Malware Analysis Report

2024-10-18 22:05

Sample ID 240616-t4cgaazeqf
Target UltraViewer_setup_6.6_en.exe
SHA256 0fa31dd2affdad98dbca7d8b7a9dc02c56093ff2ca06e6b03db7aa4cd4bf5260
Tags
bootkit discovery evasion execution persistence upx
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

0fa31dd2affdad98dbca7d8b7a9dc02c56093ff2ca06e6b03db7aa4cd4bf5260

Threat Level: Likely malicious

The file UltraViewer_setup_6.6_en.exe was found to be: Likely malicious.

Malicious Activity Summary

bootkit discovery evasion execution persistence upx

Stops running service(s)

UPX packed file

Loads dropped DLL

Executes dropped EXE

Checks installed software on the system

Writes to the Master Boot Record (MBR)

Drops file in System32 directory

Launches sc.exe

Drops file in Program Files directory

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Discovers systems in the same network

Suspicious use of SetWindowsHookEx

Runs net.exe

Modifies registry class

Suspicious behavior: AddClipboardFormatListener

Suspicious use of AdjustPrivilegeToken

Enumerates system info in registry

Kills process with taskkill

Gathers network information

Modifies data under HKEY_USERS

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-16 16:36

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-16 16:36

Reported

2024-06-16 16:38

Platform

win10v2004-20240508-en

Max time kernel

85s

Max time network

85s

Command Line

"C:\Users\Admin\AppData\Local\Temp\UltraViewer_setup_6.6_en.exe"

Signatures

Stops running service(s)

evasion execution

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-QUTC3.tmp\UltraViewer_setup_6.6_en.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-QUTC3.tmp\UltraViewer_setup_6.6_en.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-QUTC3.tmp\UltraViewer_setup_6.6_en.tmp N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe N/A
N/A N/A C:\Program Files (x86)\UltraViewer\UltraViewer_Desktop.exe N/A
N/A N/A C:\Program Files (x86)\UltraViewer\UltraViewer_Desktop.exe N/A
N/A N/A C:\Program Files (x86)\UltraViewer\UltraViewer_Desktop.exe N/A
N/A N/A C:\Program Files (x86)\UltraViewer\UltraViewer_Desktop.exe N/A
N/A N/A C:\Program Files (x86)\UltraViewer\UltraViewer_Desktop.exe N/A
N/A N/A C:\Program Files (x86)\UltraViewer\UltraViewer_Desktop.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe N/A
N/A N/A C:\Program Files (x86)\UltraViewer\UltraViewer_Desktop.exe N/A
N/A N/A C:\Program Files (x86)\UltraViewer\UltraViewer_Desktop.exe N/A
N/A N/A C:\Program Files (x86)\UltraViewer\UltraViewer_Desktop.exe N/A
N/A N/A C:\Program Files (x86)\UltraViewer\UltraViewer_Desktop.exe N/A
N/A N/A C:\Program Files (x86)\UltraViewer\UltraViewer_Desktop.exe N/A
N/A N/A C:\Program Files (x86)\UltraViewer\UltraViewer_Desktop.exe N/A
N/A N/A C:\Program Files (x86)\UltraViewer\UltraViewer_Desktop.exe N/A
N/A N/A C:\Program Files (x86)\UltraViewer\UltraViewer_Desktop.exe N/A
N/A N/A C:\Program Files (x86)\UltraViewer\UltraViewer_Desktop.exe N/A
N/A N/A C:\Program Files (x86)\UltraViewer\UltraViewer_Desktop.exe N/A
N/A N/A C:\Program Files (x86)\UltraViewer\UltraViewer_Desktop.exe N/A
N/A N/A C:\Program Files (x86)\UltraViewer\UltraViewer_Desktop.exe N/A
N/A N/A C:\Program Files (x86)\UltraViewer\UltraViewer_Desktop.exe N/A
N/A N/A C:\Program Files (x86)\UltraViewer\UltraViewer_Desktop.exe N/A
N/A N/A C:\Program Files (x86)\UltraViewer\UltraViewer_Desktop.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks installed software on the system

discovery

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PhysicalDrive0 C:\Program Files (x86)\UltraViewer\UltraViewer_Service.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSStmp.log C:\Windows\System32\svchost.exe N/A
File created C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSSres00002.jrs C:\Windows\System32\svchost.exe N/A
File created C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.jfm C:\Windows\System32\svchost.exe N/A
File created C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat C:\Windows\System32\svchost.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\RegAsm.exe.log C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.jtx C:\Windows\System32\svchost.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.jcp C:\Windows\System32\svchost.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.log C:\Windows\System32\svchost.exe N/A
File created C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSSres00001.jrs C:\Windows\System32\svchost.exe N/A
File created C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.chk C:\Windows\System32\svchost.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat C:\Windows\System32\svchost.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.chk C:\Windows\System32\svchost.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\UltraViewer\unins000.dat C:\Users\Admin\AppData\Local\Temp\is-QUTC3.tmp\UltraViewer_setup_6.6_en.tmp N/A
File created C:\Program Files (x86)\UltraViewer\is-THLLN.tmp C:\Users\Admin\AppData\Local\Temp\is-QUTC3.tmp\UltraViewer_setup_6.6_en.tmp N/A
File created C:\Program Files (x86)\UltraViewer\is-NEA6S.tmp C:\Users\Admin\AppData\Local\Temp\is-QUTC3.tmp\UltraViewer_setup_6.6_en.tmp N/A
File created C:\Program Files (x86)\UltraViewer\images\is-S2C0E.tmp C:\Users\Admin\AppData\Local\Temp\is-QUTC3.tmp\UltraViewer_setup_6.6_en.tmp N/A
File created C:\Program Files (x86)\UltraViewer\images\emotions\is-CC4AF.tmp C:\Users\Admin\AppData\Local\Temp\is-QUTC3.tmp\UltraViewer_setup_6.6_en.tmp N/A
File opened for modification C:\Program Files (x86)\UltraViewer\uv_x64.exe C:\Users\Admin\AppData\Local\Temp\is-QUTC3.tmp\UltraViewer_setup_6.6_en.tmp N/A
File created C:\Program Files (x86)\UltraViewer\images\is-U3OJQ.tmp C:\Users\Admin\AppData\Local\Temp\is-QUTC3.tmp\UltraViewer_setup_6.6_en.tmp N/A
File created C:\Program Files (x86)\UltraViewer\is-PSSQ7.tmp C:\Users\Admin\AppData\Local\Temp\is-QUTC3.tmp\UltraViewer_setup_6.6_en.tmp N/A
File created C:\Program Files (x86)\UltraViewer\images\emotions\is-EKE0B.tmp C:\Users\Admin\AppData\Local\Temp\is-QUTC3.tmp\UltraViewer_setup_6.6_en.tmp N/A
File created C:\Program Files (x86)\UltraViewer\Language\is-HF907.tmp C:\Users\Admin\AppData\Local\Temp\is-QUTC3.tmp\UltraViewer_setup_6.6_en.tmp N/A
File created C:\Program Files (x86)\UltraViewer\Language\is-5EN8E.tmp C:\Users\Admin\AppData\Local\Temp\is-QUTC3.tmp\UltraViewer_setup_6.6_en.tmp N/A
File created C:\Program Files (x86)\UltraViewer\UltraViewerService_log.txt C:\Program Files (x86)\UltraViewer\UltraViewer_Service.exe N/A
File created C:\Program Files (x86)\UltraViewer\is-7M7LM.tmp C:\Users\Admin\AppData\Local\Temp\is-QUTC3.tmp\UltraViewer_setup_6.6_en.tmp N/A
File created C:\Program Files (x86)\UltraViewer\is-KEESJ.tmp C:\Users\Admin\AppData\Local\Temp\is-QUTC3.tmp\UltraViewer_setup_6.6_en.tmp N/A
File created C:\Program Files (x86)\UltraViewer\images\emotions\is-T2GM8.tmp C:\Users\Admin\AppData\Local\Temp\is-QUTC3.tmp\UltraViewer_setup_6.6_en.tmp N/A
File created C:\Program Files (x86)\UltraViewer\Language\is-7EJT5.tmp C:\Users\Admin\AppData\Local\Temp\is-QUTC3.tmp\UltraViewer_setup_6.6_en.tmp N/A
File created C:\Program Files (x86)\UltraViewer\Language\is-R3R13.tmp C:\Users\Admin\AppData\Local\Temp\is-QUTC3.tmp\UltraViewer_setup_6.6_en.tmp N/A
File created C:\Program Files (x86)\UltraViewer\is-T2APQ.tmp C:\Users\Admin\AppData\Local\Temp\is-QUTC3.tmp\UltraViewer_setup_6.6_en.tmp N/A
File created C:\Program Files (x86)\UltraViewer\is-S1F9B.tmp C:\Users\Admin\AppData\Local\Temp\is-QUTC3.tmp\UltraViewer_setup_6.6_en.tmp N/A
File created C:\Program Files (x86)\UltraViewer\Language\is-EKVVK.tmp C:\Users\Admin\AppData\Local\Temp\is-QUTC3.tmp\UltraViewer_setup_6.6_en.tmp N/A
File created C:\Program Files (x86)\UltraViewer\Language\is-ECMBF.tmp C:\Users\Admin\AppData\Local\Temp\is-QUTC3.tmp\UltraViewer_setup_6.6_en.tmp N/A
File created C:\Program Files (x86)\UltraViewer\is-6NM6E.tmp C:\Users\Admin\AppData\Local\Temp\is-QUTC3.tmp\UltraViewer_setup_6.6_en.tmp N/A
File created C:\Program Files (x86)\UltraViewer\is-A5USK.tmp C:\Users\Admin\AppData\Local\Temp\is-QUTC3.tmp\UltraViewer_setup_6.6_en.tmp N/A
File created C:\Program Files (x86)\UltraViewer\is-AQ5N1.tmp C:\Users\Admin\AppData\Local\Temp\is-QUTC3.tmp\UltraViewer_setup_6.6_en.tmp N/A
File created C:\Program Files (x86)\UltraViewer\images\is-3K0GS.tmp C:\Users\Admin\AppData\Local\Temp\is-QUTC3.tmp\UltraViewer_setup_6.6_en.tmp N/A
File created C:\Program Files (x86)\UltraViewer\images\is-9QIPT.tmp C:\Users\Admin\AppData\Local\Temp\is-QUTC3.tmp\UltraViewer_setup_6.6_en.tmp N/A
File created C:\Program Files (x86)\UltraViewer\images\emotions\is-5OFAQ.tmp C:\Users\Admin\AppData\Local\Temp\is-QUTC3.tmp\UltraViewer_setup_6.6_en.tmp N/A
File opened for modification C:\Program Files (x86)\UltraViewer\uvh.dll C:\Users\Admin\AppData\Local\Temp\is-QUTC3.tmp\UltraViewer_setup_6.6_en.tmp N/A
File opened for modification C:\Program Files (x86)\UltraViewer\uvh64.dll C:\Users\Admin\AppData\Local\Temp\is-QUTC3.tmp\UltraViewer_setup_6.6_en.tmp N/A
File created C:\Program Files (x86)\UltraViewer\Language\is-13CP0.tmp C:\Users\Admin\AppData\Local\Temp\is-QUTC3.tmp\UltraViewer_setup_6.6_en.tmp N/A
File created C:\Program Files (x86)\UltraViewer\Language\is-G48Q7.tmp C:\Users\Admin\AppData\Local\Temp\is-QUTC3.tmp\UltraViewer_setup_6.6_en.tmp N/A
File created C:\Program Files (x86)\UltraViewer\Language\is-69AJU.tmp C:\Users\Admin\AppData\Local\Temp\is-QUTC3.tmp\UltraViewer_setup_6.6_en.tmp N/A
File created C:\Program Files (x86)\UltraViewer\is-91MSB.tmp C:\Users\Admin\AppData\Local\Temp\is-QUTC3.tmp\UltraViewer_setup_6.6_en.tmp N/A
File created C:\Program Files (x86)\UltraViewer\is-G9U1C.tmp C:\Users\Admin\AppData\Local\Temp\is-QUTC3.tmp\UltraViewer_setup_6.6_en.tmp N/A
File created C:\Program Files (x86)\UltraViewer\Language\is-UC3KQ.tmp C:\Users\Admin\AppData\Local\Temp\is-QUTC3.tmp\UltraViewer_setup_6.6_en.tmp N/A
File created C:\Program Files (x86)\UltraViewer\Language\is-M5SKF.tmp C:\Users\Admin\AppData\Local\Temp\is-QUTC3.tmp\UltraViewer_setup_6.6_en.tmp N/A
File created C:\Program Files (x86)\UltraViewer\Language\is-VARLU.tmp C:\Users\Admin\AppData\Local\Temp\is-QUTC3.tmp\UltraViewer_setup_6.6_en.tmp N/A
File opened for modification C:\Program Files (x86)\UltraViewer\uv_clib.dll C:\Users\Admin\AppData\Local\Temp\is-QUTC3.tmp\UltraViewer_setup_6.6_en.tmp N/A
File created C:\Program Files (x86)\UltraViewer\images\emotions\is-TOTT0.tmp C:\Users\Admin\AppData\Local\Temp\is-QUTC3.tmp\UltraViewer_setup_6.6_en.tmp N/A
File created C:\Program Files (x86)\UltraViewer\Language\is-3MR90.tmp C:\Users\Admin\AppData\Local\Temp\is-QUTC3.tmp\UltraViewer_setup_6.6_en.tmp N/A
File created C:\Program Files (x86)\UltraViewer\images\is-GHSF6.tmp C:\Users\Admin\AppData\Local\Temp\is-QUTC3.tmp\UltraViewer_setup_6.6_en.tmp N/A
File created C:\Program Files (x86)\UltraViewer\images\is-VSG4B.tmp C:\Users\Admin\AppData\Local\Temp\is-QUTC3.tmp\UltraViewer_setup_6.6_en.tmp N/A
File created C:\Program Files (x86)\UltraViewer\Language\is-T725G.tmp C:\Users\Admin\AppData\Local\Temp\is-QUTC3.tmp\UltraViewer_setup_6.6_en.tmp N/A
File created C:\Program Files (x86)\UltraViewer\Language\is-GR1T7.tmp C:\Users\Admin\AppData\Local\Temp\is-QUTC3.tmp\UltraViewer_setup_6.6_en.tmp N/A
File created C:\Program Files (x86)\UltraViewer\Language\is-NL8EA.tmp C:\Users\Admin\AppData\Local\Temp\is-QUTC3.tmp\UltraViewer_setup_6.6_en.tmp N/A
File opened for modification C:\Program Files (x86)\UltraViewer\HtmlAgilityPack.dll C:\Users\Admin\AppData\Local\Temp\is-QUTC3.tmp\UltraViewer_setup_6.6_en.tmp N/A
File created C:\Program Files (x86)\UltraViewer\images\is-SGRQM.tmp C:\Users\Admin\AppData\Local\Temp\is-QUTC3.tmp\UltraViewer_setup_6.6_en.tmp N/A
File created C:\Program Files (x86)\UltraViewer\images\emotions\is-ARFQQ.tmp C:\Users\Admin\AppData\Local\Temp\is-QUTC3.tmp\UltraViewer_setup_6.6_en.tmp N/A
File created C:\Program Files (x86)\UltraViewer\images\emotions\is-QGFNM.tmp C:\Users\Admin\AppData\Local\Temp\is-QUTC3.tmp\UltraViewer_setup_6.6_en.tmp N/A
File created C:\Program Files (x86)\UltraViewer\Language\is-QS2B5.tmp C:\Users\Admin\AppData\Local\Temp\is-QUTC3.tmp\UltraViewer_setup_6.6_en.tmp N/A
File created C:\Program Files (x86)\UltraViewer\Language\is-7KGSU.tmp C:\Users\Admin\AppData\Local\Temp\is-QUTC3.tmp\UltraViewer_setup_6.6_en.tmp N/A
File created C:\Program Files (x86)\UltraViewer\images\is-7EOA8.tmp C:\Users\Admin\AppData\Local\Temp\is-QUTC3.tmp\UltraViewer_setup_6.6_en.tmp N/A
File created C:\Program Files (x86)\UltraViewer\images\is-6QC4L.tmp C:\Users\Admin\AppData\Local\Temp\is-QUTC3.tmp\UltraViewer_setup_6.6_en.tmp N/A
File created C:\Program Files (x86)\UltraViewer\images\emotions\is-R2E24.tmp C:\Users\Admin\AppData\Local\Temp\is-QUTC3.tmp\UltraViewer_setup_6.6_en.tmp N/A
File created C:\Program Files (x86)\UltraViewer\Language\is-6FMJA.tmp C:\Users\Admin\AppData\Local\Temp\is-QUTC3.tmp\UltraViewer_setup_6.6_en.tmp N/A
File opened for modification C:\Program Files (x86)\UltraViewer\UltraViewerService_log.txt C:\Program Files (x86)\UltraViewer\UltraViewer_Service.exe N/A
File created C:\Program Files (x86)\UltraViewer\is-DR2AA.tmp C:\Users\Admin\AppData\Local\Temp\is-QUTC3.tmp\UltraViewer_setup_6.6_en.tmp N/A
File created C:\Program Files (x86)\UltraViewer\images\emotions\is-SAJRC.tmp C:\Users\Admin\AppData\Local\Temp\is-QUTC3.tmp\UltraViewer_setup_6.6_en.tmp N/A
File created C:\Program Files (x86)\UltraViewer\Language\is-OU8MV.tmp C:\Users\Admin\AppData\Local\Temp\is-QUTC3.tmp\UltraViewer_setup_6.6_en.tmp N/A
File opened for modification C:\Program Files (x86)\UltraViewer\RemoteControl40.dll C:\Users\Admin\AppData\Local\Temp\is-QUTC3.tmp\UltraViewer_setup_6.6_en.tmp N/A
File created C:\Program Files (x86)\UltraViewer\is-UNDFR.tmp C:\Users\Admin\AppData\Local\Temp\is-QUTC3.tmp\UltraViewer_setup_6.6_en.tmp N/A
File created C:\Program Files (x86)\UltraViewer\images\is-791HD.tmp C:\Users\Admin\AppData\Local\Temp\is-QUTC3.tmp\UltraViewer_setup_6.6_en.tmp N/A
File created C:\Program Files (x86)\UltraViewer\images\emotions\is-RLK40.tmp C:\Users\Admin\AppData\Local\Temp\is-QUTC3.tmp\UltraViewer_setup_6.6_en.tmp N/A
File created C:\Program Files (x86)\UltraViewer\Language\is-I2L4M.tmp C:\Users\Admin\AppData\Local\Temp\is-QUTC3.tmp\UltraViewer_setup_6.6_en.tmp N/A

Launches sc.exe

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A

Enumerates physical storage devices

Discovers systems in the same network

discovery
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\net.exe N/A
N/A N/A C:\Windows\SysWOW64\net.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Gathers network information

Description Indicator Process Target
N/A N/A C:\Windows\system32\ipconfig.exe N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections C:\Program Files (x86)\UltraViewer\UltraViewer_Service.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ C:\Program Files (x86)\UltraViewer\UltraViewer_Service.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software C:\Program Files (x86)\UltraViewer\UltraViewer_Desktop.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\VB and VBA Program Settings\UltraViewer_Desktop C:\Program Files (x86)\UltraViewer\UltraViewer_Desktop.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\VB and VBA Program Settings\UltraViewer_Desktop\Settings\CurrentLanguageBrief = "en" C:\Program Files (x86)\UltraViewer\UltraViewer_Desktop.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1" C:\Program Files (x86)\UltraViewer\UltraViewer_Service.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\VB and VBA Program Settings\UltraViewer_Desktop\Options C:\Program Files (x86)\UltraViewer\UltraViewer_Desktop.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0" C:\Program Files (x86)\UltraViewer\UltraViewer_Service.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\VB and VBA Program Settings\UltraViewer_Desktop\Options\UsingOlderThan610Settings = "0" C:\Program Files (x86)\UltraViewer\UltraViewer_Desktop.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\VB and VBA Program Settings\UltraViewer_Desktop\Settings C:\Program Files (x86)\UltraViewer\UltraViewer_Desktop.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133630294022730477" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1" C:\Program Files (x86)\UltraViewer\UltraViewer_Service.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1" C:\Program Files (x86)\UltraViewer\UltraViewer_Service.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\VB and VBA Program Settings C:\Program Files (x86)\UltraViewer\UltraViewer_Desktop.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{90382CF6-F52A-31EA-8F51-CD53FF62CCA9}\TypeLib C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8F32897E-31F7-3D22-9821-B21205A85233}\InprocServer32\RuntimeVersion = "v4.0.30319" C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{EF7B1856-DAED-4296-96DB-94C798525565}\TypeLib\Version = "1.0" C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{EED0E2AF-0F07-4E45-B05B-4A085F0959ED}\TypeLib C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DE95010-7A4E-39EB-A27D-55D78C446976}\TypeLib\Version = "1.0" C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6750236C-BC64-3F71-AB21-D9F17828ECB4} C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BF83752C-2529-4326-AB56-ADD3A8308D7D}\Implemented Categories C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9BBB5724-30DB-449E-8D07-5AB723663BEF}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DA52DBBC-B050-328B-8EB0-81990853A4C3}\ProxyStubClsid32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0DDC2D16-3C82-49E8-A4CF-25963E126372} C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{490965B4-B610-395F-88AB-AF3A3CE0FB44}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0F4C3F1B-C055-30FB-8139-6DCA449AC245}\ = "_ERNDM8H9IEventHandler" C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{EED0E2AF-0F07-4E45-B05B-4A085F0959ED}\TypeLib\ = "{F58D911B-3BCE-4ED7-9CA3-2F32BE5A915C}" C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{762C2BAD-2474-31E5-835A-A7F0E6846927} C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{95F987F0-C6A4-3A91-A739-1BB87174857C}\TypeLib\Version = "1.5" C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6CB85C9B-3350-3576-8B71-207D99770DA6}\ = "_myPictureBox" C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B1B54F3D-DA87-3F78-A755-B6ACDFAB5410}\ = "_PowerModeChangedEventHandler" C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\RemoteControl.ExtendTreeView\CLSID\ = "{315D07B8-9F8F-3885-AB17-1C3D460CEE4E}" C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{03ECBE75-0432-45BF-9EFA-F7F439997557}\InprocServer32\ = "mscoree.dll" C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{452116E2-E64A-4EB5-988D-F11EC3B61D3F}\TypeLib C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{66D294A1-137A-36A8-B70D-1F457E0F7E9D}\TypeLib\ = "{F58D911B-3BCE-4ED7-9CA3-2F32BE5A915C}" C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FD6FAC76-6CB4-35B6-900D-2C9B4D1CF9AA}\ProgId\ = "RemoteControl.VistaTreeView" C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{024C9DB6-AFA3-32C6-8676-F5070527EC54}\1.0.0.0\Class = "RemoteControl.clsStoredFrame+VFunction+EnumPowerState" C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A8F41B6C-85DD-43F4-96C4-CF6737D94DD4}\ProxyStubClsid32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C73A943E-85B7-3DD6-A013-EBB02E575C2E}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{28D06E4D-6B44-40D3-8AB3-E11DBEDD4CCC} C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{321B83DF-C38D-3211-9708-26A3E8EBCB3C}\ = "_DblClickEventHandler__________19" C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D0F42C63-C702-303B-B3DA-E21DBD96E40A}\ProxyStubClsid32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{C68E0CBC-AE05-362D-9B31-138A663CA116}\1.0.0.0 C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{75A28301-6615-38C1-AA2E-EB4E89DD92D8}\ProxyStubClsid32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DE272A8A-DD78-3059-BE82-4A145DF84B62}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9C73DFB9-7ED4-3C48-AC1F-CA6EDD6A4E18}\ProxyStubClsid32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{99E71D7F-9CF7-36F0-B0A2-14F60AAD78B6}\ProgId C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\RemoteControl.clsByteArrayBuilder\ = "RemoteControl.clsByteArrayBuilder" C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B14C8EF1-40C8-45B4-9513-807F82448620}\ToolBoxBitmap32\ = "C:\\Program Files (x86)\\UltraViewer\\RemoteControl.dll, 101" C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1974493F-5A90-487C-B171-8805C0B6D42B}\InprocServer32\1.0.0.0\Assembly = "RemoteControl, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CF392D85-EB03-4034-9D59-D586E4F00F42}\InprocServer32\RuntimeVersion = "v4.0.30319" C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A51AA61E-A267-3D28-B62B-C12F6FF94016}\ProxyStubClsid32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3F0F4AA4-2B0F-390B-8D60-64642C4BE09A}\ProxyStubClsid32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AE832103-079C-38B7-A8B7-C56399D9D918}\TypeLib\Version = "1.0" C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5C61AF02-ACB0-3588-A612-C9864E9B61FA}\ = "_AfterUndoEventHandler" C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{39C18FD8-027E-3C23-B618-B43C0A70E45F}\InprocServer32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{359D2CB9-07D4-46FD-AEE3-F53541CDF63D}\ProxyStubClsid32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C9258F48-4D65-3D3C-B7EF-4D40BCEECDA5}\TypeLib\Version = "1.5" C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C7E0FC80-4F34-4AF6-8D1B-E6865BEC95F2} C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{CD21F0F4-5174-3D60-B84D-5BA86C8194A3}\ = "_CheckWakeStatusEventHandler_2" C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AEA38B91-2B2E-318F-AAA4-449FAD36D692}\ProxyStubClsid32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7F18BABE-95AC-318E-B081-5AAA1653699C}\ = "_ComboboxItem" C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{730898A5-F254-326D-9A20-5852C26B5ED4} C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FF51F143-5809-3B31-ADA7-6A2A0DB2C975}\ProxyStubClsid32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{62A7C086-6E75-4CE5-88B7-FFFFD229323D}\TypeLib\ = "{F58D911B-3BCE-4ED7-9CA3-2F32BE5A915C}" C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{CBF0A198-B5CF-3317-A8CC-9F04435867D6}\TypeLib\Version = "1.0" C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DE70695C-E833-31A0-9AC8-8BEDEC0B7325}\TypeLib\Version = "1.0" C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\HtmlAgilityPack.HtmlDocument C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9DC37026-E60A-3D43-86FF-F0AD766E85CB}\Implemented Categories\{62C8FE65-4EBB-45e7-B440-6E39B2CDBF29} C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\RemoteControl.VComboBox C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CF392D85-EB03-4034-9D59-D586E4F00F42}\InprocServer32\Assembly = "RemoteControl, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{55AD9A55-C879-4B8B-99AB-AD5CFC268F10}\ = "RemoteControl.VStringBuilder" C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6E5FC489-BF74-487D-ABA6-3E5185723DA7} C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A51AA61E-A267-3D28-B62B-C12F6FF94016}\TypeLib\Version = "1.0" C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DE70695C-E833-31A0-9AC8-8BEDEC0B7325}\ProxyStubClsid32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{95F987F0-C6A4-3A91-A739-1BB87174857C}\ProxyStubClsid32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{12653B18-0C6E-3A61-8A65-DA321031629C}\ProgId C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{046EE856-9C88-44B5-BF63-D804EFA487B7}\ = "_VWakeUp" C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe N/A

Runs net.exe

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\UltraViewer\UltraViewer_Desktop.exe N/A
N/A N/A C:\Program Files (x86)\UltraViewer\UltraViewer_Desktop.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-QU0VJ.tmp\UVUninstallHelper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-QUTC3.tmp\UltraViewer_setup_6.6_en.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-QUTC3.tmp\UltraViewer_setup_6.6_en.tmp N/A
N/A N/A C:\Windows\system32\mspaint.exe N/A
N/A N/A C:\Windows\system32\mspaint.exe N/A
N/A N/A C:\Program Files (x86)\UltraViewer\UltraViewer_Desktop.exe N/A
N/A N/A C:\Program Files (x86)\UltraViewer\UltraViewer_Desktop.exe N/A
N/A N/A C:\Program Files (x86)\UltraViewer\UltraViewer_Service.exe N/A
N/A N/A C:\Program Files (x86)\UltraViewer\UltraViewer_Service.exe N/A
N/A N/A C:\Program Files (x86)\UltraViewer\UltraViewer_Desktop.exe N/A
N/A N/A C:\Program Files (x86)\UltraViewer\UltraViewer_Desktop.exe N/A
N/A N/A C:\Program Files (x86)\UltraViewer\UltraViewer_Service.exe N/A
N/A N/A C:\Program Files (x86)\UltraViewer\UltraViewer_Service.exe N/A
N/A N/A C:\Program Files (x86)\UltraViewer\UltraViewer_Service.exe N/A
N/A N/A C:\Program Files (x86)\UltraViewer\UltraViewer_Service.exe N/A
N/A N/A C:\Program Files (x86)\UltraViewer\UltraViewer_Service.exe N/A
N/A N/A C:\Program Files (x86)\UltraViewer\UltraViewer_Service.exe N/A
N/A N/A C:\Program Files (x86)\UltraViewer\UltraViewer_Service.exe N/A
N/A N/A C:\Program Files (x86)\UltraViewer\UltraViewer_Service.exe N/A
N/A N/A C:\Program Files (x86)\UltraViewer\UltraViewer_Service.exe N/A
N/A N/A C:\Program Files (x86)\UltraViewer\UltraViewer_Service.exe N/A
N/A N/A C:\Program Files (x86)\UltraViewer\UltraViewer_Desktop.exe N/A
N/A N/A C:\Program Files (x86)\UltraViewer\UltraViewer_Desktop.exe N/A
N/A N/A C:\Program Files (x86)\UltraViewer\UltraViewer_Desktop.exe N/A
N/A N/A C:\Program Files (x86)\UltraViewer\UltraViewer_Desktop.exe N/A
N/A N/A C:\Program Files (x86)\UltraViewer\UltraViewer_Desktop.exe N/A
N/A N/A C:\Program Files (x86)\UltraViewer\UltraViewer_Desktop.exe N/A
N/A N/A C:\Program Files (x86)\UltraViewer\UltraViewer_Desktop.exe N/A
N/A N/A C:\Program Files (x86)\UltraViewer\UltraViewer_Desktop.exe N/A
N/A N/A C:\Program Files (x86)\UltraViewer\UltraViewer_Desktop.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\is-QU0VJ.tmp\UVUninstallHelper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-QUTC3.tmp\UltraViewer_setup_6.6_en.tmp N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 5048 wrote to memory of 3796 N/A C:\Users\Admin\AppData\Local\Temp\UltraViewer_setup_6.6_en.exe C:\Users\Admin\AppData\Local\Temp\is-QUTC3.tmp\UltraViewer_setup_6.6_en.tmp
PID 5048 wrote to memory of 3796 N/A C:\Users\Admin\AppData\Local\Temp\UltraViewer_setup_6.6_en.exe C:\Users\Admin\AppData\Local\Temp\is-QUTC3.tmp\UltraViewer_setup_6.6_en.tmp
PID 5048 wrote to memory of 3796 N/A C:\Users\Admin\AppData\Local\Temp\UltraViewer_setup_6.6_en.exe C:\Users\Admin\AppData\Local\Temp\is-QUTC3.tmp\UltraViewer_setup_6.6_en.tmp
PID 1820 wrote to memory of 1568 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1820 wrote to memory of 1568 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1820 wrote to memory of 4796 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1820 wrote to memory of 4796 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1820 wrote to memory of 4796 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1820 wrote to memory of 4796 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1820 wrote to memory of 4796 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1820 wrote to memory of 4796 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1820 wrote to memory of 4796 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1820 wrote to memory of 4796 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1820 wrote to memory of 4796 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1820 wrote to memory of 4796 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1820 wrote to memory of 4796 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1820 wrote to memory of 4796 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1820 wrote to memory of 4796 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1820 wrote to memory of 4796 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1820 wrote to memory of 4796 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1820 wrote to memory of 4796 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1820 wrote to memory of 4796 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1820 wrote to memory of 4796 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1820 wrote to memory of 4796 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1820 wrote to memory of 4796 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1820 wrote to memory of 4796 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1820 wrote to memory of 4796 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1820 wrote to memory of 4796 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1820 wrote to memory of 4796 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1820 wrote to memory of 4796 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1820 wrote to memory of 4796 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1820 wrote to memory of 4796 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1820 wrote to memory of 4796 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1820 wrote to memory of 4796 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1820 wrote to memory of 4796 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1820 wrote to memory of 4796 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1820 wrote to memory of 2208 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1820 wrote to memory of 2208 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1820 wrote to memory of 1896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1820 wrote to memory of 1896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1820 wrote to memory of 1896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1820 wrote to memory of 1896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1820 wrote to memory of 1896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1820 wrote to memory of 1896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1820 wrote to memory of 1896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1820 wrote to memory of 1896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1820 wrote to memory of 1896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1820 wrote to memory of 1896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1820 wrote to memory of 1896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1820 wrote to memory of 1896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1820 wrote to memory of 1896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1820 wrote to memory of 1896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1820 wrote to memory of 1896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1820 wrote to memory of 1896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1820 wrote to memory of 1896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1820 wrote to memory of 1896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1820 wrote to memory of 1896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1820 wrote to memory of 1896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1820 wrote to memory of 1896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1820 wrote to memory of 1896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1820 wrote to memory of 1896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1820 wrote to memory of 1896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1820 wrote to memory of 1896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1820 wrote to memory of 1896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Users\Admin\AppData\Local\Temp\UltraViewer_setup_6.6_en.exe

"C:\Users\Admin\AppData\Local\Temp\UltraViewer_setup_6.6_en.exe"

C:\Users\Admin\AppData\Local\Temp\is-QUTC3.tmp\UltraViewer_setup_6.6_en.tmp

"C:\Users\Admin\AppData\Local\Temp\is-QUTC3.tmp\UltraViewer_setup_6.6_en.tmp" /SL5="$40210,2903087,121344,C:\Users\Admin\AppData\Local\Temp\UltraViewer_setup_6.6_en.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff99247ab58,0x7ff99247ab68,0x7ff99247ab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1700 --field-trial-handle=1836,i,4653598945891401440,7605232190898478497,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 --field-trial-handle=1836,i,4653598945891401440,7605232190898478497,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2224 --field-trial-handle=1836,i,4653598945891401440,7605232190898478497,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3032 --field-trial-handle=1836,i,4653598945891401440,7605232190898478497,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3040 --field-trial-handle=1836,i,4653598945891401440,7605232190898478497,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3580 --field-trial-handle=1836,i,4653598945891401440,7605232190898478497,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4620 --field-trial-handle=1836,i,4653598945891401440,7605232190898478497,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4764 --field-trial-handle=1836,i,4653598945891401440,7605232190898478497,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4636 --field-trial-handle=1836,i,4653598945891401440,7605232190898478497,131072 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\is-QU0VJ.tmp\UVUninstallHelper.exe

"C:\Users\Admin\AppData\Local\Temp\is-QU0VJ.tmp\UVUninstallHelper.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4944 --field-trial-handle=1836,i,4653598945891401440,7605232190898478497,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3108 --field-trial-handle=1836,i,4653598945891401440,7605232190898478497,131072 /prefetch:1

C:\Windows\SysWOW64\net.exe

"net" stop UltraViewService

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 stop UltraViewService

C:\Windows\SysWOW64\net.exe

"net" stop UltraViewService

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 stop UltraViewService

C:\Windows\SysWOW64\sc.exe

"sc" delete UltraViewService

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Desktop.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Service.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Desktop.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Service.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Desktop.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Service.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Desktop.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Service.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Desktop.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Service.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Desktop.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Service.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Desktop.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Service.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Desktop.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Service.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Desktop.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Service.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Desktop.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Service.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Desktop.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Service.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Desktop.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Service.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Desktop.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Service.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Desktop.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Service.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Desktop.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Service.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Desktop.exe"

C:\Windows\system32\cmd.exe

"C:\Windows\system32\cmd.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Service.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Desktop.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Service.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Desktop.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Service.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Desktop.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Service.exe"

C:\Windows\system32\ipconfig.exe

ipconfig

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Desktop.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Service.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Desktop.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Service.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Desktop.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Service.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Desktop.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Service.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Desktop.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Service.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Desktop.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Service.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Desktop.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Service.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Desktop.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Service.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Desktop.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Service.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Desktop.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Service.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Desktop.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Service.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Desktop.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Service.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Desktop.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Service.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Desktop.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Service.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Desktop.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Service.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Desktop.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Service.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Desktop.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Service.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Desktop.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Service.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Desktop.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Service.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Desktop.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Service.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Desktop.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Service.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Desktop.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Service.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Desktop.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Service.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Desktop.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Service.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Desktop.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Service.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Desktop.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Service.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Desktop.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Service.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Desktop.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Service.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Desktop.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Service.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Desktop.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Service.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Desktop.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Service.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Desktop.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Service.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Desktop.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Service.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Desktop.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Service.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Desktop.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Service.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Desktop.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Service.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Desktop.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Service.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Desktop.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Service.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Desktop.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Service.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Desktop.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Service.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Desktop.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Service.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Desktop.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Service.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Desktop.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Service.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Desktop.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Service.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Desktop.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Service.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Desktop.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Service.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Desktop.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Service.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Desktop.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Service.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Desktop.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Service.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Desktop.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Service.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Desktop.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Service.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Desktop.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Service.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Desktop.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Service.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Desktop.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Service.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Desktop.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Service.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Desktop.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Service.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Desktop.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Service.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Desktop.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Service.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Desktop.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Service.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Desktop.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Service.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Desktop.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Service.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Desktop.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Service.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Desktop.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Service.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Desktop.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Service.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Desktop.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Service.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Desktop.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Service.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Desktop.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Service.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Desktop.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Service.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Desktop.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Service.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Desktop.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Service.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Desktop.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Service.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Desktop.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Service.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Desktop.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Service.exe"

C:\Windows\system32\mspaint.exe

"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Desktop\RepairResume.jpeg" /ForceBootstrapPaint3D

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Desktop.exe"

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s DsSvc

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Service.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Desktop.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Service.exe"

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Desktop.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Service.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Desktop.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Service.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Desktop.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Service.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Desktop.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "UltraViewer_Service.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe" "C:\Program Files (x86)\UltraViewer\RemoteControl.dll" /tlb

C:\Program Files (x86)\UltraViewer\UltraViewer_Desktop.exe

"C:\Program Files (x86)\UltraViewer\UltraViewer_Desktop.exe" validate

C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe" "C:\Program Files (x86)\UltraViewer\HtmlAgilityPack.dll" /tlb

C:\Program Files (x86)\UltraViewer\UltraViewer_Desktop.exe

"C:\Program Files (x86)\UltraViewer\UltraViewer_Desktop.exe" install

C:\Windows\SysWOW64\sc.exe

sc failure "UltraViewService" reset= 0 actions= restart/60000

C:\Program Files (x86)\UltraViewer\UltraViewer_Service.exe

"C:\Program Files (x86)\UltraViewer\UltraViewer_Service.exe"

C:\Program Files (x86)\UltraViewer\UltraViewer_Desktop.exe

"C:\Program Files (x86)\UltraViewer\UltraViewer_Desktop.exe" regasm40

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" "C:\Program Files (x86)\UltraViewer\RemoteControl40.dll" /tlb /codebase

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" "C:\Program Files (x86)\UltraViewer\RemoteControl40.dll" /tlb /codebase

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" "C:\Program Files (x86)\UltraViewer\RemoteControl40.dll" /tlb /codebase

C:\Program Files (x86)\UltraViewer\UltraViewer_Desktop.exe

"C:\Program Files (x86)\UltraViewer\UltraViewer_Desktop.exe"

C:\Program Files (x86)\UltraViewer\UltraViewer_Desktop.exe

UltraViewer_Desktop.exe -pid:4368 -debughwnd:-1

C:\Program Files (x86)\UltraViewer\uv_x64.exe

uv_x64.exe hook 4368 131760

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 clients2.google.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 chrome.google.com udp
US 8.8.8.8:53 dl2.ultraviewer.net udp
US 8.8.8.8:53 clients2.google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.4.4:53 google.com udp
US 8.8.8.8:53 chrome.google.com udp
US 8.8.8.8:53 4.4.8.8.in-addr.arpa udp
US 8.8.8.8:53 update.ultraviewer.net udp

Files

memory/5048-2-0x0000000000401000-0x0000000000412000-memory.dmp

memory/5048-0-0x0000000000400000-0x0000000000428000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-QUTC3.tmp\UltraViewer_setup_6.6_en.tmp

MD5 e845838d99d29c4bba4ad35ee996dea3
SHA1 34a9f433ce1e3339e07d75f0a74efd676b1d7cca
SHA256 b727418174ad4f929ad9206e4df51865def55c0d2874bda487cbae6f2946938d
SHA512 fba499d125eec733535d6b5d93fa43e628e526e7bc3b1aab7e848a80ac373cb09db9cb6777567c51877267001d3dc308b2edae1ac51e109c2936bd3c20928f1d

memory/3796-6-0x0000000000400000-0x000000000052D000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-QU0VJ.tmp\idp.dll

MD5 55c310c0319260d798757557ab3bf636
SHA1 0892eb7ed31d8bb20a56c6835990749011a2d8de
SHA256 54e7e0ad32a22b775131a6288f083ed3286a9a436941377fc20f85dd9ad983ed
SHA512 e0082109737097658677d7963cbf28d412dca3fa8f5812c2567e53849336ce45ebae2c0430df74bfe16c0f3eebb46961bc1a10f32ca7947692a900162128ae57

memory/3796-16-0x0000000003380000-0x00000000033A2000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-QU0VJ.tmp\isxdl.dll

MD5 48ad1a1c893ce7bf456277a0a085ed01
SHA1 803997ef17eedf50969115c529a2bf8de585dc91
SHA256 b0cc4697b2fd1b4163fddca2050fc62a9e7d221864f1bd11e739144c90b685b3
SHA512 7c9e7fe9f00c62cccb5921cb55ba0dd96a0077ad52962473c1e79cda1fd9aa101129637043955703121443e1f8b6b2860cd4dfdb71052b20a322e05deed101a4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 1291b349c723366b6609eb666be511d6
SHA1 ade1984c9a6f30db495ca37dc8d797575f92069e
SHA256 de254acc80af597f7d93bcb3d36900f76d920b4e027d4f6ab08f34829d25fb24
SHA512 666d4c4d1f2ed7f7bcf81ddb070361b99d9e880cb0d527858d70f0783da4fc854a0522f5736ae5dbeb79448333d324ce3625bed90d0ae9bb100cfda4dfcdbd7d

\??\pipe\crashpad_1820_IZKTEHVUTTUWLZLI

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

memory/5048-51-0x0000000000400000-0x0000000000428000-memory.dmp

memory/3796-52-0x0000000000400000-0x000000000052D000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 818b16ef39c633736652925861aeb428
SHA1 5468c1fd3f0aa3baa198310d08b5f29e9bd6c7e8
SHA256 05058ac95a35854973a65ddf68a6601f7ecf74bb2055a0662b3b3dd50b402f44
SHA512 ace1ec0959b9bb3c82379cef5e51c873c4e716d7ea141fcbe8240b58dfdffc12f884bf86f7c3acca85caa4aeb43c231dcf6d45867e601f08261b33021eeb8469

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f2bbc7a43ec267f83a8a59a25961851e
SHA1 5fb2bd658e2a657c142aca060ffbe88de938580c
SHA256 8c0aa34ddd177d3ed29b49df18d9f011ddcbeae5ec5b30c30287175a88183f23
SHA512 0a4804530d1b6cd99ad1c0684fd1465c490962765571f49c932b211c48689bdb92732e7c104daffd5545c2c3af5a6c2f4514efa523256221a72106b0da14588c

C:\Users\Admin\AppData\Local\Temp\is-QU0VJ.tmp\UVUninstallHelper.exe

MD5 ececb301656f5f8c6a46a8abf8d928fe
SHA1 9bdf8a054c71d34837262ab306db92d3ee70db3b
SHA256 801bbe7a174ca09bb029aedf54c3073d96c033fa01dcd68f4240983d2ad7cb6b
SHA512 314178d1b1ab4391d327b9f687fe5cd066a5dc9ecb75528a7572ade31f4630af618717eaf5dd75a436182d77a999fc67fafea3a60ad2a8f03111542ba1c813f6

C:\Users\Admin\AppData\Local\Temp\is-QU0VJ.tmp\UVUninstallHelper.exe.config

MD5 679aca3e8125584e8704b2dfdfa20a0b
SHA1 bab48dc1c46f6d8b2c38cf47d9435ae9f8bf295e
SHA256 470ce4147bff777ebefc7ccc9e2d1bc5df203b727134fc90b0134bf3cdc7add4
SHA512 8441e36e9091dae33350083b1824bc154f969c4fa86c5984c45e0bd59536933e48773ff4bfb4297e543cb270149025dca82c6bdfad2ca1639f4df58f8abcae6e

memory/2296-75-0x0000000073C02000-0x0000000073C03000-memory.dmp

memory/2296-76-0x0000000073C00000-0x00000000741B1000-memory.dmp

memory/2296-77-0x0000000073C00000-0x00000000741B1000-memory.dmp

memory/2296-81-0x0000000073C00000-0x00000000741B1000-memory.dmp

memory/3796-83-0x0000000000400000-0x000000000052D000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 b04fe0abc6f39da9ce35d3cd9800d1df
SHA1 0dd1cb61a2d138178afc858c0811cf3575b23de6
SHA256 ff26111dde334756242117e5e1fa68ddbff32f1fc27153d1814303df694faf1e
SHA512 02ff92faa63aa446631fd97537d2d523203426ebccbd2fdafbd88bf50c70354df01489b5085cb13be187901d4e571be524db7badcd327e4e47432bced18dc39b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 2fff0e3fa81f188548ecda561dfd1f94
SHA1 86f727e17ad57985b66660cd9e17bde1c0bb5689
SHA256 03f45f2caf4297595431ea59528da1a8aa69f830003d25f58811c03143c871f1
SHA512 1aa6cf26344239ff209c2bbceebf8419365a8e7be72ca233cbfbaf2e5a66b5b002272a65d9c90a1c6e1262d5420b5cdd48072731edb0fc3ac383e3375dfa9829

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

memory/3796-181-0x0000000000400000-0x000000000052D000-memory.dmp

memory/3796-231-0x0000000000400000-0x000000000052D000-memory.dmp

memory/3796-281-0x0000000000400000-0x000000000052D000-memory.dmp

memory/3796-333-0x0000000000400000-0x000000000052D000-memory.dmp

memory/3972-362-0x0000023518380000-0x0000023518390000-memory.dmp

memory/3972-366-0x00000235183C0000-0x00000235183D0000-memory.dmp

memory/3972-373-0x0000023521010000-0x0000023521011000-memory.dmp

memory/3972-375-0x0000023521090000-0x0000023521091000-memory.dmp

memory/3972-377-0x0000023521090000-0x0000023521091000-memory.dmp

memory/3972-378-0x0000023521120000-0x0000023521121000-memory.dmp

memory/3972-379-0x0000023521120000-0x0000023521121000-memory.dmp

memory/3972-380-0x0000023521130000-0x0000023521131000-memory.dmp

memory/3972-383-0x0000023521130000-0x0000023521131000-memory.dmp

C:\Program Files (x86)\UltraViewer\msvbvm60.dll

MD5 5343a19c618bc515ceb1695586c6c137
SHA1 4dedae8cbde066f31c8e6b52c0baa3f8b1117742
SHA256 2246b4feae199408ea66d4a90c1589026f4a5800ce5a28e583b94506a8a73dce
SHA512 708d8a252a167fa94e3e1a49e2630d07613ff75a9a3e779a0c1fcbec44aa853a68c401f31a2b84152f46a05f7d93f4e5e502afc7a60236a22ac58dea73fa5606

C:\Program Files (x86)\UltraViewer\is-PSSQ7.tmp

MD5 54f25d41d8a7896b10aad1de0fdc5551
SHA1 618803beffa5e001009884f9797f2f12a091608f
SHA256 786230e60306a1cbc9f0ad3c5b41add3b151b3cfa5d24ae8027910a4f65187eb
SHA512 271dc150f91d8a0fb12e39e6c70b988573b269df02900d77b1e880bdf62fb393ffb44af0085e6571249f88a591d6a1a6e481fc9243262c9d8c6a1d5907982831

C:\Program Files (x86)\UltraViewer\RemoteControl.dll

MD5 4e6629225fb913a103de0bc3f42e51b4
SHA1 63239d6b2fee80aeb2595656f11d2669475ea53f
SHA256 2dabe96727b0bdd1c83d08d06df0f77971f729af88af18e039814c6a7538b705
SHA512 41c73c49d5d76e0e2150a9d4393608fd4df99f77f3baf389c6f8d4cc23451de39f05bc058d821936cc1512eec68d574ac843a31e4609c8417b5f2e81bbb403c6

memory/1064-405-0x0000000000380000-0x0000000000392000-memory.dmp

memory/1064-409-0x0000000004FB0000-0x00000000050D6000-memory.dmp

memory/1064-412-0x0000000005690000-0x0000000005C34000-memory.dmp

memory/1064-413-0x00000000050E0000-0x0000000005172000-memory.dmp

memory/1064-414-0x0000000005220000-0x00000000052BC000-memory.dmp

memory/1064-415-0x0000000005180000-0x0000000005206000-memory.dmp

C:\Program Files (x86)\UltraViewer\NAudio.dll

MD5 5da17fa97fce539c78e3018ee1c29cd0
SHA1 cff12edd4361fa5c310250ebaacbfc54274f00c8
SHA256 92254cb54bbdd875f6950c2afbfe17c001bbf7dccd43d43eafdb7d9bfec35afe
SHA512 1f402ebe99cf95c55e9b524b91c9002a68f04f7f7d7a29e189c2226ad88e76bf18047b201c75de805b4dcde9830d765d705946b045937aa40d3e2e5465e5dcc5

memory/1064-419-0x00000000060C0000-0x0000000006142000-memory.dmp

memory/3220-428-0x0000000000400000-0x000000000084C000-memory.dmp

C:\Program Files (x86)\UltraViewer\RemoteControl.tlb

MD5 eeae895cae230a0df9e6e56aa40fd8a2
SHA1 eca9c588e2b22a950073023d434901ebb3648825
SHA256 0912b7e1e2585f79f9f4a74d0145106a853ec38f9b4ccbafcdee335c8653445a
SHA512 09d0810f0986a8cc9d4a7aaa2d9ea3a92dde278480a5bb38720fc13e22148622ce56043b86b1069c986d111c0763179652795d3e651ec1e66f0d12429a63b61c

C:\Program Files (x86)\UltraViewer\UltraViewer_Desktop.exe.config

MD5 42b8d26600dcb85572ee43616f929d6a
SHA1 31a4c46641129ef59eb925621c1aa4f8401d776c
SHA256 99f95d44f1e42cf485132e722679f9d0c6f6cd5f560ce76dfd98abf8558377bc
SHA512 d485b45f06de66ff31b8db6706868ac3d3f89b3980bffaa05b539f0ad2b2373e72fd1aab4cfb8cf0dca7d52b43df195336f53cc9cfe99a9d87143c02a5470eae

C:\Program Files (x86)\UltraViewer\Language\LanguageList.ini

MD5 ac089148d930e0380d34164d2b16eb2b
SHA1 961a0615d0e3491cdbb4d226092bfef4b5be4ce0
SHA256 30b1a2e3b1f3d5c25b617438d9c24c492f292c6059a8de02ff5e0666e4d9a3f6
SHA512 977c5bf445ae5a3c696c5af6ba97fd3963291f88cd946f2ce8d35f70ff16764fa3c5e1eafa6b14e5beac75da1d77bea6f99bd2164e36c037dfd44ee0244908e8

C:\Program Files (x86)\UltraViewer\Language\English.txt

MD5 f1aec4996c20919cf409233381a7f2cc
SHA1 a42ca00c2fdf629b59bf28cbdb4a4f8dd8a379c2
SHA256 33ef5c04e6abe19e5f56f28c8f71b323606c803625ae238340231f6e36a2ef82
SHA512 cdd564cb07a528839133ca64aacadbfab212d150974ece5b9d11cc928f0a75070032434782824d486b894bcfd362d27ea7f9c6c1ed96e1152aa3a0ffa7266c3f

C:\Program Files (x86)\UltraViewer\Language.ini

MD5 9cfefed8fb9497baa5cd519d7d2bb5d7
SHA1 094b0fe0e302854af1311afab85b5203ba457a3b
SHA256 dbd3a49d0d906b4ed9216b73330d2fb080ef2f758c12f3885068222e5e17151c
SHA512 41dd75307a2e7c49caf53fff15aada688275ef4d7950bedf028612b73f343ed45cf51fe1d4d27f58ed12e93e0fd0ae7f69428db169211554d1b380c91aa5cd01

memory/3220-438-0x0000000006F90000-0x00000000074BC000-memory.dmp

C:\Program Files (x86)\UltraViewer\uvh.dll

MD5 8b3f15a335710c799eae2395fa6b322d
SHA1 81b9f58fe2c61e26e758690f59fa4de4bc8b462b
SHA256 09ab11cb97673838faf91b8d06ed9ff7ad460d7791715ee983b83004984a452c
SHA512 c0dd2302d5d00d8c1f7b21972a12d0ce8bfda07603e8cb3006e6df696458d15e3b8e7eeefa712195e3337ddda6de0f683d66963dde5484172517c6338e48dda9

memory/3220-441-0x0000000007C90000-0x0000000007C9A000-memory.dmp

memory/3796-445-0x0000000000400000-0x000000000052D000-memory.dmp

memory/3220-447-0x0000000000400000-0x000000000084C000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\regasm.exe.log

MD5 76ffb2f33cb32ade8fc862a67599e9d8
SHA1 920cc4ab75b36d2f9f6e979b74db568973c49130
SHA256 f1a3724670e3379318ec9c73f6f39058cab0ab013ba3cd90c047c3d701362310
SHA512 f33502c2e1bb30c05359bfc6819ca934642a1e01874e3060349127d792694d56ad22fccd6c9477b8ee50d66db35785779324273f509576b48b7f85577e001b4e

C:\Program Files (x86)\UltraViewer\HtmlAgilityPack.dll

MD5 00dc215cee6be49802295ad6802da661
SHA1 8a04d6be54ea950986469e951f64641f54e0b080
SHA256 78750e7bd53ed088d8365fc2e69b74883a813b0ea0d461873ad61fd8059dbd31
SHA512 b82a020fd0d5ffe480389f3472fba4a5695bd045493eabfd5de3cc628ed19ba731eca8266e7a8594235ef93453b196b9a914b2376c0d9709d3e63718894c0785

memory/2132-452-0x0000000004C10000-0x0000000004C36000-memory.dmp

memory/1508-461-0x0000000000400000-0x000000000084C000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\UltraViewer_Desktop.exe.log

MD5 81cc3ddcb2974a02db7a3cd4955a2a9a
SHA1 b9c9d796a84cf9e6d14582c9bbe5713dc129a5d0
SHA256 b660cfa1d78e3d585e184c23a2cdd37749a2e1a8f37797fc96d9bc119036e023
SHA512 1b61546278e7457f1afe5850d6c62f34212d9030b4e86469f9ac51bb37761f883812c917b0575e08aa8855733cc79256b8ae8c9c0664b0d29a9cb0938cdfa3a6

memory/1508-467-0x00000000033B0000-0x00000000033D2000-memory.dmp

C:\Program Files (x86)\UltraViewer\UltraViewer_Service.exe

MD5 dc87d34efd1406e84d8f4559749f062f
SHA1 2999d519d6b305d3db6ee8601e1879b8d9d9681a
SHA256 10ff43f2d4a991c83caefce1c4442fa95258d0d93f168dde339f52322aa371e9
SHA512 9420a088bbcd8746ed734c4986f0153b8db606caabc190b3a2005e3087ae0135a832c310ccd5712e1fd77b9661f2efa6b509c72008e0d9a422480c871cb7f2be

memory/1508-477-0x0000000000400000-0x000000000084C000-memory.dmp

C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\RegAsm.exe.log

MD5 84cfdb4b995b1dbf543b26b86c863adc
SHA1 d2f47764908bf30036cf8248b9ff5541e2711fa2
SHA256 d8988d672d6915b46946b28c06ad8066c50041f6152a91d37ffa5cf129cc146b
SHA512 485f0ed45e13f00a93762cbf15b4b8f996553baa021152fae5aba051e3736bcd3ca8f4328f0e6d9e3e1f910c96c4a9ae055331123ee08e3c2ce3a99ac2e177ce

memory/756-491-0x0000000000400000-0x000000000084C000-memory.dmp

memory/3796-493-0x0000000000400000-0x000000000052D000-memory.dmp

memory/5048-505-0x0000000000400000-0x0000000000428000-memory.dmp

memory/3796-504-0x0000000000400000-0x000000000052D000-memory.dmp

memory/116-512-0x0000000000400000-0x000000000084C000-memory.dmp

memory/4368-523-0x000000000D680000-0x000000000DE26000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-16 16:36

Reported

2024-06-16 16:36

Platform

android-33-x64-arm64-20240611.1-en

Max time network

6s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 172.217.169.36:443 udp
GB 172.217.169.36:443 tcp
BE 173.194.76.188:5228 tcp
GB 172.217.16.228:443 tcp
GB 216.58.201.106:443 tcp
N/A 224.0.0.251:5353 udp

Files

N/A