Overview

overview

10

Static

static

10

b8f5067418...23.exe

windows7-x64

10

b8f5067418...23.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13-05-2024 18:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b8f506741843e2c76fb207b41d205530236f4a263a9a5902146cd71a13fdfd23.exe

  • Size

    2.6MB

  • MD5

    31c7ee1961e277551ca3015cc963cf9d

  • SHA1

    b1a229fdbdc901f22e5464909c6b285e4374294d

  • SHA256

    b8f506741843e2c76fb207b41d205530236f4a263a9a5902146cd71a13fdfd23

  • SHA512

    07d3697b2327c7f1f20af496df467ca2970d566ece51e232e1a7e1f7eecd4571aa35a911f40842ca2cd0a3e4f8c3fce90631bf0fe0dd5a6ba22650e72dbc1aaa

  • SSDEEP

    49152:mLl/s9YWfNHuT/s9YEQtQRTMYIMi7ztf33cSywWyFoEgn9uE:CVsGWfczsG1tQRjdih8rwc

Score
10/10
zgratransomwareratspywarestealer

Malware Config

Signatures

  • Detect ZGRat V1 1 IoCs
  • ZGRat

    ZGRat is remote access trojan written in C#.

    ratzgrat
  • .NET Reactor proctector 1 IoCs

    Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

  • Drops startup file 3 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Looks up external IP address via web service 4 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Sets desktop wallpaper using registry 2 TTPs 1 IoCs
    ransomware
  • Drops file in Program Files directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Users\Admin\AppData\Local\Temp\b8f506741843e2c76fb207b41d205530236f4a263a9a5902146cd71a13fdfd23.exe
    "C:\Users\Admin\AppData\Local\Temp\b8f506741843e2c76fb207b41d205530236f4a263a9a5902146cd71a13fdfd23.exe"
    1⤵
    • Drops startup file
    • Sets desktop wallpaper using registry
    • Drops file in Program Files directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:4640
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Desktop\Cash Ransomware.html
      2⤵
      • Enumerates system info in registry
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:3000
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff93c346f8,0x7fff93c34708,0x7fff93c34718
        3⤵
          PID:3684
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,6521836694187523222,8010880354963098677,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2044 /prefetch:2
          3⤵
            PID:2560
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2032,6521836694187523222,8010880354963098677,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3
            3⤵
            • Suspicious behavior: EnumeratesProcesses
            PID:3320
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2032,6521836694187523222,8010880354963098677,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2712 /prefetch:8
            3⤵
              PID:1660
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,6521836694187523222,8010880354963098677,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
              3⤵
                PID:3688
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,6521836694187523222,8010880354963098677,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
                3⤵
                  PID:3668
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,6521836694187523222,8010880354963098677,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5096 /prefetch:8
                  3⤵
                    PID:1848
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,6521836694187523222,8010880354963098677,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5096 /prefetch:8
                    3⤵
                    • Suspicious behavior: EnumeratesProcesses
                    PID:2260
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,6521836694187523222,8010880354963098677,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1
                    3⤵
                      PID:4716
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,6521836694187523222,8010880354963098677,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4040 /prefetch:1
                      3⤵
                        PID:1036
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,6521836694187523222,8010880354963098677,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3520 /prefetch:1
                        3⤵
                          PID:4860
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,6521836694187523222,8010880354963098677,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3468 /prefetch:1
                          3⤵
                            PID:4540
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,6521836694187523222,8010880354963098677,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4788 /prefetch:2
                            3⤵
                            • Suspicious behavior: EnumeratesProcesses
                            PID:1216
                      • C:\Windows\system32\vssvc.exe
                        C:\Windows\system32\vssvc.exe
                        1⤵
                        • Suspicious use of AdjustPrivilegeToken
                        PID:3816
                      • C:\Windows\System32\CompPkgSrv.exe
                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                        1⤵
                          PID:1796
                        • C:\Windows\System32\CompPkgSrv.exe
                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                          1⤵
                            PID:2604

                          Network

                          MITRE ATT&CK Enterprise v15

                          Replay Monitor

                          Loading Replay Monitor...

                          Downloads

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\metadata.CashRansomware
                            Filesize

                            16B

                            MD5

                            e36c7aac1733d2c9c8ff6812dff2bfe7

                            SHA1

                            81930f9ac1f787855b13f3de60950306e31d3d15

                            SHA256

                            194a9838fcf2faa55dd6afb57a36a6dde48bf16fd50a6d99746d51a5d6aedb25

                            SHA512

                            b534a13a862a61aca8826ef841a33d196a0ac6592c166fe652a7578a07e6b1cc3d7276ba503d954551dc9ba24310e5d88e531ef2a2efedfd25ddf54a899b5d7d

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhi\CURRENT.CashRansomware
                            Filesize

                            32B

                            MD5

                            03f87e2b0b32d1727e64971101a8baa5

                            SHA1

                            0919094f912cc967e6a44a9215f1ae56dab9746a

                            SHA256

                            a10c6ec475e6dfffdd36cd37b5bdf6a0a4490541df45175051f54e3ba6abc869

                            SHA512

                            2e1092cb3c917a95d3ab55a638dace8e94eb2048f34bee61d124d0fd68478b87386e3fb2bedc5e6d5db137a0ffded6e09fc6fc449500b896f2c233974c051fa4

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhi\MANIFEST-000001.CashRansomware
                            Filesize

                            48B

                            MD5

                            979f8414753c7f7f5dc41fd9fbd7fff6

                            SHA1

                            653c5c0343eda3e5f1cd3591794e6c4afd8010ac

                            SHA256

                            9e17e8a20ceca213cdbb43f403479988e1dab4d0fee730b683e0821c02c467c5

                            SHA512

                            0fc7edcbe146327bc432f8fb6ac8c506da146e2c76ad245b73ed983a7729cdea265051197dd7962cf11217503d4de0b21286b8fe64ac239b8aa354ebbc985f86

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache\data_2.CashRansomware
                            Filesize

                            8KB

                            MD5

                            7461d872e7b0ce7405a7ff8bd87dae0b

                            SHA1

                            30ce4f5dd9147d58a9f54918d203faaf0300304f

                            SHA256

                            05d6ec712eb5c13cc093314fbc2d326e8b1f38033e7dd5bdbf15b57fc026ce97

                            SHA512

                            fdf78775ee456803eee745e333e4d57c5c05d8ad2f0db79cd56f155c65afda747391f655dad62f0dd9c8e49fc525b54b786614ccd8617d00d5853a5fce49787f

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_0.CashRansomware
                            Filesize

                            8KB

                            MD5

                            ce3ac377ef92af29d6dbc6b542b5d0f2

                            SHA1

                            3667b1e6bb9af9d2db87845575fc3e2db0c84d07

                            SHA256

                            ffd2ed893c0b683c2ec69e660ec5f6177d5e1e60390e092d890605a3792de467

                            SHA512

                            2182c22f6ad13ff62ac5b94909eb4601710f31eeb17851e8f2e9db2de6733bf38f7cd050ce752aad69ddb9e1dc15caebd8035bf1293118c2904cff990f6c6c87

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1.CashRansomware
                            Filesize

                            264KB

                            MD5

                            bc62de03b17bca6e5b3b97764d0a41f5

                            SHA1

                            5eac6c83e532a21fce13514d9cca62166fa1a5f4

                            SHA256

                            7c04dcb4d6fb556361ed3d2b674fe8abc3c1be3954ab3efabec3a4e16f00813a

                            SHA512

                            18890e02a3a7470a24d92419106d547394f587467bdc2121b1ec665e74ac28b20f123725499f688945b311a04aa2e69132b488c24d817a8d222fa8fe6928fc9f

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_3.CashRansomware
                            Filesize

                            8KB

                            MD5

                            0a580d20afcefb80fdc244751c1c7f9c

                            SHA1

                            98d75354de2d4acd867bf08b122d687c689f6125

                            SHA256

                            00853938f421a56a39d4583fcc9152485443eb0cd0e447feb13f6dbbdc466315

                            SHA512

                            ff47ce29cdc0d0223ed4969ec5ece4d59144a535e273d5269c45d71020eeecf60b3cc1f1c34d26097c34e82bc9781d84a67fe0a8bd18cb3c86439894147b7173

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                            Filesize

                            152B

                            MD5

                            439b5e04ca18c7fb02cf406e6eb24167

                            SHA1

                            e0c5bb6216903934726e3570b7d63295b9d28987

                            SHA256

                            247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

                            SHA512

                            d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                            Filesize

                            152B

                            MD5

                            a8e767fd33edd97d306efb6905f93252

                            SHA1

                            a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

                            SHA256

                            c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

                            SHA512

                            07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                            Filesize

                            176B

                            MD5

                            4b0fdb42df7710656db54c391246153d

                            SHA1

                            76448462cca39b432c314f680ebb330258a28749

                            SHA256

                            72b128de5bd06d50af02c4113956687082280bd564ff6b5517e4bc466ae5d526

                            SHA512

                            f5681e8c75062df44e985069f51ebaf7f0cf0e10427b5dc4800e1c8af1d401816cc9bafad6157afcea9c85bf347540211332c273573c706632c290cbf90de067

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                            Filesize

                            6KB

                            MD5

                            8f91a4ccd56170ee1a32748d367bc6bf

                            SHA1

                            c1eba6fc71e3b885c567610ee35d476f2ab26eda

                            SHA256

                            44f126ae5ee60405cc74ec798a70c4d6fbea4ff5d008ae3340f2df62ce089e2e

                            SHA512

                            856f3f3909fbb492e15202d3369c2db3b91ac748f97a3fa5cd2fd82d63090400e1e14d631c3aa5d0f296457ad15dc33f81567c5a32f89b388ee927e7d589e138

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                            Filesize

                            6KB

                            MD5

                            7e7c89ad322ad3ca4098085477d5c6aa

                            SHA1

                            fe2ec9f88cfb34707aa246719b07939d285ab0ed

                            SHA256

                            b03941e3c4d00fcbc06563a17ed7950cf70f2429a87459788eba0ceafb036093

                            SHA512

                            6a7704c484afd494e9b8058d91f19fe824f695b2688ce4570d44e282ed34bc2d2d7bc93890ed2c004714ad323a9a4110ed66fe8b89e7a93ca695d109e547f3e2

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                            Filesize

                            16B

                            MD5

                            46295cac801e5d4857d09837238a6394

                            SHA1

                            44e0fa1b517dbf802b18faf0785eeea6ac51594b

                            SHA256

                            0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                            SHA512

                            8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                            Filesize

                            16B

                            MD5

                            206702161f94c5cd39fadd03f4014d98

                            SHA1

                            bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                            SHA256

                            1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                            SHA512

                            0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                            Filesize

                            11KB

                            MD5

                            ab2f34edb5efbed0fe34fa95282220e4

                            SHA1

                            32fb78bb177f83e0ed46fc23102dfdf064cd7f31

                            SHA256

                            746782edcae72a2fccfef42e3eeead16a33105330f27ae00451adccc59f5d190

                            SHA512

                            6861abda51d470da1576127cd85ee16e8613e8b9e7fe0bd88396c42743b668ab60996abad7d09146d6b567f368cb5f9f7d910eca7bdd4629e08436653e56571d

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat.CashRansomware
                            Filesize

                            8KB

                            MD5

                            9d8534db8dc2e05c7a0bf51d3d0e8afb

                            SHA1

                            bb6b26f3486b0dc073ccc79622982aa6a8b70510

                            SHA256

                            ae7939082ea58df7bbe90ec3ee1b233f1fc4da72ee0f01a9f26d1f75bf05b5c5

                            SHA512

                            3f57963f939c2ec4edba83b7170c42eeceb9b772ee2734c5ba2b63b258089559d393f81c662b3ad4034ce603297679c922cb1ecc2b6b07828235b003984dac50

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_AutoGenerated_{A5E73466-E220-8EF4-B956-A582187356D9}.CashRansomware
                            Filesize

                            36KB

                            MD5

                            5986b7c4bb8689022eca66d71bd22fee

                            SHA1

                            d81b95ee427f3adbb1227231c15e499a59678352

                            SHA256

                            6942cdff9acffc763f867421eddba9e3950c7303b23d76f8665f76c182b06630

                            SHA512

                            9e81f93a4e4ff93f7e6ab6120f3418ace55f739d8271ed20d203ec8c2a077152e9f6fcc968fef9a6095045715c6f0aa2e957a2ab1e6f66646f3e435494a9a3f6

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_comexp_msc.CashRansomware
                            Filesize

                            36KB

                            MD5

                            9bb78d6a28e59e2e2252fd25fd68b4fe

                            SHA1

                            e9591d3b72dc802920ebbc55b18c6794c157de6c

                            SHA256

                            61166c58b5848b1f53b459ab3ce9af8a41cabdb4dedd577d00bbfebe10b0ec4b

                            SHA512

                            1020f907109ce66e2be2e692a4cc30ccc918234bc4e0e685f66ee28a093f311c68f2157667b01c4c2dba51dcf443f3abf520df96a5cf394b829715d1d02220c2

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{5ad19b1b-600e-4a94-9f1d-df48f742e3e2}\0.1.filtertrie.intermediate.txt.CashRansomware
                            Filesize

                            16B

                            MD5

                            cb5bfc6b1f57f20a9feb1771ca38d88e

                            SHA1

                            059c0772f6e6bbaebdc9009f16bb0c48fa100efa

                            SHA256

                            756c7ed4c91e25f2c6ed291c266243707f6bf71a695ac3bf46bc1573a13365d6

                            SHA512

                            056775a63ecd1e384222ecc2b16bf833cc85628424cd4d7af725dd01333e8b61aadd701cd24d2cace6c0007085b5d0cb09f5b03bd39c1418f454604f57d9b371

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{5ad19b1b-600e-4a94-9f1d-df48f742e3e2}\0.2.filtertrie.intermediate.txt.CashRansomware
                            Filesize

                            16B

                            MD5

                            9c31a792c33f80cee25e6b2d2b1bbfa0

                            SHA1

                            cc136ac1898171deee95495143820c2c124bfd93

                            SHA256

                            d11d74b345245f3578ee1c0d75736af2c9e91f9ed5fe0a9df3412194d0005a6a

                            SHA512

                            695df8db7d16f010457d9603f04a103ece0ac4be78e618592bad3dc3b4c34652119788007584ede504df077d22c1376eeb5a778c0b8326dd374df34314895ec8

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133596439083295209.txt.CashRansomware
                            Filesize

                            77KB

                            MD5

                            7b7951370799c00a8d125be59bd7ca23

                            SHA1

                            2427ff7d00754e4bd884b34293ac24629c13f2fd

                            SHA256

                            18780b9640b44bd26dbfd6e2c4d3d24574d10a392be8e66dc63edc4a61bf41f5

                            SHA512

                            faf496dd34381cfc9c39e383d07b36598dfd8ebda88b95cad72abe97d3296341d6ac66540443f4c49051261ae2015bc84367e4dc34cecdd8e4d30cfd0e25f8e3

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133596440479376967.txt.CashRansomware
                            Filesize

                            47KB

                            MD5

                            8fc1c5df3086ae666fc3f8611d80a193

                            SHA1

                            9b6e77988cf2493b9850fb239d22caf861735eb2

                            SHA256

                            4072cf6b2e47f36f6d134660e5d2cae55029d43d7244333b01cdd4ee97322fa9

                            SHA512

                            0ed9dfe2a0ac73ca0525f3b902f03eb3a2977eef64c6d07cfe02f483177741281b0fba3b5ec8410b8d22e5c8a903b814d8606e354ab907f085cc8bb5b3eca9c9

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133596447864304096.txt.CashRansomware
                            Filesize

                            66KB

                            MD5

                            3ffd97b6e0834a01ddb02b6ac09b4647

                            SHA1

                            2ed0b7e2c2ed24a447cb48d4f92870971268b019

                            SHA256

                            ff4b9bdd82d212be9a15b7866d81507d37d29ed17287d08518a4f4d9ae1b68f2

                            SHA512

                            1c628b49ffcd178e2dd3d37914ef7ddbc4db5ddf270a58ada9d6ec88c7d244b2d37e9edffb7842da6c58c61199cdd6bc6540e615319559fd99bbb2c01c521b0d

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133596463262934839.txt.CashRansomware
                            Filesize

                            75KB

                            MD5

                            a3c6fe0bc882a0d24ccdaf0c3b3aeb43

                            SHA1

                            d0f428901311cd794559b473fb16afe548dafbdc

                            SHA256

                            da041cf03aeecaa18e82229f6430e45c1dbbfd72c8025337e61c456e4196a1ed

                            SHA512

                            03abf900b6304f2f6f89847e6f633b9b93303615a64ce42e2803bc9f40f312e49d63f2443612ed0a645212898a03cde8c5680816445731f8ffb1589170cfbb16

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Temp\wctEED4.tmp.CashRansomware
                            Filesize

                            63KB

                            MD5

                            fde6040a298bfdda593534eab850ac27

                            SHA1

                            24db9c51b901eb51caa509b02acd9849f1f4113e

                            SHA256

                            7b8cc832820dbfe7da7d1aa2f6857084a23ea70ba89c7f448944725b99af950e

                            SHA512

                            a47d52adae78918830da36456cbdae05a9734e7f8a4a2dfeced13779929a2e3435820c7b23fe735b8b8bd5d1dfa76af2ca456b90df2ccaa79f303ddff1b48080

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afevplna.default-release\storage\permanent\chrome\idb\3561288849sdhlie.sqlite.CashRansomware
                            Filesize

                            48KB

                            MD5

                            9172ecf9db516a7cfba9866cb198b5d9

                            SHA1

                            ca9ac4c3acbc5a41ace8409bc546548483926ddb

                            SHA256

                            ce67715f464d45a11f34270cd98d87c044fe4b29c5f18fa4c785c4b9121de582

                            SHA512

                            e2ab9f88f34a304c539d74d50738a7384fb3263111734018a5ad7ed802391d5c7261c440e5cc802680b79a69246e2f8b58e531247b953b3a383daf4e6d35097e

                            Download Submit

                          • C:\Users\Admin\Desktop\Cash Ransomware.html
                            Filesize

                            9KB

                            MD5

                            b38d3abcc3a30f095eaecfdd9f62e033

                            SHA1

                            f9960cb04896c229fdf6438efa51b4afd98f526f

                            SHA256

                            579374af17d7b9f972e9efcb761e0a8f88ef6d44dce53d56d0512d16c4728b9d

                            SHA512

                            46968c3951daa569dfecf75ba95a6694d525cbbd1883070189896ab270bb561cb2d00d7d38168405da1f78695f95cc481d28bcbff74be53d9a89822a09595768

                            Download Submit

                          • memory/4640-0-0x00007FFFA3D03000-0x00007FFFA3D05000-memory.dmp

                            Filesize

                            8KB

                            Download

                          • memory/4640-1722-0x00007FFFA3D00000-0x00007FFFA47C1000-memory.dmp

                            Filesize

                            10.8MB

                            Download

                          • memory/4640-1723-0x00007FFFA3D00000-0x00007FFFA47C1000-memory.dmp

                            Filesize

                            10.8MB

                            Download

                          • memory/4640-1756-0x00007FFFA3D03000-0x00007FFFA3D05000-memory.dmp

                            Filesize

                            8KB

                            Download

                          • memory/4640-1721-0x00007FFFA3D00000-0x00007FFFA47C1000-memory.dmp

                            Filesize

                            10.8MB

                            Download

                          • memory/4640-1725-0x000001C2B8850000-0x000001C2B8D78000-memory.dmp

                            Filesize

                            5.2MB

                            Download

                          • memory/4640-1777-0x00007FFFA3D00000-0x00007FFFA47C1000-memory.dmp

                            Filesize

                            10.8MB

                            Download

                          • memory/4640-1724-0x000001C2B8150000-0x000001C2B8312000-memory.dmp

                            Filesize

                            1.8MB

                            Download

                          • memory/4640-2-0x00007FFFA3D00000-0x00007FFFA47C1000-memory.dmp

                            Filesize

                            10.8MB

                            Download

                          • memory/4640-1796-0x00007FFFA3D00000-0x00007FFFA47C1000-memory.dmp

                            Filesize

                            10.8MB

                            Download

                          • memory/4640-1797-0x00007FFFA3D00000-0x00007FFFA47C1000-memory.dmp

                            Filesize

                            10.8MB

                            Download

                          • memory/4640-1798-0x00007FFFA3D00000-0x00007FFFA47C1000-memory.dmp

                            Filesize

                            10.8MB

                            Download

                          • memory/4640-1-0x000001C296DF0000-0x000001C29709C000-memory.dmp

                            Filesize

                            2.7MB

                            Download