Overview

overview

10

Static

static

10

958ccd8e8d...24.exe

windows7-x64

10

958ccd8e8d...24.exe

windows10-2004-x64

10

Resubmissions

12/05/2024, 21:19

240512-z6dd9aga9w 10

12/05/2024, 21:19

240512-z55gcabc33 10

12/05/2024, 20:53

240512-zpcrdsad49 10

12/05/2024, 17:09

240512-vn594afe9s 10

Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/05/2024, 17:09

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    958ccd8e8dcce5e7bac5f891e8edc42ad6c5497d9385c8ae26c328c5f7beda24.exe

  • Size

    2.7MB

  • MD5

    69cc2e20ea7a51666b8c14be90441073

  • SHA1

    6a3c7d3267c5c2a679f5f41dff36c091dccfb337

  • SHA256

    958ccd8e8dcce5e7bac5f891e8edc42ad6c5497d9385c8ae26c328c5f7beda24

  • SHA512

    de565813d0ddfe491c367e78b2a11891a73859a04efd83d8f35a4a6f6a028a29c873750dc863d1dfca9c40f9b4778cb1882bf8c07b9609f8463db22ac912922a

  • SSDEEP

    49152:nsul/s9YiZYGuT/s9YEQtQRTMYIMi7ztf33cSywWyFoEgn9uw:nJVsG+YRzsG1tQRjdih8rwcr

Score
10/10
zgratransomwareratspywarestealer

Malware Config

Signatures

  • Detect ZGRat V1 1 IoCs
  • ZGRat

    ZGRat is remote access trojan written in C#.

    ratzgrat
  • .NET Reactor proctector 1 IoCs

    Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

  • Drops startup file 3 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Looks up external IP address via web service 4 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Sets desktop wallpaper using registry 2 TTPs 1 IoCs
    ransomware
  • Drops file in Program Files directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 11 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Users\Admin\AppData\Local\Temp\958ccd8e8dcce5e7bac5f891e8edc42ad6c5497d9385c8ae26c328c5f7beda24.exe
    "C:\Users\Admin\AppData\Local\Temp\958ccd8e8dcce5e7bac5f891e8edc42ad6c5497d9385c8ae26c328c5f7beda24.exe"
    1⤵
    • Drops startup file
    • Sets desktop wallpaper using registry
    • Drops file in Program Files directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:228
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Desktop\Cash Ransomware.html
      2⤵
      • Enumerates system info in registry
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:1568
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9e3f246f8,0x7ff9e3f24708,0x7ff9e3f24718
        3⤵
          PID:1672
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,3287998765071765397,11088257584455606515,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
          3⤵
            PID:4684
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,3287998765071765397,11088257584455606515,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2512 /prefetch:3
            3⤵
            • Suspicious behavior: EnumeratesProcesses
            PID:1384
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,3287998765071765397,11088257584455606515,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2860 /prefetch:8
            3⤵
              PID:4956
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3287998765071765397,11088257584455606515,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
              3⤵
                PID:4704
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3287998765071765397,11088257584455606515,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
                3⤵
                  PID:624
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,3287998765071765397,11088257584455606515,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 /prefetch:8
                  3⤵
                    PID:904
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,3287998765071765397,11088257584455606515,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 /prefetch:8
                    3⤵
                    • Suspicious behavior: EnumeratesProcesses
                    PID:5064
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3287998765071765397,11088257584455606515,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
                    3⤵
                      PID:4456
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3287998765071765397,11088257584455606515,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:1
                      3⤵
                        PID:4344
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3287998765071765397,11088257584455606515,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
                        3⤵
                          PID:5212
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3287998765071765397,11088257584455606515,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3640 /prefetch:1
                          3⤵
                            PID:5220
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,3287998765071765397,11088257584455606515,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1048 /prefetch:2
                            3⤵
                            • Suspicious behavior: EnumeratesProcesses
                            PID:5196
                      • C:\Windows\system32\vssvc.exe
                        C:\Windows\system32\vssvc.exe
                        1⤵
                        • Suspicious use of AdjustPrivilegeToken
                        PID:220
                      • C:\Windows\System32\CompPkgSrv.exe
                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                        1⤵
                          PID:3488
                        • C:\Windows\System32\CompPkgSrv.exe
                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                          1⤵
                            PID:4720

                          Network

                                MITRE ATT&CK Enterprise v15

                                Replay Monitor

                                Loading Replay Monitor...

                                Downloads

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\metadata.CashRansomware
                                  Filesize

                                  16B

                                  MD5

                                  e422b73dcc6ef0ea8c0e89bf4d5bc5cf

                                  SHA1

                                  d3f4f9d7bcaf708a0bbfa1a99b7f994c5d423f53

                                  SHA256

                                  da68fe10cf5bb5b78f47fcba4a99f25b510c36e57a75398d71d51e98cc7be7d7

                                  SHA512

                                  c4877570cac9fc436de6989d7394eedc790ad431ade8cef0f35ba29613fceb93979e852041517be078046c786ee9ecad5581b70ca1a5d0f63ef81cd2b8abbd55

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhi\CURRENT.CashRansomware
                                  Filesize

                                  32B

                                  MD5

                                  c64fab43c800818408b4fc159b22b6a6

                                  SHA1

                                  3a0f47a2a0d58da56773fffa6684af399511e49a

                                  SHA256

                                  cb1d66e3251177c643ca76ed2527f257f6df5bb79903fd57ef43d15e19746ec2

                                  SHA512

                                  670f7f43e20ce18e10e504afe8b1f0792c001028ef0fe41f01bbbf8e1261cc7b568a116d4a4e0d911bddccf16d606cf5307545f8949823a8aa734338a2da26c5

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhi\MANIFEST-000001.CashRansomware
                                  Filesize

                                  48B

                                  MD5

                                  66f529fd89ca0feeeffc87840c1ac4ed

                                  SHA1

                                  d46eaf479511364251c74e77af80e645392197c9

                                  SHA256

                                  51a37a970f390aef2f604d01af60e100b36885ea6e0ec0d18fc9fc54a8462ef6

                                  SHA512

                                  1e04c3dd16a419ca1ac8b72cf10c13f5d7c068ac8667337a4d92584b789f9c911e752533d1c896b4789f3129fc304bcff15fc4e68d054431aef2b3d5f7be28a0

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\wasm\index.CashRansomware
                                  Filesize

                                  32B

                                  MD5

                                  0bccbd90b9ddcd2e3e2b3b5bc2b6c72a

                                  SHA1

                                  c17af10af7951b7459e7b0e5d803d4322a4c3342

                                  SHA256

                                  46ee9aa9a92573404bbe5b00c9c32ac113cdb96090f28a678310dbffd638e86d

                                  SHA512

                                  af5e2bc74d6ed838bf100d75417cfc9b07273d6bed4bad4c5a94fec716299b6dca032fceb4b2a3d1493cd7560adef453f6558d879e1415bd9da7b217171a666c

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache\data_2.CashRansomware
                                  Filesize

                                  8KB

                                  MD5

                                  81466985f5f25dc55ef5d02c43bfc6d0

                                  SHA1

                                  00bed1fca9295b60997f49fb52ab36d268236f8f

                                  SHA256

                                  a23a8b57c609e7a4aab610c0b6c6fda1f5f752a1844ac2182e43c978cbca9183

                                  SHA512

                                  be42a9361ffdf53fb48348ab2d7380b94484a04434da8b24385dd829fbe1287e56718a718cbb1e98658db5f9113ee471b7c5d250c70d1e4f9e8e845f837a9b91

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_0.CashRansomware
                                  Filesize

                                  8KB

                                  MD5

                                  714fa6f847aa632a225b344a0d561ce7

                                  SHA1

                                  d551a6b6898bf79d96c5c883369ca40e3a3e7b2d

                                  SHA256

                                  3c2c9849bd07513e25eb35a539753a0440bc60594f62ec891c6db39bacedc76b

                                  SHA512

                                  e820fba6b6393da14baf6097b51e7960b811c88557c36a3166701896af31f714cd3da8c40c5c56933f5b34846c7f0affa1a336503debc5852bec19753323a0b7

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1.CashRansomware
                                  Filesize

                                  264KB

                                  MD5

                                  77f347163463193e47fe5c08fb28ba4e

                                  SHA1

                                  2c139b6c87855a284fdd1ee159276cf2b4da8139

                                  SHA256

                                  0e89e08a738c00633d6c847085aa3dac01aab952d8ac03a06aa807ccb1415399

                                  SHA512

                                  414de4245e284064e124d3d7423a187a722251fd3ac98aa17ccd12aa42a584181667854b0018dfae5ace4212f122893afbd6e9df0391b799894d37f0506e81f3

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_3.CashRansomware
                                  Filesize

                                  8KB

                                  MD5

                                  f71cae841501c1a3d88f495a88750aad

                                  SHA1

                                  a4830b74c0b34b7dc9c29ccf10fc618fca00b603

                                  SHA256

                                  366b2ba53a7124fb519176e6bbe305916444d57265450ee31d2325b0b4eb4422

                                  SHA512

                                  eddada0a94ee53cc9825e67057460a1874eb8dfd6037d0e65f88271362dfe0c3a2643da7c117227e38c6a693595b4daca6fd889f39324c867b0762c78a851a11

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                  Filesize

                                  152B

                                  MD5

                                  4dc6fc5e708279a3310fe55d9c44743d

                                  SHA1

                                  a42e8bdf9d1c25ef3e223d59f6b1d16b095f46d2

                                  SHA256

                                  a1c5f48659d4b3af960971b3a0f433a95fee5bfafe5680a34110c68b342377d8

                                  SHA512

                                  5874b2310187f242b852fa6dcded244cc860abb2be4f6f5a6a1db8322e12e1fef8f825edc0aae75adbb7284a2cd64730650d0643b1e2bb7ead9350e50e1d8c13

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                  Filesize

                                  152B

                                  MD5

                                  c9c4c494f8fba32d95ba2125f00586a3

                                  SHA1

                                  8a600205528aef7953144f1cf6f7a5115e3611de

                                  SHA256

                                  a0ca609205813c307df9122c0c5b0967c5472755700f615b0033129cf7d6b35b

                                  SHA512

                                  9d30cea6cfc259e97b0305f8b5cd19774044fb78feedfcef2014b2947f2e6a101273bc4ad30db9cc1724e62eb441266d7df376e28ac58693f128b9cce2c7d20d

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                  Filesize

                                  176B

                                  MD5

                                  4b0fdb42df7710656db54c391246153d

                                  SHA1

                                  76448462cca39b432c314f680ebb330258a28749

                                  SHA256

                                  72b128de5bd06d50af02c4113956687082280bd564ff6b5517e4bc466ae5d526

                                  SHA512

                                  f5681e8c75062df44e985069f51ebaf7f0cf0e10427b5dc4800e1c8af1d401816cc9bafad6157afcea9c85bf347540211332c273573c706632c290cbf90de067

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                  Filesize

                                  5KB

                                  MD5

                                  82e5c9394258c4800a3fa10ed5c5d81f

                                  SHA1

                                  466903c86e962b153c64b44a2f3abccae28ea063

                                  SHA256

                                  d6d1434913411a0978dc448ac81cf93540c952064556abbe24863b0b7a3b0bf0

                                  SHA512

                                  68a7d4a9254c22ff6671f70c774cb1466f90f409dd84d5f54b6e0a3a6047394dac471ff8f05fbfcc2356d438e6bc00d8f9e76d0074de550aaed3387314b2042b

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                  Filesize

                                  6KB

                                  MD5

                                  ba0e909c9b0ff66d11e7534e1be13a39

                                  SHA1

                                  de55abe0ff6b449694a560b9997f6c2dc1ac4ebe

                                  SHA256

                                  98f250b5710dac4aff29fa3a2719a61a920340dfb7be25c484fc1388762141d1

                                  SHA512

                                  5c69c58749b7a78e2de29e5e0497e2e2520eeda4b6c74df515a11b669cee5d1185ac4faff32bf796be248f9ebb623dbc8ebed7d9fcd981890aa8164b33490546

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                  Filesize

                                  16B

                                  MD5

                                  46295cac801e5d4857d09837238a6394

                                  SHA1

                                  44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                  SHA256

                                  0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                  SHA512

                                  8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                  Filesize

                                  16B

                                  MD5

                                  206702161f94c5cd39fadd03f4014d98

                                  SHA1

                                  bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                                  SHA256

                                  1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                                  SHA512

                                  0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                  Filesize

                                  11KB

                                  MD5

                                  b1b054a72784cfabc6ba1f31a72f849e

                                  SHA1

                                  b8f21703a8c85446ca2c7ea4a03ae48c7f298121

                                  SHA256

                                  f3cdf02b4c9fcf424f856424f49cbb16174323c2e1c8395f8a3aa9b4a41834f1

                                  SHA512

                                  d6ccad610a66fd42417c2d1718a555b94cd2216b661743e9177e2f1e13feb99fc6da18cc900be4a3526ec1e31bdbf61e823daa00a5462b34486fd14df4e62252

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                  Filesize

                                  11KB

                                  MD5

                                  d4e2b2f6fd1068926163d2c3ac660c48

                                  SHA1

                                  81aa60ad15da4bdce364f52f0cdb334575a6210e

                                  SHA256

                                  4f629a71c141c29c1caa66ea4c5f006a214646dea260fe081f61990a3ba83605

                                  SHA512

                                  c731c77804f05822f73b5af24b49d594f82cdcece28c4277e7855b9a9e754e6988173077737f65b62c146e04f073e28d9ff18dd0542c12baee61b8deb13a8733

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat.CashRansomware
                                  Filesize

                                  8KB

                                  MD5

                                  54ad7bea9f7054b3e3b0459166b070c9

                                  SHA1

                                  0a50e026f900fb8159fc9540ce47db94e68dbcf7

                                  SHA256

                                  f313a14029754e5d544a63937268ccdce262ae20f0efdfc0ba2c40053e0f5a15

                                  SHA512

                                  7db1b85b8b405db2a7d2947f77464b8458613f15f6f82673c89156fce46824d85115275ce8265e792b860f07e50c46115b0f16c7ca36c8b0a4a0dbcdad3dbfde

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_AutoGenerated_{A5E73466-E220-8EF4-B956-A582187356D9}.CashRansomware
                                  Filesize

                                  36KB

                                  MD5

                                  c12d7001e91f95d5b7d74ae38037ab4b

                                  SHA1

                                  0dc5907e14694cc80a90d872d108db35451fca50

                                  SHA256

                                  f0897e986e7ef736d0ef54bfae22f2bbfb95cb429f799691943a336d958c5094

                                  SHA512

                                  5bf6bee1c8b748239d9a7011bf8c4119d11900951c859cf113998821def051b1621670340dbfc44a144432e9e52a14ad9d374bda905ec4d983a46f3a1323974d

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_comexp_msc.CashRansomware
                                  Filesize

                                  36KB

                                  MD5

                                  d2a874c154417fdc6a7a5a96539090af

                                  SHA1

                                  ac90d2974a15a31dbc17508fec1651493c1bf06e

                                  SHA256

                                  5e77456e47575873cfed83e526e3190474ca4f501b85db3508861ac415323fd1

                                  SHA512

                                  cf85cba0d5954086a188472fcc6a61dd8eeb7def02a7aea5a62f6ace95d358771a9cbba3b077cb7f0af7dd70a785ea98e0c3ce6e4a18373a5afc96bdad137577

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{a071ad59-d4f9-4b90-809d-9a64b4020cd6}\0.1.filtertrie.intermediate.txt.CashRansomware
                                  Filesize

                                  16B

                                  MD5

                                  f9f389805b0a979dba45dc0cceb7cec9

                                  SHA1

                                  f24e65049ea166c70d63eafd72a65584c0abfb50

                                  SHA256

                                  0db00583dafbf35171b597851d24d576eb9d8fee3bc22d3edb328948ef117e07

                                  SHA512

                                  be1cbb2e19ce0ccb8dd74a38a818c6df26325f0d497b422fb98d2dcb476735cfd38b246f38efb79187ee6d824bf89fd00e7d0a6e21c8091676d19d39daa73dad

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{a071ad59-d4f9-4b90-809d-9a64b4020cd6}\0.2.filtertrie.intermediate.txt.CashRansomware
                                  Filesize

                                  16B

                                  MD5

                                  e11d988fef68b4c604f52c60784b4941

                                  SHA1

                                  a3da875f3294be32f4915e11c701bcd32c372e49

                                  SHA256

                                  151c413d0ee39607ecc9f76fa28ed09debf1d24281b1d32fb965002f8df58ca6

                                  SHA512

                                  b43e5f27629a06f4523d81663f11f7f7b3b5f37c7f223a0e39db9590a658bb50deee71afb3586c1d65b0e85016cadf985e70e0026dae584933d113e526f5d5b4

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133586086821031652.txt.CashRansomware
                                  Filesize

                                  77KB

                                  MD5

                                  a5db439aeb609162c036c9e4b860e4a4

                                  SHA1

                                  a1d39eba4a199cd8c513e1b4a4b0c9a269d3e4c1

                                  SHA256

                                  f18e6103b8057ffe57e464d2a681de4acc95553237d08223c821aa729b758003

                                  SHA512

                                  0e6ca07de590274ef93ec9e90f7763993e9bccb771734e5771776635d9f45db3b06edc88df1de74c87acbc645d6bdc7457c61e4db7e02485748c9a3cc7052274

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133586092380013040.txt.CashRansomware
                                  Filesize

                                  48KB

                                  MD5

                                  e3015c9d216949d0c45a6cbd3f0025e6

                                  SHA1

                                  1475f9fc1e7ef0db4cbba21891cc40b574e52a23

                                  SHA256

                                  6cb5fba77050b1bd508849988e2d9d4a9ca4d16de9fb75f6e04ec0aabccccf9e

                                  SHA512

                                  37d8e92078dbc84c23be7d441a4882662b700c6e00d832144e0274334efe9d7508656a0eee254fac4f3282c12bf90ed748fa2a2092aca4868417f3e4e709d1c2

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133586095412638284.txt.CashRansomware
                                  Filesize

                                  66KB

                                  MD5

                                  b116b7b10e6e382d73f3cfecade1efe8

                                  SHA1

                                  c60712d6e127ea1f2823e92f5b6142e5a5d962b4

                                  SHA256

                                  512e471571d32f019735f440432f111aca3b65c33607198381036bb3311c9487

                                  SHA512

                                  63b3bd4be6a0fdb2026740b63fc8f1efdb25e37d91c554bff5fa4c8e0eddf16b7337d97c1d8cd22cae3983dc9105781096ff136d0c9ee2536e265f5ec32f5881

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133586139643214768.txt.CashRansomware
                                  Filesize

                                  75KB

                                  MD5

                                  2620ba0a671ce499aa9db766564a501e

                                  SHA1

                                  f2bc01b4e9f7fe02cca789b47cbf5d6aedd5d5f4

                                  SHA256

                                  97a22a0b5bda8f3cdeff40cc926285c130f6638d7853c8cdd6e77c32c7fbfb88

                                  SHA512

                                  d65a201760b9c0ef9e5914915c735c0b617b55a462e4a68397586205bca2e1c69f03e552357a99a6b7aaacc02cefb340a4f02c8a3de99dfb43ab7de6aad45a04

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Temp\wctD07F.tmp.CashRansomware
                                  Filesize

                                  63KB

                                  MD5

                                  d311e259e8d1e2db66edac2c59020174

                                  SHA1

                                  329190c6fb45d792de174cec70cb0d4b5257d7e2

                                  SHA256

                                  14c3622fe84ac2fdea1b9cf82369cb642fd66d8ba790eb1c75b9eb24d1866f2a

                                  SHA512

                                  d803078fc54c11597ab54e8f1427f4d7547831b050872d3375230343ecbaeede8b46487d8bb1b9277704c18b944a5ce03a31f86ce53fc4a855b6a6e143d76c4f

                                  Download Submit

                                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ntkangc5.default-release\storage\permanent\chrome\idb\3561288849sdhlie.sqlite.CashRansomware
                                  Filesize

                                  48KB

                                  MD5

                                  f51aef226d706621ab4cdfd17847c4b1

                                  SHA1

                                  291b381ddfad79bc25599a6c878f7c3855a64e79

                                  SHA256

                                  57657b21a00350585ffa647ac7fb98f38326ef527478fbad53cc140b8cc86018

                                  SHA512

                                  91639d3aee718f9cb625df98106ceaf77a26999873eb81ea8cfc32d39000dde4abd9fa693b55f804c1577e209479349926cbac9164f9c146c2ae437db4d6e586

                                  Download Submit

                                • C:\Users\Admin\Desktop\Cash Ransomware.html
                                  Filesize

                                  9KB

                                  MD5

                                  b38d3abcc3a30f095eaecfdd9f62e033

                                  SHA1

                                  f9960cb04896c229fdf6438efa51b4afd98f526f

                                  SHA256

                                  579374af17d7b9f972e9efcb761e0a8f88ef6d44dce53d56d0512d16c4728b9d

                                  SHA512

                                  46968c3951daa569dfecf75ba95a6694d525cbbd1883070189896ab270bb561cb2d00d7d38168405da1f78695f95cc481d28bcbff74be53d9a89822a09595768

                                  Download Submit

                                • memory/228-1725-0x000001B0F7340000-0x000001B0F7868000-memory.dmp

                                  Filesize

                                  5.2MB

                                  Download

                                • memory/228-0-0x00007FF9EBA33000-0x00007FF9EBA35000-memory.dmp

                                  Filesize

                                  8KB

                                  Download

                                • memory/228-1756-0x00007FF9EBA33000-0x00007FF9EBA35000-memory.dmp

                                  Filesize

                                  8KB

                                  Download

                                • memory/228-1757-0x00007FF9EBA30000-0x00007FF9EC4F1000-memory.dmp

                                  Filesize

                                  10.8MB

                                  Download

                                • memory/228-2-0x00007FF9EBA30000-0x00007FF9EC4F1000-memory.dmp

                                  Filesize

                                  10.8MB

                                  Download

                                • memory/228-1724-0x000001B0F6C40000-0x000001B0F6E02000-memory.dmp

                                  Filesize

                                  1.8MB

                                  Download

                                • memory/228-1723-0x00007FF9EBA30000-0x00007FF9EC4F1000-memory.dmp

                                  Filesize

                                  10.8MB

                                  Download

                                • memory/228-1722-0x00007FF9EBA30000-0x00007FF9EC4F1000-memory.dmp

                                  Filesize

                                  10.8MB

                                  Download

                                • memory/228-1796-0x00007FF9EBA30000-0x00007FF9EC4F1000-memory.dmp

                                  Filesize

                                  10.8MB

                                  Download

                                • memory/228-1721-0x00007FF9EBA30000-0x00007FF9EC4F1000-memory.dmp

                                  Filesize

                                  10.8MB

                                  Download

                                • memory/228-1806-0x00007FF9EBA30000-0x00007FF9EC4F1000-memory.dmp

                                  Filesize

                                  10.8MB

                                  Download

                                • memory/228-1-0x000001B0D57E0000-0x000001B0D5A8E000-memory.dmp

                                  Filesize

                                  2.7MB

                                  Download