jigsaw | 9783fe2c61f6db5a4f4c67d4371223c668f9c63eea92f1a175fd445899bb4cb3

Analysis

max time kernel
126s
max time network
127s
platform
windows11-21h2_x64
resource
win11-20250217-en
resource tags

arch:x64arch:x86image:win11-20250217-enlocale:en-usos:windows11-21h2-x64system
submitted
03/03/2025, 07:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Unknown.txt
Size

6B
MD5

13bafc7dfbef23df7fec03545fd01207
SHA1

1ca039536450f6cb10b9b2f9fc3d50843a5e3b57
SHA256

9783fe2c61f6db5a4f4c67d4371223c668f9c63eea92f1a175fd445899bb4cb3
SHA512

74205c48c6cf71e404ecf468e30c5a65ab75bf0eaab20400f67a86b2e2f39cb5ce77f14a36a27bf822f38edfd4780ed1bebd43076ad06464f5874d0597056e80

Score

10^/10

jigsaw discovery persistence ransomware

Malware Config

Signatures

Jigsaw Ransomware
Ransomware family first created in 2016. Named based on wallpaper set after infection in the early versions.
ransomware jigsaw
Jigsaw family
jigsaw

Executes dropped EXE 1 IoCs

pid	Process
4980	drpbx.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2250935964-4080446702-2776729278-1000\Software\Microsoft\Windows\CurrentVersion\Run\firefox.exe = "C:\\Users\\Admin\\AppData\\Roaming\\Frfx\\firefox.exe"	Ransomware.Jigsaw.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 7 IoCs

Web Service

T1102

flow	ioc
50	camo.githubusercontent.com
51	camo.githubusercontent.com
52	camo.githubusercontent.com
53	camo.githubusercontent.com
55	raw.githubusercontent.com
2	raw.githubusercontent.com
8	camo.githubusercontent.com

Drops file in Program Files directory 48 IoCs

description	ioc	Process
File created	C:\Program Files\CloseUse.csv.fun	drpbx.exe
File created	C:\Program Files\CompressResolve.bmp.fun	drpbx.exe
File opened for modification	C:\Program Files\RedoLock.dwg	drpbx.exe
File opened for modification	C:\Program Files\7-Zip\readme.txt	drpbx.exe
File created	C:\Program Files\dotnet\ThirdPartyNotices.txt.fun	drpbx.exe
File created	C:\Program Files\HideUninstall.asp.fun	drpbx.exe
File opened for modification	C:\Program Files\MergeResolve.pps	drpbx.exe
File created	C:\Program Files\ResolveDisconnect.svg.fun	drpbx.exe
File opened for modification	C:\Program Files\7-Zip\History.txt	drpbx.exe
File created	C:\Program Files\Microsoft Office\FileSystemMetadata.xml.fun	drpbx.exe
File opened for modification	C:\Program Files\Mozilla Firefox\firefox.VisualElementsManifest.xml	drpbx.exe
File created	C:\Program Files\InstallProtect.potm.fun	drpbx.exe
File created	C:\Program Files\OptimizeSet.avi.fun	drpbx.exe
File opened for modification	C:\Program Files\PublishRegister.js	drpbx.exe
File created	C:\Program Files\RedoLock.dwg.fun	drpbx.exe
File created	C:\Program Files\ResizeDeny.mpa.fun	drpbx.exe
File created	C:\Program Files\7-Zip\History.txt.fun	drpbx.exe
File created	C:\Program Files\7-Zip\License.txt.fun	drpbx.exe
File created	C:\Program Files\Mozilla Firefox\firefox.VisualElementsManifest.xml.fun	drpbx.exe
File created	C:\Program Files\NewClear.xlsb.fun	drpbx.exe
File opened for modification	C:\Program Files\dotnet\LICENSE.txt	drpbx.exe
File opened for modification	C:\Program Files\Microsoft Office\AppXManifest.xml	drpbx.exe
File created	C:\Program Files\Microsoft Office\AppXManifest.xml.fun	drpbx.exe
File opened for modification	C:\Program Files\SkipDisconnect.xlsm	drpbx.exe
File opened for modification	C:\Program Files\CloseUse.csv	drpbx.exe
File opened for modification	C:\Program Files\NewClear.xlsb	drpbx.exe
File opened for modification	C:\Program Files\OptimizeSet.avi	drpbx.exe
File created	C:\Program Files\PublishRegister.js.fun	drpbx.exe
File opened for modification	C:\Program Files\ResizeDeny.mpa	drpbx.exe
File opened for modification	C:\Program Files\Mozilla Firefox\private_browsing.VisualElementsManifest.xml	drpbx.exe
File opened for modification	C:\Program Files\ResolveDisconnect.svg	drpbx.exe
File created	C:\Program Files\Microsoft Office\ThinAppXManifest.xml.fun	drpbx.exe
File opened for modification	C:\Program Files\HideUninstall.asp	drpbx.exe
File opened for modification	C:\Program Files\InstallProtect.potm	drpbx.exe
File created	C:\Program Files\MergeResolve.pps.fun	drpbx.exe
File opened for modification	C:\Program Files\SkipUnregister.jpeg	drpbx.exe
File created	C:\Program Files\SkipUnregister.jpeg.fun	drpbx.exe
File opened for modification	C:\Program Files\7-Zip\License.txt	drpbx.exe
File created	C:\Program Files\dotnet\LICENSE.txt.fun	drpbx.exe
File opened for modification	C:\Program Files\Microsoft Office\ThinAppXManifest.xml	drpbx.exe
File opened for modification	C:\Program Files\CompressResolve.bmp	drpbx.exe
File opened for modification	C:\Program Files\GetSend.avi	drpbx.exe
File created	C:\Program Files\GetSend.avi.fun	drpbx.exe
File created	C:\Program Files\SkipDisconnect.xlsm.fun	drpbx.exe
File created	C:\Program Files\7-Zip\readme.txt.fun	drpbx.exe
File opened for modification	C:\Program Files\dotnet\ThirdPartyNotices.txt	drpbx.exe
File opened for modification	C:\Program Files\Microsoft Office\FileSystemMetadata.xml	drpbx.exe
File created	C:\Program Files\Mozilla Firefox\private_browsing.VisualElementsManifest.xml.fun	drpbx.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133854594808456083"	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2250935964-4080446702-2776729278-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-2250935964-4080446702-2776729278-1000_Classes\Local Settings	chrome.exe

NTFS ADS 3 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Ransomware.Jigsaw.zip:Zone.Identifier	chrome.exe
File created	C:\Users\Admin\AppData\Roaming\Frfx\firefox.exe\:Zone.Identifier:$DATA	Ransomware.Jigsaw.exe
File created	C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe\:Zone.Identifier:$DATA	Ransomware.Jigsaw.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
4580	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2356	chrome.exe
Token: SeCreatePagefilePrivilege	2356	chrome.exe
Token: SeShutdownPrivilege	2356	chrome.exe
Token: SeCreatePagefilePrivilege	2356	chrome.exe
Token: SeShutdownPrivilege	2356	chrome.exe
Token: SeCreatePagefilePrivilege	2356	chrome.exe
Token: SeShutdownPrivilege	2356	chrome.exe
Token: SeCreatePagefilePrivilege	2356	chrome.exe
Token: SeShutdownPrivilege	2356	chrome.exe
Token: SeCreatePagefilePrivilege	2356	chrome.exe
Token: SeShutdownPrivilege	2356	chrome.exe
Token: SeCreatePagefilePrivilege	2356	chrome.exe
Token: SeShutdownPrivilege	2356	chrome.exe
Token: SeCreatePagefilePrivilege	2356	chrome.exe
Token: SeShutdownPrivilege	2356	chrome.exe
Token: SeCreatePagefilePrivilege	2356	chrome.exe
Token: SeShutdownPrivilege	2356	chrome.exe
Token: SeCreatePagefilePrivilege	2356	chrome.exe
Token: SeShutdownPrivilege	2356	chrome.exe
Token: SeCreatePagefilePrivilege	2356	chrome.exe
Token: SeShutdownPrivilege	2356	chrome.exe
Token: SeCreatePagefilePrivilege	2356	chrome.exe
Token: SeShutdownPrivilege	2356	chrome.exe
Token: SeCreatePagefilePrivilege	2356	chrome.exe
Token: SeShutdownPrivilege	2356	chrome.exe
Token: SeCreatePagefilePrivilege	2356	chrome.exe
Token: SeShutdownPrivilege	2356	chrome.exe
Token: SeCreatePagefilePrivilege	2356	chrome.exe
Token: SeShutdownPrivilege	2356	chrome.exe
Token: SeCreatePagefilePrivilege	2356	chrome.exe
Token: SeShutdownPrivilege	2356	chrome.exe
Token: SeCreatePagefilePrivilege	2356	chrome.exe
Token: SeShutdownPrivilege	2356	chrome.exe
Token: SeCreatePagefilePrivilege	2356	chrome.exe
Token: SeShutdownPrivilege	2356	chrome.exe
Token: SeCreatePagefilePrivilege	2356	chrome.exe
Token: SeShutdownPrivilege	2356	chrome.exe
Token: SeCreatePagefilePrivilege	2356	chrome.exe
Token: SeShutdownPrivilege	2356	chrome.exe
Token: SeCreatePagefilePrivilege	2356	chrome.exe
Token: SeShutdownPrivilege	2356	chrome.exe
Token: SeCreatePagefilePrivilege	2356	chrome.exe
Token: SeShutdownPrivilege	2356	chrome.exe
Token: SeCreatePagefilePrivilege	2356	chrome.exe
Token: SeShutdownPrivilege	2356	chrome.exe
Token: SeCreatePagefilePrivilege	2356	chrome.exe
Token: SeShutdownPrivilege	2356	chrome.exe
Token: SeCreatePagefilePrivilege	2356	chrome.exe
Token: SeShutdownPrivilege	2356	chrome.exe
Token: SeCreatePagefilePrivilege	2356	chrome.exe
Token: SeShutdownPrivilege	2356	chrome.exe
Token: SeCreatePagefilePrivilege	2356	chrome.exe
Token: SeShutdownPrivilege	2356	chrome.exe
Token: SeCreatePagefilePrivilege	2356	chrome.exe
Token: SeShutdownPrivilege	2356	chrome.exe
Token: SeCreatePagefilePrivilege	2356	chrome.exe
Token: SeShutdownPrivilege	2356	chrome.exe
Token: SeCreatePagefilePrivilege	2356	chrome.exe
Token: SeShutdownPrivilege	2356	chrome.exe
Token: SeCreatePagefilePrivilege	2356	chrome.exe
Token: SeShutdownPrivilege	2356	chrome.exe
Token: SeCreatePagefilePrivilege	2356	chrome.exe
Token: SeShutdownPrivilege	2356	chrome.exe
Token: SeCreatePagefilePrivilege	2356	chrome.exe

Suspicious use of FindShellTrayWindow 33 IoCs

pid	Process
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4268 wrote to memory of 4580	4268	cmd.exe	82
PID 4268 wrote to memory of 4580	4268	cmd.exe	82
PID 2356 wrote to memory of 692	2356	chrome.exe	88
PID 2356 wrote to memory of 692	2356	chrome.exe	88
PID 2356 wrote to memory of 2068	2356	chrome.exe	89
PID 2356 wrote to memory of 2068	2356	chrome.exe	89
PID 2356 wrote to memory of 2068	2356	chrome.exe	89
PID 2356 wrote to memory of 2068	2356	chrome.exe	89
PID 2356 wrote to memory of 2068	2356	chrome.exe	89
PID 2356 wrote to memory of 2068	2356	chrome.exe	89
PID 2356 wrote to memory of 2068	2356	chrome.exe	89
PID 2356 wrote to memory of 2068	2356	chrome.exe	89
PID 2356 wrote to memory of 2068	2356	chrome.exe	89
PID 2356 wrote to memory of 2068	2356	chrome.exe	89
PID 2356 wrote to memory of 2068	2356	chrome.exe	89
PID 2356 wrote to memory of 2068	2356	chrome.exe	89
PID 2356 wrote to memory of 2068	2356	chrome.exe	89
PID 2356 wrote to memory of 2068	2356	chrome.exe	89
PID 2356 wrote to memory of 2068	2356	chrome.exe	89
PID 2356 wrote to memory of 2068	2356	chrome.exe	89
PID 2356 wrote to memory of 2068	2356	chrome.exe	89
PID 2356 wrote to memory of 2068	2356	chrome.exe	89
PID 2356 wrote to memory of 2068	2356	chrome.exe	89
PID 2356 wrote to memory of 2068	2356	chrome.exe	89
PID 2356 wrote to memory of 2068	2356	chrome.exe	89
PID 2356 wrote to memory of 2068	2356	chrome.exe	89
PID 2356 wrote to memory of 2068	2356	chrome.exe	89
PID 2356 wrote to memory of 2068	2356	chrome.exe	89
PID 2356 wrote to memory of 2068	2356	chrome.exe	89
PID 2356 wrote to memory of 2068	2356	chrome.exe	89
PID 2356 wrote to memory of 2068	2356	chrome.exe	89
PID 2356 wrote to memory of 2068	2356	chrome.exe	89
PID 2356 wrote to memory of 2068	2356	chrome.exe	89
PID 2356 wrote to memory of 2068	2356	chrome.exe	89
PID 2356 wrote to memory of 4060	2356	chrome.exe	90
PID 2356 wrote to memory of 4060	2356	chrome.exe	90
PID 2356 wrote to memory of 3344	2356	chrome.exe	91
PID 2356 wrote to memory of 3344	2356	chrome.exe	91
PID 2356 wrote to memory of 3344	2356	chrome.exe	91
PID 2356 wrote to memory of 3344	2356	chrome.exe	91
PID 2356 wrote to memory of 3344	2356	chrome.exe	91
PID 2356 wrote to memory of 3344	2356	chrome.exe	91
PID 2356 wrote to memory of 3344	2356	chrome.exe	91
PID 2356 wrote to memory of 3344	2356	chrome.exe	91
PID 2356 wrote to memory of 3344	2356	chrome.exe	91
PID 2356 wrote to memory of 3344	2356	chrome.exe	91
PID 2356 wrote to memory of 3344	2356	chrome.exe	91
PID 2356 wrote to memory of 3344	2356	chrome.exe	91
PID 2356 wrote to memory of 3344	2356	chrome.exe	91
PID 2356 wrote to memory of 3344	2356	chrome.exe	91
PID 2356 wrote to memory of 3344	2356	chrome.exe	91
PID 2356 wrote to memory of 3344	2356	chrome.exe	91
PID 2356 wrote to memory of 3344	2356	chrome.exe	91
PID 2356 wrote to memory of 3344	2356	chrome.exe	91
PID 2356 wrote to memory of 3344	2356	chrome.exe	91
PID 2356 wrote to memory of 3344	2356	chrome.exe	91
PID 2356 wrote to memory of 3344	2356	chrome.exe	91
PID 2356 wrote to memory of 3344	2356	chrome.exe	91
PID 2356 wrote to memory of 3344	2356	chrome.exe	91
PID 2356 wrote to memory of 3344	2356	chrome.exe	91
PID 2356 wrote to memory of 3344	2356	chrome.exe	91
PID 2356 wrote to memory of 3344	2356	chrome.exe	91
PID 2356 wrote to memory of 3344	2356	chrome.exe	91
PID 2356 wrote to memory of 3344	2356	chrome.exe	91

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Unknown.txt
1⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:4268
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Unknown.txt
  2⤵
  - Opens file in notepad (likely ransom note)
  PID:4580

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x104,0x108,0x10c,0xe4,0x110,0x7ff9cfffcc40,0x7ff9cfffcc4c,0x7ff9cfffcc58
  2⤵
  PID:692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1844,i,10763000844598458669,1221148546349600712,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=1840 /prefetch:2
  2⤵
  PID:2068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1392,i,10763000844598458669,1221148546349600712,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2136 /prefetch:3
  2⤵
  PID:4060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2224,i,10763000844598458669,1221148546349600712,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=1724 /prefetch:8
  2⤵
  PID:3344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3108,i,10763000844598458669,1221148546349600712,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:4884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3176,i,10763000844598458669,1221148546349600712,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:4548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4472,i,10763000844598458669,1221148546349600712,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4484 /prefetch:1
  2⤵
  PID:3476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4604,i,10763000844598458669,1221148546349600712,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4608 /prefetch:8
  2⤵
  PID:4560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4508,i,10763000844598458669,1221148546349600712,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4568 /prefetch:8
  2⤵
  PID:4596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4844,i,10763000844598458669,1221148546349600712,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4956 /prefetch:8
  2⤵
  PID:340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4956,i,10763000844598458669,1221148546349600712,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5108 /prefetch:8
  2⤵
  PID:3492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5116,i,10763000844598458669,1221148546349600712,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4676 /prefetch:8
  2⤵
  PID:4104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4744,i,10763000844598458669,1221148546349600712,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5140 /prefetch:8
  2⤵
  PID:1136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4684,i,10763000844598458669,1221148546349600712,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5112 /prefetch:8
  2⤵
  PID:3904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4308,i,10763000844598458669,1221148546349600712,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4632 /prefetch:8
  2⤵
  PID:1804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5504,i,10763000844598458669,1221148546349600712,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5480 /prefetch:2
  2⤵
  PID:3104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=4368,i,10763000844598458669,1221148546349600712,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5736 /prefetch:1
  2⤵
  PID:3280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5752,i,10763000844598458669,1221148546349600712,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5612 /prefetch:1
  2⤵
  PID:1504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=3740,i,10763000844598458669,1221148546349600712,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4524 /prefetch:1
  2⤵
  PID:476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=224,i,10763000844598458669,1221148546349600712,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4548 /prefetch:8
  2⤵
  PID:3600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4892,i,10763000844598458669,1221148546349600712,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4436 /prefetch:8
  2⤵
  PID:3128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5688,i,10763000844598458669,1221148546349600712,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5912 /prefetch:8
  2⤵
  - NTFS ADS
  PID:496

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2700

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2168

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4496

C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.Jigsaw.zip\Ransomware.Jigsaw.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.Jigsaw.zip\Ransomware.Jigsaw.exe"
1⤵
- Adds Run key to start application
- NTFS ADS
PID:2116
- C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe
  "C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe" C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.Jigsaw.zip\Ransomware.Jigsaw.exe
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  PID:4980

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe

Filesize
283KB

MD5
2773e3dc59472296cb0024ba7715a64e

SHA1
27d99fbca067f478bb91cdbcb92f13a828b00859

SHA256
3ae96f73d805e1d3995253db4d910300d8442ea603737a1428b613061e7f61e7

SHA512
6ef530b209f8ec459cca66dbf2c31ec96c5f7d609f17fa3b877d276968032fbc6132ea4a45ed1450fb6c5d730a7c9349bf4481e28befaea6b119ec0ded842262

Download Submit
C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe:Zone.Identifier

Filesize
86B

MD5
1d726d00a7033a5dab753d6012eee269

SHA1
0eec68c618a8c4d44299dfb8415b9add0eb03863

SHA256
fcce59c5531bcd9542bc0fcd0427669e9527e71384a83a31199d91f157a01928

SHA512
c50f27a7ed7f26f928fe740d4086c863e7a3c5e86d85cd99ccb83534e6d58b662cd0e4608ac4729774d7028cd4b62e38349e94c67c80a8ecec9c5d637b1b0a3e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
3f4f22e362f46efd64f1860272524e12

SHA1
2a45bb3085fbe92bc7b290516f4d435ac7c458da

SHA256
2f40c337a7791916ad0355c38f10db346ab25cbabdb39cd008255f484280ec4a

SHA512
071d16b112e977b18f3fbad97b274b46e5390f917c0f54242ef83937fff86b9604d7453f8afdeb364d30982c1553e668862ab2af22f24e98222b093c880c680b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.89.1_0\_locales\en_CA\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.89.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
eaf9baceb5cf23c571a74a01d0f31ebb

SHA1
f83679721d890c7549ba3b07cfa3ab59bbf1c391

SHA256
25a4d2245c425ec119bd328a36d321f1c39cd91875358f7f410acdd8b69d3de2

SHA512
1f3b7df00828d299b7daf262f107a11559d80cf5871296c43c05c3bbefeef5e430173b6a6b239cbdd7cb1cd24b22d2d94000e4c959806577362d187a9e57e9b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
35ad7e3426fb0567369bbd67f4924ec6

SHA1
ae5a00cae1f96e573a800b77aa12c58e225a132a

SHA256
e62c47c1e048a153f110f48b9096d8486f50ae4d1ef953ccb89bb85c4e1a359a

SHA512
0acac4e623694e468d4270b930950efe6b8aabe96663fe307675dfa98deae78f7b620013d7ef0fa569c7dfe778a6e39fb276f1412bb57ed418e47bea7be627f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
9dfe94a61f211690bacd3f72c2acacb8

SHA1
53bf2880725121be1ef8ddfd62046c8fdf3c4c6c

SHA256
77631cb279908513150b5d04b7aaa25e2b66e9a7fa4430739d82d9e63b4272cd

SHA512
e3ea34c1fc0c219d6b41da8d64153ae852d4544bdc25fcc569ad6da9c3021f1cda0e05d4bac9fd621c0289d79463e93491ae6808440221c2f67c890816e39e8d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
cc2b708e178145a017b148afc7c3a31c

SHA1
9db57622df786d60335bb74267e0688e127ff5d3

SHA256
b2c0bd57b697a15250e152ddca0afdb6e83d656f46bbd048c1255e849da7c2dd

SHA512
72c163f05531c5477a67fe85cf23505cdb582e0102031cf61e3f61db88507db7e3d05ca4bc6f01d33e5ea6656ccc02b87146bae2316f16575c03dcaaf2c208bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
afb2b7a0605eb7fbfd9bf2adbc610b0e

SHA1
a2e7e66f237b5a8a411ac36e69e4d84b7369e7ef

SHA256
2555197fd2190ea53ad77e529fbfb530046c16e853f8c15d607b448da23abb7e

SHA512
04f2c48b37f953dba3eac10553eb0defde1df40081aa47426a77b267822fb4d2a369f0bbf3c9b9b2f2c849606aba42e25a1138373473ad7be91003effb100b53

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
71c02c4cd64eba2d15b53f3a06b14490

SHA1
fbdf98753f486497d76fc7a88ee36a59bb986e75

SHA256
5abd8b3800fb53bd581fc635867cf770c211b9975b4e9cb40549427cb7f0888a

SHA512
dc32cebb3c9c8124268d0471eeaf17ad8b8f917848f4798fc751b7f8fcd146922dd9a66c3d0bbd3eb85fb52bc847121c3341c9d1ea3b907f7191db32f1e1a1d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
18ab9527dfa6cbed0a3780340b3cbdaa

SHA1
f045c255f1b12d9173911b216d2bcac67492769f

SHA256
0889959227b455dc42472713e911de02f0b5642a638cb514b46fe656b85d7967

SHA512
b45b8b1eb52842c0facfe9c3ba56ba6055cda893e6262463b3f02c7b6644ed23951c9994a8a00acf75512c49045ad629e3f3eab469bb0b288edcfaecd4f55ff1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
31adc5dd670e86bdfe4039120ae84f0f

SHA1
1e47bfe097b675812f7c52608af3fae9d2ea80a2

SHA256
bb3c8af53671086c721f47652698977232b721583d042b72a43675ae7d6e1c97

SHA512
04e05f03115089567e72f6a717172643ba7e4f367a630f3e61653d2c6d5c0688428250a510186f2106f5354c0c850f966697921a51a85fb72455cfc70ba4b99e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
fcad4428f0be89a375ad4903660f0f9d

SHA1
f45b5f2ce1dd4c5a505f7470aea4dcab7f4bf629

SHA256
7fd1dc8c44f73e024f3eba224dc73e6d36635aea5801fa2aeeb1af04e72e6c8a

SHA512
0adcac7eea2cff3f013f19dc91dc40fa7a0924844250ed1d4eb833343f1f8052dbd518d6f3d03b36a36edd8e5160781e0f49505c530f0a5278b758a2f4ce0d3e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
022efb93fc84cfdbca7ca97878782556

SHA1
2d707f0bc669f3fd7ac7b2316015e7cbc9b0f131

SHA256
e4e875bb305b3781df907ea78da7c7917bb1d36a0c1ef762a0397583b735ec4f

SHA512
5391d9fe9164f1d979f023be8cc5cbb9d3cdd2bd5bf413d4273858d512f6738c0095028a682f34ff4df1d922f9f6d2c86ebdf4a7c72d864e0077c2dbd17d414d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5d9e0e35887b5ac295b0f39df0947831

SHA1
9e5f1163f62f197c93d54ebb4008b249993fd1b2

SHA256
34af5996f8723c43b24fa01ea1478e0ae9730259fdc30d6f28ccf6abbb9aa7f4

SHA512
ec0752d39c984ab86fba074472b4dbe4db4392a55762d47e791d7962988015bfe17df65ce29515c98b769499c2c978103357331730ea788a4bf2469d1a0c2a68

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
02dbc67de9fcf966f51170fc7e2b3b9a

SHA1
d2e8bc48fd405ebc477928b7499f5b99e2918a47

SHA256
e4fef2a1d61f258a591750964c0091baa40058e60f20a5bb6880513dda517d33

SHA512
ec04b1f489540d6800e7d2e37b0f716d9ecf623f5609059e736d58f9be7f3137457de6333599582ebc24f55176a4952d35c0281a0c4cdf1a1c661f8ce60e1bda

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
476fc4d9714ffe2145a49e3d4581a997

SHA1
29e908ee718a43eb4494cf9930e2d996e445fd5e

SHA256
e0352b9872ae75cf01396f426f94657b68a971153ef6d469341cb14764c281a3

SHA512
48f12609c1804558f02ee0b51551001ec5fe51af5639ec30471883a8f8115c0492c0d68ab8cc4044b298a868f25a672e2a657f6c89d9df001261e5ffff55a948

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7460fe8a755e4d31e367867c48786049

SHA1
bf701fd8e904fd1686510653a8102ad002820b2c

SHA256
f966f8b5506db29da3be5d372d3078c6fa67aab2ea95cfe3ebdb7d3bd831b983

SHA512
3c95980e4a4b9b4cd54214e08a95b949f365dc6ce2d90fce039a8d62c9c7f2df3b675b923f4f5bfee90126bbf922ae92377f5914d34eb399c85e2f3bb5bec930

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a1eed610c0fab3931bf29224a31fde95

SHA1
15b292ba32e8256e7991529b455525183883298d

SHA256
bd0bec67f2d5237e6e826fc6521188195b3d180ad063a63bf689c350f7fcf2d6

SHA512
75431a378eef1ef2d4f501b14d6a1541560636dbba43ed28845da44df7638ebd0f0644fec2ec4c2d647fa2c8506b1bd3714a817e41ab3cb14656dc2f0d12f78e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
45a4463a419d258d67749f073a6a1035

SHA1
27dec38733990f75639d5a76b7a6e5f2e70024b4

SHA256
0f78925010d44ad2818c47537144c2e6d31d74e209ddcef31f3bc83c12aad096

SHA512
e83b977b62b04ab4aa14686381b645d11d377e53258d68451f8f1b8a9c945135a5a91162dc4e0c4aff09ea8b37bd4bc1ca770086e661bdcc0c12564da2d6f50b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
065ba1790a5fce54def747a110eea90d

SHA1
71d3454395d27eee227f048fa2b4db8fe3b404ef

SHA256
abdb3326dc84dd5c526daaca1ea31c174ad2b030a00cc61e7e8ed1db2eee1257

SHA512
2eb5b39536114ad9ef48581e83e792932fd6164ff9735db33fc6826f03702f486ea1245b5c4894111765ddd9dca423230992a8eb02d5ee38f65671ca408eff65

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\e4e0b0d1-1590-4a89-97a2-dd2c9597914e.tmp

Filesize
649B

MD5
5e7f4ffdc2ba9380875c8f1bc317f1b2

SHA1
f3131d0024123ca2cfe0d3c1e834dc91dc27debc

SHA256
ac0278fcad199e54f1cdd52afa362ba113fbcd1f592ccc1a9ae220c0a731f446

SHA512
3edb15f94bf79d2489a3524138c49b2fabac0adc29a641306f505646359be19d41fd3439f72d35bcb0ade46f5eaad193c88c62175b6a0e653d900948dd5333cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
246KB

MD5
ebc065e4ec261b359f4ecf95bf894395

SHA1
8f59f2bcfd89978af123bca946a200173d434a30

SHA256
b2684b495d7ecff7ed7239ef0010487063fafc3d5244a25eb6e4c3354a6b8a60

SHA512
ca8ff228746b49cc1b956dd2387b762862803bdc86bd8129527e9975b74fe8b4579e0de5599704f1740a4db9cadebc07e2e8d2bfbaa23faaffdb7347bd7723ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
246KB

MD5
239387bc4979cd7daa598a3d747f9976

SHA1
9c4f62378ec1bdff1c7b9f675c760f2857a0763c

SHA256
3fe51636d0270bc78d0feb6947e737cf7fb8345feaa1337d6d97e0ca31aa41cc

SHA512
c6dec34c3163892aa4038abb01edaa28303b83b2699435019c681d0e30a68d2788190d946a5e6a1c65b71a85c511b7dd89ee0d639787d52614134ac6dc749ed8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
305KB

MD5
6ce88a5c697d002623b7acd7a24af750

SHA1
6c4f9922e9f7dec634eb5663ac688b679aa307fd

SHA256
5dd995845fe3194a3b5b12c19e92bab332fbc47344d3e5107b5f1f20f548925a

SHA512
b652171e963580a56731a078ca9db4634f7c93022bf897c95f067011c3821439ce9443c0ce5f848a37ac0a95cc086446ff11c1641af0c50ea00c663ce4bc864d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
246KB

MD5
b9051bb16f6e19878817054a72cc486a

SHA1
096f64f5f82e215a815970b79729bb48acb3fa17

SHA256
1715c853c104ced85a6cdc513379730ffc0d78fd388ae971a4430daa2c4f832f

SHA512
2cc0a5798922c9e0febca94f5038c2228c4c468e42db379541bb495f4920600d8633494f02b6f8baa48345f797cab89e534a0b41854b3b770bdbe889b0eb104f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
124KB

MD5
27cc4d6ae87b9fec3dfd4040ab3cfba4

SHA1
c4f86a79640799db56df49cd45d29513b6106154

SHA256
e40d699722eb8982c5bc4b0d193540f08ebcd8fac13a9a937bed9f822edf9983

SHA512
19f90868d65ec86161c99b3692e0266a96a58985f36309dda9500a50d6c4ec7e770b70615249ff5e3c87dc74c9ae4802bde0bfe6a6e3d55d40cd04e500733ade

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2356_1688130874\CRX_INSTALL\_locales\en_CA\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2356_1688130874\c5aa3906-9360-4579-a658-0a62db3070c2.tmp

Filesize
150KB

MD5
eae462c55eba847a1a8b58e58976b253

SHA1
4d7c9d59d6ae64eb852bd60b48c161125c820673

SHA256
ebcda644bcfbd0c9300227bafde696e8923ddb004b4ee619d7873e8a12eae2ad

SHA512
494481a98ab6c83b16b4e8d287d85ba66499501545da45458acc395da89955971cf2a14e83c2da041c79c580714b92b9409aa14017a16d0b80a7ff3d91bad2a3

Download Submit
C:\Users\Admin\Downloads\Ransomware.Jigsaw.zip

Filesize
239KB

MD5
4161238e76dc9ae69c0c96fade43b0bd

SHA1
bf51e618d59253075d33461a353d20018ad177a6

SHA256
bc6c2a22cf086bb9f18e100866c83377a2c8cfb4f3b9cbc0330194d58edde7df

SHA512
2e93a58e3ef51d210ae16e56e745eb60056a86ebfb86b34f15e1d66a86997aa48f6091e4e0829144295cf4ad08f36a0a60c45726ccfaa440fb80217fb18697d7

Download Submit
C:\Users\Admin\Downloads\Ransomware.Jigsaw.zip:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
memory/2116-890-0x0000000001430000-0x0000000001468000-memory.dmp

Filesize
224KB

Download
memory/2116-891-0x000000001C190000-0x000000001C65E000-memory.dmp

Filesize
4.8MB

Download
memory/2116-892-0x000000001C660000-0x000000001C6FC000-memory.dmp

Filesize
624KB

Download
memory/4980-925-0x0000000001700000-0x0000000001708000-memory.dmp

Filesize
32KB

Download