Overview

overview

10

Static

static

10

CashKamera.exe

windows7-x64

10

CashKamera.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12-05-2024 01:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    CashKamera.exe

  • Size

    2.7MB

  • MD5

    69cc2e20ea7a51666b8c14be90441073

  • SHA1

    6a3c7d3267c5c2a679f5f41dff36c091dccfb337

  • SHA256

    958ccd8e8dcce5e7bac5f891e8edc42ad6c5497d9385c8ae26c328c5f7beda24

  • SHA512

    de565813d0ddfe491c367e78b2a11891a73859a04efd83d8f35a4a6f6a028a29c873750dc863d1dfca9c40f9b4778cb1882bf8c07b9609f8463db22ac912922a

  • SSDEEP

    49152:nsul/s9YiZYGuT/s9YEQtQRTMYIMi7ztf33cSywWyFoEgn9uw:nJVsG+YRzsG1tQRjdih8rwcr

Score
10/10
zgratransomwareratspywarestealer

Malware Config

Signatures

  • Detect ZGRat V1 1 IoCs
  • ZGRat

    ZGRat is remote access trojan written in C#.

    ratzgrat
  • .NET Reactor proctector 1 IoCs

    Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

  • Drops startup file 3 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Looks up external IP address via web service 4 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Sets desktop wallpaper using registry 2 TTPs 1 IoCs
    ransomware
  • Drops file in Program Files directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Users\Admin\AppData\Local\Temp\CashKamera.exe
    "C:\Users\Admin\AppData\Local\Temp\CashKamera.exe"
    1⤵
    • Drops startup file
    • Sets desktop wallpaper using registry
    • Drops file in Program Files directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:4004
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Desktop\Cash Ransomware.html
      2⤵
      • Enumerates system info in registry
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:4916
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffadb5f46f8,0x7ffadb5f4708,0x7ffadb5f4718
        3⤵
          PID:3120
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,8916540055066438638,1360729963343420348,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
          3⤵
            PID:4288
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,8916540055066438638,1360729963343420348,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3
            3⤵
            • Suspicious behavior: EnumeratesProcesses
            PID:1380
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,8916540055066438638,1360729963343420348,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2940 /prefetch:8
            3⤵
              PID:5108
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,8916540055066438638,1360729963343420348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
              3⤵
                PID:3136
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,8916540055066438638,1360729963343420348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
                3⤵
                  PID:4292
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,8916540055066438638,1360729963343420348,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5208 /prefetch:8
                  3⤵
                    PID:3240
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,8916540055066438638,1360729963343420348,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5208 /prefetch:8
                    3⤵
                    • Suspicious behavior: EnumeratesProcesses
                    PID:2728
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,8916540055066438638,1360729963343420348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4044 /prefetch:1
                    3⤵
                      PID:304
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,8916540055066438638,1360729963343420348,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:1
                      3⤵
                        PID:852
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,8916540055066438638,1360729963343420348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2164 /prefetch:1
                        3⤵
                          PID:280
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,8916540055066438638,1360729963343420348,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5604 /prefetch:1
                          3⤵
                            PID:8
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,8916540055066438638,1360729963343420348,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2668 /prefetch:2
                            3⤵
                            • Suspicious behavior: EnumeratesProcesses
                            PID:4888
                      • C:\Windows\system32\vssvc.exe
                        C:\Windows\system32\vssvc.exe
                        1⤵
                        • Suspicious use of AdjustPrivilegeToken
                        PID:2316
                      • C:\Windows\System32\CompPkgSrv.exe
                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                        1⤵
                          PID:1056
                        • C:\Windows\System32\CompPkgSrv.exe
                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                          1⤵
                            PID:300

                          Network

                          MITRE ATT&CK Enterprise v15

                          Replay Monitor

                          Loading Replay Monitor...

                          Downloads

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\metadata.CashRansomware
                            Filesize

                            16B

                            MD5

                            919fa2e81a86204d6b07eac14d4b93d7

                            SHA1

                            b1173d788900d83adeda04455120725587592928

                            SHA256

                            bd649d7b294d5de29f1b72fe58b7d1d0a9a51924cfe52b3da65e43d069f9579b

                            SHA512

                            dfcc9a712c455c185b709e9335ce7976b4bd2e9c720fb4a8a5727aae17f39782ca9fbaa61641915ddc02fa4e48a2f0e9c632c508a0d72ac3804cb0576c11681c

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhi\CURRENT.CashRansomware
                            Filesize

                            32B

                            MD5

                            60787c9e3f93382701ad2b74162bbecd

                            SHA1

                            448234d46f80a8bbd7c99d9a028bdcd8d2f75788

                            SHA256

                            7718807b647a46fe5878495a32de119743ebcc40915d02e5cbfd00135c030034

                            SHA512

                            5db36ce3abf29fd464066683449dabf4bf9ec214ca4ebf341a6c9f20f63ce219bd16cada965d28875aa19cf4503959e056e82ff991f4ab41b58627baa9958c17

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhi\MANIFEST-000001.CashRansomware
                            Filesize

                            48B

                            MD5

                            a63b72023a0bee86dcf6c41257eb3041

                            SHA1

                            1b900d4e1c4fea77c2ba709191388c2888d23fb2

                            SHA256

                            5c3529c9d9b24a5fe2aed0802cd7d0b58f178e1cdc8267bb3d6947f5c89bd090

                            SHA512

                            b0d9d6e27c440b85ff071b5b87e2840783c3747facafd24a81deccccc0247a3df7487485f7d6fdf51042030d361948c0f0b106013367298cb5b6219d43e9d63f

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\wasm\index.CashRansomware
                            Filesize

                            32B

                            MD5

                            ad2511b28c8e955c8b18ac39afc65e8c

                            SHA1

                            f495263731c645f769e2259596ab1c7ab5143133

                            SHA256

                            dfa7a45ee42a11bf30eff73cb6cb7eeaa880a4d9c6c12eb00036d26978435496

                            SHA512

                            4d077e926785913590bd142e03e16f48075f0f720e28f46f35387288b5220d5071e876325515952c2292cbc1de9a62347db0bf62bcc9cf2ddd210ba5f6c33787

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache\data_2.CashRansomware
                            Filesize

                            8KB

                            MD5

                            9b1fe2144031d4549f2066f0ece3bdea

                            SHA1

                            73a5baf55788686166dab2fb379bb3c751bc2a4e

                            SHA256

                            4d8b9da5b2261b163cccdc5d8074737b3622f0ccf347ad2191fbdb49b42871b4

                            SHA512

                            2b822c653f89729b460d7f3c275f6df3239be6207eba57bfc45f5806bc67c9275907cb9f4f8a9e8d3296036f057e9f6530b5c270003be0ee5826b7bcd96549b0

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_0.CashRansomware
                            Filesize

                            8KB

                            MD5

                            34a762b7412f461ebddb8bc828e54c37

                            SHA1

                            925385ad77b944cdfc6d93a9b179e7a85718a36c

                            SHA256

                            db2c1064c2798d2a0fcf6353444d6fa081e9d0ec91d343a33ac690768be4c161

                            SHA512

                            0138d74f512ff4b9c62b9905394d2e650a3302f6cee55fa902b55b9921f2624aa9fb91415fc0781c6cf67af7047fc0ea529c2431fc488b52436ed48b990c3eb1

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1.CashRansomware
                            Filesize

                            264KB

                            MD5

                            52c2594e52b554c632e2caf72f9fc220

                            SHA1

                            138fe189c844832c19d4cbc1549b64eea7ad5296

                            SHA256

                            15ca82d25715a0d1c18d3427cfa6a52eebe27b344cada179857a5b30ec260fa5

                            SHA512

                            117a39f6b506d160f01472fe4876825a34619ecc21f3e2d408311b83f977031867c9bf4ac2f13245ef673f4e58981b2cd38d240ab0364abacb3558561d02fbe4

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_3.CashRansomware
                            Filesize

                            8KB

                            MD5

                            16be6bace43c4f241be26ff945a4745a

                            SHA1

                            1ff044a3c38593826c5343ea12da5796650c9260

                            SHA256

                            6094b56e33c1ab9ca7f5e5c18e1012685537ba8462e2e8efe1126f31b3438269

                            SHA512

                            f64bb0612d9080408ff937e8afed864c61ea33f192aad2624c5d1386fbc6fb7a2eddb9c3f1b856075d4862bf683dc2063b28dbe1108764995aee384df722fcb5

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                            Filesize

                            152B

                            MD5

                            b2a1398f937474c51a48b347387ee36a

                            SHA1

                            922a8567f09e68a04233e84e5919043034635949

                            SHA256

                            2dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6

                            SHA512

                            4a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                            Filesize

                            152B

                            MD5

                            1ac52e2503cc26baee4322f02f5b8d9c

                            SHA1

                            38e0cee911f5f2a24888a64780ffdf6fa72207c8

                            SHA256

                            f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4

                            SHA512

                            7670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                            Filesize

                            176B

                            MD5

                            4b0fdb42df7710656db54c391246153d

                            SHA1

                            76448462cca39b432c314f680ebb330258a28749

                            SHA256

                            72b128de5bd06d50af02c4113956687082280bd564ff6b5517e4bc466ae5d526

                            SHA512

                            f5681e8c75062df44e985069f51ebaf7f0cf0e10427b5dc4800e1c8af1d401816cc9bafad6157afcea9c85bf347540211332c273573c706632c290cbf90de067

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                            Filesize

                            6KB

                            MD5

                            ee733a51552740c9dff95e691bb7a702

                            SHA1

                            e662143fff79f69302ebd939c5c3f3823194dc52

                            SHA256

                            a461d621add1edbd76ee1cc5042b248ac41f9342f61fb3f672b5ce4fe52962c0

                            SHA512

                            7289207d607a1b52c69aad4a7a20158d89f545c1446292ca674e0b1594606ec6ea0b7859889bc51c8178e5be96b5836139ae77c3fb4791a5ac077d2a3561f714

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                            Filesize

                            6KB

                            MD5

                            9a822f4d84eff96fe749dcd6d0b59917

                            SHA1

                            f715f87b117cc0566f003a581b12412a3acfcec0

                            SHA256

                            4721c0c8fede12129f9c55f9fa142a2cbfd5e8ab16e63442252f4df1fe1f689a

                            SHA512

                            bac4a7a3e086ccc5bc3b4765c7378e9e96405ed651b5370b3cd823e01d8cf1a2d40aa2d0b2cfdc7f34b52f1bb54eae85d6ff51488baa18f581202548caf3e0ea

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                            Filesize

                            16B

                            MD5

                            6752a1d65b201c13b62ea44016eb221f

                            SHA1

                            58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                            SHA256

                            0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                            SHA512

                            9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\a54f6d68-c1ad-41cb-91aa-281fcdcfc0d1.tmp
                            Filesize

                            11KB

                            MD5

                            abb21d586916e381436c13846c92890f

                            SHA1

                            33e97dfb69b5a2386274f311f7d2891545c606d2

                            SHA256

                            6f3f7732bfe21933391918cd100f41939c1b5c16871ce0e443013ba01221c64a

                            SHA512

                            08d5b8781c399843701cc6953e1cc433bacadf963c19f0128f8c50551b8f3a6ebbfa743775bcd68463f168ad17d960ec02621ae80e9938fa1e5d34e1c05da794

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat.CashRansomware
                            Filesize

                            8KB

                            MD5

                            d5fb5bce3d7659fb3bcf34109ceaba81

                            SHA1

                            32ae692aeacdd31ffab312dc9af7d812ba94225c

                            SHA256

                            794be5bf94f83db58dd8910585f96042901ba42bba98c3f9dc4099919ff15bc0

                            SHA512

                            fb97a5c7eca60447af4aa45eb8576cbba09ef6d5995db21cd03e5f7121bf84d2637ad13cf8f63400e774991b7c773b3620c00f0e2bb070b78c48cfaa31c3708e

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_AutoGenerated_{A5E73466-E220-8EF4-B956-A582187356D9}.CashRansomware
                            Filesize

                            36KB

                            MD5

                            c9c09eb24f756844eefa558c69dcbeed

                            SHA1

                            f2df7bf0231fab1c43bdb9a3aaab33dae2d099ad

                            SHA256

                            31c344312a5cd5e00c958b90ea60877536de015d17705589b86ac05dc4ab1052

                            SHA512

                            cd26ce5004acaf62771fee416c29e34ce4ed5786f49006888e79e5770c31f8b9aa116e82a84c3efde720cbfe6d72648c8b87e8daa62878dab4f0ee880faa5dc2

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_comexp_msc.CashRansomware
                            Filesize

                            36KB

                            MD5

                            e7855aef65cec4fc1e8cefb7a092be6f

                            SHA1

                            8f032be06d43b40644ab8d8f884accd9a9c51997

                            SHA256

                            f8700bccb9e7b01a5cec0e7a24732864bde802a1a7be3f8dcaa4913252ab3778

                            SHA512

                            ca099d117cb81651c3bd4a7eedf82f479bc926b0323e9b37005299a7eb736da9990e5eb32a899f08ffa46e59fde886922e8c7d157cb14a8605d453ce7dc335b2

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{7aecc611-26d7-49be-ae95-c7e71c0ec540}\0.1.filtertrie.intermediate.txt.CashRansomware
                            Filesize

                            16B

                            MD5

                            c7a37063ac87e6fa6222b8d5d798d895

                            SHA1

                            f9b2bd9ce85e8baee01e5e2d049fe257e66224bc

                            SHA256

                            7c7f6ac4aa61b555b4db955031b0d95bc94bd02e0f2be813b9d435836a94f56d

                            SHA512

                            6b5896938b69619d3812950c76691637b6b5041597b07f54b1f19cb1fc0354dcdb7d8e949ee71cb8b008e1fdec93c5c839109c95bd935f4155edf0128b886009

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{7aecc611-26d7-49be-ae95-c7e71c0ec540}\0.2.filtertrie.intermediate.txt.CashRansomware
                            Filesize

                            16B

                            MD5

                            ea98690d4dc48c8fa72add380b4a18b5

                            SHA1

                            5e0c76df1ea47236a9b4431f7c74b9af4dd207b9

                            SHA256

                            e0d92c15474e7e5b6fa1b238b04758ce0c8d5a9ac237b392d1229a9719c03cf7

                            SHA512

                            f8f8ab2265854b328b22e60159fe689a3cc55edbb13c59d70516df524d84ad5e5d1fabd95a763724962503ae28895311c848f8367a36c849203a61beab66b6a7

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133586086595780251.txt.CashRansomware
                            Filesize

                            77KB

                            MD5

                            b80154979ed8f2f13bcd093d9303b3a0

                            SHA1

                            0ac89ddd88ec3049aad9e23929afc0efd11432fc

                            SHA256

                            32f8578a989bd649c163a11ad0359165dccac9d39072329a1f3791b29245828a

                            SHA512

                            5e4f140de7d8c09672c64ae0873663301592c970d330d45ba6b6ddb420bb098f40b8542c725b7ab8965395331a5c1064a5bffdba562871a22293d9dc8bfd0343

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133586088460765966.txt.CashRansomware
                            Filesize

                            47KB

                            MD5

                            2dd16f3455338d6c9ebf215fd652b4fa

                            SHA1

                            9e650cb32723cf40ff6a2119f20eb229f66f0c13

                            SHA256

                            756493600666063a7a15e4413ba5ebed59b4ba82107de17e03e34acaca9befa1

                            SHA512

                            284c94c3b79b58da224772cedd46fc358a79342d46b8411875ffceb83d95e813025c4dba38c12af65533034b9408f95f305cac0f42a771ccd832e400bfd47393

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133586094498261003.txt.CashRansomware
                            Filesize

                            66KB

                            MD5

                            d049e72af6f733fb95a5aae8167ef035

                            SHA1

                            c179907fc79ae8d857b7f28b408bfd36867ce3b6

                            SHA256

                            6163b09ef4dba4ae2334db7eb5e5f5ae5936bc97f036e84a1bfcc5305bddff54

                            SHA512

                            0616211342b217e88f54cc169d387dc81dd2c86d1620c28357dcdb3278425fa942cc9783c06affd649717d8a0e8a047a44f0b728bc68e461922241e031b06ad8

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47kntzet.default-release\storage\permanent\chrome\idb\3561288849sdhlie.sqlite.CashRansomware
                            Filesize

                            48KB

                            MD5

                            7bc7f8a4c2451c9a42a7d3de017b45d8

                            SHA1

                            19d2aeeb8574c88a17e149fd87187e45b976bda4

                            SHA256

                            b5786fb6863e5c8ee9e44562c010373d938561b6c720da6bb35f20d333db30a7

                            SHA512

                            da7cc3b875ea626a93d6cd504281a4006bf4129984279980120fab482a66980584a19be1aad321339f59d51f9228fb7cd7478a7e2a20f517337143ee2862f6f3

                            Download Submit

                          • C:\Users\Admin\Desktop\Cash Ransomware.html
                            Filesize

                            9KB

                            MD5

                            b38d3abcc3a30f095eaecfdd9f62e033

                            SHA1

                            f9960cb04896c229fdf6438efa51b4afd98f526f

                            SHA256

                            579374af17d7b9f972e9efcb761e0a8f88ef6d44dce53d56d0512d16c4728b9d

                            SHA512

                            46968c3951daa569dfecf75ba95a6694d525cbbd1883070189896ab270bb561cb2d00d7d38168405da1f78695f95cc481d28bcbff74be53d9a89822a09595768

                            Download Submit

                          • memory/4004-1709-0x0000023D30490000-0x0000023D309B8000-memory.dmp

                            Filesize

                            5.2MB

                            Download

                          • memory/4004-0-0x00007FFAE48B3000-0x00007FFAE48B5000-memory.dmp

                            Filesize

                            8KB

                            Download

                          • memory/4004-1-0x0000023D0E910000-0x0000023D0EBBE000-memory.dmp

                            Filesize

                            2.7MB

                            Download

                          • memory/4004-1708-0x0000023D2FD90000-0x0000023D2FF52000-memory.dmp

                            Filesize

                            1.8MB

                            Download

                          • memory/4004-1707-0x00007FFAE48B0000-0x00007FFAE5371000-memory.dmp

                            Filesize

                            10.8MB

                            Download

                          • memory/4004-1747-0x00007FFAE48B3000-0x00007FFAE48B5000-memory.dmp

                            Filesize

                            8KB

                            Download

                          • memory/4004-1754-0x00007FFAE48B0000-0x00007FFAE5371000-memory.dmp

                            Filesize

                            10.8MB

                            Download

                          • memory/4004-1706-0x00007FFAE48B0000-0x00007FFAE5371000-memory.dmp

                            Filesize

                            10.8MB

                            Download

                          • memory/4004-1705-0x00007FFAE48B0000-0x00007FFAE5371000-memory.dmp

                            Filesize

                            10.8MB

                            Download

                          • memory/4004-1769-0x00007FFAE48B0000-0x00007FFAE5371000-memory.dmp

                            Filesize

                            10.8MB

                            Download

                          • memory/4004-1770-0x00007FFAE48B0000-0x00007FFAE5371000-memory.dmp

                            Filesize

                            10.8MB

                            Download

                          • memory/4004-1771-0x00007FFAE48B0000-0x00007FFAE5371000-memory.dmp

                            Filesize

                            10.8MB

                            Download

                          • memory/4004-2-0x00007FFAE48B0000-0x00007FFAE5371000-memory.dmp

                            Filesize

                            10.8MB

                            Download