Overview

overview

10

Static

static

10

C_RAAS.exe

windows7-x64

10

C_RAAS.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12-05-2024 01:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    C_RAAS.exe

  • Size

    2.6MB

  • MD5

    2e7d68cbc3752a9b475b76d964c11a03

  • SHA1

    20dc966993d469c3ba30a9731952ad90cae42927

  • SHA256

    39096e9a521ea1c001083d8c82317c8e6dbdd5d705d9a92beb15db102fb87263

  • SHA512

    900178639ff60d82a96fb8995b596ffeb55b8199eb0be5d7e16a236a4864cf1564fb4204a59264de3a2e36e343195604cb23738a45067d4c037596dde1042d89

  • SSDEEP

    49152:Uhl/s9YKOEKuT/s9YEQtQRTMYIMi7ztf33cSywWyFoEgn9u:mVsGKJzsG1tQRjdih8rwc

Score
10/10
zgratransomwareratspywarestealer

Malware Config

Signatures

  • Detect ZGRat V1 1 IoCs
  • ZGRat

    ZGRat is remote access trojan written in C#.

    ratzgrat
  • .NET Reactor proctector 1 IoCs

    Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

  • Drops startup file 3 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Looks up external IP address via web service 4 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Sets desktop wallpaper using registry 2 TTPs 1 IoCs
    ransomware
  • Drops file in Program Files directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\C_RAAS.exe
    "C:\Users\Admin\AppData\Local\Temp\C_RAAS.exe"
    1⤵
    • Drops startup file
    • Sets desktop wallpaper using registry
    • Drops file in Program Files directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:4812
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Desktop\Cash Ransomware.html
      2⤵
      • Enumerates system info in registry
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:3336
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9f33146f8,0x7ff9f3314708,0x7ff9f3314718
        3⤵
          PID:1364
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,7942695455479776134,13107124575065353840,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
          3⤵
            PID:5068
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,7942695455479776134,13107124575065353840,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
            3⤵
            • Suspicious behavior: EnumeratesProcesses
            PID:3848
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,7942695455479776134,13107124575065353840,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2796 /prefetch:8
            3⤵
              PID:3228
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,7942695455479776134,13107124575065353840,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
              3⤵
                PID:4564
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,7942695455479776134,13107124575065353840,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
                3⤵
                  PID:3332
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,7942695455479776134,13107124575065353840,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5012 /prefetch:8
                  3⤵
                    PID:1696
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,7942695455479776134,13107124575065353840,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5012 /prefetch:8
                    3⤵
                    • Suspicious behavior: EnumeratesProcesses
                    PID:4888
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,7942695455479776134,13107124575065353840,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1
                    3⤵
                      PID:612
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,7942695455479776134,13107124575065353840,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
                      3⤵
                        PID:2096
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,7942695455479776134,13107124575065353840,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
                        3⤵
                          PID:3684
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,7942695455479776134,13107124575065353840,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
                          3⤵
                            PID:4952
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,7942695455479776134,13107124575065353840,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3016 /prefetch:2
                            3⤵
                            • Suspicious behavior: EnumeratesProcesses
                            PID:3040
                      • C:\Windows\System32\CompPkgSrv.exe
                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                        1⤵
                          PID:3524
                        • C:\Windows\System32\CompPkgSrv.exe
                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                          1⤵
                            PID:2800

                          Network

                          MITRE ATT&CK Enterprise v15

                          Replay Monitor

                          Loading Replay Monitor...

                          Downloads

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\metadata.CashRansomware
                            Filesize

                            16B

                            MD5

                            6a971fc9dd73d820ee8a750eeeba8498

                            SHA1

                            2e270b481d28c4a78aff33600ba05758f8728acb

                            SHA256

                            9b175592e44726d5cadf017bc68e7c564f2935c94fefed9517c9fc108c00d9f9

                            SHA512

                            2f8704b2142d97fcd2ceb19cb25d0ee9df0f48e5f86d2d40b61daf677607bd6e0bb6d1ba68cddd011f6c565457dc2ddde23c0ffce56d69a08d4020c2b2caf3d5

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhi\CURRENT.CashRansomware
                            Filesize

                            32B

                            MD5

                            2cf50209a8ad745717f168e4a512405e

                            SHA1

                            aaee9be34a618da31832e7f3df73d108ff282520

                            SHA256

                            262f2a7e0354f571fc574d1236cf9c412ce9b83ca3fc5f6e06586079d47782c2

                            SHA512

                            7cc011f61131674bd1837c2a51b47f9944b6e94edd463a8106a1af16d493d5d0a82622d02a9f79cb19686f54a89dc719431f35de16496a045156b6948c238c72

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhi\MANIFEST-000001.CashRansomware
                            Filesize

                            48B

                            MD5

                            4869f1593b1b71a70e85eb2f4824d39d

                            SHA1

                            2b0e2d15c31a820308e2f2b7b98468f50b7ea7e9

                            SHA256

                            e7305e1c55f82f070a3df86b564893c2b7dedbcb1b648fc17a19ca3c351175c7

                            SHA512

                            cf2d05aad9011c749816a35d006a2a731457e1ad060abdf9a8edc80e82ee5abbb17ff875336d93c6adf3796ffb73ff85ee02c1b824c010ef65fa95e7ddd11880

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache\data_2.CashRansomware
                            Filesize

                            8KB

                            MD5

                            5bb8b38e0a12b6a34d412636ee904934

                            SHA1

                            6a85a814453c4ced09962d1f746c8aed1e3f7fd6

                            SHA256

                            24e9474d476671d1593e9f7953d5f557190ecf3848b114427d4a688bf08d368e

                            SHA512

                            c17435a6beaf7461b9e3d89ebef1ffe86b3579ac5831520a1b042d15af1d08a5d2a7de1c4554c59f6c1a8b45971da8e1de8c941d45043d4e355252d469cb94b1

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_0.CashRansomware
                            Filesize

                            8KB

                            MD5

                            dd16a5f3e1fe47ebcabf83c6e021e812

                            SHA1

                            e4bb285fa43f453646288095ad80740e6d3f720e

                            SHA256

                            3d7bfaf682118f1e8bc2dddbbd8beca744ea0ba9485698ae92f6d1a3308207ed

                            SHA512

                            a6b99852065f8604b5eaadaf7ccba516e358b376337b449adde925ddcddab9ba2ac96af8ece1128bcfdaed7d35bc3918bd016e135e843cc8603d626c5be29a46

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1.CashRansomware
                            Filesize

                            264KB

                            MD5

                            ff7c2891a69658a076e948c1e4efc7e7

                            SHA1

                            1e06e6d01a5cab9f1d22801f44edabef657086c0

                            SHA256

                            3333d6f3b87ec802dd29168212483e1edb7469ee0e3de8ee1dfd65923a81f562

                            SHA512

                            31add6cf45acbc6e1ed8bd59d1aef0137831b1060b44697a54791027e2c1ec19b8e4adbc3b050bfa6e06b1ffbeca6fcd440082679e85a162efd81bae0047b95a

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_3.CashRansomware
                            Filesize

                            8KB

                            MD5

                            a98cee47866d0bdd24ccbe26e98fdcbe

                            SHA1

                            7feac9607c5cae54d0857f3636a1a8d5bf7ac1d4

                            SHA256

                            1488a7114ec4e4192f5f9447ad0bdaa639927b930e534bf91971d120fa91e6ef

                            SHA512

                            a07fc74e06d6c0e7b150f20ae29d411f10983e4fa3ab46b6f579b6fb705996dba0c85d23de6561c451a693be62c0f4fd40b6fcd64feb2e2c3a96973c686730d3

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                            Filesize

                            152B

                            MD5

                            612a6c4247ef652299b376221c984213

                            SHA1

                            d306f3b16bde39708aa862aee372345feb559750

                            SHA256

                            9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a

                            SHA512

                            34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                            Filesize

                            152B

                            MD5

                            56641592f6e69f5f5fb06f2319384490

                            SHA1

                            6a86be42e2c6d26b7830ad9f4e2627995fd91069

                            SHA256

                            02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455

                            SHA512

                            c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                            Filesize

                            176B

                            MD5

                            4b0fdb42df7710656db54c391246153d

                            SHA1

                            76448462cca39b432c314f680ebb330258a28749

                            SHA256

                            72b128de5bd06d50af02c4113956687082280bd564ff6b5517e4bc466ae5d526

                            SHA512

                            f5681e8c75062df44e985069f51ebaf7f0cf0e10427b5dc4800e1c8af1d401816cc9bafad6157afcea9c85bf347540211332c273573c706632c290cbf90de067

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                            Filesize

                            6KB

                            MD5

                            881be16d693304da3601b4ba463a7862

                            SHA1

                            b5fd539556a67c3285ed4218a6d4b40aadee8881

                            SHA256

                            cb2978183804fe777837ec8f895bc11698b07f0ca32209da196a74bf3d79f258

                            SHA512

                            6bf3e1e28abc27656594e27da88562c5503f54f8e3cd4105a3a82c253f497442a7553323c652752e61d3c307ca2243fb79f9d575bb7e28c93572b8f681ae8446

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                            Filesize

                            6KB

                            MD5

                            0e987f794fa3109c9fd3ce387c60f379

                            SHA1

                            fdd558790265dabd508ba3cd696ab1c9496804f8

                            SHA256

                            415c5f1a7eba9ba9e06e76fb218c72d08ed35ad16d02b3826a8bac939646e1d3

                            SHA512

                            48413b3a3c56a829f4a66d8907787f05b84cb33beb856906f522b55e9f7d1ab33a13b5c581316889361af0a565379e66fc8d5d5bdff3dcb4facf29b216db0573

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                            Filesize

                            16B

                            MD5

                            6752a1d65b201c13b62ea44016eb221f

                            SHA1

                            58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                            SHA256

                            0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                            SHA512

                            9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                            Filesize

                            11KB

                            MD5

                            94e4f2f04ddd9d1c5159c6e60818fdd5

                            SHA1

                            7f8de3a7fbd8ecf52a6a2e8aec7a4e778520b38b

                            SHA256

                            730c8b473f7251ccff5e8494581accd19149783037803a2d2b149af17626f75b

                            SHA512

                            fa5deed96e37385c40b5ebc7e4e8cccfad45cdea921beb1d67b9f5323cd7ebd03c24ab4810cd1e75ec23f0ef713599203eaacc9b6a6217193869478aedf3a3d7

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat.CashRansomware
                            Filesize

                            8KB

                            MD5

                            ce6d1e1bc9b843efafb7a90cd9aaf5bf

                            SHA1

                            97ee82a14bc3d7c116527926e0cf8dc91459e68f

                            SHA256

                            a0f8da238739246ec4ff3636e14858beea5a6bc83862721c03a7b938c9e59fd1

                            SHA512

                            84b1284b3a1304133a16221a51df6f67934287150427f786f731ae05e216e1e9db220afb53df1dd517306b372b62577f44793d366bc9ce39b593aa7bedf71d2e

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_AutoGenerated_{A5E73466-E220-8EF4-B956-A582187356D9}.CashRansomware
                            Filesize

                            36KB

                            MD5

                            1254a45e2563fc8436fdf3087cd5888e

                            SHA1

                            267911455ac833664986d2ade2e0c90fe4a965a7

                            SHA256

                            d987a6b9f9f90b3428657a67f40391c36e77e35f82e32c3e21e19b44f5e939e1

                            SHA512

                            d5d3251e9f31c0c21c082bc1efe1deec90782d4376a5e84b2224f38e525d0bd6626b1886a857ff61a7678fd8e8df9672e197c4d0d84817885a674f3835ce7238

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_comexp_msc.CashRansomware
                            Filesize

                            36KB

                            MD5

                            37e3ef965e14ef4518bffd0f88e38b49

                            SHA1

                            d00c538afa44d6466adf7b364fa17025e0dfe948

                            SHA256

                            87b490df28e0f727294f30ebae163ad8d64301ef7d4bb4b82fcc66ec086c6c74

                            SHA512

                            697e04399100e6f58cbe631f48e4b1a22c5740d01fab358ab3c179fd197b95a400781d7854d21e6b33f8ae2c5764898340da0e1f621753da306d1385899841a7

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{4f7bbdca-2df1-4113-a6c2-26f2463e08c2}\0.1.filtertrie.intermediate.txt.CashRansomware
                            Filesize

                            16B

                            MD5

                            71432223458db06f3e97a5fa90284303

                            SHA1

                            ec0f720ab21988625e0376c40a54bf7367e4c56d

                            SHA256

                            939f35cd06fb4ee4614ddc522059430e1577861a8b1febc0aec56d26928836e2

                            SHA512

                            6c0a9c757fb5e1206bf290d7777c11886be539b8de890383838b0aa25849e74f8b2c0d90e7aaf98805693382e6764b8e2878b959e58bccd06faf5add217426ce

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{4f7bbdca-2df1-4113-a6c2-26f2463e08c2}\0.2.filtertrie.intermediate.txt.CashRansomware
                            Filesize

                            16B

                            MD5

                            152ff8c2f1a9b425eb73f2725b90eafb

                            SHA1

                            4e98dee371279128e58ce30b2a6cc2e7a90af043

                            SHA256

                            8aa94232d06182ec67c9b9b243fab527f807ef49108c02f6d060a2f8c4c34a4d

                            SHA512

                            70158224d40e07f3fb80b85b6fb272115942bf7723fb81bbe6a5789ca0bee4254804feae68d94de9a6cf043face906efe5a57fe8cadb068014e93a9b0bd914fe

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133596439082960180.txt.CashRansomware
                            Filesize

                            77KB

                            MD5

                            b9ae354d222fb65457839edd05138a2d

                            SHA1

                            19248392ed854f829e2b492fa4e2d8d2e01f2ff2

                            SHA256

                            24368d992bc02251096f817911bd0edd87ac47aa93bde00a3edd2c6b96ee8d4d

                            SHA512

                            58ca1277c14fc346ddce4c1219608397d1f4a7f7e69c53a5af2c52025453b9967a3a17f752a8e3b137b96338ea2dc22f6ec8129709a846dd4eba18879e47d673

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133596440369039129.txt.CashRansomware
                            Filesize

                            47KB

                            MD5

                            e482b5b5d9a79e926a33c975ff520e30

                            SHA1

                            af664c41491df9c642daff77f0470553e3922893

                            SHA256

                            bf3d8fbbf9b38d24c3815ef8b1a166bbc43d070f0784c6efeeb4fffcd8def12d

                            SHA512

                            467288d2a855e09f4029641ae02a8e4f7df9357e5bfdbd8ade918ffed77e7798262c95f34d063af0bad6f1601024980fb0f751cc954f5637561d617bd20fbb52

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133596447416703473.txt.CashRansomware
                            Filesize

                            66KB

                            MD5

                            900f3a40eddd1a1130793c0d48535ab9

                            SHA1

                            fdfc41c1f9831e63e6e9dd0120d4e743a4d00965

                            SHA256

                            b523d31adffbf94b4a07704bc09fa04fc4f5c702cf000eaa29ae083b9105c450

                            SHA512

                            b437b7d856c3737d9b276f258b80e651f902a96f89cf8d44a78bc119ec78e236ea0f86c72eb9bfb920bf7e0b94069d79476270baa99f6be53aeed76fe04f9058

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133596477177676970.txt.CashRansomware
                            Filesize

                            75KB

                            MD5

                            f423587b9361e8f4a6ce626211d09741

                            SHA1

                            98774f862d30b124fc19c5b4968b7ff295cca5fd

                            SHA256

                            1b24aa88fed978a5e07ab19e5971fae70f7b4d36fb4e150fb5ac1fb688f7048b

                            SHA512

                            6e14be7b11ea664a566cce825cc86ca66da390e83346c7047e85308a9dbdc57709a1d8cb0c2132f9f189167570a44d105f108acfc090938a4a53cf8f79a19d46

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e6zhegwu.default-release\storage\permanent\chrome\idb\3561288849sdhlie.sqlite.CashRansomware
                            Filesize

                            48KB

                            MD5

                            bfa8317f5cc22f7060e7cc6683931181

                            SHA1

                            189f106cc246356f6e7ef154d1a456ab7728d8e9

                            SHA256

                            266eae7b7a23e800337e5d79c4dbc2aa030b65e9ac8db9d60fb6e010c1f9f02d

                            SHA512

                            dd1e91d5f3cc815a92b0c1d230611e452f3a307a45bbaf54bb77e198dd01ddbf1d21263e1ac65096f4b85b2e0ba8baa75a60e53404c69afd3a9aef60d0a9ae6a

                            Download Submit

                          • C:\Users\Admin\Desktop\Cash Ransomware.html
                            Filesize

                            9KB

                            MD5

                            b38d3abcc3a30f095eaecfdd9f62e033

                            SHA1

                            f9960cb04896c229fdf6438efa51b4afd98f526f

                            SHA256

                            579374af17d7b9f972e9efcb761e0a8f88ef6d44dce53d56d0512d16c4728b9d

                            SHA512

                            46968c3951daa569dfecf75ba95a6694d525cbbd1883070189896ab270bb561cb2d00d7d38168405da1f78695f95cc481d28bcbff74be53d9a89822a09595768

                            Download Submit

                          • memory/4812-1758-0x00007FF9F8C00000-0x00007FF9F96C1000-memory.dmp

                            Filesize

                            10.8MB

                            Download

                          • memory/4812-1693-0x000001ED6F720000-0x000001ED6F8E2000-memory.dmp

                            Filesize

                            1.8MB

                            Download

                          • memory/4812-1759-0x00007FF9F8C00000-0x00007FF9F96C1000-memory.dmp

                            Filesize

                            10.8MB

                            Download

                          • memory/4812-1760-0x000001ED69840000-0x000001ED699E9000-memory.dmp

                            Filesize

                            1.7MB

                            Download

                          • memory/4812-1691-0x00007FF9F8C00000-0x00007FF9F96C1000-memory.dmp

                            Filesize

                            10.8MB

                            Download

                          • memory/4812-1690-0x00007FF9F8C00000-0x00007FF9F96C1000-memory.dmp

                            Filesize

                            10.8MB

                            Download

                          • memory/4812-1736-0x000001ED69840000-0x000001ED699E9000-memory.dmp

                            Filesize

                            1.7MB

                            Download

                          • memory/4812-1737-0x00007FF9F8C03000-0x00007FF9F8C05000-memory.dmp

                            Filesize

                            8KB

                            Download

                          • memory/4812-1738-0x00007FF9F8C00000-0x00007FF9F96C1000-memory.dmp

                            Filesize

                            10.8MB

                            Download

                          • memory/4812-1439-0x000001ED69840000-0x000001ED699E9000-memory.dmp

                            Filesize

                            1.7MB

                            Download

                          • memory/4812-2-0x00007FF9F8C00000-0x00007FF9F96C1000-memory.dmp

                            Filesize

                            10.8MB

                            Download

                          • memory/4812-1757-0x000001ED69840000-0x000001ED699E9000-memory.dmp

                            Filesize

                            1.7MB

                            Download

                          • memory/4812-1821-0x000001ED69840000-0x000001ED699E9000-memory.dmp

                            Filesize

                            1.7MB

                            Download

                          • memory/4812-0-0x00007FF9F8C03000-0x00007FF9F8C05000-memory.dmp

                            Filesize

                            8KB

                            Download

                          • memory/4812-1692-0x00007FF9F8C00000-0x00007FF9F96C1000-memory.dmp

                            Filesize

                            10.8MB

                            Download

                          • memory/4812-1770-0x000001ED69840000-0x000001ED699E9000-memory.dmp

                            Filesize

                            1.7MB

                            Download

                          • memory/4812-1771-0x000001ED69840000-0x000001ED699E9000-memory.dmp

                            Filesize

                            1.7MB

                            Download

                          • memory/4812-1781-0x000001ED69840000-0x000001ED699E9000-memory.dmp

                            Filesize

                            1.7MB

                            Download

                          • memory/4812-1790-0x000001ED69840000-0x000001ED699E9000-memory.dmp

                            Filesize

                            1.7MB

                            Download

                          • memory/4812-1-0x000001ED66AC0000-0x000001ED66D5A000-memory.dmp

                            Filesize

                            2.6MB

                            Download

                          • memory/4812-1814-0x000001ED69840000-0x000001ED699E9000-memory.dmp

                            Filesize

                            1.7MB

                            Download

                          • memory/4812-1815-0x000001ED69840000-0x000001ED699E9000-memory.dmp

                            Filesize

                            1.7MB

                            Download

                          • memory/4812-1816-0x000001ED69840000-0x000001ED699E9000-memory.dmp

                            Filesize

                            1.7MB

                            Download

                          • memory/4812-1817-0x000001ED69840000-0x000001ED699E9000-memory.dmp

                            Filesize

                            1.7MB

                            Download

                          • memory/4812-1818-0x000001ED69840000-0x000001ED699E9000-memory.dmp

                            Filesize

                            1.7MB

                            Download

                          • memory/4812-1694-0x000001ED6FE20000-0x000001ED70348000-memory.dmp

                            Filesize

                            5.2MB

                            Download