cdc95d0113a2af05c2e70fab23f6c218ae583ebcb47077dd5b705a476f9d6b96

Analysis

max time kernel
15s
max time network
126s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
21/07/2024, 06:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

amtemu.v0.9.2-painter.exe
Size

2.4MB
MD5

8abdc20f619641e29aa9ad2b999a0dcc
SHA1

caad125358d2ae6d217e74cfcd175ac81c43c729
SHA256

cdc95d0113a2af05c2e70fab23f6c218ae583ebcb47077dd5b705a476f9d6b96
SHA512

90999eb0bcb76a3d21e63565e332f1ac8a6fbc1e3dfe147c4ba2b5f8c542e21da3a43df9f5074eb7f7107e0e66d48e21cedda568fa1960502645f1b358d1550e
SSDEEP

49152:+kLvWlT+7CZ1k+1T0RSkXDE+QO6oP4DQ4E7U+:+kCZ1bad4+QOJgDQI

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2412	amtemu.v0.9.2-painter.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Opens file in notepad (likely ransom note) 2 IoCs

ransomware

pid	Process
3656	NOTEPAD.EXE
1612	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
2412	amtemu.v0.9.2-painter.exe
2828	chrome.exe
2828	chrome.exe

Suspicious use of AdjustPrivilegeToken 26 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2412	amtemu.v0.9.2-painter.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2828 wrote to memory of 2796	2828	chrome.exe	32
PID 2828 wrote to memory of 2796	2828	chrome.exe	32
PID 2828 wrote to memory of 2796	2828	chrome.exe	32
PID 2828 wrote to memory of 2560	2828	chrome.exe	34
PID 2828 wrote to memory of 2560	2828	chrome.exe	34
PID 2828 wrote to memory of 2560	2828	chrome.exe	34
PID 2828 wrote to memory of 2560	2828	chrome.exe	34
PID 2828 wrote to memory of 2560	2828	chrome.exe	34
PID 2828 wrote to memory of 2560	2828	chrome.exe	34
PID 2828 wrote to memory of 2560	2828	chrome.exe	34
PID 2828 wrote to memory of 2560	2828	chrome.exe	34
PID 2828 wrote to memory of 2560	2828	chrome.exe	34
PID 2828 wrote to memory of 2560	2828	chrome.exe	34
PID 2828 wrote to memory of 2560	2828	chrome.exe	34
PID 2828 wrote to memory of 2560	2828	chrome.exe	34
PID 2828 wrote to memory of 2560	2828	chrome.exe	34
PID 2828 wrote to memory of 2560	2828	chrome.exe	34
PID 2828 wrote to memory of 2560	2828	chrome.exe	34
PID 2828 wrote to memory of 2560	2828	chrome.exe	34
PID 2828 wrote to memory of 2560	2828	chrome.exe	34
PID 2828 wrote to memory of 2560	2828	chrome.exe	34
PID 2828 wrote to memory of 2560	2828	chrome.exe	34
PID 2828 wrote to memory of 2560	2828	chrome.exe	34
PID 2828 wrote to memory of 2560	2828	chrome.exe	34
PID 2828 wrote to memory of 2560	2828	chrome.exe	34
PID 2828 wrote to memory of 2560	2828	chrome.exe	34
PID 2828 wrote to memory of 2560	2828	chrome.exe	34
PID 2828 wrote to memory of 2560	2828	chrome.exe	34
PID 2828 wrote to memory of 2560	2828	chrome.exe	34
PID 2828 wrote to memory of 2560	2828	chrome.exe	34
PID 2828 wrote to memory of 2560	2828	chrome.exe	34
PID 2828 wrote to memory of 2560	2828	chrome.exe	34
PID 2828 wrote to memory of 2560	2828	chrome.exe	34
PID 2828 wrote to memory of 2560	2828	chrome.exe	34
PID 2828 wrote to memory of 2560	2828	chrome.exe	34
PID 2828 wrote to memory of 2560	2828	chrome.exe	34
PID 2828 wrote to memory of 2560	2828	chrome.exe	34
PID 2828 wrote to memory of 2560	2828	chrome.exe	34
PID 2828 wrote to memory of 2560	2828	chrome.exe	34
PID 2828 wrote to memory of 2560	2828	chrome.exe	34
PID 2828 wrote to memory of 2560	2828	chrome.exe	34
PID 2828 wrote to memory of 2560	2828	chrome.exe	34
PID 2828 wrote to memory of 2608	2828	chrome.exe	35
PID 2828 wrote to memory of 2608	2828	chrome.exe	35
PID 2828 wrote to memory of 2608	2828	chrome.exe	35
PID 2828 wrote to memory of 1532	2828	chrome.exe	36
PID 2828 wrote to memory of 1532	2828	chrome.exe	36
PID 2828 wrote to memory of 1532	2828	chrome.exe	36
PID 2828 wrote to memory of 1532	2828	chrome.exe	36
PID 2828 wrote to memory of 1532	2828	chrome.exe	36
PID 2828 wrote to memory of 1532	2828	chrome.exe	36
PID 2828 wrote to memory of 1532	2828	chrome.exe	36
PID 2828 wrote to memory of 1532	2828	chrome.exe	36
PID 2828 wrote to memory of 1532	2828	chrome.exe	36
PID 2828 wrote to memory of 1532	2828	chrome.exe	36
PID 2828 wrote to memory of 1532	2828	chrome.exe	36
PID 2828 wrote to memory of 1532	2828	chrome.exe	36
PID 2828 wrote to memory of 1532	2828	chrome.exe	36
PID 2828 wrote to memory of 1532	2828	chrome.exe	36
PID 2828 wrote to memory of 1532	2828	chrome.exe	36
PID 2828 wrote to memory of 1532	2828	chrome.exe	36
PID 2828 wrote to memory of 1532	2828	chrome.exe	36
PID 2828 wrote to memory of 1532	2828	chrome.exe	36
PID 2828 wrote to memory of 1532	2828	chrome.exe	36

C:\Users\Admin\AppData\Local\Temp\amtemu.v0.9.2-painter.exe
"C:\Users\Admin\AppData\Local\Temp\amtemu.v0.9.2-painter.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:2412

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6b69758,0x7fef6b69768,0x7fef6b69778
  2⤵
  PID:2796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1152 --field-trial-handle=1280,i,1782123610834047336,4219047654340668370,131072 /prefetch:2
  2⤵
  PID:2560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1432 --field-trial-handle=1280,i,1782123610834047336,4219047654340668370,131072 /prefetch:8
  2⤵
  PID:2608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1600 --field-trial-handle=1280,i,1782123610834047336,4219047654340668370,131072 /prefetch:8
  2⤵
  PID:1532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2356 --field-trial-handle=1280,i,1782123610834047336,4219047654340668370,131072 /prefetch:1
  2⤵
  PID:1620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2364 --field-trial-handle=1280,i,1782123610834047336,4219047654340668370,131072 /prefetch:1
  2⤵
  PID:2600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1144 --field-trial-handle=1280,i,1782123610834047336,4219047654340668370,131072 /prefetch:2
  2⤵
  PID:2016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1324 --field-trial-handle=1280,i,1782123610834047336,4219047654340668370,131072 /prefetch:1
  2⤵
  PID:3028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3696 --field-trial-handle=1280,i,1782123610834047336,4219047654340668370,131072 /prefetch:8
  2⤵
  PID:1856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=2856 --field-trial-handle=1280,i,1782123610834047336,4219047654340668370,131072 /prefetch:1
  2⤵
  PID:3052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2364 --field-trial-handle=1280,i,1782123610834047336,4219047654340668370,131072 /prefetch:8
  2⤵
  PID:2896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2668 --field-trial-handle=1280,i,1782123610834047336,4219047654340668370,131072 /prefetch:8
  2⤵
  PID:2652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2544 --field-trial-handle=1280,i,1782123610834047336,4219047654340668370,131072 /prefetch:1
  2⤵
  PID:1536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4160 --field-trial-handle=1280,i,1782123610834047336,4219047654340668370,131072 /prefetch:1
  2⤵
  PID:1300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4316 --field-trial-handle=1280,i,1782123610834047336,4219047654340668370,131072 /prefetch:1
  2⤵
  PID:2636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4532 --field-trial-handle=1280,i,1782123610834047336,4219047654340668370,131072 /prefetch:8
  2⤵
  PID:2428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4636 --field-trial-handle=1280,i,1782123610834047336,4219047654340668370,131072 /prefetch:1
  2⤵
  PID:1816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4476 --field-trial-handle=1280,i,1782123610834047336,4219047654340668370,131072 /prefetch:1
  2⤵
  PID:3056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4984 --field-trial-handle=1280,i,1782123610834047336,4219047654340668370,131072 /prefetch:1
  2⤵
  PID:1612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4564 --field-trial-handle=1280,i,1782123610834047336,4219047654340668370,131072 /prefetch:1
  2⤵
  PID:3480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4140 --field-trial-handle=1280,i,1782123610834047336,4219047654340668370,131072 /prefetch:1
  2⤵
  PID:3312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5112 --field-trial-handle=1280,i,1782123610834047336,4219047654340668370,131072 /prefetch:1
  2⤵
  PID:1912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5028 --field-trial-handle=1280,i,1782123610834047336,4219047654340668370,131072 /prefetch:1
  2⤵
  PID:3664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=4788 --field-trial-handle=1280,i,1782123610834047336,4219047654340668370,131072 /prefetch:1
  2⤵
  PID:4024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4620 --field-trial-handle=1280,i,1782123610834047336,4219047654340668370,131072 /prefetch:8
  2⤵
  PID:2992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5308 --field-trial-handle=1280,i,1782123610834047336,4219047654340668370,131072 /prefetch:8
  2⤵
  PID:2296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=2820 --field-trial-handle=1280,i,1782123610834047336,4219047654340668370,131072 /prefetch:1
  2⤵
  PID:2404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=4668 --field-trial-handle=1280,i,1782123610834047336,4219047654340668370,131072 /prefetch:1
  2⤵
  PID:2924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4620 --field-trial-handle=1280,i,1782123610834047336,4219047654340668370,131072 /prefetch:8
  2⤵
  PID:3124

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2932

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\" -an -ai#7zMap14978:70:7zEvent5562
1⤵
PID:3280

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\README.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:3656

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
1⤵
PID:3972

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\painter.ini
1⤵
- Opens file in notepad (likely ransom note)
PID:1612

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

Filesize
230B

MD5
8291cc1577f31e194e1cabfc78a395b2

SHA1
0c50f545476d724a899904cf1b6dcf8a1ac68015

SHA256
29a6464906955d99c573f783060ce5f7d4a5c8c668072ee785076a7926cf546b

SHA512
ff3c21430661dfcfdd9117ad411465e0fe28634c38570f91b6f4f83c596efb3ac5a0b142f7b92064bf3315aac90a40a4a27d02d5c6610d344e2e0ed3a0f8a4f0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ad7290bf3e9450d612b6c5f6997ca835

SHA1
7c46f311eccb6fcfe9749bc18a0584e108bc5176

SHA256
47ae146de35e0e93464aae0a7b2b891eafc3c62f6bec2ca3fea8c10a641575a5

SHA512
4ca9da3f15b9d8735cf46187ad88b0ede6f7f8a49cd0cdd441235ca29c2516e7c444bf6afed96d8b2cdcd31c55c611f95e8ab1f4e378014a052749ef62a28645

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0a93df0fe1edc7a22372c57d2b4cd3ee

SHA1
5abb0abb6f52c8390b1bbe8086918aef6d9b6c59

SHA256
0107a79dd0d528c0e2e7c7cbe2ce88e60bdb21d36099d9379fc441076356fed0

SHA512
f17647e674da7bddee2693de0fdc7a0f58b52d2b4c7fe3c44ca68b650335c2e6500477e58348ae4426c20eae7f3a93a724f8666d25c154f2162859703d0a1ef2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6c00e330b44e2f2b40b89f221c6f9f97

SHA1
6618addfed828f3668fe90800e754878c1ddb7c5

SHA256
2e363d409a42e85c56470d2ffb391e0ca2bd53e287b9dc12f51ba34250d2b64d

SHA512
7c896581752b7872dcc2b50f2cc72231f52765d9c004e67658167e2f493b5827e0608a9b42a1ed96fcfe27655d18360f535753eb5315bfc4ad5b1c0356289ad9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3686bab70fb50cb3e1f878881201eaf8

SHA1
56eb7e07bbc5347da8c1fc72b5657cfb1f081dc9

SHA256
e8cdcccf8acfe2ad201cef067f0238f69f7fb95ca41d21249d455c684fa1f61a

SHA512
052ce4dff8941da8258d8f4d8003b11e69236498441a098e1c93636f35bb5b40ff5e45f96ad79b976768a3e28eda46bf85c20cf6cb3db18a56fe4f1d24a622e4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
310f5752479d5d26d72935695ad91796

SHA1
528e132ff87451973c56252f58abebdf6159b4dd

SHA256
be5f18139cd728324ecee320e99fc8612ea43e4df7a4ad85891c96d2fe36dc6d

SHA512
91a829276501e5b18a5f5c4a22ea0b70e38944a80d42c2da50a61317cf9f03a24318967c6397cda2b1199d64ee38e12c83f05493a0074418be74674c37725df6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e375c984412a53558de60c8941219a12

SHA1
4232b493cfa069b664e66dadb0c5743eb5926e4a

SHA256
f15fe0b52857afff4f3dc15352ee376ae94fd1d47cd34aaf171c143679fd24f9

SHA512
a8127e0a96ebe1163b210ac589d64856548e5f72f724332d15d344cc954fcde5bcd98fe3ff2c474b7cc8e1b33fb9d02eefc2e0de1c2a87a56b00aa613481dc97

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
69e47628373f2ce31f5d7795ca0e73d6

SHA1
c9ff333bb87f18fa352073e654fbe5c6756cea3a

SHA256
208ec7b7fb1004dc7045aa2836250a038b0da012cd1beccac19c478d5eb01422

SHA512
9ceff84b7648c34aa1c1abb1bf2f9af12c1af62a7bfbf41c62ef45d36089c3759e2a2419d2c06abf2a86a22cd5b02cf0e36b3f77ad9da5379c4c18bec5834a2a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d0f9c9467765f316cef0f210cee87292

SHA1
e96934692f369c32222774df62757a9f6b8516e1

SHA256
e8b610d4c9847ccf02ec946e7a7a6e9d4dcfe6d43580af371ebfa5be190ad640

SHA512
8471252e57b66694391817ee4d9743235571311c6e6ac870e8517cfe8511b5008c7960fbc4c627680b0e13eab5d860e4f42e7ac96de3d3ae7ac233197fcfff5d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f3990db551eed220bf2da7107e3e07ee

SHA1
4ca3204f2a3d1145e4508b9d8ddf75c9a543d0c5

SHA256
7b158a20c2baa870f13a799caca14078ccba67bed05b21d501f96ab461caefd9

SHA512
c6eb0b8661b1ee5039bbd238ff43afa75bc22d21dcea52cf43de3cee70c92185f6a3dc45af297441409fccdaa2a5050e8ebfb1a258fb49e9028099b8b0da2028

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3041ec363ad225ef289ef7733f2dc909

SHA1
b96a7c1364e586b2ed9e4da79fd6ffb6e54effda

SHA256
e45b7da644a4dde54a0567f9fad8d53604771b46a84692b7d7d443da740f2680

SHA512
e19f197ce4d0a39aa4dafae03d15f4715134f7178ac502aad22ca3766f13776c16134712272d891c7e76cd83e8bf7aed0fbc04c22ad518213fd585bbc473c14f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
347126829d1ad1ca5b30d55370a5ba73

SHA1
bc953334a9dd9187b5fe328259cb5464e728d69f

SHA256
396b8b4abb980ecc0a38d704e97d49c72a88596e1072866f93a74b7eeab6dd33

SHA512
3105533c56fedf322ce19dd05e4b8038379d885a53c02d90be315942d170a58aff3a567c2548b36925d1500f1894809888fcdf1edea64e270709ad7e577102c3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
12dbe9ca7894a32e5ac7c15cf1f3c062

SHA1
891cc6e37e53913ca3ff39a63ed1f18e6a622666

SHA256
698d3fd2873597114fceb4dc4a456e168940fd55926005fbfd0a0ffada949e38

SHA512
80c4dfe178d629b7ff26df284649412cecd9f39a4390088c320aaeac57d5eee4768bbdeddd34d1419b0ad945130e609aab1c119b825fc343ff7165b30448f45b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7cb4b85c993056e7e1f980a5684aab81

SHA1
c5cb6481d03c2f0ce9258951f93386d27feab97c

SHA256
d3a1ca5b34fbc3cae738312763b0eb9900c59fa2c1c88c60ec0e69af749b7640

SHA512
0aa0e663ba61191f96799213435c159871322f58d53b9cb9f4ae6dab9c2a44af885bbc72be76cecda5259dfc50a4dc7d2f4b5120bdc8c952550a9773e4eaf97a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
445921147756f50afd161952bcce5c0e

SHA1
74281adfd445b5ff41156d8f6eb902d94dd1af48

SHA256
6909ba14613f7cfe464f89f2879be02ad7f44f5ee38526b9707e4d8254b85603

SHA512
fcfd9efe15f6307aae9a67eb7f8ab099fef3fd95c038211e81c69e0bd0f8146d3796ad1b97a1302e0efea232c845fefc9d8fa58099539e974326d90d1de53243

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
40eacdbb3dba956c3f3c032c23e38205

SHA1
71d98c3d000b5513981536035d0353ab8942c5d5

SHA256
07a2c1dafd980fda7afc321fdc4ef9f9586d52a6419bd48d11f0c9082a9dc8db

SHA512
0db6b7e5bccd05728671ae023e751846ee48930540fb4de796cca43ea164812f5f2653aa7bef48f8d700eecf9e7749f4c47bf90edb502a7acb4d3a8f29c1a468

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1e998bc5a3a56e3bca141bc63f0624f8

SHA1
a5df69bc971eb2143d69f29f95d4c49dd5584cb1

SHA256
1ea4f6fc4e6981af0657e98e8376f31b4e5d185c073b466e3029d596009d2727

SHA512
14d5cda4d2e5fa7ef6d9645e1b3411b6a869fbfa38302ad57d9c163665e9e73117a1254fca744f1ac8d65de88a36d0de5b899525e7b2883877e63b8c9523a9a1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0daf1965980f1a690ac64ce573fc8c04

SHA1
3ab1f5492189ed5b72c19f693c15598735eba9f4

SHA256
18cc505575df461200f98e9a1799ffee311c0167f6ef7608d56e03bac22c5ae5

SHA512
d4c9c30d6da36278d7f5dd458d07a8f7ca702cae24e246d10d5a6e75f4f404ccc3b04cab81f3e837c849b9d17739abcef670e1ef8301c71972a9bcdf33c4fb03

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a0cc16802416d70b0605508a9f6d2293

SHA1
a8086fa0ec80392fe7c631cfa7f8f589bf63b839

SHA256
879098c9055251d42dd246e93d73c2bc40ed7cd5e578cd2d5fb861b1c04c1679

SHA512
82617ee769353fe0e5b04a5132bd408ee5d98a63294a287cc43b53b8c9856d00eb68bbe18c1390d88b2f1c9981c1551ef304d04f422bebcdceb2b1ebbbbd917d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
82345717569010dbc37ed8f7d078db50

SHA1
3731238ce96dd11e69fae728698eafffd1d0cc8b

SHA256
86eb33a2680a0a48229a763d9279606195e86536a01c24608c51ceb07e10d801

SHA512
bd56412721dc7878af89fabe3dc0a1760342f6b90e010f4408db8975197c94fcad4a95e59d674c1ba6294545c8b396dda5684f256e46bf32f2217631782f99f7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d90fe629db29b7b3cc49b0748417e789

SHA1
1c3737f9bccfb2fd18feb695ff66381a4b4405b0

SHA256
6d883ae386958a6564273fa11e270dbeb648333fd608c20fa580c3d9a500bc01

SHA512
72112b1c9777b825c4328461e284db44176b89a02a9da1e2e33dac57e820b9a184e542178d4178fb82a20cb4e15e19bc2f6eaf51d772f82b41066b70ccff493c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dfeadd3244e82a0073c745c085fd3053

SHA1
ffaf831b73de06ebfb2708d0e7361b472a031aa3

SHA256
0b675771aab92854740b3297636a2bebebf0b5b336cfa5667f8f7d1c17270bd6

SHA512
85f56b42d3376ab0882fc30d76625a7d45d192f073c9351c73233e8dd2c539d871338d217b3a85cb0d56d57ac0c3cbbb3b3f306c854b96aa1a9fc0dc23bb0869

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5becade4700acfed0b75483241d92b0c

SHA1
d240b07978ecbbfd741eab3a09fdce5dcde298f2

SHA256
5fa795c530877694c42c2134cb6bdf91e93bbeea4b7ab2eecc053c8b52d1a881

SHA512
fa8eed243585aac3f79fefe54ba662dd5bc789e0e801cd19de93e713f911c8e1ac2f2ad4f2e4c9149511cc5b68a3aae403f8d7092c7f57e0fcbeabe434cff5ab

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3db70cf796c6ed95cbc36cdffb909b43

SHA1
4a55732947a1b8c8c857b1ca4c137cf26b18501c

SHA256
1d5123399d8538180f7bb8cbe6483f34fba88aa412d684b84222d0a2c9a5d918

SHA512
96001a16787bf67d52ca719aac7cf8b1d0d6233e8dc571ddc4971026fe587fa4336b6a9cff1ce2bf728c08b97b8a36f32255c7e22cfe67c4ba1489684e6c0e06

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0f3e276725e4cb873945144c4f2177f6

SHA1
704df51d60f2e2aa9f5d901d1566388e3641cb09

SHA256
03359380153ea52c5f0cbc147806aaa7bf952a2ca518f440429f41ad635a30b7

SHA512
3f8b17d88a3064f68b887346dee250b823b347cce0706ebc786ba8b4f29680cdc914179130d380002323e164b40395d4f5dabc1f7a8f8ac4a825d3c663ce9d6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\6db4a3eb-d418-492b-ac6c-f872f6309a3a.tmp

Filesize
6KB

MD5
8a77f8ba29270a83b6e8d4077d4b3c6b

SHA1
efd98dda96c9d1e236975c2bdc7a40f73a016b87

SHA256
596e4409ea71952446e029b63da6faac9541a06299bab8851007bce6b4ac31e4

SHA512
b849cbc7a761908b4495e45502bea8df64cdf15643bdf966cee358cd5a1a3f6a9352fc9dd89ff01a265e69ed2aa4a83a207cf04bc6b2e69d9602af84488b9969

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003e

Filesize
20KB

MD5
4a2961dddc7ca6732df1c0646aad5129

SHA1
ff0b7265d2bef3824709ee3000621aca2d2c8724

SHA256
58a974546a65196f726ac5dbc25f1048991e8347bd53e7449102048a5a0dd597

SHA512
82c889adccb748ea06ced5db14b7f3f94b980215d350d7cf5463ad05de53b0421e0bc7fe6d0d3897480b2cbd6f34e0126814f166adb59b7f0a1c9cf960e8a2d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000041

Filesize
54KB

MD5
01ad880ee50b786f74a5e4fae9ba3d71

SHA1
111387dbe885b7f3af44cdbbeea17eeb04bbf803

SHA256
9368f2d586a1d2727921605892048bf5201ef8caa044f2e939ef431aa881d83e

SHA512
d8dc47e5d55e6598988281539205936c56b716eb02b4e643fc917a68ba4407ece36a9d4115d5d0e32ac630d44eadb94ad2607330de082629fea82a9bd35fb83c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000042

Filesize
28KB

MD5
13d4f13cd34f37afc507ac239d82ddbd

SHA1
6d500935a441d438ed052e90de0443bccc8c6d17

SHA256
76464e77d22532976bbe5d1829e97854d5c37ed5a46ff300ad9680876ec81d01

SHA512
152e6449d09a7b544cf6f986c9695ae07c330f4b13068cca028ab56ffdad6ff2467f371ea4385ad71da023f3beb83fe0ba1d6d413f1ddde14372efe82ae36b6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000048

Filesize
33KB

MD5
1aca735014a6bb648f468ee476680d5b

SHA1
6d28e3ae6e42784769199948211e3aa0806fa62c

SHA256
e563f60814c73c0f4261067bd14c15f2c7f72ed2906670ed4076ebe0d6e9244a

SHA512
808aa9af5a3164f31466af4bac25c8a8c3f19910579cf176033359500c8e26f0a96cdc68ccf8808b65937dc87c121238c1c1b0be296d4306d5d197a1e4c38e86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004d

Filesize
1024KB

MD5
99061db4beb29630a3e16b22e0388d53

SHA1
2fd6132716a4bd805a1d001c0e5c4ad165b152a1

SHA256
218ff417f830c79ec7a8a4dc9bae7cc728f6e6b7602b06f289a2d5bb24d8466b

SHA512
fe5a69e1d95d76f0ab99496bb86152ffd48e271c72ea6fe2c7858d85a5f5df9968dc8c1374386146895fba8e88928c96f555eca9edac7a16881a9b5b7318a369

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000050

Filesize
1024KB

MD5
07bb2bc63e1468b1749215655f1960ee

SHA1
227f1e7dccbcbe38aa703061814326f4db937db0

SHA256
53bf34a4aa4f2c1f8059034c41149def038d494bc4055f61a007bd0d4419c594

SHA512
a2b08c5e2426f55e7e8e3347171e900c6ff17f5dd0ec3177ace0bf386cef6f28f774fd1ad2c247c3ef1413fa303789a5b6940adb1117eb055b6757f381813a00

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000051

Filesize
1024KB

MD5
072c59286e63e60e6b80c5f20d5be08c

SHA1
073ae6e88ddf0458d2c138ec794b4f52e146abf9

SHA256
79b74ea17a7f421b6694c79f7fdae99a236c23fc3ee33e22c3a872f3238b80b3

SHA512
1a63bba98cab0968bbdc4cb0a53f4bc951356b680fee37ee4a740e3af7733f8120c958273a45c5fa1f1d3761450b22e721196d574a0ace74108aef65bf0f2555

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000053

Filesize
1024KB

MD5
002db7a7bfba2acf1693086d0ec5a245

SHA1
0c950bb0abd8dd58c8a28e099ba5d953e792b8b9

SHA256
13cd5e4803bfc6b2e5f944c909e7ac499b8cd1adff39afa17835fadfe616e366

SHA512
94f37d1d4d7164c737faf7735741ce71845406a4f43597f5c3a401298d32897ac3a7b64da37e11f9f4508c387721ec978fcf8d212a6c30bd154d2fe5ff08cb01

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000066

Filesize
729KB

MD5
1dd22dda3190b5d053434a6e7ca90885

SHA1
8f0c88ba5c341447276bde88d09c5da11ca0a8ba

SHA256
409a5353785a20c70a3f6d62cd62bdfb9989a93103ef15e4cd5f8d8d20a3521d

SHA512
8f164260b41c423dd5971e4c746f534d06bfa83c1830915a6d6727bea1ca79a2f47c454bc586213d0a35ea9ded41a3835ad05cf196338ba919fb2ea1908deecb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\2bfde39962961371_0

Filesize
267B

MD5
e143d365e1fca35822191a233bf4764c

SHA1
f2119f7d25e963634ee9bddab2b5066cb58a1f56

SHA256
a576851d7de0a64fd134622919fb405e7b4073583189b71de8a39ff6bfcccbb5

SHA512
d2f4b36f34b3858ebed5e394660ce113bd0dbb618f9f28ffa7778ac2a8d317a5278e39519e4491ff38afca6022a28cabbf84a039dd170a682c3319f9a782a6f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\2d70e6e68d361f45_0

Filesize
54KB

MD5
1200f736284dfc2e30a5ae6fdd8c0fd0

SHA1
e022223bfc00a005f2c7977f856950042fa4cca9

SHA256
4af16799b51f62eb0f132f37a77c16be89b433066f4ce03e483b86f73f02e5f1

SHA512
9d9e4212272c033dd64e8ca1f6045e16a3030e427fdc996964039ede37a46eaccf82aa33d9e8377d2cef1c7d27538de2a226624128e67146e2763e0160517bc7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\43e8c24269a5c82e_0

Filesize
303B

MD5
fe80e645d568ae99296aacf30a0e7d93

SHA1
8137d554dbd8f79806eae8e14088a22fcf80e1a3

SHA256
0cd40105a6216a7887ffb0211cf728c0d7806c202c7ab63fc550d197126445f8

SHA512
b7487e5f5ca1bcda72bcddc3a6551af25fc539209ce31c2413793a2773be96f8ee787f8ae0e0be22bd5981fa53cd7316d0b997967ef32b63272924d04e5fb3bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\49015fadbd6f92e6_0

Filesize
3KB

MD5
5153036c7a496831098e4cf9558dcb4a

SHA1
220c8208e96bcaa32d0f9892be92a720b506aa52

SHA256
c69e7b1b191fe1388e4dba36863adaf7b8cd683085ca71ee7cd6e1623bc7e6cb

SHA512
d0492f757ee27e8ff058db6fb8fdea48d29e1aa13bcad90b31980b675408ad9fba6d23a592a4d57a4acd52400628cf60209d4c571255fa6fdf0c65cf9c5b50d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\52a9487b57df70f0_0

Filesize
31KB

MD5
ff8b4511d8046b488dec9c4b88821dd9

SHA1
c69dff8766952a73fbdf46dbcb13925078627a6f

SHA256
fe7bf057f1863bf3d94313bcb13ddf21a22ab26ed94d532d15dcea928837f651

SHA512
885dd8fa3f3cf3c957079a8efc955e9ad0d9e5cc9eee01b4e24b0ac5776964ab202c96ff791ce1428d14295f86ad9c518efac9a65866103f5a53ebd15db2281a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\570fbba02558bd16_0

Filesize
42KB

MD5
a516806e69a5c16dec8cbdbcbae01234

SHA1
53ab8f2c3eea709a8ff646a40beaef292d423712

SHA256
570dd22a46661491d889713cb2af77dcd29956dfc58af315d0865f84d839e929

SHA512
d8f93f37eb2a7c5b7cf163b6eea32b8f17584a66a36ecb9fcf25687ca8db9f3f265972f64d490e8ed0c9c30c6bc0b0dcc86193a00cd1c924e3edc0f34de3dd89

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\c2f536b80cd62680_0

Filesize
302B

MD5
ad18092e37e4445dc1f6e3660beb0d60

SHA1
52d83b58f2f85814b64b472def708ed46530be8f

SHA256
ab2fa762016dafa227d62e3c28d9005a7f37f9e2d65580a21e0b0dd53109cdc7

SHA512
ad51274cf6bb0e51cd4bde0bac4da05061c2307f00f32ea9dc2e5f5256c8990944bccd45740d77d8eb8e75af9d3efc6e4a3ee5376b1f27ae2d945aa91a911e82

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\cf9b1c60da2a1a92_0

Filesize
6KB

MD5
5adaacfcf090ed5cd90d182acda58a0d

SHA1
ba9adb7e64ad0a469efc22cf718a6cb65061976f

SHA256
af00df7082e864972e787b141948db7506cd1e941986af8fdbf3e575dfc49378

SHA512
0f4f4b682cdbff8967053e3e4595323502b7da81c6ad440c06e9e0485120d9655f64b2433b9a4b0731b6d4673d1a91ad184553530dd781089774e683c265237a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
5d1f839809843bb9787b4234cfec64d3

SHA1
8f5a2e94c196cf4f6cc63e29e20748802b20f906

SHA256
7b4fd3b0ef3a16b6a8d9547952e0d809f053fd5162dcc24039780f3e2c805aa9

SHA512
aed4896d7c25307cf71e2d2514dbdecab285b3fd8a7c1318515668b9c875964114a0e1d0b78c1b186ee530512cba81a5cfd3606c45392535e6b2d11c46b4aa41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_uk.yahoo.com_0.indexeddb.leveldb\CURRENT~RFf77140d.TMP

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
0bba76fbc271214aa245827788df9708

SHA1
d7c2b6c05be5b0352dd9cf8774ffd597f1eaf7c8

SHA256
f33a602c11fff0130aa8226ec5185997215a3a605b8da3a11bd414d219a7c61b

SHA512
947d196afa2d12bd21f60ad36952d830a5d2f150354f6ccdd87b14fe1d7c36b04fbf558f2c968e992a12ef1e12cfeedcf31d153fdae9db843f82cae0b5cf41cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
75a74ee4b20752fb9b5b91d4ccdc9393

SHA1
bae71d3591d57f1a27261a018802c6f8c04d6a79

SHA256
988395a27681cf3b75a0360e29446cd57701ca1b8db90bf1fbde79bdc274c2ab

SHA512
efab9b0365d52ad65f14656e19c383a96d95e2279f06a53e4fe551001c04d2c034f8d9919f87f5d1e27c85785b8e403e8055f314e0d24b26df0506a587bc7a96

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
8702ebc6848cb9c30a58eeaff3ebbec0

SHA1
7f814c7ffc6d087c0ed01815b70b5b6f884c755b

SHA256
a5178f78d3a9fdfa544ac5f5bae8218e4d4ccf8fc253b99d80166085380f13a1

SHA512
982cdafa64436a19adea2809c9c2a251e125f037eb7200a424dc17194c57a4cb0c9c00e0fab608af50b69245dabb4b52adeb206628c68b4b10419339a84a3ce6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
06c294c1570cdf824f4f5bcc99d5e750

SHA1
9929664c136adc40d0f07f508f997dee24fc0db9

SHA256
c51b1857fc873c34f02c8c89b6a9012b399f06e39920b69c039f95e906aa73e3

SHA512
ae5c3f6fdf702dca25e730a65ef7c2f5e10f7c6a7cab00481b1b68f11219f2f1cc955a9419936992dc95dbb8401f54810c868f87c87506bfc2e2eaee9a11c4ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
986b10db7f9aaaba1d75e6380b1674ff

SHA1
b75b4b609f843cc556122092b4407a20025b20dc

SHA256
13c8517e71e86182ba1618e85b40a3a652d4c72396fb21b1b4bde86dabf19457

SHA512
a7af5af6bfd881561379eb700e41c2717bd5bb40f03e3077eb186836d671647215bb4da86f4c4d433d2fa3122be0e2eb2a1de8cf87822bbdf0b527dbbdf22f83

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
dc7cdc31571cd9a3885161493d384be4

SHA1
dd5d7c3438bf9aaab5af20ec62165ad7b1233aab

SHA256
074986b06b3a084a30e47cbc9e392ab8eafa610b56bffc14f3b4e38df92709c0

SHA512
1845394464f59de8a45f3df101b77e8f704ac07f30db2ba2ecb7bceac1082b36987a2f77df2a0712069399a877e54b8c385eae69cd3a21ad22e18ea12ad09716

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
e5f29b6ed33a9988044b6f1c1e22a644

SHA1
2ffc916f37d98c8e90a2d4bd7d663546f8d94bfa

SHA256
927216a994920fb18e8ee37c472bfd9c8c540a1bba3d431538f3e1b40f6a43ee

SHA512
88982b21f09cea6cca676924f76b5d5c635ab2a417b404948e2d76350a882cfcde27c8f23d860dd59163f36672bced2a71b4466e7bc700624cb114ff609811a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
9d5e66bf8ff2a1e656cccfd751e50f4f

SHA1
036c7898cec6e0336a269743fdebb1dee3947daa

SHA256
43da7f784074b8bf67b070c55eecbb050296b329a0ab72dc84ca1155de14a785

SHA512
3134b30ed347fc534f67cd52bea6fc8ccafbd13004415b81559e786918ec69370e55e543df764e61b6de261e8e6d386bed548b447f458323179c092d25477146

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\000002.dbtmp

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
308KB

MD5
db725e01f3daedf10a4a1fff8f7e3939

SHA1
99b0cef87aff70feb4510878f72bc611d2ccc68f

SHA256
dca72492b1320c43949de0316ea9b0090cce9bfc44999fe667f9c6baeb694733

SHA512
0e4a32929d120d35518a1dcd15a041ff86d6437ccbc64620b1c21eea4be2c4c8f607bb5ef9cea7c3f44f96583b431d2eb8d1abcdf1709c19959779e22c472967

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
78KB

MD5
f40b81380825499e81272060eb6bad2d

SHA1
ec2e4967afc25be7e1df537a14c8538543c9e8af

SHA256
897f036c7d12a3d0366152566f77913dd6ec482ecf8421e7bff11ca8f2ab56c6

SHA512
c8bb60a9e0c5301f20b51cd51c3fc5856031fb2aac2ccd9b8d807b105038c69d06d7c9ad7f952ced1a7c07a57a262e8bb93e3e26aba8445919134d3c65aa8293

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabFD06.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarFD29.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\Desktop\README.txt

Filesize
1KB

MD5
ddc6af083588756d661a979a3fbcf45e

SHA1
65923d84497ec223eab313c7de8e3769bba4b0d3

SHA256
8f31f4c329cdefad370425b2aebfede30f9f30069182c08c896e2a5f152a2be9

SHA512
f6dd07076b5ef51614078213bccd18260c465daa01c277b04c97a13684529a6b929d83555c5e6e32674c664e0be03d8db839305589559c3a44468aa6da1cef07

Download Submit
C:\Users\Admin\Desktop\amtlib.dll

Filesize
3.5MB

MD5
1fd35f02c4e0c342f1eeb1d2eebda3a0

SHA1
fe734ae7a2014a067e28fc4578424ce068e69670

SHA256
911bf16113aa709289ccc29fa52de3c462b87ba486ee31ec598200cdfe776208

SHA512
cbae537adb0e5d6eb30deaac1d2fd6dc27c06d14f3f67e54e049c6ea42d7ee07deba175a24154ad00026000662bf85f8b1ac56cfb79f8023d5e1bd326b7333d5

Download Submit
C:\Users\Admin\Desktop\painter.ini

Filesize
401B

MD5
4be40389409ca2312cfbea5790046261

SHA1
23c4b48aa3045f916366cea0404db83d4b9ed687

SHA256
e1919072e9da0c48f653571619fd0336ce5dc835624c739c10746581c675a54d

SHA512
f61d757cbdaa74c655b5f5dffa2f7a8b9e5de35b6bf879c785fb3f45e78075013835f125db2da973b40ed8e687a28f36e68029c38e2f8c234e7337297fbe1e1e

Download Submit
C:\Users\Admin\Downloads\amtlib.zip.crdownload

Filesize
1.6MB

MD5
a157bc9d1bd5c7c2a20a4ea60119705a

SHA1
943fd746404778937ea893a0717a3e7cc731402c

SHA256
debe490adb860a3095fa5bdac604a90a663da25330b53ab4aa1158beaece6225

SHA512
925b590be470e8beeb1a537f93a54f54860c62666328368b22300566c550633dc060b8a7dab477de5516b3fbc68b69877decd2e8d9c864e20a30d7b999724f0c

Download Submit
\Users\Admin\AppData\Local\Temp\spc_player.dll

Filesize
31KB

MD5
41afbf49ba7f6ee164f31faa2cd38e15

SHA1
4a9aeebf6e2a3c459629662b4e3d72fe210da63f

SHA256
50d30b7aa7b9858f91f33165314c7cf7f2acc97157091676c7e7925e018fd387

SHA512
a323705e7e286f2e1cb821cccf1f24812020ef1b788f51e13176afaa04cb008899a32270bad7757204cbf9fce1a9887071fa84d353af2e5a667cba003c7f1efe

Download Submit
memory/2412-0-0x0000000000400000-0x000000000066B000-memory.dmp

Filesize
2.4MB

Download
memory/2412-10-0x0000000000400000-0x000000000066B000-memory.dmp

Filesize
2.4MB

Download
memory/2412-1839-0x0000000004A90000-0x0000000004A92000-memory.dmp

Filesize
8KB

Download
memory/2412-12-0x0000000000400000-0x000000000066B000-memory.dmp

Filesize
2.4MB

Download
memory/2412-11-0x0000000000390000-0x00000000003A2000-memory.dmp

Filesize
72KB

Download
memory/2412-9-0x0000000000400000-0x000000000066B000-memory.dmp

Filesize
2.4MB

Download
memory/2412-1-0x0000000077660000-0x0000000077661000-memory.dmp

Filesize
4KB

Download
memory/2412-3-0x0000000077660000-0x0000000077661000-memory.dmp

Filesize
4KB

Download
memory/2412-73-0x0000000000400000-0x000000000066B000-memory.dmp

Filesize
2.4MB

Download
memory/2412-2036-0x0000000000400000-0x000000000066B000-memory.dmp

Filesize
2.4MB

Download
memory/2412-7-0x0000000076E40000-0x0000000076E41000-memory.dmp

Filesize
4KB

Download