Windows Analysis Report
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/pinrulesstl.cab?17ef43f9ed42b031

Overview

General Information

Sample URL: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/pinrulesstl.cab?17ef43f9ed42b031
Analysis ID: 1416889
Infos:

Detection

Score: 1
Range: 0 - 100
Whitelisted: false
Confidence: 80%

Signatures

Queries the volume information (name, serial number etc) of a device
Stores files to the Windows start menu directory
Tries to load missing DLLs

Classification

Source: unknown HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:49710 version: TLS 1.2
Source: unknown HTTPS traffic detected: 23.210.240.112:443 -> 192.168.2.16:49711 version: TLS 1.2
Source: unknown HTTPS traffic detected: 23.221.242.90:443 -> 192.168.2.16:49712 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:49715 version: TLS 1.2
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: global traffic HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=3b3Yn9LcYKYOhOn&MD=wvAgFWda HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=3b3Yn9LcYKYOhOn&MD=wvAgFWda HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlqHLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=LtGInZ4I4WDrCvCHQBVMHOy4a-sqzpSrMO-Rwr8ezStTz_kfoi2bri7uGdXfNvskAEO_Tj5Jkwl0XSN-qA6MYiGShcDB_vNQOl1bpl3aua7gMrDRvWsHLpAuFBlBnNxTMeen95XElzx3r4myG8p8sgSHdx4NBawYGaI5oFn_dZ8
Source: global traffic HTTP traffic detected: GET /async/ddljson?async=ntp:2 HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=LtGInZ4I4WDrCvCHQBVMHOy4a-sqzpSrMO-Rwr8ezStTz_kfoi2bri7uGdXfNvskAEO_Tj5Jkwl0XSN-qA6MYiGShcDB_vNQOl1bpl3aua7gMrDRvWsHLpAuFBlBnNxTMeen95XElzx3r4myG8p8sgSHdx4NBawYGaI5oFn_dZ8
Source: global traffic HTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlqHLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=LtGInZ4I4WDrCvCHQBVMHOy4a-sqzpSrMO-Rwr8ezStTz_kfoi2bri7uGdXfNvskAEO_Tj5Jkwl0XSN-qA6MYiGShcDB_vNQOl1bpl3aua7gMrDRvWsHLpAuFBlBnNxTMeen95XElzx3r4myG8p8sgSHdx4NBawYGaI5oFn_dZ8
Source: global traffic HTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=LtGInZ4I4WDrCvCHQBVMHOy4a-sqzpSrMO-Rwr8ezStTz_kfoi2bri7uGdXfNvskAEO_Tj5Jkwl0XSN-qA6MYiGShcDB_vNQOl1bpl3aua7gMrDRvWsHLpAuFBlBnNxTMeen95XElzx3r4myG8p8sgSHdx4NBawYGaI5oFn_dZ8
Source: global traffic HTTP traffic detected: GET /sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgRmpTArGJW5lLAGIjBi9PQhwvCu8xsidkRQK4-Wu-ijFbl2Tn-IJ6uGgADoaLseDc5qoXZTbhrRHGWYJIQyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=LtGInZ4I4WDrCvCHQBVMHOy4a-sqzpSrMO-Rwr8ezStTz_kfoi2bri7uGdXfNvskAEO_Tj5Jkwl0XSN-qA6MYiGShcDB_vNQOl1bpl3aua7gMrDRvWsHLpAuFBlBnNxTMeen95XElzx3r4myG8p8sgSHdx4NBawYGaI5oFn_dZ8; 1P_JAR=2024-03-28-07
Source: global traffic HTTP traffic detected: GET /sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgRmpTArGJW5lLAGIjDEtMeSbdsKTFupmRE7XFYXeyEzxbWbjBGXBv4CRFSB_bWJLa0LrH3ZszpniEBwYgQyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlqHLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=LtGInZ4I4WDrCvCHQBVMHOy4a-sqzpSrMO-Rwr8ezStTz_kfoi2bri7uGdXfNvskAEO_Tj5Jkwl0XSN-qA6MYiGShcDB_vNQOl1bpl3aua7gMrDRvWsHLpAuFBlBnNxTMeen95XElzx3r4myG8p8sgSHdx4NBawYGaI5oFn_dZ8; 1P_JAR=2024-03-28-07
Source: global traffic HTTP traffic detected: GET /sorry/index?continue=https://www.google.com/async/ddljson%3Fasync%3Dntp:2&q=EgRmpTArGJW5lLAGIjBHd_AKJiXvmNxa7QOBoMc3TtwL5hSlYsTpvxIHp6hu5gHUnSeQnMynd2baB1bPi2UyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=LtGInZ4I4WDrCvCHQBVMHOy4a-sqzpSrMO-Rwr8ezStTz_kfoi2bri7uGdXfNvskAEO_Tj5Jkwl0XSN-qA6MYiGShcDB_vNQOl1bpl3aua7gMrDRvWsHLpAuFBlBnNxTMeen95XElzx3r4myG8p8sgSHdx4NBawYGaI5oFn_dZ8; 1P_JAR=2024-03-28-07
Source: global traffic HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlqHLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=LtGInZ4I4WDrCvCHQBVMHOy4a-sqzpSrMO-Rwr8ezStTz_kfoi2bri7uGdXfNvskAEO_Tj5Jkwl0XSN-qA6MYiGShcDB_vNQOl1bpl3aua7gMrDRvWsHLpAuFBlBnNxTMeen95XElzx3r4myG8p8sgSHdx4NBawYGaI5oFn_dZ8; 1P_JAR=2024-03-28-07
Source: global traffic HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=7&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlqHLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=LtGInZ4I4WDrCvCHQBVMHOy4a-sqzpSrMO-Rwr8ezStTz_kfoi2bri7uGdXfNvskAEO_Tj5Jkwl0XSN-qA6MYiGShcDB_vNQOl1bpl3aua7gMrDRvWsHLpAuFBlBnNxTMeen95XElzx3r4myG8p8sgSHdx4NBawYGaI5oFn_dZ8; 1P_JAR=2024-03-28-07
Source: unknown DNS traffic detected: queries for: www.google.com
Source: PaintStudio.View.exe, 00000014.00000002.1955493986.000002148AB46000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://json-schema.org/draft-04/schema
Source: PaintStudio.View.exe, 0000000F.00000002.1661069213.0000021881114000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ns.a.0
Source: PaintStudio.View.exe, 00000014.00000002.2008287654.000002148D711000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ns.a.0(D
Source: PaintStudio.View.exe, 0000000F.00000002.1661069213.0000021881114000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 00000014.00000002.2008287654.000002148D711000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ns.adobe.ho
Source: PaintStudio.View.exe, 00000014.00000002.2063637961.0000021493525000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 00000014.00000002.1981844287.000002148C800000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 00000014.00000002.2009517742.000002148D79D000.00000004.00000020.00020000.00000000.sdmp, settings.dat.15.dr, settings.dat.LOG1.15.dr String found in binary or memory: https://aka.ms/paint3dhelp
Source: PaintStudio.View.exe, 00000014.00000002.2038618715.000002148E38C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://aka.ms/paint3dhelpHD
Source: PaintStudio.View.exe, 00000014.00000002.2009517742.000002148D79D000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 00000014.00000002.2045631763.000002148E600000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://api.remix3d.com/
Source: PaintStudio.View.exe, 00000014.00000002.2009517742.000002148D79D000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://api.remix3d.com/v3/creations
Source: PaintStudio.View.exe, 00000014.00000002.2009517742.000002148D79D000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://api.remix3d.com/v3/creations/
Source: PaintStudio.View.exe, 0000000F.00000002.1681026219.0000021881F7E000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 00000014.00000002.2044751625.000002148E55D000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://api.remix3d.com/v3/creationse
Source: PaintStudio.View.exe, 0000000F.00000002.1677469961.0000021881DC3000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://evoke-windowsservices-tas.msedge.net/
Source: PaintStudio.View.exe, 0000000F.00000002.1621417542.0000021806619000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 0000000F.00000002.1677469961.0000021881DC3000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 00000014.00000002.1951722900.000002148AA1D000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://evoke-windowsservices-tas.msedge.net/ab
Source: PaintStudio.View.exe, 0000000F.00000002.1677469961.0000021881DC3000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://evoke-windowsservices-tas.msedge.net/abhttps://evoke-windowsservices-tas.msedge.net/ab
Source: PaintStudio.View.exe, 0000000F.00000002.1677469961.0000021881DC3000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://evoke-windowsservices-tas.msedge.net/abx
Source: PaintStudio.View.exe, 00000014.00000002.1941477317.0000021483807000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://hubble-int.azurewebsites.net
Source: PaintStudio.View.exe, 00000014.00000002.1941477317.0000021483807000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://hubble-test.azurewebsites.net
Source: PaintStudio.View.exe, 00000014.00000002.1941477317.0000021483807000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://hubble.edog.officeapps.live.com
Source: PaintStudio.View.exe, 00000014.00000002.1941477317.0000021483807000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://hubble.officeapps.live-int.com
Source: PaintStudio.View.exe, 00000014.00000002.1941477317.0000021483807000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://hubble.officeapps.live.com
Source: PaintStudio.View.exe, 0000000F.00000002.1648196700.0000021880178000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 0000000F.00000003.1553199812.00000218808A8000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 0000000F.00000003.1555352027.00000218808AA000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 0000000F.00000003.1559076087.00000218808AA000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 00000014.00000002.1994354792.000002148CE00000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 00000014.00000002.1986380329.000002148C94E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://hubble.officeapps.live.com/mediasvc/api/media/
Source: PaintStudio.View.exe, 00000014.00000002.1941477317.0000021483807000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://hubblecontent.osi.office-int.net
Source: PaintStudio.View.exe, 00000014.00000002.1941477317.0000021483807000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://hubblecontent.osi.office.net
Source: PaintStudio.View.exe, 0000000F.00000002.1648196700.0000021880178000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 00000014.00000002.1986380329.000002148C94E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/
Source: PaintStudio.View.exe, 0000000F.00000002.1648712362.00000218801C9000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 00000014.00000002.1989068563.000002148CB00000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/;Media=https://hubble.officeapps.live.com/medias
Source: PaintStudio.View.exe, 00000014.00000002.1994354792.000002148CE00000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/e
Source: PaintStudio.View.exe, 0000000F.00000003.1553199812.00000218808A8000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 0000000F.00000003.1555352027.00000218808AA000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 0000000F.00000003.1559076087.00000218808AA000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/we
Source: PaintStudio.View.exe, 00000014.00000002.1941477317.0000021483807000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://hubblecontent.osi.officeppe.netRESP
Source: PaintStudio.View.exe, 0000000F.00000002.1624292159.000002180687C000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 00000014.00000002.1960621724.000002148AC8A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://login.live.com
Source: PaintStudio.View.exe, 00000014.00000002.1957656890.000002148ABD0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://login.windows.local
Source: PaintStudio.View.exe, 0000000F.00000002.1623706663.000002180681E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://login.windows.local1003
Source: PaintStudio.View.exe, 0000000F.00000002.1643602496.000002187F5F3000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 00000014.00000002.1947021882.00000214839E3000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.preview.r
Source: PaintStudio.View.exe, 0000000F.00000002.1681780653.000002188207A000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 0000000F.00000002.1643602496.000002187F5F3000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 0000000F.00000003.1549169113.0000021886EE7000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 00000014.00000002.2046158991.000002148E634000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 00000014.00000002.2047305957.000002148E68B000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 00000014.00000002.2009517742.000002148D79D000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.preview.remix3d.com
Source: PaintStudio.View.exe, 0000000F.00000002.1643602496.000002187F5F3000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 0000000F.00000003.1549169113.0000021886EE7000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 00000014.00000002.2046158991.000002148E634000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 00000014.00000002.2047305957.000002148E68B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.preview.remix3d.com/
Source: PaintStudio.View.exe, 0000000F.00000002.1643602496.000002187F5F3000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 0000000F.00000003.1549169113.0000021886EE7000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 00000014.00000002.2046158991.000002148E634000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 00000014.00000002.2047305957.000002148E68B000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 00000014.00000002.1947021882.00000214839E3000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.preview.remix3d.com/blends/profile
Source: PaintStudio.View.exe, 0000000F.00000002.1681780653.000002188207A000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 0000000F.00000003.1549169113.0000021886EE7000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 00000014.00000002.2046158991.000002148E634000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 00000014.00000002.2047305957.000002148E68B000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 00000014.00000002.2009517742.000002148D79D000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.preview.remix3d.com/details/
Source: PaintStudio.View.exe, 0000000F.00000002.1681780653.000002188207A000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 0000000F.00000002.1681574609.0000021882061000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 0000000F.00000003.1549169113.0000021886EE7000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 00000014.00000002.2046158991.000002148E634000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 00000014.00000002.2047305957.000002148E68B000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 00000014.00000002.1989967520.000002148CBBC000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 00000014.00000002.2009517742.000002148D79D000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.remix3d.com
Source: PaintStudio.View.exe, 0000000F.00000002.1681780653.000002188207A000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 0000000F.00000002.1681998812.000002188209B000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 0000000F.00000002.1676704850.0000021881D5D000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 0000000F.00000003.1549169113.0000021886EE7000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 00000014.00000002.2046158991.000002148E634000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 00000014.00000002.2047305957.000002148E68B000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 00000014.00000002.2009517742.000002148D79D000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 00000014.00000002.2045631763.000002148E600000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 00000014.00000002.1965287440.000002148AF34000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.remix3d.com/
Source: PaintStudio.View.exe, 0000000F.00000002.1681998812.000002188209B000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 00000014.00000002.1965287440.000002148AF34000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.remix3d.com/_SSL
Source: PaintStudio.View.exe, 0000000F.00000002.1681780653.000002188207A000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 0000000F.00000002.1647523963.0000021880113000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 0000000F.00000002.1660253380.000002188108D000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 0000000F.00000003.1549169113.0000021886EE7000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 00000014.00000002.2046158991.000002148E634000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 00000014.00000002.2047305957.000002148E68B000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 00000014.00000002.2009517742.000002148D79D000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 00000014.00000002.2045631763.000002148E600000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.remix3d.com/blends/profile
Source: PaintStudio.View.exe, 00000014.00000002.2009517742.000002148D79D000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.remix3d.com/details/
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49688 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:49710 version: TLS 1.2
Source: unknown HTTPS traffic detected: 23.210.240.112:443 -> 192.168.2.16:49711 version: TLS 1.2
Source: unknown HTTPS traffic detected: 23.221.242.90:443 -> 192.168.2.16:49712 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:49715 version: TLS 1.2
Tries to load missing DLLs
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: telemetryuwp.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: vccorlib140_app.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: msvcp140_app.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: vcruntime140_app.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: sharedmemoryuwp.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: execmodelclient.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: twinapi.appcore.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: windows.shell.servicehostbuilder.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: execmodelproxy.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: onecoreuapcommonproxystub.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: windows.ui.xaml.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: bcp47langs.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: dcomp.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: windows.ui.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: windowmanagementapi.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: inputhost.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: dxgi.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: resourcepolicyclient.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: d3d11.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: windows.staterepositorycore.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: d3d10warp.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: dxcore.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: windows.system.profile.retailinfo.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: d2d1.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: windows.applicationmodel.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: dwrite.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: windows.storage.applicationdata.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: logoncli.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: rometadata.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: mrmcorer.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: windows.staterepositoryclient.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: bcp47mrm.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: windows.globalization.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: xmllite.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: vcruntime140_1_app.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: windows.ui.xaml.controls.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: rmclient.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: uiamanager.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: windows.ui.core.textinput.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: windows.ui.immersive.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: dataexchange.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: windows.web.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: concrt140_app.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: cabinet.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: windowscodecs.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: windows.applicationmodel.datatransfer.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: windows.networking.connectivity.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: windows.accountscontrol.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: windows.devices.enumeration.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: devdispitemprovider.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: windows.energy.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: windows.graphics.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: directmanipulation.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: twinapi.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: profext.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: windows.web.http.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: firewallapi.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: fwbase.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: winnsi.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: mfplat.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: rtworkq.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: rasadhlp.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: windows.system.profile.platformdiagnosticsandusagedatasettings.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: policymanager.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: msvcp110_win.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: threadpoolwinrt.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: msxml6.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: wpnapps.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: msftedit.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: fwpuclnt.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: globinputhost.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: schannel.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: windows.ui.xaml.phone.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: mskeyprotect.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: ntasn1.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: ncrypt.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: ncryptsslp.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: dpapi.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: certenroll.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: certca.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: dsparse.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: ninput.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: efswrt.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: dwmapi.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: mlang.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: wuceffects.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: edputil.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: windows.system.profile.systemid.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: clipc.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: cryptowinrt.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: windows.system.userprofile.diagnosticssettings.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: onecorecommonproxystub.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: telemetryuwp.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: vccorlib140_app.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: msvcp140_app.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: vcruntime140_app.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: sharedmemoryuwp.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: vcruntime140_app.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: msvcp140_app.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: msvcp140_app.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: execmodelclient.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: twinapi.appcore.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: windows.shell.servicehostbuilder.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: execmodelproxy.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: onecoreuapcommonproxystub.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: windows.ui.xaml.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: bcp47langs.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: dcomp.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: windows.ui.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: windowmanagementapi.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: inputhost.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: dxgi.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: resourcepolicyclient.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: d3d11.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: windows.staterepositorycore.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: d3d10warp.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: dxcore.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: windows.system.profile.retailinfo.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: windows.applicationmodel.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: d2d1.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: dwrite.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: windows.storage.applicationdata.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: rometadata.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: mrmcorer.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: windows.staterepositoryclient.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: bcp47mrm.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: windows.globalization.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: xmllite.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: vcruntime140_1_app.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: windows.ui.xaml.controls.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: rmclient.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: uiamanager.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: windows.ui.core.textinput.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: windows.ui.immersive.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: dataexchange.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: windows.web.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: logoncli.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: concrt140_app.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: cabinet.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: windowscodecs.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: windows.applicationmodel.datatransfer.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: windows.networking.connectivity.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: windows.accountscontrol.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: windows.devices.enumeration.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: devdispitemprovider.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: windows.energy.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: windows.graphics.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: directmanipulation.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: twinapi.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: profext.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: efswrt.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: windows.web.http.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: firewallapi.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: fwbase.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: winnsi.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: dpapi.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: mfplat.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: rtworkq.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: windows.system.profile.platformdiagnosticsandusagedatasettings.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: policymanager.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: msvcp110_win.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: rasadhlp.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: threadpoolwinrt.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: msxml6.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: wpnapps.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: msftedit.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: fwpuclnt.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: globinputhost.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: schannel.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: windows.ui.xaml.phone.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: ninput.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: dwmapi.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: mskeyprotect.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: ntasn1.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: ncrypt.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: ncryptsslp.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: certenroll.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: certca.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: dsparse.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: mlang.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: windows.system.profile.systemid.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: clipc.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: cryptowinrt.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: windows.system.userprofile.diagnosticssettings.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: onecorecommonproxystub.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: wuceffects.dll Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Section loaded: edputil.dll Jump to behavior
Source: classification engine Classification label: clean1.win@20/54@4/4
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\Downloads\575231e4-3589-4cf5-8fb0-76bc26471e60.tmp Jump to behavior
Source: C:\Windows\System32\rundll32.exe Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: unknown Process created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/pinrulesstl.cab?17ef43f9ed42b031
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2056 --field-trial-handle=2000,i,17643291499873608431,12210868481373475866,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown Process created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Source: unknown Process created: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe "C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe"
Source: unknown Process created: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe "C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2056 --field-trial-handle=2000,i,17643291499873608431,12210868481373475866,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1A66AEDC-93C3-4ACC-BA96-08F5716429F7}\InProcServer32 Jump to behavior
Source: Google Drive.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe File opened: C:\Windows\SYSTEM32\msftedit.dll Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Stores files to the Windows start menu directory
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: PaintStudio.View.exe, 0000000F.00000002.1662702374.0000021881200000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: ToolsVMToolsVMTools
Source: PaintStudio.View.exe, 0000000F.00000002.1654979056.00000218809B3000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: 4NECVMWar VMware SATA
Source: PaintStudio.View.exe, 00000014.00000002.2011557675.000002148D82B000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: ToolsVMTools
Source: PaintStudio.View.exe, 00000014.00000002.2011557675.000002148D82B000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: ToolsVMToolsVM
Source: PaintStudio.View.exe, 0000000F.00000002.1654979056.00000218809B3000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: ;;SCSI\Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000
Source: PaintStudio.View.exe, 0000000F.00000002.1655680973.0000021880C13000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 00000014.00000002.1998388960.000002148CFD6000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: PaintStudio.View.exe, 0000000F.00000002.1654979056.00000218809B3000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: JVMware Virtual disk SCSI Disk Device
Queries the volume information (name, serial number etc) of a device
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Queries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\Textures VolumeInformation Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Queries volume information: C:\Windows\Fonts\segoeuil.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Queries volume information: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Fonts\PaintA.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Queries volume information: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Fonts\PaintA.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Queries volume information: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Fonts\PaintA.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Queries volume information: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Fonts\PaintA.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Queries volume information: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Fonts\PaintA.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Queries volume information: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Fonts\BhaiMDL2.2.52.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Queries volume information: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Fonts\BhaiMDL2.2.52.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Queries volume information: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Fonts\BhaiMDL2.2.52.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Queries volume information: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Fonts\BhaiMDL2.2.52.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Queries volume information: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Fonts\BhaiMDL2.2.52.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Queries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\cloudCommunitySettings.json VolumeInformation Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Queries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\Projects VolumeInformation Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Queries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\Projects\Projects.json VolumeInformation Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Queries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\Projects\WorkingFolder\EngineConfigId.bin VolumeInformation Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Queries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\Projects\WorkingFolder\SceneData.bin VolumeInformation Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Queries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\Projects\WorkingFolder\Canvas_0.bin VolumeInformation Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Queries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\Projects\WorkingFolder\Canvas_1.bin VolumeInformation Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Queries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\Projects\WorkingFolder\Canvas_2.bin VolumeInformation Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Queries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\Projects\WorkingFolder\Canvas_3.bin VolumeInformation Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Queries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\Projects\WorkingFolder\Canvas_4.bin VolumeInformation Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Queries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\Projects\WorkingFolder\Canvas_5.bin VolumeInformation Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Queries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\Projects\WorkingFolder\Canvas_6.bin VolumeInformation Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Queries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\Projects\WorkingFolder\Canvas_8.bin VolumeInformation Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Queries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\Projects\WorkingFolder\Canvas_7.bin VolumeInformation Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Queries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\Textures VolumeInformation Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Queries volume information: C:\Windows\Fonts\segoeuil.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Queries volume information: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Fonts\PaintA.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Queries volume information: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Fonts\PaintA.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Queries volume information: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Fonts\PaintA.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Queries volume information: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Fonts\PaintA.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Queries volume information: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Fonts\PaintA.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Queries volume information: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Fonts\BhaiMDL2.2.52.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Queries volume information: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Fonts\BhaiMDL2.2.52.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Queries volume information: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Fonts\BhaiMDL2.2.52.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Queries volume information: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Fonts\BhaiMDL2.2.52.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Queries volume information: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Fonts\BhaiMDL2.2.52.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Queries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\Projects\WorkingFolder (2)\SceneData.bin VolumeInformation Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Queries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\Projects\WorkingFolder (2)\EngineConfigId.bin VolumeInformation Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Queries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\Projects\WorkingFolder (2)\Canvas_0.bin VolumeInformation Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Queries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\Projects\WorkingFolder (2)\Canvas_1.bin VolumeInformation Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Queries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\Projects\WorkingFolder (2)\Canvas_2.bin VolumeInformation Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Queries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\Projects\WorkingFolder (2)\Canvas_3.bin VolumeInformation Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Queries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\Projects\WorkingFolder (2)\Canvas_4.bin VolumeInformation Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Queries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\Projects\WorkingFolder (2)\Canvas_5.bin VolumeInformation Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Queries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\Projects\WorkingFolder (2)\Canvas_6.bin VolumeInformation Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Queries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\Projects\WorkingFolder (2)\Canvas_7.bin VolumeInformation Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe Queries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\Projects\WorkingFolder (2)\Canvas_8.bin VolumeInformation Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1416889 URL: http://ctldl.windowsupdate.... Startdate: 28/03/2024 Architecture: WINDOWS Score: 1 5 chrome.exe 20 2->5         started        8 PaintStudio.View.exe 37 2->8         started        10 PaintStudio.View.exe 103 42 2->10         started        12 rundll32.exe 2->12         started        dnsIp3 17 192.168.2.16, 138, 443, 49698 unknown unknown 5->17 19 239.255.255.250 unknown Reserved 5->19 14 chrome.exe 5->14         started        process4 dnsIp5 21 172.253.122.105, 443, 49718, 49719 GOOGLEUS United States 14->21 23 www.google.com 172.253.62.103, 443, 49706 GOOGLEUS United States 14->23
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
172.253.122.105
 unknown United States
15169 GOOGLEUS false
239.255.255.250
 unknown Reserved
unknown unknown false
172.253.62.103
 www.google.com United States
15169 GOOGLEUS false

Private

IP
192.168.2.16

Contacted Domains

Name IP Active
www.google.com 172.253.62.103 true

Contacted URLs

Name Malicious Antivirus Detection Reputation
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=7&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw false
    		high
    https://www.google.com/sorry/index?continue=https://www.google.com/async/ddljson%3Fasync%3Dntp:2&q=EgRmpTArGJW5lLAGIjBHd_AKJiXvmNxa7QOBoMc3TtwL5hSlYsTpvxIHp6hu5gHUnSeQnMynd2baB1bPi2UyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM false
      		high
      https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgRmpTArGJW5lLAGIjDEtMeSbdsKTFupmRE7XFYXeyEzxbWbjBGXBv4CRFSB_bWJLa0LrH3ZszpniEBwYgQyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM false
        		high
        https://www.google.com/async/newtab_promos false
          		high
          https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw false
            		high
            https://www.google.com/async/ddljson?async=ntp:2 false
              		high
              https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw false
                		high
                https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0 false
                  		high
                  https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgRmpTArGJW5lLAGIjBi9PQhwvCu8xsidkRQK4-Wu-ijFbl2Tn-IJ6uGgADoaLseDc5qoXZTbhrRHGWYJIQyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM false
                    		high