hxxps://pcapp[.]store/?as=coinis&ap=push&offer_id=558&aff_id=305&cid=d2MTw1atCO1ON_tLqlIBkgsTyGudWK2d&sid=vvESj

Resubmissions

01-02-2024 11:00

240201-m398labfb2 1

31-03-2023 21:01

230331-ztw1tsdd64 8

Analysis

max time kernel
123s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20230221-en
resource tags

arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
submitted
31-03-2023 21:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://pcapp.store/?as=coinis&ap=push&offer_id=558&aff_id=305&cid=d2MTw1atCO1ON_tLqlIBkgsTyGudWK2d&sid=vvESj

Score

8^/10

discovery persistence

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

PcAppStore.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\Control Panel\International\Geo\Nation	PcAppStore.exe

Executes dropped EXE 7 IoCs

Processes:

Setup.exensaD50A.tmpnsaD50A.tmpPcAppStore.exeNW_store.exeNW_store.exeNW_store.exe

pid process

2468 Setup.exe
5680 nsaD50A.tmp
6124 nsaD50A.tmp
928 PcAppStore.exe
5284 NW_store.exe
5268 NW_store.exe
5276 NW_store.exe

Loads dropped DLL 19 IoCs

Processes:

Setup.exensaD50A.tmpNW_store.exeNW_store.exeNW_store.exe

pid	process
2468	Setup.exe
2468	Setup.exe
2468	Setup.exe
2468	Setup.exe
2468	Setup.exe
2468	Setup.exe
6124	nsaD50A.tmp
6124	nsaD50A.tmp
6124	nsaD50A.tmp
6124	nsaD50A.tmp
6124	nsaD50A.tmp
6124	nsaD50A.tmp
6124	nsaD50A.tmp
6124	nsaD50A.tmp
5284	NW_store.exe
5284	NW_store.exe
5284	NW_store.exe
5268	NW_store.exe
5276	NW_store.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

nsaD50A.tmp

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\PCApp = "\"C:\\Users\\Admin\\PCAppStore\\PcAppStore.exe\" /init default"	nsaD50A.tmp
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\Software\Microsoft\Windows\CurrentVersion\Run	nsaD50A.tmp

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 2 IoCs

Processes:

setup.exe

description	ioc	process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\6c1e458a-2e5f-4da3-bae3-48900a49f41b.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20230331230232.pma	setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 8 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exemsedge.exeNW_store.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	NW_store.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	NW_store.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133247772966043183"	chrome.exe

Modifies registry class 3 IoCs

Processes:

chrome.exemsedge.exemsedge.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2805025096-2326403612-4231045514-1000\{25BCF0FB-EB2F-44BD-911A-3B502EC9F92D}	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2805025096-2326403612-4231045514-1000\{EB84596F-7525-476E-AEC2-F157A32D6BA8}	msedge.exe

Suspicious behavior: AddClipboardFormatListener 2 IoCs

Processes:

vlc.exevlc.exe

pid process

3040 vlc.exe
5732 vlc.exe

pid	process
3040	vlc.exe
5732	vlc.exe

Suspicious behavior: EnumeratesProcesses 27 IoCs

Processes:

chrome.exeSetup.exemsedge.exemsedge.exemsedge.exensaD50A.tmpidentity_helper.exePcAppStore.exe

pid	process
4488	chrome.exe
4488	chrome.exe
4488	chrome.exe
2468	Setup.exe
2468	Setup.exe
2468	Setup.exe
2468	Setup.exe
2468	Setup.exe
2468	Setup.exe
2468	Setup.exe
2468	Setup.exe
636	msedge.exe
636	msedge.exe
1332	msedge.exe
1332	msedge.exe
5724	msedge.exe
5724	msedge.exe
6124	nsaD50A.tmp
6124	nsaD50A.tmp
6124	nsaD50A.tmp
6124	nsaD50A.tmp
6124	nsaD50A.tmp
6124	nsaD50A.tmp
5900	identity_helper.exe
5900	identity_helper.exe
928	PcAppStore.exe
928	PcAppStore.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

Processes:

vlc.exevlc.exe

pid process

3040 vlc.exe
5732 vlc.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

Processes:

chrome.exemsedge.exe

pid process

4488 chrome.exe
4488 chrome.exe
1332 msedge.exe
1332 msedge.exe
1332 msedge.exe
1332 msedge.exe
1332 msedge.exe
1332 msedge.exe

pid	process
3040	vlc.exe
5732	vlc.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	4488	chrome.exe
Token: SeCreatePagefilePrivilege	4488	chrome.exe
Token: SeShutdownPrivilege	4488	chrome.exe
Token: SeCreatePagefilePrivilege	4488	chrome.exe
Token: SeShutdownPrivilege	4488	chrome.exe
Token: SeCreatePagefilePrivilege	4488	chrome.exe
Token: SeShutdownPrivilege	4488	chrome.exe
Token: SeCreatePagefilePrivilege	4488	chrome.exe
Token: SeShutdownPrivilege	4488	chrome.exe
Token: SeCreatePagefilePrivilege	4488	chrome.exe
Token: SeShutdownPrivilege	4488	chrome.exe
Token: SeCreatePagefilePrivilege	4488	chrome.exe
Token: SeShutdownPrivilege	4488	chrome.exe
Token: SeCreatePagefilePrivilege	4488	chrome.exe
Token: SeShutdownPrivilege	4488	chrome.exe
Token: SeCreatePagefilePrivilege	4488	chrome.exe
Token: SeShutdownPrivilege	4488	chrome.exe
Token: SeCreatePagefilePrivilege	4488	chrome.exe
Token: SeShutdownPrivilege	4488	chrome.exe
Token: SeCreatePagefilePrivilege	4488	chrome.exe
Token: SeShutdownPrivilege	4488	chrome.exe
Token: SeCreatePagefilePrivilege	4488	chrome.exe
Token: SeShutdownPrivilege	4488	chrome.exe
Token: SeCreatePagefilePrivilege	4488	chrome.exe
Token: SeShutdownPrivilege	4488	chrome.exe
Token: SeCreatePagefilePrivilege	4488	chrome.exe
Token: SeShutdownPrivilege	4488	chrome.exe
Token: SeCreatePagefilePrivilege	4488	chrome.exe
Token: SeShutdownPrivilege	4488	chrome.exe
Token: SeCreatePagefilePrivilege	4488	chrome.exe
Token: SeShutdownPrivilege	4488	chrome.exe
Token: SeCreatePagefilePrivilege	4488	chrome.exe
Token: SeShutdownPrivilege	4488	chrome.exe
Token: SeCreatePagefilePrivilege	4488	chrome.exe
Token: SeShutdownPrivilege	4488	chrome.exe
Token: SeCreatePagefilePrivilege	4488	chrome.exe
Token: SeShutdownPrivilege	4488	chrome.exe
Token: SeCreatePagefilePrivilege	4488	chrome.exe
Token: SeShutdownPrivilege	4488	chrome.exe
Token: SeCreatePagefilePrivilege	4488	chrome.exe
Token: SeShutdownPrivilege	4488	chrome.exe
Token: SeCreatePagefilePrivilege	4488	chrome.exe
Token: SeShutdownPrivilege	4488	chrome.exe
Token: SeCreatePagefilePrivilege	4488	chrome.exe
Token: SeShutdownPrivilege	4488	chrome.exe
Token: SeCreatePagefilePrivilege	4488	chrome.exe
Token: SeShutdownPrivilege	4488	chrome.exe
Token: SeCreatePagefilePrivilege	4488	chrome.exe
Token: SeShutdownPrivilege	4488	chrome.exe
Token: SeCreatePagefilePrivilege	4488	chrome.exe
Token: SeShutdownPrivilege	4488	chrome.exe
Token: SeCreatePagefilePrivilege	4488	chrome.exe
Token: SeShutdownPrivilege	4488	chrome.exe
Token: SeCreatePagefilePrivilege	4488	chrome.exe
Token: SeShutdownPrivilege	4488	chrome.exe
Token: SeCreatePagefilePrivilege	4488	chrome.exe
Token: SeShutdownPrivilege	4488	chrome.exe
Token: SeCreatePagefilePrivilege	4488	chrome.exe
Token: SeShutdownPrivilege	4488	chrome.exe
Token: SeCreatePagefilePrivilege	4488	chrome.exe
Token: SeShutdownPrivilege	4488	chrome.exe
Token: SeCreatePagefilePrivilege	4488	chrome.exe
Token: SeShutdownPrivilege	4488	chrome.exe
Token: SeCreatePagefilePrivilege	4488	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

chrome.exemsedge.exevlc.exevlc.exePcAppStore.exe

pid	process
4488	chrome.exe
4488	chrome.exe
4488	chrome.exe
4488	chrome.exe
4488	chrome.exe
4488	chrome.exe
4488	chrome.exe
4488	chrome.exe
4488	chrome.exe
4488	chrome.exe
4488	chrome.exe
4488	chrome.exe
4488	chrome.exe
4488	chrome.exe
4488	chrome.exe
4488	chrome.exe
4488	chrome.exe
4488	chrome.exe
4488	chrome.exe
4488	chrome.exe
4488	chrome.exe
4488	chrome.exe
4488	chrome.exe
4488	chrome.exe
4488	chrome.exe
4488	chrome.exe
4488	chrome.exe
4488	chrome.exe
4488	chrome.exe
4488	chrome.exe
4488	chrome.exe
4488	chrome.exe
4488	chrome.exe
4488	chrome.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
3040	vlc.exe
3040	vlc.exe
3040	vlc.exe
3040	vlc.exe
3040	vlc.exe
3040	vlc.exe
3040	vlc.exe
3040	vlc.exe
3040	vlc.exe
3040	vlc.exe
3040	vlc.exe
3040	vlc.exe
3040	vlc.exe
3040	vlc.exe
3040	vlc.exe
5732	vlc.exe
5732	vlc.exe
5732	vlc.exe
5732	vlc.exe
5732	vlc.exe
5732	vlc.exe
5732	vlc.exe
5732	vlc.exe
928	PcAppStore.exe
928	PcAppStore.exe
928	PcAppStore.exe
5732	vlc.exe

Suspicious use of SendNotifyMessage 49 IoCs

Processes:

chrome.exevlc.exevlc.exePcAppStore.exe

pid	process
4488	chrome.exe
4488	chrome.exe
4488	chrome.exe
4488	chrome.exe
4488	chrome.exe
4488	chrome.exe
4488	chrome.exe
4488	chrome.exe
4488	chrome.exe
4488	chrome.exe
4488	chrome.exe
4488	chrome.exe
4488	chrome.exe
4488	chrome.exe
4488	chrome.exe
4488	chrome.exe
4488	chrome.exe
4488	chrome.exe
4488	chrome.exe
4488	chrome.exe
4488	chrome.exe
4488	chrome.exe
4488	chrome.exe
4488	chrome.exe
3040	vlc.exe
3040	vlc.exe
3040	vlc.exe
3040	vlc.exe
3040	vlc.exe
3040	vlc.exe
3040	vlc.exe
3040	vlc.exe
3040	vlc.exe
3040	vlc.exe
3040	vlc.exe
3040	vlc.exe
3040	vlc.exe
3040	vlc.exe
5732	vlc.exe
5732	vlc.exe
5732	vlc.exe
5732	vlc.exe
5732	vlc.exe
5732	vlc.exe
5732	vlc.exe
928	PcAppStore.exe
928	PcAppStore.exe
928	PcAppStore.exe
5732	vlc.exe

Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

vlc.exevlc.exe

pid process

3040 vlc.exe
5732 vlc.exe

pid	process
3040	vlc.exe
5732	vlc.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 4488 wrote to memory of 2668	4488	chrome.exe	chrome.exe
PID 4488 wrote to memory of 2668	4488	chrome.exe	chrome.exe
PID 4488 wrote to memory of 2392	4488	chrome.exe	chrome.exe
PID 4488 wrote to memory of 2392	4488	chrome.exe	chrome.exe
PID 4488 wrote to memory of 2392	4488	chrome.exe	chrome.exe
PID 4488 wrote to memory of 2392	4488	chrome.exe	chrome.exe
PID 4488 wrote to memory of 2392	4488	chrome.exe	chrome.exe
PID 4488 wrote to memory of 2392	4488	chrome.exe	chrome.exe
PID 4488 wrote to memory of 2392	4488	chrome.exe	chrome.exe
PID 4488 wrote to memory of 2392	4488	chrome.exe	chrome.exe
PID 4488 wrote to memory of 2392	4488	chrome.exe	chrome.exe
PID 4488 wrote to memory of 2392	4488	chrome.exe	chrome.exe
PID 4488 wrote to memory of 2392	4488	chrome.exe	chrome.exe
PID 4488 wrote to memory of 2392	4488	chrome.exe	chrome.exe
PID 4488 wrote to memory of 2392	4488	chrome.exe	chrome.exe
PID 4488 wrote to memory of 2392	4488	chrome.exe	chrome.exe
PID 4488 wrote to memory of 2392	4488	chrome.exe	chrome.exe
PID 4488 wrote to memory of 2392	4488	chrome.exe	chrome.exe
PID 4488 wrote to memory of 2392	4488	chrome.exe	chrome.exe
PID 4488 wrote to memory of 2392	4488	chrome.exe	chrome.exe
PID 4488 wrote to memory of 2392	4488	chrome.exe	chrome.exe
PID 4488 wrote to memory of 2392	4488	chrome.exe	chrome.exe
PID 4488 wrote to memory of 2392	4488	chrome.exe	chrome.exe
PID 4488 wrote to memory of 2392	4488	chrome.exe	chrome.exe
PID 4488 wrote to memory of 2392	4488	chrome.exe	chrome.exe
PID 4488 wrote to memory of 2392	4488	chrome.exe	chrome.exe
PID 4488 wrote to memory of 2392	4488	chrome.exe	chrome.exe
PID 4488 wrote to memory of 2392	4488	chrome.exe	chrome.exe
PID 4488 wrote to memory of 2392	4488	chrome.exe	chrome.exe
PID 4488 wrote to memory of 2392	4488	chrome.exe	chrome.exe
PID 4488 wrote to memory of 2392	4488	chrome.exe	chrome.exe
PID 4488 wrote to memory of 2392	4488	chrome.exe	chrome.exe
PID 4488 wrote to memory of 2392	4488	chrome.exe	chrome.exe
PID 4488 wrote to memory of 2392	4488	chrome.exe	chrome.exe
PID 4488 wrote to memory of 2392	4488	chrome.exe	chrome.exe
PID 4488 wrote to memory of 2392	4488	chrome.exe	chrome.exe
PID 4488 wrote to memory of 2392	4488	chrome.exe	chrome.exe
PID 4488 wrote to memory of 2392	4488	chrome.exe	chrome.exe
PID 4488 wrote to memory of 2392	4488	chrome.exe	chrome.exe
PID 4488 wrote to memory of 2392	4488	chrome.exe	chrome.exe
PID 4488 wrote to memory of 1668	4488	chrome.exe	chrome.exe
PID 4488 wrote to memory of 1668	4488	chrome.exe	chrome.exe
PID 4488 wrote to memory of 1544	4488	chrome.exe	chrome.exe
PID 4488 wrote to memory of 1544	4488	chrome.exe	chrome.exe
PID 4488 wrote to memory of 1544	4488	chrome.exe	chrome.exe
PID 4488 wrote to memory of 1544	4488	chrome.exe	chrome.exe
PID 4488 wrote to memory of 1544	4488	chrome.exe	chrome.exe
PID 4488 wrote to memory of 1544	4488	chrome.exe	chrome.exe
PID 4488 wrote to memory of 1544	4488	chrome.exe	chrome.exe
PID 4488 wrote to memory of 1544	4488	chrome.exe	chrome.exe
PID 4488 wrote to memory of 1544	4488	chrome.exe	chrome.exe
PID 4488 wrote to memory of 1544	4488	chrome.exe	chrome.exe
PID 4488 wrote to memory of 1544	4488	chrome.exe	chrome.exe
PID 4488 wrote to memory of 1544	4488	chrome.exe	chrome.exe
PID 4488 wrote to memory of 1544	4488	chrome.exe	chrome.exe
PID 4488 wrote to memory of 1544	4488	chrome.exe	chrome.exe
PID 4488 wrote to memory of 1544	4488	chrome.exe	chrome.exe
PID 4488 wrote to memory of 1544	4488	chrome.exe	chrome.exe
PID 4488 wrote to memory of 1544	4488	chrome.exe	chrome.exe
PID 4488 wrote to memory of 1544	4488	chrome.exe	chrome.exe
PID 4488 wrote to memory of 1544	4488	chrome.exe	chrome.exe
PID 4488 wrote to memory of 1544	4488	chrome.exe	chrome.exe
PID 4488 wrote to memory of 1544	4488	chrome.exe	chrome.exe
PID 4488 wrote to memory of 1544	4488	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://pcapp.store/?as=coinis&ap=push&offer_id=558&aff_id=305&cid=d2MTw1atCO1ON_tLqlIBkgsTyGudWK2d&sid=vvESj
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4488

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa4bfc9758,0x7ffa4bfc9768,0x7ffa4bfc9778
2⤵
PID:2668

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1768 --field-trial-handle=1796,i,6431846908271290336,10386956984207469039,131072 /prefetch:2
2⤵
PID:2392

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1796,i,6431846908271290336,10386956984207469039,131072 /prefetch:8
2⤵
PID:1668

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2168 --field-trial-handle=1796,i,6431846908271290336,10386956984207469039,131072 /prefetch:8
2⤵
PID:1544

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3172 --field-trial-handle=1796,i,6431846908271290336,10386956984207469039,131072 /prefetch:1
2⤵
PID:1992

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3196 --field-trial-handle=1796,i,6431846908271290336,10386956984207469039,131072 /prefetch:1
2⤵
PID:3936

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4528 --field-trial-handle=1796,i,6431846908271290336,10386956984207469039,131072 /prefetch:8
2⤵
- Modifies registry class
PID:744

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4492 --field-trial-handle=1796,i,6431846908271290336,10386956984207469039,131072 /prefetch:8
2⤵
PID:1100

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4996 --field-trial-handle=1796,i,6431846908271290336,10386956984207469039,131072 /prefetch:8
2⤵
PID:4112

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5044 --field-trial-handle=1796,i,6431846908271290336,10386956984207469039,131072 /prefetch:8
2⤵
PID:1148

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5340 --field-trial-handle=1796,i,6431846908271290336,10386956984207469039,131072 /prefetch:8
2⤵
PID:1464

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5352 --field-trial-handle=1796,i,6431846908271290336,10386956984207469039,131072 /prefetch:8
2⤵
PID:2460

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5692 --field-trial-handle=1796,i,6431846908271290336,10386956984207469039,131072 /prefetch:8
2⤵
PID:852

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5688 --field-trial-handle=1796,i,6431846908271290336,10386956984207469039,131072 /prefetch:8
2⤵
PID:4792

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5268 --field-trial-handle=1796,i,6431846908271290336,10386956984207469039,131072 /prefetch:8
2⤵
PID:3548

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5296 --field-trial-handle=1796,i,6431846908271290336,10386956984207469039,131072 /prefetch:8
2⤵
PID:4232

C:\Users\Admin\Downloads\Setup.exe
"C:\Users\Admin\Downloads\Setup.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:2468

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pcapp.store/installing.php?guid=7669410E-8E67-41C6-8402-7B5ABEEC199FX&winver=19041&version=fa.1059h&nocache=20230331230148.177
3⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
PID:1332

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xb0,0xfc,0x100,0xd8,0x104,0x7ffa494446f8,0x7ffa49444708,0x7ffa49444718
4⤵
PID:4084

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,8034066201496653462,16400262038248957328,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2
4⤵
PID:2724

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,8034066201496653462,16400262038248957328,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
4⤵
- Suspicious behavior: EnumeratesProcesses
PID:636

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,8034066201496653462,16400262038248957328,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2732 /prefetch:8
4⤵
PID:3528

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,8034066201496653462,16400262038248957328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3724 /prefetch:1
4⤵
PID:4992

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,8034066201496653462,16400262038248957328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3716 /prefetch:1
4⤵
PID:4780

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2140,8034066201496653462,16400262038248957328,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5616 /prefetch:8
4⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:5724

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2140,8034066201496653462,16400262038248957328,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5604 /prefetch:8
4⤵
PID:5716

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,8034066201496653462,16400262038248957328,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5868 /prefetch:1
4⤵
PID:2552

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,8034066201496653462,16400262038248957328,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:1
4⤵
PID:4456

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,8034066201496653462,16400262038248957328,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3744 /prefetch:8
4⤵
PID:5376

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
4⤵
- Drops file in Program Files directory
PID:5444

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ff7a20c5460,0x7ff7a20c5470,0x7ff7a20c5480
5⤵
PID:5436

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,8034066201496653462,16400262038248957328,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3744 /prefetch:8
4⤵
- Suspicious behavior: EnumeratesProcesses
PID:5900

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,8034066201496653462,16400262038248957328,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1
4⤵
PID:3828

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,8034066201496653462,16400262038248957328,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
4⤵
PID:3752

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,8034066201496653462,16400262038248957328,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3144 /prefetch:2
4⤵
PID:6420

C:\Users\Admin\AppData\Local\Temp\nsaD50A.tmp
"C:\Users\Admin\AppData\Local\Temp\nsaD50A.tmp" /verify
3⤵
- Executes dropped EXE
PID:5680

C:\Users\Admin\AppData\Local\Temp\nsaD50A.tmp
"C:\Users\Admin\AppData\Local\Temp\nsaD50A.tmp" /internal /force
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
PID:6124

C:\Users\Admin\PCAppStore\PcAppStore.exe
"C:\Users\Admin\PCAppStore\PcAppStore.exe" /init default
4⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:928

C:\Users\Admin\PCAppStore\nwjs\NW_store.exe
"C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" .\ui\.
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Enumerates system info in registry
PID:5284

C:\Users\Admin\PCAppStore\nwjs\NW_store.exe
C:\Users\Admin\PCAppStore\nwjs\NW_store.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\pc_app_store\User Data" /prefetch:7 --monitor-self --monitor-self-argument=--type=crashpad-handler "--monitor-self-argument=--user-data-dir=C:\Users\Admin\AppData\Local\pc_app_store\User Data" --monitor-self-argument=/prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\pc_app_store\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\pc_app_store\User Data" --annotation=plat=Win64 --annotation=prod=pc_app_store --annotation=ver=0.1.0 --initial-client-data=0x2a8,0x2ac,0x2b0,0x280,0x2b4,0x7ffa44c39b48,0x7ffa44c39b58,0x7ffa44c39b68
6⤵
- Executes dropped EXE
- Loads dropped DLL
PID:5268

C:\Users\Admin\PCAppStore\nwjs\NW_store.exe
C:\Users\Admin\PCAppStore\nwjs\NW_store.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\pc_app_store\User Data" /prefetch:7 --no-periodic-tasks --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\pc_app_store\User Data\Crashpad" --annotation=plat=Win64 --annotation=prod=pc_app_store --annotation=ver=0.1.0 --initial-client-data=0x144,0x148,0x14c,0x120,0x150,0x7ff69e2e1da0,0x7ff69e2e1db0,0x7ff69e2e1dc0
7⤵
- Executes dropped EXE
- Loads dropped DLL
PID:5276

C:\Users\Admin\PCAppStore\nwjs\NW_store.exe
"C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=gpu-process --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --start-stack-profiler --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1712 --field-trial-handle=1944,i,9760044227637663605,14096490745480335105,131072 /prefetch:2
6⤵
PID:4264

C:\Users\Admin\PCAppStore\nwjs\NW_store.exe
"C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --start-stack-profiler --mojo-platform-channel-handle=1992 --field-trial-handle=1944,i,9760044227637663605,14096490745480335105,131072 /prefetch:8
6⤵
PID:4512

C:\Users\Admin\PCAppStore\nwjs\NW_store.exe
"C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --mojo-platform-channel-handle=1708 --field-trial-handle=1944,i,9760044227637663605,14096490745480335105,131072 /prefetch:8
6⤵
PID:1420

C:\Users\Admin\PCAppStore\nwjs\NW_store.exe
"C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --nwjs --extension-process --first-renderer-process --no-sandbox --file-url-path-alias="/gen=C:\Users\Admin\PCAppStore\nwjs\gen" --no-zygote --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2828 --field-trial-handle=1944,i,9760044227637663605,14096490745480335105,131072 /prefetch:1
6⤵
PID:2272

C:\Users\Admin\PCAppStore\nwjs\NW_store.exe
"C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --mojo-platform-channel-handle=3504 --field-trial-handle=1944,i,9760044227637663605,14096490745480335105,131072 /prefetch:8
6⤵
PID:5300

C:\Users\Admin\PCAppStore\nwjs\NW_store.exe
"C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --mojo-platform-channel-handle=3728 --field-trial-handle=1944,i,9760044227637663605,14096490745480335105,131072 /prefetch:8
6⤵
PID:3864

C:\Users\Admin\PCAppStore\nwjs\NW_store.exe
"C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --mojo-platform-channel-handle=4176 --field-trial-handle=1944,i,9760044227637663605,14096490745480335105,131072 /prefetch:8
6⤵
PID:6492

C:\Users\Admin\PCAppStore\nwjs\NW_store.exe
"C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --mojo-platform-channel-handle=4184 --field-trial-handle=1944,i,9760044227637663605,14096490745480335105,131072 /prefetch:8
6⤵
PID:6484

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1668 --field-trial-handle=1796,i,6431846908271290336,10386956984207469039,131072 /prefetch:2
2⤵
PID:368

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3296

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2204

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\RepairGet.mid"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:3040

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\ResetFormat.mp3"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:5732

C:\Users\Admin\PCAppStore\PcAppStore.exe
"C:\Users\Admin\PCAppStore\PcAppStore.exe" /init default showM
1⤵
PID:3964

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\14561BF7422BB6F70A9CB14F5AA8A7DA_D6E78B0AEA84104DBBC037A2B5332C92
Filesize
727B

MD5
c23420b51aec36bbfa006b21f9646aab

SHA1
ea6274a3032316ed9d220a05d36057c964119eab

SHA256
c1fa439b101f8be25c3aef05e1448db34b5c72b8df268c6b88a4968f1c2120e7

SHA512
95246da6588624b0de756e558a5642c784f4fd7e6603ee3d5fb809a5e0a464f71abcf6f731bbcccf64c67c343795ec99476652d9d73fbfbdfd221e1cd338bc45

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_23FFFDCAABB8E63694AD1202ED02BF57
Filesize
471B

MD5
24a7fd9a66c3820c41a37260a02eb995

SHA1
7df0203f9254857f9d415196eba5376bd6296cbb

SHA256
4806ed09e78e3aa24b7e2f33b1c0815f2dc8d88a6605041e0926d56fd3550eab

SHA512
2427bae05788dae86b6da83a7d829bef6f3a8b262d0370390d7372c015e6032563d82427747d266ce3cf8c59e1ae487cbbc0389be46338e21c0285cb0b45a9c2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\14561BF7422BB6F70A9CB14F5AA8A7DA_D6E78B0AEA84104DBBC037A2B5332C92
Filesize
438B

MD5
675f00f0c1f3d526d61e5bba44bd6ba6

SHA1
6f718cbb9271c7c573998a2ca36de01c90850a58

SHA256
da390555cf4fab33dc51b7e2aa6bf666a9d2cf28e2869348165530cf7ad48c4d

SHA512
cfa570c08d58b0c700a5274096d8908aca94812fec23279414ec9644a52c2d99e80fe89f16b8190277a85d1429797f7975f1af208d7d80ac39af76b03d7f5073

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_23FFFDCAABB8E63694AD1202ED02BF57
Filesize
430B

MD5
eed55ae7b43c6df9e23ac7e6842d82ce

SHA1
ea76c5d7f5273fdecba91e971851a902654457ee

SHA256
bc51a9629357615ac7076ae677b3ad32bfc313be624820d146772831089fd702

SHA512
f9ef2b835ed55615b1792a6a9dfb1007f5115c91d48a16c12f38f2ea7fc2db2493c9dea31ff2f8340b71f7234e3d3c28d07e8cc35adf943f67cbef26aa66fa74

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
120B

MD5
9523c832019f5b82f7c980eababf9d25

SHA1
1a930687f85d63b1580cf4f1a9456cfcca423016

SHA256
1624e7865b18adf450d72d47b268e30492c84db1a0c60caf0894cd34b742101b

SHA512
51fce87380611d20fd97dc3f22dadd5d102d8f4e40f1a3417ef64e001d8d65b0ad0f988d592360821691d12516f78ac909e0340a419e0cb75aa973a1d677bb62

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
498be978d9a23766dc02e883c71be1b1

SHA1
3801593ba7adc193525875acb23ddf783a9d955a

SHA256
a874817e0d9213d41e0e20559df75dc00fcf0a378115aa660b8b360e93e00540

SHA512
d50a8f8cc13889ff5b28b16da54120b2675e66a734ba4648194642c4b8c76e7c8a71bad20785a6f0702f1e34fe7d84f935be66551555e7bbc4f309bb018970a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
873B

MD5
5fc5f9008e10b01bd1c2e8b6499f78d9

SHA1
afc6e8fad8e1209366bc1850a77938abc555ac3c

SHA256
c2e16242b26acdd87c279d400f99b184bc54c409e345cbd17ed123ef64638887

SHA512
0ad063f6fec1ea9ffde18026047efd8e6a0a9cf94620887523d8015882182729f45cd57f719839f2b2bb55a5e58a43c65279403fb868bfd0fd776462a76becf3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
39066fa9e04c2af7949b6ef66232bf20

SHA1
e4b61cd792761cdd26082437f76a217b7a6b8f11

SHA256
24b5f5c622526768de005e7c8b09165e091152b3f0f53908f1620d59434408f1

SHA512
b8dd6e5fef7813da6c699ef2018f5eb4a45258d6f047c2aa0cf61a93a36d5f828c6e2b4905ca878847792cc0131dbda4550683f2c5fd61ef58bb5e3eca24eaaa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
65ec7db9e100dda5ff9e65f575ac9334

SHA1
6447a96b39417549c046c6291bd1cad1cf910b44

SHA256
aa8cdc70c568aa7b82d3cd5f4013c4acc02fe19022707155461e71e6b3fa5838

SHA512
6442531f50ee3cb5aaad9fba64c6b06cd9b393d8360f23e40364e45f46568d4385fd3b14c538019b34e775d3c2072a6b3fe8e86d7e910148dad9a8186bf50ddf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
6e76bc49dc48855198daa37183842adf

SHA1
3b16ed2b400c4976f762c84f0b549be2247922c1

SHA256
d37616419d3b5c4bf5e8ff5611a686c46034fa15a5135a5edff9729f206fa1b2

SHA512
9362365fe722fe7be74075ad8a451afccf9478375642cd32686f9dcab583e17026f15b0107d24ff5eec4fda21194f84a1b6140c400e623b42a7c7534bd1ec39e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
15KB

MD5
a76bcf339a075bcaa19529d7e6f4d7bd

SHA1
40350045fb02259194a720e2c6190dd986e894ea

SHA256
4cc506ffa29db51200badab5c9921ec3d3d2fd5b5856268c133dc06b3fa70f5d

SHA512
ab2f068d06972c524f31b0c1b500478ff3e2fcc5bdb8f22f3d90ae23d149266eeaaa36779dcf0218f33e5bc6b9c4f233b9fdb9399652a5126db5e35bd6e2bc65

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
173KB

MD5
d2e5f9e8ba11b1dea61948fcb9c5d62a

SHA1
24120964c4cfef330ad3bd3ec11e8847ebe2676d

SHA256
9a71ac5c037cafaaaa30d029dbcdb4e77659f3d6a1c42873e5c4e3f30eb89235

SHA512
5aeb0051d6e55e7e0467d76a6c869bff4eaf66db3c25b443b5146a11fc557c0fa4d3130212f67983f5405aec8397bd3e0e62f2bc0c33fcade027038a29e82ee6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
173KB

MD5
d2e5f9e8ba11b1dea61948fcb9c5d62a

SHA1
24120964c4cfef330ad3bd3ec11e8847ebe2676d

SHA256
9a71ac5c037cafaaaa30d029dbcdb4e77659f3d6a1c42873e5c4e3f30eb89235

SHA512
5aeb0051d6e55e7e0467d76a6c869bff4eaf66db3c25b443b5146a11fc557c0fa4d3130212f67983f5405aec8397bd3e0e62f2bc0c33fcade027038a29e82ee6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
5a10efe23009825eadc90c37a38d9401

SHA1
fd98f2ca011408d4b43ed4dfd5b6906fbc7b87c0

SHA256
05e135dee0260b4f601a0486401b64ff8653875d74bf259c2da232550dbfb4f5

SHA512
89416a3f5bf50cd4a432ac72cd0a7fb79d5aeb10bdcc468c55bbfa79b9f43fab17141305d44cb1fe980ec76cc6575c27e2bcfcbad5ccd886d45b9de03fb9d6d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
c1a3c45dc07f766430f7feaa3000fb18

SHA1
698a0485bcf0ab2a9283d4ebd31ade980b0661d1

SHA256
adaba08026551b1b8f6c120143686da79f916d02adbef4a8d1c184e32a19fd48

SHA512
9fc93f01ab4b14f555791d757ffe881787cc697102547c61847552e597e206e70c6d35fedff559c72a0a67d1b95e769095ecb0a8a7d4f07cf58a7a0d57d3e9f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
48B

MD5
cbf91eec672fd6b9b95aab0544ce8db9

SHA1
9b88f033c849ec306475fc6d42e05b2b0b261884

SHA256
78a645dadb58b6279cec78770f2ee2ddc08b676adcdc9316e4d30e958b6b4778

SHA512
7508eae8dd5f3fbc821452b3a064ba40564b791dd483a3d26cd8ccbe235486d6c265381f09b04b530aeea031346fd81b16ecf4785a401a68fe4d88bd72c0de86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
96B

MD5
8e106226abd49a33ae7aa71435663511

SHA1
8ee5320a45e68f60c95028404ddfa38e5322b792

SHA256
b99e28fc88361b8cd8c9f8ca9b47368220c0ee8055614c4f71244608b8b10c7d

SHA512
1211dfbe464b26444ec8d8eafb5bd9d5000081006076e0bd5e21c6ba1ef060b36ea9194e82522f2aa5647a5ad235736092fca21ef58ed3405033aea879056275

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico
Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk
Filesize
2KB

MD5
9b3da489daafe7cb8bcaa596834aaf39

SHA1
a2497ee68b32059f9bc2b089cc27874e1db11eac

SHA256
8f7e86b3acee23ce347a0e2b6f2f1ff0522d6711afcae879599ea6b1ac212509

SHA512
178efbfb562136fb25edbb32d3b3e20103b67e710ba59bb0bbbcd1b0df76fe76808f3ecdf024569df9889aca485ab2c727b73bd92a5e27b6a929337db79aa0d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
bb27f9e88b7ead79bdf1fae8d4873754

SHA1
4de7be58d35db873581568469c940cb687c9128e

SHA256
5c216329fd2fbd9c49da3831bc59e86eb7896d08244a8794b688eb49082820e7

SHA512
3a4d54493df2f8aac6fd6ab5ce4cbb221f4038361da7992f2a3e0b264d4c4b2b7a3334f494b39410521a7d46edc6466bf01b5c8a549048944f362bb4244c1f31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
4406eba7fb003aba4763c7993220dcc5

SHA1
10f877fda2c8c727772d7bc1429d637204196028

SHA256
670082104613c8ecb0d9a96d85fe8afd492006182b78a4451fb3fc66e277f515

SHA512
6254028b7878ecb2fb75270a44addd57a78275e0213f11b89215f2544245238d246a1e2fdefae36790a6c7537846338a3b1722105a8d0944c831c49d712bf44c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
d74505386935d0aea78ff195040ffd59

SHA1
9e62615ddf435891a6aabb67b0f2fd9f62c66142

SHA256
61794b804ba2d3e01c8e8af1dd3b8aee680cb286219a6cdced5a16e210672368

SHA512
0a7698d41da2f6e7dc86b4be4f4582fbc30c6c5b98112c32a62d85be0fde5f9a50d80243dcceafc74c728bad47d1aef1cc1dae2c5f521933f5f93026b42b8433

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
4KB

MD5
d0a6f1d7226af0637c6e6d93b5483a8e

SHA1
d976ed4610318f7bd2d762542ffba872e2350e8c

SHA256
f61114e68ba66f078567d6350b4bcfe60b9f014198db162aecf1acde4e84ac72

SHA512
b7341bd7ee1665dd06f82edb2481e9a4ded2ff03b549d01687dfbd935080501fec947ba15f07ec6fb9d7b0556b1370038ae94f02a32856cf70b15b26c15b8d6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
f3bc466e6d4432b770de9f4415b0851f

SHA1
d2434469a53ea20118d24df1939e3ad4ac198080

SHA256
0d7fd1421d87a91ecfd402214ac98fd8c80aaf58faabf93fec6f4941813ce6dc

SHA512
22b66694efad3487bd9c580309f78c15141c97ce5b93c94a20676170cf92128610166779263bf954d4c09ed903e836ba1077d27df37f518e074f3be53a423d85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
ba96dc34dfe9f89be7cd0bc0fe05ee4e

SHA1
3e2280006ef0d4d9aa47f8f2957225e4cacc3063

SHA256
792c7e9ac675f82de1d435fba9affc7f0e26777fb7c1b064bf896f25fe0779ae

SHA512
4e190061db8cdce77bb78d60ec926ead7e5aeeefc139029260a538e3b64968f5f485790592d1af7f425aec0a5e17c381fe0fd1729deaa3be17ec574e9c62099f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
24KB

MD5
5edab6d3ffbeee247ccb4423f929a323

SHA1
a4ad201d149d59392a2a3163bd86ee900e20f3d9

SHA256
460cddb95ea1d9bc8d95d295dd051b49a1436437a91ddec5f131235b2d516933

SHA512
263fa99f03ea1ef381ca19f10fbe0362c1f9c129502dc6b730b076cafcf34b40a70ee8a0ee9446ec9c89c3a2d9855450609ec0f8cf9d0a1b2aebdd12be58d38c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
538B

MD5
2b988a8b23257047868944ec23f1c182

SHA1
0dc5df8e58cf5a5e57ff27eec6b3457e92d83adc

SHA256
13540e166d9aca40b1193b335024ec28496f79456eff33ba17c8644e721a6f46

SHA512
087c6d92985e2c00aced032f7ef6fb62b0bdd7bfe04e18d4e0aea41ab092c1da42193acee7738a845c29ef99721a038050def87bfd78a7f3c24d9ae122c087f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
538B

MD5
8c7eed74abe16bc0a9d2d98ae9f2e1e8

SHA1
4fbb6abb6ec4ebdbaf2e9feb4acd04d8a0f3eabd

SHA256
b3f3658e84c7ed9a5745146facceed68ef2c973d67beafb677f0b18fc0990a74

SHA512
8a4ea13828f5f8aacc40158b96068659992c238b42cd45df441599fe5e5301c25b9453b6b3b8dc2853d557187b63219760a5aa8ff83e3209f27c72ade7741c69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
538B

MD5
916043f11104a0aa0ac8182f31934655

SHA1
6214eab4012a910a58582cfb1e73eaded409977b

SHA256
89712e9b8839e65252a48865d7963190fb17d923633cc7a1b834d8edfeb8bbb4

SHA512
46346b4ec7cc10eb0e80b313ff2abdea02741437a322af50b92da55eb9c94734adf1e39419858b945ae98e808e4e64d42a91088c9a7d85bbf2b31b4bb25d8254

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
538B

MD5
9d2a3db7295ba7048625c0f9f1176b7e

SHA1
6dcd65fdd3e534f35d7b9f4f3d455005d52cf3f8

SHA256
7dae5bea0214d50b19d8f91c9b63a7a73c1e543b97486abccadbfc5b026c1c3d

SHA512
c7cf765fe7880359e02e84306d940ff6e2f73e326f1823de65062cd93d238a711ad6c63560d6b535979e416c389be6b113669ee45a8723f9c77bb715ca9a15da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
538B

MD5
5893d0e8f60b835bd398538d934baefe

SHA1
ca65f988ef6ecc1ca1a30f0140055d94ef08439b

SHA256
c6f4fc1c921e313891648cb6656560623713b9c5aa695dacbb490df6c820c885

SHA512
058a68286b387313014b41a4efb783870f5a77a68bb04dc403083b39012d8d693bb4b9b8639e4545371aaf36a8dbee429e4ca041d2303e9dcc72d3c5a97a78f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
538B

MD5
d5bb0715d62a610f07b9248b23d48d37

SHA1
fec35d72d52a0acd03ab6e0f91d35c4cabd62d8d

SHA256
03609b8a9eb30a9aae3f22e505fbc0af5424b3e7eab7e9d842b87746dcf0a9ac

SHA512
d5c7d8144f856a94990f2af1daae4cf14a27b55c6186cbc0268317f392b187bc51a686c596ee9b7fe49d2673608e779fd1dd4d4fbf7c80387b73ad8f5a176538

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
538B

MD5
6d448c6a91c4ec5d5aa749f113a87714

SHA1
566b3e33151b2344085e1e98f2a0fc19f080271a

SHA256
bd2a7f265629ee00fe6b1e2224e97a0fd25066948a3978d1f60e74c3dbd27e05

SHA512
25ec0b8f38a917435a3275f967554c5828d316de0961bc02853a65b2d89dcc33539c132f7278c6673c5c9dc34269df65028ea4ef90868d8a61e80c8b663e504a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57707d.TMP
Filesize
203B

MD5
422792005e853f685233e0b333934735

SHA1
417981acc9fbf4a124089153b564b1c4fbb792ca

SHA256
cb42f84088b46c50e4d88976f581b7c0a76dbf85f858a1278cab05a272f6b52c

SHA512
640bd94fb6b9c9769d5735c088a54d92fdfa0d4d6091a1f476e27ba8bf860a8d47af94564673a94fb08bab073f71eef5ba741dd772313bd3851921d610a0f418

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
9KB

MD5
e1d2ee5f90657473b90c8ac7599efdb0

SHA1
f2448b48be0d554d5861b5b2951a38ccd8c5b92e

SHA256
986a64b1492bd5fda576375ba6a4dae02f44a06cec1c19b75227a5b0e4687f6d

SHA512
9732fb2003fdf5e4b6c6d9169e581880b6e65cf7d2f54121398c1e152558351f84c851a6a53d2878ec75ed53f61991c5829a3809b5658b68ec881611445224f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
f006db875e212439769cb456da50707b

SHA1
fb908d0f6c6428bf68df0efa5d23d0ac280ca79e

SHA256
46614d2d550847e1d6e4ad73aed299d5746811c1482edf2948285201309658c4

SHA512
bb939f2678e161d2d7a42a24cba4af9298d540f07e3d7cdb82a6fac8e20675059d5ae243699fbc32695103f17319136308ad003e5be8d8fcef01011db364bfe9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
798b265554a9629792a9f36990885b64

SHA1
6ba5761785e354bdbcbe4dbe4137b07dbd22647d

SHA256
2dc9381c60ea277ebcca64273da3430f9eb822fd9cf2db059a31dccc417867d2

SHA512
5b6ac1dc2c85ddd5401032ab137a17d2d0ed0244fdf5cb306221c068e44b4c36f4d947d1bfbf7783508cdbe7d116b8261f89754c800646db91dde92d663c413b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
d91b2025f2f9600f812a4b18e77f1bc9

SHA1
474f0c1f13417d690003e68cdf734c768ce58f27

SHA256
29d1d77db30520c79a5fbbb896c3fc620bbbd179ef0d419d473b65bb44a8d61a

SHA512
767d9e09bdfcfffc218d9897f11406da9a5fd64e7fdc9d79a940aca8d12fdc3a1a4f8e813f3c1d959e8d43ff6a950f28e074a620cab42f54cb528240fc5d3cd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
13KB

MD5
7ac951cde9f091beda7cc6c36829ae7c

SHA1
695c0121bf04b6d2fa0b3c5f8ce2d5b9aecb4806

SHA256
7145682f0e31cdad0de37ae6b7ad90e3040829b42ce996cd515710b9bdc99519

SHA512
6726439acbee4012abe531a2e8ec1afd2fd4e7b095dd1e8377030fa3eceb8c9c20b8f95068273116502850a436e220ceb00bb5f82a5f42d5be0bd2a7035138a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsaD50A.tmp
Filesize
84.5MB

MD5
3da7109785da86f3758bc1dcab1a692c

SHA1
599f3dc0879dcb6d2037d21fb5aa5173542fdeeb

SHA256
38eed667584871a924bb25ec9f74b88928f15866232163cc7212178131ea05a9

SHA512
79a538d1521d5cd89b076163327c4dc2bd2b086961f1199963f4393c5dcc0b175a79709a7c83a62278719dfde2d2e09337f18979cd2374f16d28872c5472e848

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsaD50A.tmp
Filesize
84.5MB

MD5
3da7109785da86f3758bc1dcab1a692c

SHA1
599f3dc0879dcb6d2037d21fb5aa5173542fdeeb

SHA256
38eed667584871a924bb25ec9f74b88928f15866232163cc7212178131ea05a9

SHA512
79a538d1521d5cd89b076163327c4dc2bd2b086961f1199963f4393c5dcc0b175a79709a7c83a62278719dfde2d2e09337f18979cd2374f16d28872c5472e848

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsaD50A.tmp
Filesize
84.5MB

MD5
3da7109785da86f3758bc1dcab1a692c

SHA1
599f3dc0879dcb6d2037d21fb5aa5173542fdeeb

SHA256
38eed667584871a924bb25ec9f74b88928f15866232163cc7212178131ea05a9

SHA512
79a538d1521d5cd89b076163327c4dc2bd2b086961f1199963f4393c5dcc0b175a79709a7c83a62278719dfde2d2e09337f18979cd2374f16d28872c5472e848

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk787E.tmp\System.dll
Filesize
12KB

MD5
cff85c549d536f651d4fb8387f1976f2

SHA1
d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e

SHA256
8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8

SHA512
531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk787E.tmp\inetc.dll
Filesize
38KB

MD5
a35cdc9cf1d17216c0ab8c5282488ead

SHA1
ed8e8091a924343ad8791d85e2733c14839f0d36

SHA256
a793929232afb78b1c5b2f45d82094098bcf01523159fad1032147d8d5f9c4df

SHA512
0f15b00d0bf2aabd194302e599d69962147b4b3ef99e5a5f8d5797a7a56fd75dd9db0a667cfba9c758e6f0dab9ced126a9b43948935fe37fc31d96278a842bdf

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk787E.tmp\inetc.dll
Filesize
38KB

MD5
a35cdc9cf1d17216c0ab8c5282488ead

SHA1
ed8e8091a924343ad8791d85e2733c14839f0d36

SHA256
a793929232afb78b1c5b2f45d82094098bcf01523159fad1032147d8d5f9c4df

SHA512
0f15b00d0bf2aabd194302e599d69962147b4b3ef99e5a5f8d5797a7a56fd75dd9db0a667cfba9c758e6f0dab9ced126a9b43948935fe37fc31d96278a842bdf

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk787E.tmp\inetc.dll
Filesize
38KB

MD5
a35cdc9cf1d17216c0ab8c5282488ead

SHA1
ed8e8091a924343ad8791d85e2733c14839f0d36

SHA256
a793929232afb78b1c5b2f45d82094098bcf01523159fad1032147d8d5f9c4df

SHA512
0f15b00d0bf2aabd194302e599d69962147b4b3ef99e5a5f8d5797a7a56fd75dd9db0a667cfba9c758e6f0dab9ced126a9b43948935fe37fc31d96278a842bdf

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk787E.tmp\inetc.dll
Filesize
38KB

MD5
a35cdc9cf1d17216c0ab8c5282488ead

SHA1
ed8e8091a924343ad8791d85e2733c14839f0d36

SHA256
a793929232afb78b1c5b2f45d82094098bcf01523159fad1032147d8d5f9c4df

SHA512
0f15b00d0bf2aabd194302e599d69962147b4b3ef99e5a5f8d5797a7a56fd75dd9db0a667cfba9c758e6f0dab9ced126a9b43948935fe37fc31d96278a842bdf

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk787E.tmp\inetc.dll
Filesize
38KB

MD5
a35cdc9cf1d17216c0ab8c5282488ead

SHA1
ed8e8091a924343ad8791d85e2733c14839f0d36

SHA256
a793929232afb78b1c5b2f45d82094098bcf01523159fad1032147d8d5f9c4df

SHA512
0f15b00d0bf2aabd194302e599d69962147b4b3ef99e5a5f8d5797a7a56fd75dd9db0a667cfba9c758e6f0dab9ced126a9b43948935fe37fc31d96278a842bdf

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk787E.tmp\inetc.dll
Filesize
38KB

MD5
a35cdc9cf1d17216c0ab8c5282488ead

SHA1
ed8e8091a924343ad8791d85e2733c14839f0d36

SHA256
a793929232afb78b1c5b2f45d82094098bcf01523159fad1032147d8d5f9c4df

SHA512
0f15b00d0bf2aabd194302e599d69962147b4b3ef99e5a5f8d5797a7a56fd75dd9db0a667cfba9c758e6f0dab9ced126a9b43948935fe37fc31d96278a842bdf

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk787E.tmp\inetc.dll
Filesize
38KB

MD5
a35cdc9cf1d17216c0ab8c5282488ead

SHA1
ed8e8091a924343ad8791d85e2733c14839f0d36

SHA256
a793929232afb78b1c5b2f45d82094098bcf01523159fad1032147d8d5f9c4df

SHA512
0f15b00d0bf2aabd194302e599d69962147b4b3ef99e5a5f8d5797a7a56fd75dd9db0a667cfba9c758e6f0dab9ced126a9b43948935fe37fc31d96278a842bdf

Download Submit
C:\Users\Admin\AppData\Local\Temp\nswBE93.tmp\System.dll
Filesize
12KB

MD5
cff85c549d536f651d4fb8387f1976f2

SHA1
d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e

SHA256
8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8

SHA512
531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

Download Submit
C:\Users\Admin\AppData\Local\Temp\nswBE93.tmp\System.dll
Filesize
12KB

MD5
cff85c549d536f651d4fb8387f1976f2

SHA1
d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e

SHA256
8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8

SHA512
531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

Download Submit
C:\Users\Admin\AppData\Local\Temp\nswBE93.tmp\image.gif
Filesize
997B

MD5
1636218c14c357455b5c872982e2a047

SHA1
21fbd1308af7ad25352667583a8dc340b0847dbc

SHA256
9b8b6285bf65f086e08701eee04e57f2586e973a49c5a38660c9c6502a807045

SHA512
837fa6bcbe69a3728f5cb4c25c35c1d13e84b11232fc5279a91f21341892ad0e36003d86962c8ab1a056d3beeb2652c754d51d6ec7eee0e0ebfe19cd93fb5cb0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nswBE93.tmp\inetc.dll
Filesize
38KB

MD5
a35cdc9cf1d17216c0ab8c5282488ead

SHA1
ed8e8091a924343ad8791d85e2733c14839f0d36

SHA256
a793929232afb78b1c5b2f45d82094098bcf01523159fad1032147d8d5f9c4df

SHA512
0f15b00d0bf2aabd194302e599d69962147b4b3ef99e5a5f8d5797a7a56fd75dd9db0a667cfba9c758e6f0dab9ced126a9b43948935fe37fc31d96278a842bdf

Download Submit
C:\Users\Admin\AppData\Local\Temp\nswBE93.tmp\inetc.dll
Filesize
38KB

MD5
a35cdc9cf1d17216c0ab8c5282488ead

SHA1
ed8e8091a924343ad8791d85e2733c14839f0d36

SHA256
a793929232afb78b1c5b2f45d82094098bcf01523159fad1032147d8d5f9c4df

SHA512
0f15b00d0bf2aabd194302e599d69962147b4b3ef99e5a5f8d5797a7a56fd75dd9db0a667cfba9c758e6f0dab9ced126a9b43948935fe37fc31d96278a842bdf

Download Submit
C:\Users\Admin\AppData\Local\Temp\nswBE93.tmp\inetc.dll
Filesize
38KB

MD5
a35cdc9cf1d17216c0ab8c5282488ead

SHA1
ed8e8091a924343ad8791d85e2733c14839f0d36

SHA256
a793929232afb78b1c5b2f45d82094098bcf01523159fad1032147d8d5f9c4df

SHA512
0f15b00d0bf2aabd194302e599d69962147b4b3ef99e5a5f8d5797a7a56fd75dd9db0a667cfba9c758e6f0dab9ced126a9b43948935fe37fc31d96278a842bdf

Download Submit
C:\Users\Admin\AppData\Local\Temp\nswBE93.tmp\inetc.dll
Filesize
38KB

MD5
a35cdc9cf1d17216c0ab8c5282488ead

SHA1
ed8e8091a924343ad8791d85e2733c14839f0d36

SHA256
a793929232afb78b1c5b2f45d82094098bcf01523159fad1032147d8d5f9c4df

SHA512
0f15b00d0bf2aabd194302e599d69962147b4b3ef99e5a5f8d5797a7a56fd75dd9db0a667cfba9c758e6f0dab9ced126a9b43948935fe37fc31d96278a842bdf

Download Submit
C:\Users\Admin\AppData\Local\Temp\nswBE93.tmp\inetc.dll
Filesize
38KB

MD5
a35cdc9cf1d17216c0ab8c5282488ead

SHA1
ed8e8091a924343ad8791d85e2733c14839f0d36

SHA256
a793929232afb78b1c5b2f45d82094098bcf01523159fad1032147d8d5f9c4df

SHA512
0f15b00d0bf2aabd194302e599d69962147b4b3ef99e5a5f8d5797a7a56fd75dd9db0a667cfba9c758e6f0dab9ced126a9b43948935fe37fc31d96278a842bdf

Download Submit
C:\Users\Admin\AppData\Local\Temp\nswBE93.tmp\nsDialogs.dll
Filesize
9KB

MD5
6c3f8c94d0727894d706940a8a980543

SHA1
0d1bcad901be377f38d579aafc0c41c0ef8dcefd

SHA256
56b96add1978b1abba286f7f8982b0efbe007d4a48b3ded6a4d408e01d753fe2

SHA512
2094f0e4bb7c806a5ff27f83a1d572a5512d979eefda3345baff27d2c89e828f68466d08c3ca250da11b01fc0407a21743037c25e94fbe688566dd7deaebd355

Download Submit
C:\Users\Admin\AppData\Local\Temp\nswBE93.tmp\nsDialogs.dll
Filesize
9KB

MD5
6c3f8c94d0727894d706940a8a980543

SHA1
0d1bcad901be377f38d579aafc0c41c0ef8dcefd

SHA256
56b96add1978b1abba286f7f8982b0efbe007d4a48b3ded6a4d408e01d753fe2

SHA512
2094f0e4bb7c806a5ff27f83a1d572a5512d979eefda3345baff27d2c89e828f68466d08c3ca250da11b01fc0407a21743037c25e94fbe688566dd7deaebd355

Download Submit
C:\Users\Admin\AppData\Local\Temp\temp
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\temp
Filesize
42B

MD5
d89746888da2d9510b64a9f031eaecd5

SHA1
d5fceb6532643d0d84ffe09c40c481ecdf59e15a

SHA256
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

SHA512
d5da26b5d496edb0221df1a4057a8b0285d15592a8f8dc7016a294df37ed335f3fde6a2252962e0df38b62847f8b771463a0124ef3f84299f262ed9d9d3cee4c

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\824c8a19-1cab-4c17-8787-4aaaabdadcb3.tmp
Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\GPUCache\data_0
Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\GPUCache\data_1
Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\GPUCache\data_2
Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\GPUCache\data_3
Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\TransportSecurity
Filesize
523B

MD5
28ea02ee1e6385bc7403f8bd86aeafd6

SHA1
06e086479f5dc57528c9fde38280ed2f33f1021f

SHA256
4b0e46c51b167e39f0664cb6be590456c5899a9847afc788e1c68c1925361f7e

SHA512
23e14fee58307607e7133dd7af3f8634c6f460256b9a7825b597e61c6ad95414755d677bec4db9c523d9622117de421b221548cf6e52fc7ace015f7b21d527cd

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\TransportSecurity~RFe58bb3d.TMP
Filesize
523B

MD5
b964e9b70e95c8efde2cf622584b3212

SHA1
a8cff53915aac5b80adcd07692c0a5efee01facd

SHA256
44a103db109f62c39dc3a52f6197414ebecd2b1bee4b848b1f2f2305a6787f65

SHA512
3d6456ba247fd9edd8cc21539250241aa84c0964d7a84d2d889c3e3a72bf70d46c8aefb11f9c8a0774ab673bc285595f574f81ad8c70a5fe2f22873c5e901da7

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences
Filesize
3KB

MD5
470d20b4006061d3730f46ceffeef8bd

SHA1
7fd8ff916430a6785dd83897c30fe51f61c6d5a7

SHA256
d38e96ed59c15e5c5507933b6a44fdffdbc097e54b3b3cca50a090b862ab5717

SHA512
e9ad80622c54800d1ba79c3ad96ad447d18d9d134f4d28f05a052bc1e8ac2b2650fd5f95073f57335a49fe7daf8e2b40d2362417aab50fc33d5b2991d8e21ed1

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences~RFe58a330.TMP
Filesize
3KB

MD5
f9759dd5fa0c969c28cad0f37cf74aba

SHA1
0e95a6ee361d7021c55928eba4fae0a00439b290

SHA256
e7c434d22a267e38e92a0add3e25a52152c3539c8ac89c6a2dcb3d15b920a193

SHA512
b9b3a6b4ed955ce433fdbe4562ccdc37f154f36875cfa5be60cfc60d6e4173240b2edd1404779372643ababc67b4497ea5a9c051bb1767647cecd1c5dabbe59f

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Web Applications\_nwjs_pcapp.store\pc_app_store.ico.md5
Filesize
16B

MD5
d5e6121f86812cc7ae58efc4f9ceacbb

SHA1
3dfb06418220ed62ab46b473bc4ab269ff4f7e33

SHA256
05f173bbb3d564e2da3d496c4298b69c3506771a30238eb5285f1cd9df00e3c0

SHA512
88c5c1b06ddcac46d53e1cad013fec4fb789f97589f294a076be3cc7ac1c10ed9ea0a1c3a11f9f9499efe01420917ca14348be74dc2cd1c8cdb4313783123740

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\b0b049a0-8502-469f-bb23-d5564d318574.tmp
Filesize
148KB

MD5
728fe78292f104659fea5fc90570cc75

SHA1
11b623f76f31ec773b79cdb74869acb08c4052cb

SHA256
d98e226bea7a9c56bfdfab3c484a8e6a0fb173519c43216d3a1115415b166d20

SHA512
91e81b91b29d613fdde24b010b1724be74f3bae1d2fb4faa2c015178248ed6a0405e2b222f4a557a6b895663c159f0bf0dc6d64d21259299e36f53d95d7067aa

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Local State
Filesize
3KB

MD5
c8958f7b2ce29d4614577db03cb61fb8

SHA1
6da04d0e58dc76b5bbaafc4c4f3270dc665ce867

SHA256
a864b48a94f1a6b86c517f7dd4394d5e05e8d733168b9c0c607147406bb7278d

SHA512
cde9084b8fd6342e9c21bf14593df526abfe962cb8db4a86a997d28471b0cabff6d7ee16220d8d68eb13bde466edd2933bd3f6e9e90e67264b25c24a2b1f3109

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Local State
Filesize
3KB

MD5
0d22ed8695327bc10d38c92299592213

SHA1
c3bb548af1e4943bdfad984255d6697f7f0fa5ae

SHA256
77faa58d9fc8e4db736fe77f8aea6e5833cb739110aa326558df017122456c1e

SHA512
0d0c1f2164aab45d34c37d060b0f62abeb7f2714411c579600e25d46168f73fce895b6b4676729fe0efb699081e5eea7103b27caab8ae987aad48e0eefdbfd9d

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Local State~RFe586caf.TMP
Filesize
916B

MD5
b2fcd7ee3eb9e07f7545a029f6ff16c7

SHA1
5761e0dbe154ed259475235b83d5c75ee0838ccc

SHA256
d550f07401879a20861d0f03f43741036b861cc271470ab12f6832d56e08bc88

SHA512
8ff621b67f8592116f912d0c2bd1923ff48082b8913ddb9aac3759a42dab7a27201d24e46163e957e61ce11b8325c5c28c0cbba0bc81c1a270e7b4dd3093364c

Download Submit
C:\Users\Admin\AppData\Roaming\PCAppStore\Data\fa.xml
Filesize
12B

MD5
3fcbd149c5cd3f4b0df93eb3574cad4b

SHA1
464e65d26e362e153f92f6fa207b68ac2687bd2c

SHA256
38cd202bd40e8f59cfb61abe14aaf828969bde04c80d742008823340972d25f1

SHA512
66e8005957e6a3a601e6df126e6bf36de3c421d25bcf4dfd12953ffa1b1f8aab4c9bc9c1c695e416c2b28b31cb3f10d542117bc87ddf9a42ae2dd5da5e51e0c9

Download Submit
C:\Users\Admin\AppData\Roaming\vlc\ml.xspf
Filesize
304B

MD5
781602441469750c3219c8c38b515ed4

SHA1
e885acd1cbd0b897ebcedbb145bef1c330f80595

SHA256
81970dbe581373d14fbd451ac4b3f96e5f69b79645f1ee1ca715cff3af0bf20d

SHA512
2b0a1717d96edb47bdf0ffeb250a5ec11f7d0638d3e0a62fbe48c064379b473ca88ffbececb32a72129d06c040b107834f1004ccda5f0f35b8c3588034786461

Download Submit
C:\Users\Admin\AppData\Roaming\vlc\ml.xspf.tmp5732
Filesize
304B

MD5
781602441469750c3219c8c38b515ed4

SHA1
e885acd1cbd0b897ebcedbb145bef1c330f80595

SHA256
81970dbe581373d14fbd451ac4b3f96e5f69b79645f1ee1ca715cff3af0bf20d

SHA512
2b0a1717d96edb47bdf0ffeb250a5ec11f7d0638d3e0a62fbe48c064379b473ca88ffbececb32a72129d06c040b107834f1004ccda5f0f35b8c3588034786461

Download Submit
C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini
Filesize
75B

MD5
d483ac9fec4f5fce2421528415c73b4a

SHA1
ccc32cbf9b98a75abe9beef4f58a7d179b0f60b3

SHA256
4eda0a952ee9fc4ac177e8a17fe12583e923727f5693008ef9679a15af27ddec

SHA512
59881c725cb0e307efefa9c72f12be76ade713315c66dc71062565268d0d22815e0ed8e6986eb822c8e54a85866349271c91e8d818c755a08a91ce4555ee2781

Download Submit
C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini
Filesize
75B

MD5
d483ac9fec4f5fce2421528415c73b4a

SHA1
ccc32cbf9b98a75abe9beef4f58a7d179b0f60b3

SHA256
4eda0a952ee9fc4ac177e8a17fe12583e923727f5693008ef9679a15af27ddec

SHA512
59881c725cb0e307efefa9c72f12be76ade713315c66dc71062565268d0d22815e0ed8e6986eb822c8e54a85866349271c91e8d818c755a08a91ce4555ee2781

Download Submit
C:\Users\Admin\Downloads\Setup.exe
Filesize
106KB

MD5
8ba3860d24a1883d5895efd8eda05efa

SHA1
a1fcdd38e6d5df66f706e118611c86c0ea446ce4

SHA256
a7b80239732c37a4c631044fbc5f13d0e04b3be8faa7d91d2f4a879098dcf08f

SHA512
15c57d8dc4ec9a0c810848058eae6fff40765f60a7ea488c9ffbc3650a689c82369adb56e8d0fe5e9a85552d2633348838f35722b2ac26548ea4e35fdede0ac4

Download Submit
C:\Users\Admin\Downloads\Setup.exe
Filesize
106KB

MD5
8ba3860d24a1883d5895efd8eda05efa

SHA1
a1fcdd38e6d5df66f706e118611c86c0ea446ce4

SHA256
a7b80239732c37a4c631044fbc5f13d0e04b3be8faa7d91d2f4a879098dcf08f

SHA512
15c57d8dc4ec9a0c810848058eae6fff40765f60a7ea488c9ffbc3650a689c82369adb56e8d0fe5e9a85552d2633348838f35722b2ac26548ea4e35fdede0ac4

Download Submit
C:\Users\Admin\Downloads\Setup.exe
Filesize
106KB

MD5
8ba3860d24a1883d5895efd8eda05efa

SHA1
a1fcdd38e6d5df66f706e118611c86c0ea446ce4

SHA256
a7b80239732c37a4c631044fbc5f13d0e04b3be8faa7d91d2f4a879098dcf08f

SHA512
15c57d8dc4ec9a0c810848058eae6fff40765f60a7ea488c9ffbc3650a689c82369adb56e8d0fe5e9a85552d2633348838f35722b2ac26548ea4e35fdede0ac4

Download Submit
C:\Users\Admin\PCAppStore\PcAppStore.exe
Filesize
1.7MB

MD5
c726e1bfc16b37088ad29182c9f58fe9

SHA1
f82f35b4e296643bed86cf352e7737cdaa828efc

SHA256
a31100e26450a0f60eb80c4d97ba3142d61a3b8f5fef748176f43c75ce21bf97

SHA512
4da469421c804bd21e8b5e6de759a54c791d451f77a6067f3d5205bba6ce26baf406002961d6d219fda9e3958a657ea308fc11035dbcad235160c051cb7df00f

Download Submit
C:\Users\Admin\PCAppStore\PcAppStore.exe
Filesize
1.7MB

MD5
c726e1bfc16b37088ad29182c9f58fe9

SHA1
f82f35b4e296643bed86cf352e7737cdaa828efc

SHA256
a31100e26450a0f60eb80c4d97ba3142d61a3b8f5fef748176f43c75ce21bf97

SHA512
4da469421c804bd21e8b5e6de759a54c791d451f77a6067f3d5205bba6ce26baf406002961d6d219fda9e3958a657ea308fc11035dbcad235160c051cb7df00f

Download Submit
C:\Users\Admin\PCAppStore\nwjs\NW_store.exe
Filesize
2.4MB

MD5
aad2814325b2f176b0d03b827245bf92

SHA1
fcdf98ecd1964401eb1fa3431cd27c597bd6bff7

SHA256
3609c797b49acecc223e6243bf8d96f9adba54d07b0057cd4cc12b1f789953c2

SHA512
9ccf868b7acf13deee8cc8210ff1a339ddfe70dfc2d75c6ec67ce8a032d82e3565f9449a746e8f15c064499b46dfafc81641e663291bb276f9e22297ef01866f

Download Submit
C:\Users\Admin\PCAppStore\nwjs\NW_store.exe
Filesize
2.4MB

MD5
aad2814325b2f176b0d03b827245bf92

SHA1
fcdf98ecd1964401eb1fa3431cd27c597bd6bff7

SHA256
3609c797b49acecc223e6243bf8d96f9adba54d07b0057cd4cc12b1f789953c2

SHA512
9ccf868b7acf13deee8cc8210ff1a339ddfe70dfc2d75c6ec67ce8a032d82e3565f9449a746e8f15c064499b46dfafc81641e663291bb276f9e22297ef01866f

Download Submit
C:\Users\Admin\PCAppStore\nwjs\NW_store.exe
Filesize
2.4MB

MD5
aad2814325b2f176b0d03b827245bf92

SHA1
fcdf98ecd1964401eb1fa3431cd27c597bd6bff7

SHA256
3609c797b49acecc223e6243bf8d96f9adba54d07b0057cd4cc12b1f789953c2

SHA512
9ccf868b7acf13deee8cc8210ff1a339ddfe70dfc2d75c6ec67ce8a032d82e3565f9449a746e8f15c064499b46dfafc81641e663291bb276f9e22297ef01866f

Download Submit
C:\Users\Admin\PCAppStore\nwjs\ffmpeg.dll
Filesize
1.9MB

MD5
9518fcf62a52cf17f987b6beb1935a0d

SHA1
e4c55a1083b8fcbc2e1812b7a7a62ca75b1c66b6

SHA256
31132704944d3ae5101093f27cb523119ea3acfbba6e3c87216bf95ea2a0f40b

SHA512
418b169934a9e1d80743b8a7268ebb514055811c13b71d05aeb2f1b64f97e3156256b882a95677f693acf139b52373c512ad559fe17e79836d5fe796273e8fbc

Download Submit
C:\Users\Admin\PCAppStore\nwjs\ffmpeg.dll
Filesize
1.9MB

MD5
9518fcf62a52cf17f987b6beb1935a0d

SHA1
e4c55a1083b8fcbc2e1812b7a7a62ca75b1c66b6

SHA256
31132704944d3ae5101093f27cb523119ea3acfbba6e3c87216bf95ea2a0f40b

SHA512
418b169934a9e1d80743b8a7268ebb514055811c13b71d05aeb2f1b64f97e3156256b882a95677f693acf139b52373c512ad559fe17e79836d5fe796273e8fbc

Download Submit
C:\Users\Admin\PCAppStore\nwjs\locales\bg.pak.info
Filesize
831KB

MD5
f2a134d21e79420e0e025b2f5d0e0564

SHA1
e4f6ead92945b87c3b980878c707467dc84cd616

SHA256
4c125a498bd06dd1cbbe3e4f05dca6fa47ce19297ad9f92df3af65eaf0a05d67

SHA512
032e8c44c1edbf6ba3effce1d67e5355e926b5509c8aa3dcf15677efe9fe3a2bf27d81d7d7ffae3a5caae1755830ad016a11f1417dddbf49977bd52083aaee1b

Download Submit
C:\Users\Admin\PCAppStore\nwjs\nw.dll
Filesize
178.9MB

MD5
e24438b5912a6e923c536733eb08d677

SHA1
0ed6a371ce2f2120eaab25af54df95feb2cf1ef6

SHA256
6fa3ccd9d8a622b8042a0596f9e11430c5513df01762a512adb277ff4776e5a5

SHA512
95ae6d73e2f0c683a557a91abcff175439837a87434da641302d286519f5f54db50790f1b1752efd7758d44f8b2a26dc8d001d53236c6f417f4bfca76fa3064a

Download Submit
C:\Users\Admin\PCAppStore\nwjs\nw.dll
Filesize
175.7MB

MD5
858815fdb97b70b54595b4926276a369

SHA1
0501bd813e68d54ce4a9c9810673f8f9a55d3f5c

SHA256
439fac17b406630b3fd4453257ee2f086d2e91639f036c4bddd986d3d3d54094

SHA512
cf20a642f1eb794b602f826be5f977a68c1e78f7f09ac79a944b94779364304ed2cfa55c2563210a3c5cfa49dcd9036e620ba42d265f6115ef405f14ba5b7a9f

Download Submit
C:\Users\Admin\PCAppStore\nwjs\nw_elf.dll
Filesize
1.0MB

MD5
b58238a4c19e14ab64846be1c57be70a

SHA1
47f6d9ab46f579481b8f01b54f9e23f34f2c129e

SHA256
7a879b77ba31f4ead57c6efa19ab468c1ca72d0271fbb553fb7c02d00a250273

SHA512
9dc2d7b22ec0af9bb982fc6e1d46de1d30c408e6abac714ed8731cf5b8c95060564aa85b93989d68b4cad6cc358e47087f14790bbeb3f5609a035a5f35a61600

Download Submit
C:\Users\Admin\PCAppStore\nwjs\nw_elf.dll
Filesize
1.0MB

MD5
b58238a4c19e14ab64846be1c57be70a

SHA1
47f6d9ab46f579481b8f01b54f9e23f34f2c129e

SHA256
7a879b77ba31f4ead57c6efa19ab468c1ca72d0271fbb553fb7c02d00a250273

SHA512
9dc2d7b22ec0af9bb982fc6e1d46de1d30c408e6abac714ed8731cf5b8c95060564aa85b93989d68b4cad6cc358e47087f14790bbeb3f5609a035a5f35a61600

Download Submit
C:\Users\Admin\PCAppStore\ui\package.json
Filesize
2KB

MD5
34fd02368a4717326f0e4c9776c4b3da

SHA1
24cf4907d4d9a9e1243a108c3e6232f4bd767d93

SHA256
c465dfaaabad312164b43c25ae04ae3ccd9ed687116afa5f93c2e006e3d5157b

SHA512
58681b3ee95d9ffa5cb7e35b2fce06f45e4e1d2be51a2c4c6cc1caefb80d854d74853eac852f3e5b27d6b4c98fe28db60104199726d93e75f10c4e22ed1d88eb

Download Submit
\??\pipe\LOCAL\crashpad_1332_DGIEJGNCSKUGUGOR
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\??\pipe\crashpad_4488_BNDQLOJNCCVFNZNI
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/3040-788-0x00007FFA2B460000-0x00007FFA2C50B000-memory.dmp

Filesize
16.7MB

Download
memory/3040-808-0x00007FFA43CA0000-0x00007FFA43DB2000-memory.dmp

Filesize
1.1MB

Download
memory/3040-665-0x00007FF6E3290000-0x00007FF6E3388000-memory.dmp

Filesize
992KB

Download
memory/3040-666-0x00007FFA52B80000-0x00007FFA52BB4000-memory.dmp

Filesize
208KB

Download
memory/3040-679-0x00007FFA46990000-0x00007FFA46C44000-memory.dmp

Filesize
2.7MB

Download
memory/3040-709-0x00007FFA5AFB0000-0x00007FFA5AFC8000-memory.dmp

Filesize
96KB

Download
memory/3040-729-0x00007FFA4C290000-0x00007FFA4C2A1000-memory.dmp

Filesize
68KB

Download
memory/3040-716-0x00007FFA4CAB0000-0x00007FFA4CAC7000-memory.dmp

Filesize
92KB

Download
memory/3040-732-0x00007FFA4BA80000-0x00007FFA4BA97000-memory.dmp

Filesize
92KB

Download
memory/3040-735-0x00007FFA48FC0000-0x00007FFA48FD1000-memory.dmp

Filesize
68KB

Download
memory/3040-745-0x00007FFA468C0000-0x00007FFA468D1000-memory.dmp

Filesize
68KB

Download
memory/3040-740-0x00007FFA473E0000-0x00007FFA473FD000-memory.dmp

Filesize
116KB

Download
memory/3040-748-0x00007FFA44C00000-0x00007FFA44E00000-memory.dmp

Filesize
2.0MB

Download
memory/3040-768-0x00007FF6E3290000-0x00007FF6E3388000-memory.dmp

Filesize
992KB

Download
memory/3040-759-0x00007FFA2B460000-0x00007FFA2C50B000-memory.dmp

Filesize
16.7MB

Download
memory/3040-773-0x00007FFA52B80000-0x00007FFA52BB4000-memory.dmp

Filesize
208KB

Download
memory/3040-779-0x00007FFA46990000-0x00007FFA46C44000-memory.dmp

Filesize
2.7MB

Download
memory/5732-939-0x00007FFA4C590000-0x00007FFA4C5AD000-memory.dmp

Filesize
116KB

Download
memory/5732-907-0x00007FFA49480000-0x00007FFA49680000-memory.dmp

Filesize
2.0MB

Download
memory/5732-942-0x00007FFA4C550000-0x00007FFA4C567000-memory.dmp

Filesize
92KB

Download
memory/5732-921-0x00007FFA4D0E0000-0x00007FFA4D0F1000-memory.dmp

Filesize
68KB

Download
memory/5732-920-0x00007FFA4D100000-0x00007FFA4D111000-memory.dmp

Filesize
68KB

Download
memory/5732-918-0x00007FFA52B50000-0x00007FFA52B71000-memory.dmp

Filesize
132KB

Download
memory/5732-908-0x00007FFA4D470000-0x00007FFA4D4AF000-memory.dmp

Filesize
252KB

Download
memory/5732-905-0x00007FFA5B3A0000-0x00007FFA5B3B7000-memory.dmp

Filesize
92KB

Download
memory/5732-944-0x00007FFA4C0D0000-0x00007FFA4C127000-memory.dmp

Filesize
348KB

Download
memory/5732-950-0x00007FFA4C500000-0x00007FFA4C52F000-memory.dmp

Filesize
188KB

Download
memory/5732-958-0x00007FFA4C290000-0x00007FFA4C2A3000-memory.dmp

Filesize
76KB

Download
memory/5732-959-0x00007FFA4C0B0000-0x00007FFA4C0C1000-memory.dmp

Filesize
68KB

Download
memory/5732-960-0x00007FFA44C60000-0x00007FFA44D25000-memory.dmp

Filesize
788KB

Download
memory/5732-906-0x00007FFA5AFB0000-0x00007FFA5AFC1000-memory.dmp

Filesize
68KB

Download
memory/5732-967-0x00007FF6E3290000-0x00007FF6E3388000-memory.dmp

Filesize
992KB

Download
memory/5732-970-0x00007FFA52B80000-0x00007FFA52BB4000-memory.dmp

Filesize
208KB

Download
memory/5732-972-0x00007FFA46990000-0x00007FFA46C44000-memory.dmp

Filesize
2.7MB

Download
memory/5732-974-0x00007FFA467C0000-0x00007FFA468D2000-memory.dmp

Filesize
1.1MB

Download
memory/5732-976-0x00007FFA2B460000-0x00007FFA2C50B000-memory.dmp

Filesize
16.7MB

Download
memory/5732-943-0x00007FFA4C530000-0x00007FFA4C541000-memory.dmp

Filesize
68KB

Download
memory/5732-904-0x00007FFA5BF40000-0x00007FFA5BF58000-memory.dmp

Filesize
96KB

Download
memory/5732-902-0x00007FFA52B80000-0x00007FFA52BB4000-memory.dmp

Filesize
208KB

Download
memory/5732-903-0x00007FFA46990000-0x00007FFA46C44000-memory.dmp

Filesize
2.7MB

Download
memory/5732-901-0x00007FF6E3290000-0x00007FF6E3388000-memory.dmp

Filesize
992KB

Download
memory/5732-941-0x00007FFA2B460000-0x00007FFA2C50B000-memory.dmp

Filesize
16.7MB

Download
memory/5732-940-0x00007FFA4C570000-0x00007FFA4C581000-memory.dmp

Filesize
68KB

Download
memory/5732-925-0x00007FFA4D060000-0x00007FFA4D078000-memory.dmp

Filesize
96KB

Download
memory/5732-938-0x00007FFA4C5B0000-0x00007FFA4C5C1000-memory.dmp

Filesize
68KB

Download
memory/5732-937-0x00007FFA4C5D0000-0x00007FFA4C5E7000-memory.dmp

Filesize
92KB

Download
memory/5732-936-0x00007FFA467C0000-0x00007FFA468D2000-memory.dmp

Filesize
1.1MB

Download
memory/5732-919-0x00007FFA53200000-0x00007FFA53218000-memory.dmp

Filesize
96KB

Download
memory/5732-935-0x00007FFA4BD20000-0x00007FFA4BE98000-memory.dmp

Filesize
1.5MB

Download
memory/5732-934-0x00007FFA4CAB0000-0x00007FFA4CAC1000-memory.dmp

Filesize
68KB

Download
memory/5732-922-0x00007FFA4D0C0000-0x00007FFA4D0D1000-memory.dmp

Filesize
68KB

Download
memory/5732-923-0x00007FFA4D0A0000-0x00007FFA4D0BB000-memory.dmp

Filesize
108KB

Download
memory/5732-933-0x00007FFA4CBD0000-0x00007FFA4CBE1000-memory.dmp

Filesize
68KB

Download
memory/5732-924-0x00007FFA4D080000-0x00007FFA4D091000-memory.dmp

Filesize
68KB

Download
memory/5732-932-0x00007FFA4C5F0000-0x00007FFA4C65F000-memory.dmp

Filesize
444KB

Download
memory/5732-930-0x00007FFA4CBF0000-0x00007FFA4CC57000-memory.dmp

Filesize
412KB

Download
memory/5732-926-0x00007FFA4CC60000-0x00007FFA4CC90000-memory.dmp

Filesize
192KB

Download

pid	process
2468	Setup.exe
5680	nsaD50A.tmp
6124	nsaD50A.tmp
928	PcAppStore.exe
5284	NW_store.exe
5268	NW_store.exe
5276	NW_store.exe