e411a262deeefb9975bd4de76c1b0f15d45844909ec7bc8c93ecced0fff54daa7967b6da6027c15f584c30eb18c0495f904e2

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      3cf79517cafb194e97a3b0508ee75d51

      SHA1

      9773e774456a6c2df10faf10585301a528b11eb1

      SHA256

      271e815a03e8932dabeb62684afc385585752e40e30c70cdab395fcc42da521a

      SHA512

      1a9b9bbd9c83c24450fb29d63d897fcb6c92d871338250a95880a949d226b315d43c5a1ce5e6480499419825f592305b989a0eab330c60ff5d20ead09c8f2ece

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      338abc634f40bdd75098f73c8d5b8394

      SHA1

      d4575872eacee481dbe9c08840c74158bd8432f2

      SHA256

      671b01a8d16d13d0683569d7347e747edfb64c3933a04f77bbc04f23ebaa291d

      SHA512

      d6523afeb7f93df12778a2d24ab8aa578db9901e113abf23892b14fcb49db0b4c8c2755176dd02a377ea0875ad12f09ce1dd66d3e5c42755656eb29cf0f0099b

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      d5a4c585de649ae0defbd6caed608aec

      SHA1

      e61902a7aa46d290e1238b7bd44ee404d6a63302

      SHA256

      f2980ec360cb82c50ad685f68384b6f8eb7683dc34f88f60b6a9d3e9e063837b

      SHA512

      7d769d898af99b20f7132481dca771c8efcd4737c663685661b25543ee720455a34cb1de76ad47ed52144b286f915beb7cb18fe625e414fdd8d78912dfc96ca1

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      28a58649a337c08287f4f35dc7317761

      SHA1

      74d973b47f0217141dcde0bdb19f48c50d8dc0ef

      SHA256

      79d6969ffe8f32a1397cfce5c9e6c32606eda0f822fe5b0c54deaa88a68c8ae6

      SHA512

      d4233814417381b18c759cf0276e1e810d282a9f1e199ea3494b76adaf0ed769bd07a8ddfb053f34c822e9e9de65393da8ad532a8179cb7254dafc0c271ee45b

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      159c35fb32d0432a06ce919c316cdf5c

      SHA1

      fb6b83986876e9e61de6aa9d8e484caccb2f5513

      SHA256

      0a9813fcde50b78ab1c336c17b9d44f5926b20dc2a941820af657126fbdfa37e

      SHA512

      cb53635af8da935344d9ec967353d6bfe5362dc4284978533c52334044588a2aa069c24127fa7674fd5acd26d21c350ffc9a603cc94007b483c3a341b7b4ba07

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      33ac0286ce11dc239aa720657944ad63

      SHA1

      2aa21b8122f81aa5d2f9298dfcf73e3c46613669

      SHA256

      83d1a5a18e6c0d71328a16f37cb4ddd2ed00dcff5ec041bb5e20ba1ceaa929a0

      SHA512

      20f8dc25c438c87b882271f318242cc09d7cd2ddc0e32ed2fdd79f138018fa78812e0584786ee93ae591ab46758e2c2087fe5612662eb3a954ff8b652b553332

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      a88d04e1fff50199f2dfa0ca9d545f4f

      SHA1

      dec397362b723a4f2a779b7262b174ee578fbd4a

      SHA256

      46f92344a7b840a4a83dbe98b9b843d15b22811ab0d3a57c0d1bedc055dfd455

      SHA512

      3d9e13ba2d57d891d280466f418b4dabf9e01461cec3a74752f64353ba20863c190c97cf8ba20a55fcde32300aafbc5504875d8efced52f5df3aac4c14b760da

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      519540e44b296b7a0bb8dbd06b2aaf06

      SHA1

      01a2ba69b29f5c43ba8facc7076bfac94825430a

      SHA256

      4681646310373d9e4496dc46133cf08a0aee6402a9dec73a67f6d376bbe6cc80

      SHA512

      1de98317edcf5863809955da0a4a3ebaa7a968041f516db50d0b61bc66c6613db4efceb5a7c4cb8a09d5da1941327bedb960a77a7a5f206e792983df244e360b

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      06e784ffba6ba00cd32c72bf01dd9cfd

      SHA1

      5e87cff4950d55fac18be3cbcf8a2ad80b9fde37

      SHA256

      d62bb5f33f0cba249983df602cb800f8f93a1337ee573eb24bfc26dc6fcda841

      SHA512

      3ef8153aa6904dac1c73f42b4dbb211ea373f56c735dc1fdbe60d7a26c2fedbe961c1e82ab21365d0713b3112f73b369708476322437665b915109b6f5629099

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      785669645dffdc274f135425e519c64f

      SHA1

      392b835f6c31b4c06d0f9a570d6bab1ec97f02c2

      SHA256

      25bdec8bfb1c60990ceba6f6b87c2b0062778461eb113ae5ba9de329209565fd

      SHA512

      f8210c54d55320fe82e5e4f465da43087b758d5d6b5d8fc9310a88e9c5527a017216de484a95d363ab6cac175d8d15d7ebd824a2bdcff8ceb9a3e09a05af23eb

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      744a1e5a70cba61900fb6c56202c1847

      SHA1

      75b8ee13eb5a1d6dfc5e1c90130374989a0f778f

      SHA256

      5e6eda99c2d63d66b31051ce73273af95d80d9b28c979fcb693b08c1789d3de8

      SHA512

      a64b25c4b90524f5202d898021ea5603e5bf4dbea20a32cccbf9b03b44ceba24efe31c9406acb91a0ea0b896548572f8a9e1de1c36b4ca0b685a394729fc7543

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      aab664fad20ead070e68e72277e8c784

      SHA1

      78244063e1159d9c87e6ff9cd934d3464f47c26e

      SHA256

      175757134f8102cff1cb153d50f68cad6d3a8f39a65d2777185931ba2ca41fad

      SHA512

      8bb5d986ed785215c711c9fa770b3001f3b7c1e7a0c68a8c8e63bd8dc13aeffabd988bb1829943d1d844bdfe0b4eeb0c41d72f7793f779539b157765101bee3f

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      315e59ea8421df13db6d6949c4fc944e

      SHA1

      e18970c0c639979475460a4c9165bcc90edc8bf8

      SHA256

      fbc169c00aeb641e81d8e63f81712219a0795fa0792caedfb0e7edc776d6198b

      SHA512

      d534c6a00d17bad2cfdb84284075a2464ce5df0e5c6659ca3336bf83b374c7c79e725e48f746dc59b916297a6fe18c34e3c25888a4451e1981066d5586694978

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      5d762a454608efb7d7779a81ff4e9b6b

      SHA1

      d392b7a218a7a528aec74eaf6549d46daad15110

      SHA256

      71624cbdf07d3185d5f12a2d5061e18624af8d5d52a8793ad623bc5a83add279

      SHA512

      777061eb13505e3e5fd69169a3ad04873daa2a53b320846cbf1a70be8858436ca657874fdff366c91884ebe8fb339bff410714bcc3850055a4ec9d8e0e1363d5

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      30797bb194c60a9095d565f87d8b9a12

      SHA1

      173738fd882be7df5de96849626d968ec1075f52

      SHA256

      e59a4f4529c742e199d3ad6abb4d13ba86a15f169bd48ccb8e68f030506e9653

      SHA512

      b438f87715495190415bfcaa9d04df5f44a1ec776d075b4459b67df4437f0ea4e8ec9881b1a53ffca7eb8a95088f5d0db4ddad5c29fd0cf6e536b40ea9abbbdb

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      b4353532a4b0bfba34c1b687c9f585b9

      SHA1

      6fb510a2518d9949b4e985885ee3dcd871cebdcd

      SHA256

      b32a74c637b9e5f2aee2babfdaa0ffa2d90aea78cfdf7e2f46aeeca134a2725d

      SHA512

      afeadcc279305fa04c7004096a9b661016db8c44a210d154ce50e292022be8edfe2c62c9f95109d2c8922ac981c495468ce574f75cf094130b547573a580c845

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      12c71651d774e409f4e84abbeebb4a6b

      SHA1

      56fdf2a23a1c107a891b44ab27620cda10436f1b

      SHA256

      09a45c7635f53c94537cecb9acbfca308bc4cd3c965d4d88bd5de93b828acb48

      SHA512

      d20c91ec45b57d762be0c83a70c8bacbf3edc8578f4e635a1c75dcdd57c30da227535f4bc5c2c6b598d5867cc1199dcd619e0372c445e58576a98a6fdc597cb3

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      2bbe3b4b7f82eb69a3380d3b3e7b2054

      SHA1

      fecba9d326a7590aa96cec762b5e8065040a6b1a

      SHA256

      cf1aa35ef68aeb93c08c595ce326357cdec78d1ec11ea8169298e81e32d44df9

      SHA512

      76637de1d16a1be261d7965a7c02195950fa6a7114cbb64a4775e5f1fdf582e80419216ba724cc1e747910e9a32acf8ae5321bbc415f2403ba7a9ea3c608ed03

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      623befd01d3d53e5dafdaec403c2960c

      SHA1

      187cb32fcd0a348a727ad7ab6e435bac3a8b6807

      SHA256

      2dbea5c519f6773b5f3f10f0ea54c739c3e5dedce653f3d12bcc7e9ed3e0f3f2

      SHA512

      92b28b200d8c02fb7318df74cac5c2a803c2bc77f4dad3e99d63749527c8ff2667b4342d14f4f398c2f3398c36b88d9f3850c6efa3d4fef1831e4b0cff6de76b

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      c532ead2c088a04068b0b8d09593170b

      SHA1

      597579b4649914280ebc9c81b099b2bda4538f76

      SHA256

      58bfbdc297d53ce39c5d7db85cc28cdf9a1030bc9d1a51977c8b6c99c6edd4aa

      SHA512

      538532384e631a6319b2d78cd2ba4d00eb3b1973da2c938f7a56248dc63c337f0fe1f522cc2ace9f17beb2b5c2eeb2f081d9fe7a119b19fb5a589a3f8f1f5fa6

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
      Filesize

      242B

      MD5

      cd2bb2005a044550cf6901d824ba6c48

      SHA1

      a6e716f67f713ace803808fe841062ee7d9be101

      SHA256

      783cfbb866a571e93de7be35b88ae65c10ed988aada4eaca94a62db4fa8e1e7c

      SHA512

      6a5087756b802ff8d4402aacb01fc3edf284ae35f3fdee9e4fc8422fced385122b40d6f19ae9e2fe7b2e5a1c3ebebb5e29bc1d482012ca6de017b8be739b705d

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{CEE0F5A3-76CF-11EF-B913-D2C9064578DD}.dat
      Filesize

      4KB

      MD5

      e57a86f6ff8c720f4fdd4d0761a969d7

      SHA1

      b10a6a1930576052bd462d936b883c1fee9fb6fa

      SHA256

      528780c3b1037bd74376a3892a3221d38bdec475fb6c23add4866a5ba0037241

      SHA512

      4fcbb6da19bf2616a58063321ac2eeb1f7a3d81900aeead2aee1047260a5d0893cdd463b5b831ca3c2a2aaa9bc222253e05024631a9c9d2fe7c9082125f0e707

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D70A96F0-76CF-11EF-B913-D2C9064578DD}.dat
      Filesize

      3KB

      MD5

      c647b7c3d88e8d424d1352be2d268cdf

      SHA1

      d2eac5ce133cba29cdd8b167283b1b56734b3f43

      SHA256

      afaa4abfb4db19d8e96651a048d3d9d709a3dc11b1fb3aa1ef6cc4ba2dbe67c0

      SHA512

      ba5d852ef19d67f75a0915717675278955be0a043d29c2a9ab29f4dc48a5b17aacf952c1cedee89cecd6f8269f28f9a3def0ba795db675a00bbdf854fb0f28df

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\RecoveryStore.{E54875D0-3D2B-11EF-B9BE-F2A3CF4AD94F}.dat
      Filesize

      5KB

      MD5

      644f2a148e6b432a5c5db1d2057945d7

      SHA1

      eb058b697f89e4e8ab6a77507c6bbf60f36876f2

      SHA256

      43536193daa376d6fb5366af240022d46f009ae7f43a6e50073ef0da011e9bb2

      SHA512

      a8c21919a048dbf463dc94e2b014307939faca82f930559140f56e8538adcb85b53aa37fc17c7c4193f567f439901289d02e4378b55354a24dac7265139d3acb

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\{F705C8D0-76CF-11EF-B913-D2C9064578DD}.dat
      Filesize

      5KB

      MD5

      3e0dc4e78865efcd44c619e4bc7031de

      SHA1

      7914bc1b66173fc27afeefed92f6f29f6980ce82

      SHA256

      e2448c0f012e63acca8d806433b202ca997964c6af732097d9af63ef0cd31db6

      SHA512

      ce27433600d191916dc62fa5152fbf9640a8e39089f68192353023276fe1a7d15321aaefacaa979309f92877c6866a27cabac851a035b50e2e4dbd40c013011e

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\CabC18C.tmp
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\TarC299.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit

    • C:\Users\Admin\AppData\Roaming\Frfx\firefox.exe
      Filesize

      283KB

      MD5

      ae3fe9b7d59e9f5c770f9c0e6e534287

      SHA1

      e98d2659660ecf6f8da4a557ab5d096451e39359

      SHA256

      467149065efa1e04a828bc92d571a5c40a81e007303f3a3092726b9227ff607f

      SHA512

      1a8f1bf2989d389980c65e058333ff4b25994a489ab1d945a34f5bb97d2e840f75d7261e5564cd8e444ac455fdee62c13b5b5f1e0f4f0d89daa547846eb209ad

      Download Submit

    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\container.dat.fun
      Filesize

      16B

      MD5

      8ebcc5ca5ac09a09376801ecdd6f3792

      SHA1

      81187142b138e0245d5d0bc511f7c46c30df3e14

      SHA256

      619e246fc0ac11320ff9e322a979948d949494b0c18217f4d794e1b398818880

      SHA512

      cec50bfc6ad2f57f16da99459f40f2d424c6d5691685fa1053284f46c8c8c8a975d7bcb1f3521c4f3fbdc310cf4714e29404aa23be6021e2e267c97b090dc650

      Download Submit

    • C:\Users\Admin\Downloads\Jigsaw.zip.nso5kl6.partial
      Filesize

      237KB

      MD5

      5bff26dfd64b0f046427d8a61afb6bc3

      SHA1

      9dfa9415ae804ea985e9b09dc3b40f4b323abc70

      SHA256

      e4a7cc6767410f94cfcbcceadf2d7547741b4ce34b4c2a5d3e0d485a114f1f86

      SHA512

      bf3d2f2745d137a24b1a62019134cdeca11acbc0f7b870fd7ec12c790c1de5405ee1ba5e6692d6c0ddd2e34671b5cc70b4a957b2d8e0a8b0dbe0931277bd5476

      Download Submit

    • C:\Users\Admin\Downloads\Jigsaw\Jigsaw.exe
      Filesize

      283KB

      MD5

      2773e3dc59472296cb0024ba7715a64e

      SHA1

      27d99fbca067f478bb91cdbcb92f13a828b00859

      SHA256

      3ae96f73d805e1d3995253db4d910300d8442ea603737a1428b613061e7f61e7

      SHA512

      6ef530b209f8ec459cca66dbf2c31ec96c5f7d609f17fa3b877d276968032fbc6132ea4a45ed1450fb6c5d730a7c9349bf4481e28befaea6b119ec0ded842262

      Download Submit

    • memory/1764-1332-0x000007FEF57C0000-0x000007FEF615D000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/1764-1330-0x000007FEF5A7E000-0x000007FEF5A7F000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1764-1331-0x00000000001E0000-0x0000000000218000-memory.dmp

      Filesize

      224KB

      Download

    • memory/1764-1340-0x000007FEF57C0000-0x000007FEF615D000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/1764-1333-0x000007FEF57C0000-0x000007FEF615D000-memory.dmp

      Filesize

      9.6MB

      Download