Overview

overview

10

Static

static

10

CashRansomware.exe

windows7-x64

10

CashRansomware.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    146s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240419-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07-05-2024 01:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    CashRansomware.exe

  • Size

    2.6MB

  • MD5

    33559005506dae5967c8ddeaa8a65f5b

  • SHA1

    0d3c40848c443d4c7dbada45fe976cb9f616c9c2

  • SHA256

    5525d297a346b80912c4f5ec0ac4875e9d49f96d01e52c10df5c064bd803bd79

  • SHA512

    1591fe81d82b18b854299b0ccc72ec2f31208a9ab11afd75047a3d2e3b2ae7931bd412a8401eff57790348ddb5463c31dfc3f870a6c9eef8ef86006b55be7e55

  • SSDEEP

    49152:xDmflSXRl/s9YcuT/s9YEQtQRTMYIMi7ztf33cSywWyFoEgn9u:xDmflEVsGfzsG1tQRjdih8rwc

Score
10/10
zgratransomwareratspywarestealer

Malware Config

Signatures

  • Detect ZGRat V1 1 IoCs
  • ZGRat

    ZGRat is remote access trojan written in C#.

    ratzgrat
  • .NET Reactor proctector 1 IoCs

    Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

  • Drops startup file 3 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Looks up external IP address via web service 4 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Sets desktop wallpaper using registry 2 TTPs 1 IoCs
    ransomware
  • Drops file in Program Files directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 11 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\CashRansomware.exe
    "C:\Users\Admin\AppData\Local\Temp\CashRansomware.exe"
    1⤵
    • Drops startup file
    • Sets desktop wallpaper using registry
    • Drops file in Program Files directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:4648
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Desktop\Cash Ransomware.html
      2⤵
      • Enumerates system info in registry
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:2984
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa20b546f8,0x7ffa20b54708,0x7ffa20b54718
        3⤵
          PID:4696
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1948,16724768669212829155,9653685408915275214,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2
          3⤵
            PID:1600
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1948,16724768669212829155,9653685408915275214,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2340 /prefetch:3
            3⤵
            • Suspicious behavior: EnumeratesProcesses
            PID:4468
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1948,16724768669212829155,9653685408915275214,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2684 /prefetch:8
            3⤵
              PID:4532
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,16724768669212829155,9653685408915275214,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
              3⤵
                PID:4604
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,16724768669212829155,9653685408915275214,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
                3⤵
                  PID:2020
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1948,16724768669212829155,9653685408915275214,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5084 /prefetch:8
                  3⤵
                    PID:4328
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1948,16724768669212829155,9653685408915275214,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5084 /prefetch:8
                    3⤵
                    • Suspicious behavior: EnumeratesProcesses
                    PID:2544
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,16724768669212829155,9653685408915275214,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1
                    3⤵
                      PID:4988
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,16724768669212829155,9653685408915275214,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1
                      3⤵
                        PID:3404
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,16724768669212829155,9653685408915275214,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1
                        3⤵
                          PID:5224
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,16724768669212829155,9653685408915275214,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
                          3⤵
                            PID:5232
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1948,16724768669212829155,9653685408915275214,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1932 /prefetch:2
                            3⤵
                            • Suspicious behavior: EnumeratesProcesses
                            PID:2160
                      • C:\Windows\System32\CompPkgSrv.exe
                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                        1⤵
                          PID:60
                        • C:\Windows\System32\CompPkgSrv.exe
                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                          1⤵
                            PID:1572

                          Network

                          MITRE ATT&CK Enterprise v15

                          Replay Monitor

                          Loading Replay Monitor...

                          Downloads

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhi\CURRENT.CashRansomware
                            Filesize

                            32B

                            MD5

                            21dedd6cc02bd0e5e9ed2bd772ee41f8

                            SHA1

                            577c9e4f59995a2da2eee7aa764fe85f1268ece2

                            SHA256

                            0b028bf8b633f85c2128a6746ea9bfffbbbe669b6ac6af85ff8c99b87af3107b

                            SHA512

                            0eee49ca771e9dd6cb457361ba03506f1e4cde2163ec7d6ff57f12b75269a53fedd42d7a26e665065d59d0ad332b865678b831e53e8225f87cb69c72fda2dd0f

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhi\MANIFEST-000001.CashRansomware
                            Filesize

                            48B

                            MD5

                            cc0246b2bc01418737710d861531d09c

                            SHA1

                            8b7f3676da7b6ee1cb3ac7b2504764d5b6b7a855

                            SHA256

                            b7b5ad11131fbb81767e0e643027e88cb0ff7f5d76211411cfb4d9451810d729

                            SHA512

                            60ffb255e49b531a8e29d85ac87930993d9443aaa87e9d3b9fc3f8affbd4f788bccd609ac99708e25062da62a47bdc345a356a8ecb433c3447ef5d97ecb29872

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\js\index.CashRansomware
                            Filesize

                            32B

                            MD5

                            43fbd067b228ff0d30e7828294793ce1

                            SHA1

                            8248dcdbc76e25a2724ec4d222934479d1a02580

                            SHA256

                            93044727179139f5a220b2f0d46265ff59f241188c88f32857145f1ef101e2ff

                            SHA512

                            af5f0b4d6d4d24f849c12b684b9c5b62becfa6f946ffede93c9f81f8890fc1d3955de7af2467c899724857c89522dbe315c3be5517a3214b106bde8f7e7e7101

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache\data_2.CashRansomware
                            Filesize

                            8KB

                            MD5

                            37c21a5e7c47bab213f041426e425ac8

                            SHA1

                            c48341fb869caf9b9fba84d848ad5a6f6b3bd7ff

                            SHA256

                            4c2792a8b095eca01beb4ef151e994e1a965398993d8fc20f185a062b775ac15

                            SHA512

                            7de92565591e1961c6fa691378c46fbae427b7364f6fbc8c83b644c8cc6889eb1987bba107a011bc4674115fa94a9c12ec9465e42d935ceb8c58174ba0171455

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GraphiteDawnCache\data_0.CashRansomware
                            Filesize

                            8KB

                            MD5

                            bb498031c70c5742b507696898815c39

                            SHA1

                            41b5a73bc3e185051e46850b97a985f208dc9788

                            SHA256

                            62b68c273f8f22811f084a2e5a66b539381f86150285b574ff964787e9334add

                            SHA512

                            49367c2e8a4e0d4b32c1b50d7bc8757083aadbc92de9165fd76e0c773346420814808e81b195c0b7d491558144cad296f7cc06dc3b34fa6bbf828145a5ea35ff

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GraphiteDawnCache\data_1.CashRansomware
                            Filesize

                            264KB

                            MD5

                            e78ee0b58bbe57ce4c66dc650f64a632

                            SHA1

                            ad094f8f9199416dc2fcdbc586e12cf49483d2a0

                            SHA256

                            ab2b63e92b8ac8ea3d24135ead8287fc8abe2dcdc7deba855128075e0e41c168

                            SHA512

                            300d9d3943100e8bad1027b822133c9b7b112d546b2dab1af9567baed65ba850199f9ecff9dd94c5aee0feb994a5ec8e7af9bb64a5cd0b3aa09c0d2f660d14e3

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GraphiteDawnCache\data_3.CashRansomware
                            Filesize

                            8KB

                            MD5

                            8f3c8f7c4f671f7516c51f10182f46e6

                            SHA1

                            03275b8518212b491f7cd5d14d8e5596e6e907f0

                            SHA256

                            a16c3877eab0e02c6d804f1989f9749a8c1b7ddfe551b225b6ebc453e900c308

                            SHA512

                            6a7c1e2c654afdb5b5825932b667fcd0c7a2e3fe42f70657f183e024ba93148e336a9470341ef2a6945ef9cb724a145ab43694cc1ef813b98b496d4a173c809b

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                            Filesize

                            152B

                            MD5

                            919c29d42fb6034fee2f5de14d573c63

                            SHA1

                            24a2e1042347b3853344157239bde3ed699047a8

                            SHA256

                            17cd6de97a0c020cb4935739cfef4ec4e074e8d127ac4c531b6dc496580c8141

                            SHA512

                            bb7eadd087bbcec8b1b8a49b102b454333f2f9708d36b6ffc3c82fdc52e46873398d967238c3bfe9ac6caef45b017a5fe3938ebf5f3053e4ef9be7b2752b563d

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                            Filesize

                            152B

                            MD5

                            8b2290ca03b4ca5fe52d82550c7e7d69

                            SHA1

                            20583a7851a906444204ce8ba4fa51153e6cd494

                            SHA256

                            f9ff4871fc5317299de907489d466e630be63d698c8f7cb77cc81faddbecc6d2

                            SHA512

                            704ec8122cc1c263dff67ddbb5c20ee0db8a438674d716bc3be5b266ee5629a219b0049d721f9eb2dd8f2d8fda0163659eaa4d3e1f0a6e9072a8ffb92bb2b25d

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                            Filesize

                            176B

                            MD5

                            4b0fdb42df7710656db54c391246153d

                            SHA1

                            76448462cca39b432c314f680ebb330258a28749

                            SHA256

                            72b128de5bd06d50af02c4113956687082280bd564ff6b5517e4bc466ae5d526

                            SHA512

                            f5681e8c75062df44e985069f51ebaf7f0cf0e10427b5dc4800e1c8af1d401816cc9bafad6157afcea9c85bf347540211332c273573c706632c290cbf90de067

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                            Filesize

                            5KB

                            MD5

                            1456060317d08f1739a13f38eafde7cb

                            SHA1

                            2d790eea74dc7c3fa826dd9f2b39e2b9011a31a1

                            SHA256

                            43923b6626e9062d6b3c8402b7d4e500a800db89b57728851c92c8369ffb559b

                            SHA512

                            03c3450970a2deb7e617bc22a5906a6d85db532bd776c87c2e5d3a8a8c3c55639b38b793788731846fc56a7a37441d1b12d99dae1bdd8da181e22342613bd6fa

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                            Filesize

                            6KB

                            MD5

                            648c6987277c88d57dd51c617084c77d

                            SHA1

                            160b5be497f76ccfb18f4037e97613bfea44f564

                            SHA256

                            f73bbf6c5f7dfb1c3d183dcdeddd36daef19b5ceb20ce19447a750477df7a028

                            SHA512

                            22f9355d7e2d93584396d36ce3c305083a7d00878752a5b7e61733ea7bff9d4fc6fa1632d6c663235c5773f74fd351e573090fe0c4a3b2be390ae48b2c2cfdba

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                            Filesize

                            16B

                            MD5

                            6752a1d65b201c13b62ea44016eb221f

                            SHA1

                            58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                            SHA256

                            0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                            SHA512

                            9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\b0699e86-22a7-40bd-84ea-3c3fb0ad5b56.tmp
                            Filesize

                            11KB

                            MD5

                            7270b9e39ca71e94378bcb1c4b7ab2df

                            SHA1

                            3375ccfa273a0c69994138608986e01a0f35d471

                            SHA256

                            3b351d4712d51a7725cc4ca927bceb105d3cf3c26a3c03f07705bef455888f7e

                            SHA512

                            9f38473f2fe4c535e5a422dfbd2305af7ad6ae0b9bcb0530fc66bb90bf6b61091c47c6802a13a7ae41fbef6c827229888d045c008cbb91bac403e211fd907275

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat.CashRansomware
                            Filesize

                            8KB

                            MD5

                            f6c59081a65f0a136d2f510ef190f132

                            SHA1

                            2d6146f8b1fbcb6c13212f742e1d257ce435770f

                            SHA256

                            4da59beea8864f792e4e789def594797ccd838d7ed3abe48a0d86044c41f0733

                            SHA512

                            3d72457de2352606ee48f96263194da4878ff2a372dbe44cdde2119d3cca019f39bbf3810485ab4ac044ceea2c833551c35cc80d2dca09d7b11dda8634bff3e8

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_AutoGenerated_{A5E73466-E220-8EF4-B956-A582187356D9}.CashRansomware
                            Filesize

                            36KB

                            MD5

                            4ddef82f98137370d058bff495aa01d6

                            SHA1

                            49f538da53edc87587900b88e8f22805133c500e

                            SHA256

                            98100664ff6a542ae4d0651c88bd8f861c00c78265f8c4058e41e81aa5e95c1b

                            SHA512

                            ccb022e434addc19a56e9dada9126626e119feef70aa7e9c220eadb5f93e3f06947a50880fee8e64c678428c3fb59b76b49b2a45996749c6d1f734e3a93dd868

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_comexp_msc.CashRansomware
                            Filesize

                            36KB

                            MD5

                            3c86a9cf9bd55de5d41909c2a0ca0894

                            SHA1

                            51b8c6613eea2da23a4c25bd4bb7929ad943f1e7

                            SHA256

                            c288959894c7e0224f26506bb905fe39334465bcbad961d628dc092267c13922

                            SHA512

                            c8bb5d96c684dee6adb569c54e464f02bf23cd326745f2e413a3ec73a5acf9b72c0b2eeb9c181c9364aff32162417a68c8d85915c8f9e122566e87f9b4979660

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{9341b00b-3c0d-4d61-852c-de825c5f186d}\0.1.filtertrie.intermediate.txt.CashRansomware
                            Filesize

                            16B

                            MD5

                            0af307ddaffa8be96537b22e09148b3f

                            SHA1

                            8f2fa7925e4bee75100e60e877355e8bb2e86620

                            SHA256

                            5ab8f36ec9e9b0d773dd1a34e49d766dc6beac1e28be9453f9ed0f158354749f

                            SHA512

                            1b8b7d15ea9bfab76475c1cf9091d2096a954370aa23d1a21007f91251dd519bf326ebd11825dc4affea397c9f43449464a6cc104ddc36f2d05e4ecc10ac2d80

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{9341b00b-3c0d-4d61-852c-de825c5f186d}\0.2.filtertrie.intermediate.txt.CashRansomware
                            Filesize

                            16B

                            MD5

                            51f16806aa0aa37c497687bc9832ff6e

                            SHA1

                            fcfc0fbc22c2ca1fa09a02310791b5db74885e9a

                            SHA256

                            ac13921743bd30b23093e46cda4e3625b8973111a30f21899a6a7c0ac6dcae2b

                            SHA512

                            a8664738882387c28006d7d82d425d9608a7bfefbb1123a264eefd6fd124b1183c1e4881fe8a125777f4c1ead30ce1c97bb3a958878d3b2f62b4203433ea408f

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133579836733239332.txt.CashRansomware
                            Filesize

                            77KB

                            MD5

                            919071e1a25e512f1044bf6e4814dab3

                            SHA1

                            fc6b02d1829737a35eea61d025520eaafc62bf75

                            SHA256

                            672490e5a388e1677a779200069d668a307565e3f4831bb02f7c76a018a6f3fb

                            SHA512

                            01e47f608f8f3fc0bbe29785df091598eb24c93a4f88549bf9f6046792bb129befacd35a66837f8a9221ad4d61804947f30b07605362404092c2b705eaf282ee

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133579839229142017.txt.CashRansomware
                            Filesize

                            47KB

                            MD5

                            24ee5ee48e6cee9a31cde52eb2bd6e32

                            SHA1

                            5cf0d86103ad48eda6d0c7390189cdff1676225e

                            SHA256

                            87e865aac5574bbe8bb50022dfa146b0ef85dd61eafd553f79f1e00f11764b5a

                            SHA512

                            2dc947d236ba6588858399b99bd18aa46287dc50860039f9bcf1c3594ba88b8ef7b1939417530b5e44c0e290c589c31052831e20a4b3f261a8968c86b542c670

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133579846343471163.txt.CashRansomware
                            Filesize

                            66KB

                            MD5

                            71d605e49a1c221e660a8dc5c8b51d42

                            SHA1

                            d67467ae05758bab9c689bcacee6b9d9b48469f1

                            SHA256

                            373332cbf1b5b590c7b2eb97748b8052a1b1384ee3a0f305090e383d9547eabe

                            SHA512

                            2b3bedb6d10cfa59b8b691e8a347b5ba462054b1e3a0aecca56f38bba31ded206baca324b256459191bfc78c8b89e35193a0f8358b47fe12ced430e57cc0df02

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133579863532095608.txt.CashRansomware
                            Filesize

                            75KB

                            MD5

                            1118545a35a9df2f54eff0fe8e86ce50

                            SHA1

                            c33229dd6268412e5d4a871234129e97b7c2147a

                            SHA256

                            f4bb2f61c8d5da52595592b0f7700a632ad41469f08f7a86873c02a9920e110d

                            SHA512

                            48857671276e2d12753750c9e3eea31a933921c2b5950636305613dee962917dedbfd1729890df1f092bdac1f252e6fe04adae1b071d7acfdf91a0bdff3d05ca

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rvwtj7c1.default-release\favicons.sqlite-wal.CashRansomware
                            Filesize

                            16B

                            MD5

                            5632a019539d8075627fa1524bab255b

                            SHA1

                            9e8b53249640fb2ad9e587fb5472681768dd167f

                            SHA256

                            0108010ea38530d71d53d6a56dabd0d17050233e4f4c706cf9684993875007f1

                            SHA512

                            85e7f79da14b0f6019e0b79af6f45f776c96f74890ad8a365055cd6e45ed1198e7aa7c3befd48b81bbd9921be0ef2cc0f0baaf3bf79db6656583445bc163ba85

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rvwtj7c1.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite-shm.CashRansomware
                            Filesize

                            32KB

                            MD5

                            4b4c70f2488f3581b6aff5b20354e8ea

                            SHA1

                            c20108d91dfeada8a30f628007946fd5075e74f4

                            SHA256

                            6450a1d0a479ac951fb811bd812999c7f156f1608f77ddf149fdb038574f2ffe

                            SHA512

                            08f7369c0ae2e3b55012db9f1b0a8acd0b87e0514cceedeff6886ae0edd931d17b1ba5fc850b723528835089ae8327c98783012af13af902e6ccac7771640bdd

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rvwtj7c1.default-release\storage\permanent\chrome\idb\3561288849sdhlie.sqlite.CashRansomware
                            Filesize

                            48KB

                            MD5

                            bafbfd5db389e8744f37108d4bd02d25

                            SHA1

                            36dd0585ee8fd859a2f50a75b38a27e9062f7869

                            SHA256

                            9ffe11118a15cbf9171475a17015886e210c8d7eab2dc922ed379949422cd9e1

                            SHA512

                            63a50cb92129427252ec71d2bec19ab887a1ca89d464bfce385f6c0ed76036b27c17726906d1eff075691b67cb233e122275f7bc4087f14046498ba3544dcac7

                            Download Submit

                          • C:\Users\Admin\Desktop\Cash Ransomware.html
                            Filesize

                            9KB

                            MD5

                            b44c1106109486adefa62d352250f1d3

                            SHA1

                            d4787ee913a4164c516e277a2687b52b527fec0a

                            SHA256

                            795871572a9fec91cc932c8da13bcaea754b78342a543a007cfbb1b9736ff39c

                            SHA512

                            3dba0c6947757797eb586737d2bf19a73ebfd4a181978b6c9cd3a1d3e8b8fae3d363f88cacac78a2a19b1554603698bdcddab0c97df9060a2d1cbb241b33521d

                            Download Submit

                          • memory/4648-0-0x00007FFA2AC03000-0x00007FFA2AC05000-memory.dmp

                            Filesize

                            8KB

                            Download

                          • memory/4648-1796-0x000002091DBF0000-0x000002091E118000-memory.dmp

                            Filesize

                            5.2MB

                            Download

                          • memory/4648-1795-0x000002097E5C0000-0x000002097E782000-memory.dmp

                            Filesize

                            1.8MB

                            Download

                          • memory/4648-1794-0x00007FFA2AC00000-0x00007FFA2B6C1000-memory.dmp

                            Filesize

                            10.8MB

                            Download

                          • memory/4648-1837-0x00007FFA2AC03000-0x00007FFA2AC05000-memory.dmp

                            Filesize

                            8KB

                            Download

                          • memory/4648-1838-0x00007FFA2AC00000-0x00007FFA2B6C1000-memory.dmp

                            Filesize

                            10.8MB

                            Download

                          • memory/4648-1793-0x00007FFA2AC00000-0x00007FFA2B6C1000-memory.dmp

                            Filesize

                            10.8MB

                            Download

                          • memory/4648-2-0x00007FFA2AC00000-0x00007FFA2B6C1000-memory.dmp

                            Filesize

                            10.8MB

                            Download

                          • memory/4648-1857-0x00007FFA2AC00000-0x00007FFA2B6C1000-memory.dmp

                            Filesize

                            10.8MB

                            Download

                          • memory/4648-1858-0x00007FFA2AC00000-0x00007FFA2B6C1000-memory.dmp

                            Filesize

                            10.8MB

                            Download

                          • memory/4648-1-0x000002097AD00000-0x000002097AF9A000-memory.dmp

                            Filesize

                            2.6MB

                            Download