Overview

overview

10

Static

static

10

5525d297a3...79.exe

windows7-x64

10

5525d297a3...79.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240419-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08/05/2024, 01:53

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    5525d297a346b80912c4f5ec0ac4875e9d49f96d01e52c10df5c064bd803bd79.exe

  • Size

    2.6MB

  • MD5

    33559005506dae5967c8ddeaa8a65f5b

  • SHA1

    0d3c40848c443d4c7dbada45fe976cb9f616c9c2

  • SHA256

    5525d297a346b80912c4f5ec0ac4875e9d49f96d01e52c10df5c064bd803bd79

  • SHA512

    1591fe81d82b18b854299b0ccc72ec2f31208a9ab11afd75047a3d2e3b2ae7931bd412a8401eff57790348ddb5463c31dfc3f870a6c9eef8ef86006b55be7e55

  • SSDEEP

    49152:xDmflSXRl/s9YcuT/s9YEQtQRTMYIMi7ztf33cSywWyFoEgn9u:xDmflEVsGfzsG1tQRjdih8rwc

Score
10/10
zgratransomwareratspywarestealer

Malware Config

Signatures

  • Detect ZGRat V1 1 IoCs
  • ZGRat

    ZGRat is remote access trojan written in C#.

    ratzgrat
  • Detects executables (downlaoders) containing URLs to raw contents of a paste 1 IoCs
  • Detects executables packed with unregistered version of .NET Reactor 1 IoCs
  • .NET Reactor proctector 1 IoCs

    Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

  • Drops startup file 3 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Looks up external IP address via web service 4 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Sets desktop wallpaper using registry 2 TTPs 1 IoCs
    ransomware
  • Drops file in Program Files directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5525d297a346b80912c4f5ec0ac4875e9d49f96d01e52c10df5c064bd803bd79.exe
    "C:\Users\Admin\AppData\Local\Temp\5525d297a346b80912c4f5ec0ac4875e9d49f96d01e52c10df5c064bd803bd79.exe"
    1⤵
    • Drops startup file
    • Sets desktop wallpaper using registry
    • Drops file in Program Files directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1460
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Desktop\Cash Ransomware.html
      2⤵
      • Enumerates system info in registry
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:3924
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaf6a346f8,0x7ffaf6a34708,0x7ffaf6a34718
        3⤵
          PID:60
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,6939890900251704698,18404658813151033396,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
          3⤵
            PID:2900
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,6939890900251704698,18404658813151033396,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3
            3⤵
            • Suspicious behavior: EnumeratesProcesses
            PID:2028
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,6939890900251704698,18404658813151033396,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2820 /prefetch:8
            3⤵
              PID:2960
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6939890900251704698,18404658813151033396,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
              3⤵
                PID:2740
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6939890900251704698,18404658813151033396,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
                3⤵
                  PID:1076
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,6939890900251704698,18404658813151033396,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5212 /prefetch:8
                  3⤵
                    PID:3656
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,6939890900251704698,18404658813151033396,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5212 /prefetch:8
                    3⤵
                    • Suspicious behavior: EnumeratesProcesses
                    PID:2200
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6939890900251704698,18404658813151033396,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2408 /prefetch:1
                    3⤵
                      PID:2060
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6939890900251704698,18404658813151033396,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:1
                      3⤵
                        PID:816
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6939890900251704698,18404658813151033396,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3520 /prefetch:1
                        3⤵
                          PID:1448
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6939890900251704698,18404658813151033396,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3572 /prefetch:1
                          3⤵
                            PID:1888
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,6939890900251704698,18404658813151033396,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3920 /prefetch:2
                            3⤵
                            • Suspicious behavior: EnumeratesProcesses
                            PID:452
                      • C:\Windows\System32\CompPkgSrv.exe
                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                        1⤵
                          PID:540
                        • C:\Windows\System32\CompPkgSrv.exe
                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                          1⤵
                            PID:2564

                          Network

                          MITRE ATT&CK Enterprise v15

                          Replay Monitor

                          Loading Replay Monitor...

                          Downloads

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhi\CURRENT.CashRansomware
                            Filesize

                            32B

                            MD5

                            71d6a7dae1f79c4703c66baa2b8e42f1

                            SHA1

                            f108d45ed746bbe104d00b638965596823637595

                            SHA256

                            2e35a40d1bd74021853e2d4ac66f2270de9b94b06d3ffa11269c6c27667244f1

                            SHA512

                            2759bb53ee241a79d572e4db452b05fe96e518e01e6c44323459f0746b646f954a919ea8072e28587f06a0d58709d6861e770ea04e49ac6ac6cc9a0658132176

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhi\MANIFEST-000001.CashRansomware
                            Filesize

                            48B

                            MD5

                            cec086d0db19ead0a6de4ed99e91756e

                            SHA1

                            72c51d4237ca4281300e910548d0c1736f0f83b6

                            SHA256

                            4dd50d8a0105ba25b54fd43572e58b62c731ce95d0e9a1bc7e6d3dc10bb86a8c

                            SHA512

                            8a555837eba6c892a5737b5132aff3cbc9b324ab4b8e02cadb5848dd5f50c51c0ec150aefc2a4daa6d05b8530edea1e9ec66b25d492b23551a3e1e43e99a53e8

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\js\index.CashRansomware
                            Filesize

                            32B

                            MD5

                            59a17fc3ad1612feeb0a2cef8896ea16

                            SHA1

                            65a791ebeb7b631fbf714a874413597b5e40f563

                            SHA256

                            21e50111da6a26307ffb11bd7c7982e626436f727788b646634cbf3e89b37602

                            SHA512

                            b9d634763be7f807b11e5ee6105e8f4d51100afc5f19926543c5062fee6a7dd1e680d2a0e4e48a5727e6970fad2fc3652a67893b54112aa4828d205ce41f3d07

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache\data_2.CashRansomware
                            Filesize

                            8KB

                            MD5

                            2f272f1a749442ae98251c1deba519f7

                            SHA1

                            356d71382414da86839b34d86f3b831a5b09d427

                            SHA256

                            2a9ffcb8e7937bfcabee8aae698a74564eacbbe55d1a1cc5ee88d45e1ec54b75

                            SHA512

                            fd7a99311942a5017d1fd7660773accad5d53073923c9df2337b618bbc151a97728a9fe2f32a4c1880625946d6da96e31e8583747d002b4e7eff3c1c61292ba7

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GraphiteDawnCache\data_0.CashRansomware
                            Filesize

                            8KB

                            MD5

                            40fbd94c9b819b8c7c15c7823416487a

                            SHA1

                            f67d3e4b9a600c06dad89f7f1716e4642e65ae20

                            SHA256

                            65b6f9edc0987d91c62bf5f07f9d94e0c6e69af2730f11dbcb67391e9be6c437

                            SHA512

                            5800100cfbc472d8d471ee8fa6d1b421a7218f7fa5b36ba295c906cf16352166bd94a5ce5ca869e4601ba6d65361842f531911c359d49a9a28a5437ba1570ec2

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GraphiteDawnCache\data_1.CashRansomware
                            Filesize

                            264KB

                            MD5

                            599ec75ff5d79645bee1c7cfe1052042

                            SHA1

                            b456d5d14dd58a0e1c4e07f6a2e00626399b3ad6

                            SHA256

                            4e4a8cc18e608c39627765da04a81a4457e591b2a9890daa88f2a3624a0a331f

                            SHA512

                            60dd32e9ae58b3b5a816f2243ed8aefa2264ed32d34f4ff6849f7b536b6de9e278894dd3e9d87066e352eef7a5f39904336ba9e95f03dbb2036d4ef9df7f165d

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GraphiteDawnCache\data_3.CashRansomware
                            Filesize

                            8KB

                            MD5

                            732b4ed658bd43d9b2b9b86429d546f9

                            SHA1

                            4c9c27fe41b125d4fbe095b2d3d0094cd231bb0b

                            SHA256

                            cce5d39d3d016ef5c02d477c700dc01cf78e99d28047f83726614fb0a314d935

                            SHA512

                            c3bab51df65a42e857e81939959a2ac86c712db7024ddc141d467ca434cb93cc4a05310f8bcf4e1f08ff727dcc0130f4de2dd2b3269c0775be57e197ef73a1bd

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                            Filesize

                            152B

                            MD5

                            fbe1ce4d182aaffb80de94263be1dd35

                            SHA1

                            bc6c9827aa35a136a7d79be9e606ff359e2ac3ea

                            SHA256

                            0021f72dbca789f179762b0e17c28fe0b93a12539b08294800e47469905aeb51

                            SHA512

                            3fb0a3b38e7d4a30f5560594b1d14e6e58419e274255fb68dfe0ca897aa181f9ce8cb2048403f851fd36a17b0e34d272d03927769d41a500b2fe64806354902f

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                            Filesize

                            152B

                            MD5

                            2a70f1bd4da893a67660d6432970788d

                            SHA1

                            ddf4047e0d468f56ea0c0d8ff078a86a0bb62873

                            SHA256

                            c550af5ba51f68ac4d18747edc5dea1a655dd212d84bad1e6168ba7a97745561

                            SHA512

                            26b9a365e77df032fc5c461d85d1ba313eafead38827190608c6537ec12b2dfdbed4e1705bfd1e61899034791ad6fa88ea7490c3a48cdaec4d04cd0577b11343

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                            Filesize

                            176B

                            MD5

                            4b0fdb42df7710656db54c391246153d

                            SHA1

                            76448462cca39b432c314f680ebb330258a28749

                            SHA256

                            72b128de5bd06d50af02c4113956687082280bd564ff6b5517e4bc466ae5d526

                            SHA512

                            f5681e8c75062df44e985069f51ebaf7f0cf0e10427b5dc4800e1c8af1d401816cc9bafad6157afcea9c85bf347540211332c273573c706632c290cbf90de067

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                            Filesize

                            5KB

                            MD5

                            2228b23c1fcb2fcc2a00fe66d9d886bf

                            SHA1

                            64565687063088724d6fd4017ecd699d03bc577a

                            SHA256

                            47f30a2e649731398573adb370ef6cae6e57ec1ad65dde27c7de2d4a472175b8

                            SHA512

                            5e8b23e97b21e74a32deedb191c4961ec582af3aff07949c6dcf09f3665aa8d4160f0851d85d5ed60f4b0472816a1bb4da6257e2fe745195f930a81eaa3525f0

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                            Filesize

                            6KB

                            MD5

                            c14de657f2e0a3eb97b85cdfa829d5a7

                            SHA1

                            7bd6734ac2b55eaf39910fc81ac1f353b0799bff

                            SHA256

                            be8a12040253628bffcfa7cb3bb809893e3620f1e960d75685066afdf02832fe

                            SHA512

                            358d183e5fccbf49ec6f5525f9e11e1f68beb6749de48600394d306aa2bc1f8f6a6394db78019a66d704ac30261a092cda312ae86df2aa7b27d1084326b1d552

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                            Filesize

                            16B

                            MD5

                            6752a1d65b201c13b62ea44016eb221f

                            SHA1

                            58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                            SHA256

                            0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                            SHA512

                            9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                            Filesize

                            11KB

                            MD5

                            9d204b5a95198c2fa817e663a1765d05

                            SHA1

                            ff92782f1f55fc27989be69e3a37e346b10d9000

                            SHA256

                            cae11e45d6d8c1ceae0ebe7ad5dd54bf268b2099bf2c7f1926ddf6778b713240

                            SHA512

                            a5ff2dd7b5eb55b6a98153b4e686174842d49940826b0234d954de8a368b9d8f88f3f08a3d04e84ebf2bbc74584d87e581be0d0507cfe9905a59649a13a394ac

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat.CashRansomware
                            Filesize

                            8KB

                            MD5

                            3a40a1449ee25d21b018016bb8b2a0c2

                            SHA1

                            2c70f651f1fd96fee25e292a4be1b1d5be0ecdd6

                            SHA256

                            4bf2f45f84e2b539a4ef6424edff502335626e3387abb4521407f3a36bf4f688

                            SHA512

                            bee8a6cf9f8cef745f52ea0f0613307e21375a5de570d9224273589a04ccc804fbf6e3a0212abf6556d1de86d02f440d6ec6ccee409eec678d608af2ba5bfd3f

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_AutoGenerated_{A5E73466-E220-8EF4-B956-A582187356D9}.CashRansomware
                            Filesize

                            36KB

                            MD5

                            1b155ba5c79e9f5ed24e496680038202

                            SHA1

                            09d5e429b4e4f144953c166bffe3877e5b3f2286

                            SHA256

                            6856db7d8e9b8a12c2a5b211e351254db1a04a9a47c4bb4fecd0651c45c0f7bc

                            SHA512

                            3975a9e722e560742d34572c6df24ffda16a9d435dde90cea1044524946954ebbbc43a7e8b84fb72d6fd688403a2f3ad2147bc6a2f12130c5ddad7128fdae4ff

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_comexp_msc.CashRansomware
                            Filesize

                            36KB

                            MD5

                            9c8bc4e15deb7da5c3c39ac668e1cad6

                            SHA1

                            23c3eebcf8b131d1599a3c84936918293547d75f

                            SHA256

                            165fb1e3732fda9db12e928aedb2d0a8f01691d5aa90dab13a36a1f34f88abff

                            SHA512

                            ec38dd42944f6468aa88f44945dd1446f309f94c4289390450113cd70bd556d84ff988ebd9b08d65c5686cf4dd2dff47560d800fab129b9f25b507ac0fbbd28c

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{64987acc-59da-4839-bbed-20b8b0feb713}\0.1.filtertrie.intermediate.txt.CashRansomware
                            Filesize

                            16B

                            MD5

                            0cbbd129ef10d975712641708ad91b68

                            SHA1

                            1c7d9b9b322d40ca218918ae03a1a4964b1d26b1

                            SHA256

                            ec6d4ef22d92f5b977a3e3fdfea59dae9d5100b2699afecc50e819c0e38119fb

                            SHA512

                            aaaf31f33a9d3578436f855a5a64afb2d74cc3e68e445ee7229b9a8cfee200675c214293712b71a3d3ea2059582294c60bac98591b7bc5fd5be0e324a45eee8c

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{64987acc-59da-4839-bbed-20b8b0feb713}\0.2.filtertrie.intermediate.txt.CashRansomware
                            Filesize

                            16B

                            MD5

                            371133a7f1c248650d57d1af06310085

                            SHA1

                            64c79ae608626330a44c39b7501dc7d2c8ee4bf2

                            SHA256

                            4eb6703084164f0fefe2462817b169012a95927ec70762e5671b30f6dcb2d847

                            SHA512

                            91477dbb6c287943fc701090d6f0dff1225071c025ac738bae7f81ecc04bebf02fe9c0690a97f728febc0c629f39b5b8b7509fe329b4072ebc84ae18fc98eb9c

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133579840746051862.txt.CashRansomware
                            Filesize

                            77KB

                            MD5

                            d12113da17869ce6383bc88f4c2d2b2d

                            SHA1

                            5565ba30042825137f7e20901000d456e9f1adb9

                            SHA256

                            fa7e61bbc435e563e0c43f0ec2e555e79a8d36bf43a0b9ec6e23884fad7322c0

                            SHA512

                            abaee8ed406e91998f3b0cb6199c065f428b36d20708902d81c5985b7d0f6c8002d927075bd9cd55b2727133f071c57003a1f4e3cfb4107bf818c14f3308b10d

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133579844203170839.txt.CashRansomware
                            Filesize

                            47KB

                            MD5

                            ade2372cec003e257642d2159a748d7a

                            SHA1

                            73510703237a434d9f42f8cd76e116382c10c7e8

                            SHA256

                            6d40761719832ef69517a5b63d755907082b9dbc4189f7c1952b265377fe9929

                            SHA512

                            10fed4cad07573edf37fdfe7595989aa1179b797480c20aed0e84b7b995d7ad59a44e1f2e02ba25a92de73a1633f82418d59ae158ae952248f447144c7ef4a75

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133579850631342657.txt.CashRansomware
                            Filesize

                            66KB

                            MD5

                            c4a936dff83f9e2ac192bc196bb29501

                            SHA1

                            c124047f024194a780e2b137880a067ecc41da0c

                            SHA256

                            5d93f23b716d145746efb24ef5462f278711c4687893cfc98f8aadbc6f62b486

                            SHA512

                            f0cce7379ebb661cd3d8bee1a1176ea9f2f63fcf0560e59cd22f5a839927011196f25a82f287c4b39ce163313dd7ff5f32f163d6ec54575352491b565a0672e7

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133579886673005408.txt.CashRansomware
                            Filesize

                            75KB

                            MD5

                            40e2c1a402d20dc444f776dff9f5d210

                            SHA1

                            de14aeff43bbd201153592bcd27d9d3ae4b72f3e

                            SHA256

                            d2d7a242fe94b5f1bbf28a7f07b8409afc68c4bbfa44f96a28b0ffa11adb1663

                            SHA512

                            7079758dbb127e9ca139d72d87e8e7b1cd9a98c3927562f50462d73f1fd026c74f0e116526db343772298712e03ebd8231bd2f6492f5a2d7002026ae7539da5c

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Temp\wctAA49.tmp.CashRansomware
                            Filesize

                            63KB

                            MD5

                            02331c287baf1ceeec62c09071ece49b

                            SHA1

                            caa7cbe20919d40c7dde3ac00fd7845d70dadb2f

                            SHA256

                            80f59e051cc9fb20bd3dd16a6cebe6b7f2de36cb79c9f1653b9f8c21aa1269e0

                            SHA512

                            c6ca876f867b5e18b628ced9a454bdce94b7ebbb9ec8c0ab309b22b9752d879d3b9f36e33b87837202aff90e5cde312ab08536bcc7cd7505ff3c93571e774621

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l594d31n.default-release\favicons.sqlite-wal.CashRansomware
                            Filesize

                            16B

                            MD5

                            d3ff960270b23ee551299c7f305e6a5d

                            SHA1

                            968d5bff21feb734c33694039ff8187d9d338171

                            SHA256

                            7dc741196b96978c305ba6456bd99e8b99a97d7fb6018d1c4216dd6adcda78e7

                            SHA512

                            7f04240627774449362fc6d546fd2b00d4d4a2c60efa4837e0e4a5beda58a88684deceb4f3bac7cc4988c950b7680f3c00c0a1702be0caeb0335f0a68fcb9a0c

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l594d31n.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite-shm.CashRansomware
                            Filesize

                            32KB

                            MD5

                            ea3211be1ea6cad7e404ccee1f35a469

                            SHA1

                            b40451726553b7d273c57fb67dfc4ba0609f2536

                            SHA256

                            6c2ea9faaef9f116917ba94a7f47968fb8c78e27fbe6961bdc406171862b35b4

                            SHA512

                            e5b35d707e28746c50d5cc74106abe5ee914043a6a0fb2ea64bfd5e6fded9c102dcb697ca6dda30ccfd9feb12f8a185d0d3a5b35618989e677b0e75b14cdefc0

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l594d31n.default-release\storage\permanent\chrome\idb\3561288849sdhlie.sqlite.CashRansomware
                            Filesize

                            48KB

                            MD5

                            d3a65b549cc85972017fc364e5925f2e

                            SHA1

                            96267a8fc43224a95195ea58c770fe7a34abd899

                            SHA256

                            8e2682f040d866670f86d32f9ef88f1deaa9158fcc4f1352f6c283d4c57a8af6

                            SHA512

                            3b341b55700914af37eb3446d4b0bebe1d5f951e9265f47b4ef01a26fb1286ccc8df32f3a110be0b25a2fd01cc7a082e314f64722defb90b349a46823a5326ae

                            Download Submit

                          • C:\Users\Admin\Desktop\Cash Ransomware.html
                            Filesize

                            9KB

                            MD5

                            b44c1106109486adefa62d352250f1d3

                            SHA1

                            d4787ee913a4164c516e277a2687b52b527fec0a

                            SHA256

                            795871572a9fec91cc932c8da13bcaea754b78342a543a007cfbb1b9736ff39c

                            SHA512

                            3dba0c6947757797eb586737d2bf19a73ebfd4a181978b6c9cd3a1d3e8b8fae3d363f88cacac78a2a19b1554603698bdcddab0c97df9060a2d1cbb241b33521d

                            Download Submit

                          • memory/1460-1777-0x00007FFAFE3C0000-0x00007FFAFEE81000-memory.dmp

                            Filesize

                            10.8MB

                            Download

                          • memory/1460-0-0x00007FFAFE3C3000-0x00007FFAFE3C5000-memory.dmp

                            Filesize

                            8KB

                            Download

                          • memory/1460-1-0x000001DFFC220000-0x000001DFFC4BA000-memory.dmp

                            Filesize

                            2.6MB

                            Download

                          • memory/1460-1779-0x000001DF9DBF0000-0x000001DF9E118000-memory.dmp

                            Filesize

                            5.2MB

                            Download

                          • memory/1460-1810-0x00007FFAFE3C3000-0x00007FFAFE3C5000-memory.dmp

                            Filesize

                            8KB

                            Download

                          • memory/1460-1778-0x000001DFFF8E0000-0x000001DFFFAA2000-memory.dmp

                            Filesize

                            1.8MB

                            Download

                          • memory/1460-1821-0x00007FFAFE3C0000-0x00007FFAFEE81000-memory.dmp

                            Filesize

                            10.8MB

                            Download

                          • memory/1460-1776-0x00007FFAFE3C0000-0x00007FFAFEE81000-memory.dmp

                            Filesize

                            10.8MB

                            Download

                          • memory/1460-1775-0x00007FFAFE3C0000-0x00007FFAFEE81000-memory.dmp

                            Filesize

                            10.8MB

                            Download

                          • memory/1460-1840-0x00007FFAFE3C0000-0x00007FFAFEE81000-memory.dmp

                            Filesize

                            10.8MB

                            Download

                          • memory/1460-1841-0x00007FFAFE3C0000-0x00007FFAFEE81000-memory.dmp

                            Filesize

                            10.8MB

                            Download

                          • memory/1460-1842-0x00007FFAFE3C0000-0x00007FFAFEE81000-memory.dmp

                            Filesize

                            10.8MB

                            Download

                          • memory/1460-2-0x00007FFAFE3C0000-0x00007FFAFEE81000-memory.dmp

                            Filesize

                            10.8MB

                            Download