84ae00d2fcc746a46bf7e2438d76a41fc44c1a977480d0fb79bd75068ffbee0b

Analysis

max time kernel
178s
max time network
180s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
14/06/2023, 16:39

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Setup.exe
Size

106KB
MD5

acf14c477ec9866b9dd67327b58511b9
SHA1

5e379f9c38763dd302071e39359b485112be7650
SHA256

27f42a8c69d66721170a26697cd86b6013e31a7b94b0db8c9e6f427d647b8b5b
SHA512

98ea43411bf43e40bc41a69fa51a7a9dae9f29073bb930f60065406e3b5fbef08287491dd27b26c6160ef1fd6695666b5faa018b5cc0c230605d03ecf081c744
SSDEEP

1536:z/T2X/jN2vxZz0DTHUpou4JezAaBxE+1zyYCDtpXOr9m5+HMVKN578+Px2:zbG7N2kDTHUpouOnOPzy5n+7bvlx2

Score

8^/10

discovery persistence

Malware Config

Signatures

Downloads MZ/PE file

Adds Run key to start application 2 TTPs 4 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\Software\Microsoft\Windows\CurrentVersion\Run	nsmA5DC.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\PCApp = "\"C:\\Users\\Admin\\PCAppStore\\PcAppStore.exe\" /init default"	nsmA5DC.tmp
Key created	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\Software\Microsoft\Windows\CurrentVersion\Run	PcAppStore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\PCAppStoreAutoUpdater = "\"C:\\Users\\Admin\\PCAppStore\\AutoUpdater.exe\" /i"	PcAppStore.exe

Checks computer location settings 2 TTPs 3 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\Control Panel\International\Geo\Nation	PcAppStore.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\Control Panel\International\Geo\Nation	NW_store.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\Control Panel\International\Geo\Nation	NW_store.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\d34f0f30-1123-4485-865a-1ea38d69719a.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20230614163948.pma	setup.exe

Executes dropped EXE 16 IoCs

pid	Process
4708	nsmA5DC.tmp
2420	nsmA5DC.tmp
228	PcAppStore.exe
3100	NW_store.exe
1548	NW_store.exe
4004	NW_store.exe
436	NW_store.exe
4584	NW_store.exe
2248	NW_store.exe
3940	NW_store.exe
4916	NW_store.exe
2088	NW_store.exe
4192	NW_store.exe
368	NW_store.exe
6040	PcAppStore.exe
5784	PcAppStore.exe

Loads dropped DLL 52 IoCs

pid	Process
5032	Setup.exe
5032	Setup.exe
5032	Setup.exe
5032	Setup.exe
5032	Setup.exe
5032	Setup.exe
2420	nsmA5DC.tmp
2420	nsmA5DC.tmp
2420	nsmA5DC.tmp
2420	nsmA5DC.tmp
2420	nsmA5DC.tmp
2420	nsmA5DC.tmp
2420	nsmA5DC.tmp
2420	nsmA5DC.tmp
2420	nsmA5DC.tmp
2420	nsmA5DC.tmp
2420	nsmA5DC.tmp
3100	NW_store.exe
3100	NW_store.exe
3100	NW_store.exe
1548	NW_store.exe
4004	NW_store.exe
4584	NW_store.exe
436	NW_store.exe
4584	NW_store.exe
4584	NW_store.exe
2248	NW_store.exe
436	NW_store.exe
2248	NW_store.exe
2248	NW_store.exe
2248	NW_store.exe
2248	NW_store.exe
2248	NW_store.exe
2248	NW_store.exe
2248	NW_store.exe
436	NW_store.exe
3940	NW_store.exe
3940	NW_store.exe
3940	NW_store.exe
3940	NW_store.exe
4916	NW_store.exe
4916	NW_store.exe
4916	NW_store.exe
2088	NW_store.exe
2088	NW_store.exe
2088	NW_store.exe
4192	NW_store.exe
368	NW_store.exe
368	NW_store.exe
368	NW_store.exe
4192	NW_store.exe
4192	NW_store.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	NW_store.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	NW_store.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	NW_store.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	NW_store.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133312344691168478"	NW_store.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2548970870-3691742953-3895070203-1000\{4FF51938-F783-4502-BE25-C8BECCB16461}	msedge.exe

Modifies system certificate store 2 TTPs 3 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25	NW_store.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	NW_store.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	NW_store.exe

Suspicious behavior: EnumeratesProcesses 50 IoCs

pid	Process
5032	Setup.exe
5032	Setup.exe
5032	Setup.exe
5032	Setup.exe
5032	Setup.exe
5032	Setup.exe
5032	Setup.exe
5032	Setup.exe
4736	msedge.exe
4736	msedge.exe
2408	msedge.exe
2408	msedge.exe
892	msedge.exe
892	msedge.exe
2420	nsmA5DC.tmp
2420	nsmA5DC.tmp
2420	nsmA5DC.tmp
2420	nsmA5DC.tmp
4028	identity_helper.exe
4028	identity_helper.exe
2420	nsmA5DC.tmp
2420	nsmA5DC.tmp
2420	nsmA5DC.tmp
2420	nsmA5DC.tmp
228	PcAppStore.exe
228	PcAppStore.exe
3100	NW_store.exe
3100	NW_store.exe
4584	NW_store.exe
4584	NW_store.exe
2248	NW_store.exe
2248	NW_store.exe
436	NW_store.exe
436	NW_store.exe
3940	NW_store.exe
3940	NW_store.exe
4916	NW_store.exe
4916	NW_store.exe
2088	NW_store.exe
2088	NW_store.exe
228	PcAppStore.exe
228	PcAppStore.exe
368	NW_store.exe
368	NW_store.exe
4192	NW_store.exe
4192	NW_store.exe
5196	msedge.exe
5196	msedge.exe
5196	msedge.exe
5196	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3100	NW_store.exe
Token: SeCreatePagefilePrivilege	3100	NW_store.exe
Token: SeShutdownPrivilege	3100	NW_store.exe
Token: SeCreatePagefilePrivilege	3100	NW_store.exe
Token: SeShutdownPrivilege	3100	NW_store.exe
Token: SeCreatePagefilePrivilege	3100	NW_store.exe
Token: SeShutdownPrivilege	3100	NW_store.exe
Token: SeCreatePagefilePrivilege	3100	NW_store.exe
Token: SeShutdownPrivilege	3100	NW_store.exe
Token: SeCreatePagefilePrivilege	3100	NW_store.exe
Token: SeShutdownPrivilege	3100	NW_store.exe
Token: SeCreatePagefilePrivilege	3100	NW_store.exe
Token: SeShutdownPrivilege	3100	NW_store.exe
Token: SeCreatePagefilePrivilege	3100	NW_store.exe
Token: SeShutdownPrivilege	3100	NW_store.exe
Token: SeCreatePagefilePrivilege	3100	NW_store.exe
Token: SeSecurityPrivilege	5372	msiexec.exe
Token: SeShutdownPrivilege	3100	NW_store.exe
Token: SeCreatePagefilePrivilege	3100	NW_store.exe
Token: SeShutdownPrivilege	3100	NW_store.exe
Token: SeCreatePagefilePrivilege	3100	NW_store.exe
Token: SeShutdownPrivilege	3100	NW_store.exe
Token: SeCreatePagefilePrivilege	3100	NW_store.exe
Token: SeShutdownPrivilege	3100	NW_store.exe
Token: SeCreatePagefilePrivilege	3100	NW_store.exe
Token: SeShutdownPrivilege	3100	NW_store.exe
Token: SeCreatePagefilePrivilege	3100	NW_store.exe
Token: SeShutdownPrivilege	3100	NW_store.exe
Token: SeCreatePagefilePrivilege	3100	NW_store.exe
Token: SeShutdownPrivilege	3100	NW_store.exe
Token: SeCreatePagefilePrivilege	3100	NW_store.exe
Token: SeShutdownPrivilege	3100	NW_store.exe
Token: SeCreatePagefilePrivilege	3100	NW_store.exe
Token: SeShutdownPrivilege	3100	NW_store.exe
Token: SeCreatePagefilePrivilege	3100	NW_store.exe
Token: SeShutdownPrivilege	3100	NW_store.exe
Token: SeCreatePagefilePrivilege	3100	NW_store.exe
Token: SeShutdownPrivilege	3100	NW_store.exe
Token: SeCreatePagefilePrivilege	3100	NW_store.exe
Token: SeShutdownPrivilege	3100	NW_store.exe
Token: SeCreatePagefilePrivilege	3100	NW_store.exe
Token: SeShutdownPrivilege	3100	NW_store.exe
Token: SeCreatePagefilePrivilege	3100	NW_store.exe
Token: SeShutdownPrivilege	3100	NW_store.exe
Token: SeCreatePagefilePrivilege	3100	NW_store.exe
Token: SeShutdownPrivilege	3100	NW_store.exe
Token: SeCreatePagefilePrivilege	3100	NW_store.exe
Token: SeShutdownPrivilege	3100	NW_store.exe
Token: SeCreatePagefilePrivilege	3100	NW_store.exe
Token: SeShutdownPrivilege	3100	NW_store.exe
Token: SeCreatePagefilePrivilege	3100	NW_store.exe
Token: SeShutdownPrivilege	3100	NW_store.exe
Token: SeCreatePagefilePrivilege	3100	NW_store.exe
Token: SeShutdownPrivilege	3100	NW_store.exe
Token: SeCreatePagefilePrivilege	3100	NW_store.exe
Token: SeShutdownPrivilege	3100	NW_store.exe
Token: SeCreatePagefilePrivilege	3100	NW_store.exe
Token: SeShutdownPrivilege	3100	NW_store.exe
Token: SeCreatePagefilePrivilege	3100	NW_store.exe
Token: SeShutdownPrivilege	3100	NW_store.exe
Token: SeCreatePagefilePrivilege	3100	NW_store.exe
Token: SeShutdownPrivilege	3100	NW_store.exe
Token: SeCreatePagefilePrivilege	3100	NW_store.exe
Token: SeShutdownPrivilege	3100	NW_store.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
228	PcAppStore.exe
228	PcAppStore.exe
228	PcAppStore.exe
3100	NW_store.exe
3100	NW_store.exe
3100	NW_store.exe
3100	NW_store.exe
3100	NW_store.exe
3100	NW_store.exe
3100	NW_store.exe
3100	NW_store.exe
3100	NW_store.exe
3100	NW_store.exe
3100	NW_store.exe
3100	NW_store.exe
3100	NW_store.exe
3100	NW_store.exe
228	PcAppStore.exe
228	PcAppStore.exe
3100	NW_store.exe
3100	NW_store.exe
3100	NW_store.exe
3100	NW_store.exe

Suspicious use of SendNotifyMessage 4 IoCs

pid	Process
228	PcAppStore.exe
228	PcAppStore.exe
228	PcAppStore.exe
228	PcAppStore.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5032 wrote to memory of 2408	5032	Setup.exe	90
PID 5032 wrote to memory of 2408	5032	Setup.exe	90
PID 2408 wrote to memory of 3572	2408	msedge.exe	91
PID 2408 wrote to memory of 3572	2408	msedge.exe	91
PID 2408 wrote to memory of 3548	2408	msedge.exe	93
PID 2408 wrote to memory of 3548	2408	msedge.exe	93
PID 2408 wrote to memory of 3548	2408	msedge.exe	93
PID 2408 wrote to memory of 3548	2408	msedge.exe	93
PID 2408 wrote to memory of 3548	2408	msedge.exe	93
PID 2408 wrote to memory of 3548	2408	msedge.exe	93
PID 2408 wrote to memory of 3548	2408	msedge.exe	93
PID 2408 wrote to memory of 3548	2408	msedge.exe	93
PID 2408 wrote to memory of 3548	2408	msedge.exe	93
PID 2408 wrote to memory of 3548	2408	msedge.exe	93
PID 2408 wrote to memory of 3548	2408	msedge.exe	93
PID 2408 wrote to memory of 3548	2408	msedge.exe	93
PID 2408 wrote to memory of 3548	2408	msedge.exe	93
PID 2408 wrote to memory of 3548	2408	msedge.exe	93
PID 2408 wrote to memory of 3548	2408	msedge.exe	93
PID 2408 wrote to memory of 3548	2408	msedge.exe	93
PID 2408 wrote to memory of 3548	2408	msedge.exe	93
PID 2408 wrote to memory of 3548	2408	msedge.exe	93
PID 2408 wrote to memory of 3548	2408	msedge.exe	93
PID 2408 wrote to memory of 3548	2408	msedge.exe	93
PID 2408 wrote to memory of 3548	2408	msedge.exe	93
PID 2408 wrote to memory of 3548	2408	msedge.exe	93
PID 2408 wrote to memory of 3548	2408	msedge.exe	93
PID 2408 wrote to memory of 3548	2408	msedge.exe	93
PID 2408 wrote to memory of 3548	2408	msedge.exe	93
PID 2408 wrote to memory of 3548	2408	msedge.exe	93
PID 2408 wrote to memory of 3548	2408	msedge.exe	93
PID 2408 wrote to memory of 3548	2408	msedge.exe	93
PID 2408 wrote to memory of 3548	2408	msedge.exe	93
PID 2408 wrote to memory of 3548	2408	msedge.exe	93
PID 2408 wrote to memory of 3548	2408	msedge.exe	93
PID 2408 wrote to memory of 3548	2408	msedge.exe	93
PID 2408 wrote to memory of 3548	2408	msedge.exe	93
PID 2408 wrote to memory of 3548	2408	msedge.exe	93
PID 2408 wrote to memory of 3548	2408	msedge.exe	93
PID 2408 wrote to memory of 3548	2408	msedge.exe	93
PID 2408 wrote to memory of 3548	2408	msedge.exe	93
PID 2408 wrote to memory of 3548	2408	msedge.exe	93
PID 2408 wrote to memory of 3548	2408	msedge.exe	93
PID 2408 wrote to memory of 3548	2408	msedge.exe	93
PID 2408 wrote to memory of 4736	2408	msedge.exe	92
PID 2408 wrote to memory of 4736	2408	msedge.exe	92
PID 2408 wrote to memory of 5084	2408	msedge.exe	95
PID 2408 wrote to memory of 5084	2408	msedge.exe	95
PID 2408 wrote to memory of 5084	2408	msedge.exe	95
PID 2408 wrote to memory of 5084	2408	msedge.exe	95
PID 2408 wrote to memory of 5084	2408	msedge.exe	95
PID 2408 wrote to memory of 5084	2408	msedge.exe	95
PID 2408 wrote to memory of 5084	2408	msedge.exe	95
PID 2408 wrote to memory of 5084	2408	msedge.exe	95
PID 2408 wrote to memory of 5084	2408	msedge.exe	95
PID 2408 wrote to memory of 5084	2408	msedge.exe	95
PID 2408 wrote to memory of 5084	2408	msedge.exe	95
PID 2408 wrote to memory of 5084	2408	msedge.exe	95
PID 2408 wrote to memory of 5084	2408	msedge.exe	95
PID 2408 wrote to memory of 5084	2408	msedge.exe	95
PID 2408 wrote to memory of 5084	2408	msedge.exe	95
PID 2408 wrote to memory of 5084	2408	msedge.exe	95
PID 2408 wrote to memory of 5084	2408	msedge.exe	95
PID 2408 wrote to memory of 5084	2408	msedge.exe	95

C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:5032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pcapp.store/installing.php?guid=3C2DDB0C-D60D-4DBD-84CE-AB7CACA42E67X&winver=19041&version=fa.1060&nocache=20230614163927.34
  2⤵
  - Enumerates system info in registry
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:2408
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff86f6646f8,0x7ff86f664708,0x7ff86f664718
    3⤵
    PID:3572
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,18414668362621447430,4096123671603873487,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4736
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,18414668362621447430,4096123671603873487,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
    3⤵
    PID:3548
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,18414668362621447430,4096123671603873487,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2740 /prefetch:8
    3⤵
    PID:5084
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,18414668362621447430,4096123671603873487,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
    3⤵
    PID:4200
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,18414668362621447430,4096123671603873487,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
    3⤵
    PID:4696
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,18414668362621447430,4096123671603873487,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:1
    3⤵
    PID:3036
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,18414668362621447430,4096123671603873487,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1
    3⤵
    PID:3408
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2128,18414668362621447430,4096123671603873487,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3448 /prefetch:8
    3⤵
    - Modifies registry class
    - Suspicious behavior: EnumeratesProcesses
    PID:892
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2128,18414668362621447430,4096123671603873487,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3496 /prefetch:8
    3⤵
    PID:3224
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,18414668362621447430,4096123671603873487,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:1
    3⤵
    PID:4368
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,18414668362621447430,4096123671603873487,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:1
    3⤵
    PID:3596
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,18414668362621447430,4096123671603873487,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5648 /prefetch:8
    3⤵
    PID:992
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
    3⤵
    - Drops file in Program Files directory
    PID:4972
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x23c,0x240,0x244,0x1f8,0x248,0x7ff750605460,0x7ff750605470,0x7ff750605480
      4⤵
      PID:1552
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,18414668362621447430,4096123671603873487,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5648 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4028
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,18414668362621447430,4096123671603873487,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4940 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5196
- C:\Users\Admin\AppData\Local\Temp\nsmA5DC.tmp
  "C:\Users\Admin\AppData\Local\Temp\nsmA5DC.tmp" /verify
  2⤵
  - Executes dropped EXE
  PID:4708
- C:\Users\Admin\AppData\Local\Temp\nsmA5DC.tmp
  "C:\Users\Admin\AppData\Local\Temp\nsmA5DC.tmp" /internal /force
  2⤵
  - Adds Run key to start application
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:2420
- - C:\Users\Admin\PCAppStore\PcAppStore.exe
    "C:\Users\Admin\PCAppStore\PcAppStore.exe" /init default
    3⤵
    - Adds Run key to start application
    - Checks computer location settings
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    PID:228
  - - C:\Users\Admin\PCAppStore\nwjs\NW_store.exe
      "C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" .\ui\.
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      Enumerates system info in registry
      Modifies data under HKEY_USERS
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of FindShellTrayWindow
      PID:3100
    - - C:\Users\Admin\PCAppStore\nwjs\NW_store.exe
        
        C:\Users\Admin\PCAppStore\nwjs\NW_store.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\pc_app_store\User Data" /prefetch:7 --monitor-self --monitor-self-argument=--type=crashpad-handler "--monitor-self-argument=--user-data-dir=C:\Users\Admin\AppData\Local\pc_app_store\User Data" --monitor-self-argument=/prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\pc_app_store\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\pc_app_store\User Data" --annotation=plat=Win64 --annotation=prod=pc_app_store --annotation=ver=0.1.0 --initial-client-data=0x2a8,0x2ac,0x2b0,0x284,0x2b4,0x7ff8705e9b48,0x7ff8705e9b58,0x7ff8705e9b68
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1548
      - C:\Users\Admin\PCAppStore\nwjs\NW_store.exe
        
        C:\Users\Admin\PCAppStore\nwjs\NW_store.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\pc_app_store\User Data" /prefetch:7 --no-periodic-tasks --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\pc_app_store\User Data\Crashpad" --annotation=plat=Win64 --annotation=prod=pc_app_store --annotation=ver=0.1.0 --initial-client-data=0x144,0x148,0x14c,0x134,0x150,0x7ff69ff01da0,0x7ff69ff01db0,0x7ff69ff01dc0
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:4004
    - - C:\Users\Admin\PCAppStore\nwjs\NW_store.exe
        
        "C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --mojo-platform-channel-handle=2116 --field-trial-handle=2040,i,3301959182288116131,1570097510309369404,131072 /prefetch:8
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        
        PID:4584
    - - C:\Users\Admin\PCAppStore\nwjs\NW_store.exe
        
        "C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --start-stack-profiler --mojo-platform-channel-handle=1844 --field-trial-handle=2040,i,3301959182288116131,1570097510309369404,131072 /prefetch:8
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies system certificate store
        Suspicious behavior: EnumeratesProcesses
        
        PID:436
    - - C:\Users\Admin\PCAppStore\nwjs\NW_store.exe
        
        "C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --nwjs --extension-process --first-renderer-process --no-sandbox --file-url-path-alias="/gen=C:\Users\Admin\PCAppStore\nwjs\gen" --no-zygote --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2884 --field-trial-handle=2040,i,3301959182288116131,1570097510309369404,131072 /prefetch:1
        5⤵
        Checks computer location settings
        Executes dropped EXE
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        
        PID:3940
    - - C:\Users\Admin\PCAppStore\nwjs\NW_store.exe
        
        "C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=gpu-process --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --start-stack-profiler --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1608 --field-trial-handle=2040,i,3301959182288116131,1570097510309369404,131072 /prefetch:2
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        
        PID:2248
    - - C:\Users\Admin\PCAppStore\nwjs\NW_store.exe
        
        "C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --mojo-platform-channel-handle=3804 --field-trial-handle=2040,i,3301959182288116131,1570097510309369404,131072 /prefetch:8
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        
        PID:4916
    - - C:\Users\Admin\PCAppStore\nwjs\NW_store.exe
        
        "C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --mojo-platform-channel-handle=2876 --field-trial-handle=2040,i,3301959182288116131,1570097510309369404,131072 /prefetch:8
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        
        PID:2088
    - - C:\Users\Admin\PCAppStore\nwjs\NW_store.exe
        
        "C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --mojo-platform-channel-handle=4108 --field-trial-handle=2040,i,3301959182288116131,1570097510309369404,131072 /prefetch:8
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        
        PID:4192
    - - C:\Users\Admin\PCAppStore\nwjs\NW_store.exe
        
        "C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --mojo-platform-channel-handle=4144 --field-trial-handle=2040,i,3301959182288116131,1570097510309369404,131072 /prefetch:8
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        
        PID:368

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2540

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5372

C:\Users\Admin\PCAppStore\PcAppStore.exe
"C:\Users\Admin\PCAppStore\PcAppStore.exe" /init default showM
1⤵
- Executes dropped EXE
PID:6040

C:\Users\Admin\PCAppStore\PcAppStore.exe
"C:\Users\Admin\PCAppStore\PcAppStore.exe" /init default showM
1⤵
- Executes dropped EXE
PID:5784

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\14561BF7422BB6F70A9CB14F5AA8A7DA_D6E78B0AEA84104DBBC037A2B5332C92

Filesize
727B

MD5
f7e6afb123d7f1564d2b41c5d6f11d02

SHA1
56ac85bf4e90236c604b5087b357181269c31d80

SHA256
4e3c7d869a182f1fce39fd2c514deae3f33c8f1497180f29632532c935c5d078

SHA512
549bbc9c6f358e57a70a408dca6b2e371bde3db95e57b6b6da0a557f54ed92e7fdb4200f22de534f3c8989da96c69f1cae77fbfd330cac1b4fe1bb9a1ee8b68e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_23FFFDCAABB8E63694AD1202ED02BF57

Filesize
471B

MD5
67151b4e823a1254ca5bac63f0a055a2

SHA1
bc7d914c70be93c9665fe51fc59a0afa502097f8

SHA256
d1e2cacf37e36e7877d8922c4ee2c5720dcb4404f625c4ba562f39e39f99771a

SHA512
60c71ebb87c76c2945c205b9acb8f27ddf25b500ff4eb058d950ed39d038c7a266ca4ce0e74e7af738836284a956eca32988f344d327e816cd9ef5b5ae923a0a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\14561BF7422BB6F70A9CB14F5AA8A7DA_D6E78B0AEA84104DBBC037A2B5332C92

Filesize
408B

MD5
e5c33647e4885fe461a059e8a0da6802

SHA1
5280c58175dc2a6480e7123fe89404ae48186858

SHA256
d56e61a29cf9cee2f0f64fcb666abf03dc10546633d9d582fec0b05e73f4e882

SHA512
3d3a0261b86dab97898f579380a06660433602b676c8e105b923d0824741bdb4d92cb0ac0d654490be7b0ad52d239b9e2d3d813f9aecea25a75be6243ed1dba1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_23FFFDCAABB8E63694AD1202ED02BF57

Filesize
400B

MD5
3951f8fa857e5960c1854502b5da5a12

SHA1
bd9dc23322ff25fd0ccf837eb784d1a53fcc5e58

SHA256
0cd55f235319b40f129053a3fce162e61e558a94f63092e2115cfe8405df11b9

SHA512
67b773057ef95d5e4dfb4de1ad960dc962cf34594d340ed1db03c2f5879f2c6e4def65b649fa99e6d33fb01e20232a9b8e3c0e7742617a4a1a078fd810c3c61d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ae2c65ccf1085f2a624551421576a3ee

SHA1
f1dea6ccfbd7803cc4489b9260758b8ad053e08e

SHA256
49bfbbfbdb367d1c91863108c87b4f2f2cfffbbbb5e9c1256344bc7f52038c54

SHA512
3abbfbb4804c6b1d1a579e56a04057f5d9c52cfd48ecbae42d919398f70da2eacd5a35cb3c3d0a559ad3515fadb1734b0d47be48dce0fdd9fd11578948a6c7ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c3770be634be8da92e71a3f9f76d79d3

SHA1
f4538b79d313dd46e55d1fd3e6ca3d4681fe4c3f

SHA256
23549094c00feed7abf21e56caae3c8b22a7bd89cfc2f5ea369cf13259273432

SHA512
09c1a087be6dcb49fd0725936571946266f31298f8ae141d59b9ac60f3f0fe8e7d964f661818d72682633845b48dbb906d8c89bb33bd2060bb4971b3e14fc4a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
d024281499a9ff31e436e20d09e0fcbf

SHA1
51adeff8ef2008ce4be5768d5976177a3f742cc7

SHA256
89c6e585fc110c9a4ec4b978006eec3a46ceb237461b294d57287d503c4d14b4

SHA512
79a335ed5a5d63302fa37dbce50a48cb3c53b126b7ea306f504351be6d3312d4361627e5f216c4f9670ddd93370dfdfd72b0a2eafcf65b2a498275eb725825f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
42b64ff6a323898a9b51824831baac94

SHA1
7710574633fe0446bc5471665b34ef93041c226f

SHA256
0ab87bfdf1be8bc60590c3c182d69f170839605155b104d7539aa272191da91d

SHA512
ff8edfa7110c46506ae5a9346709d33c3256d81e2f8d0f9909d3696c0405578c581649e226ac1c909d74488e9604f534b4f3df21d30179cb7c5e89741adc2bdb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk

Filesize
2KB

MD5
db26c2586ab914759eaf91292e70cfc4

SHA1
30f78ca95e9e4ee4f30a6cbc9e24ea49e0d74d9a

SHA256
cda327805392d54d2b7a4ba48221230169635cd97ef674d898956baf04493cb8

SHA512
e38463e4f2866e306e6eda0cbb43c244b7620d0eccd2cf0e45f6f7f632bbbc22a2b2516d67c10758fa9df11260fcab3a07eff02220e548bbc35faf324386926f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
269312c80b69571da59d0d12d325de78

SHA1
5937bce9ac47e3be6a2a1c757415a89128cb1102

SHA256
cdd0efde772518d34d8cb8fa3c20a11c37710dc80cb71fb14c659426b3008154

SHA512
fa96a32c65c95171293b8f67182a523a2d00fc715af6283bf944c07c7cdfb2beaa158095fa86f77fc869859dd4c00d891025bc82fc4151cf9c0bde39000da2cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
8485fb4ee07edd8800eb24f4667a1cea

SHA1
4dd3c33b29fbdcfebd5c4f3e5b8ff658ec00d5cf

SHA256
ff70d47b49eade91428fe83047d1b113eaaeac70e57af641fb6ff813fc334ed4

SHA512
0d29cadfa3367b65b50a0799fb890805e328539f74cd0e9b3197e3248034c9e9856affd86662b49281cf41387a67e1236c09d00e1248bd8455cf300226ffa273

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
43ea46c20535930f35a6d80ef65e35e9

SHA1
849f4736dc82b77b703efe08ef9f3b42c7986e03

SHA256
76705e96059fa6d8df7ebe72310f27990022568c081d350acc0e91236b84d928

SHA512
70fe161154e3fffc8d64df9cfcaeef104ee30988a93a35f79964374666694d5e87b4d1713dbc8dd826b46c5652e90a06eb3e87eda9a5966d1a9a6bdea6852899

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a01943cb0f2a9fb49725a1a718bd56e3

SHA1
9f98a4b8ab0517a56de9ae0e19cb5e6e7de512f1

SHA256
6081928efc7ea4ab496bc794bbe7bc8a9da8e5d648d5e6f32678ee1679be2ba2

SHA512
206cd452dd11b27f68196b0aa607c5a8e6c31d7530933634d6e23e5d84638a748b8101d5b5f368d77909b3c8395b41729dc51a52b0b7bd7e9de0f5888faa3c5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
b3fbb8a02260d5e41407a7e1af3ee2f6

SHA1
9180c8b9593405936b0fe52272571b63829525d4

SHA256
8c1434a31409aa606a51bdae37e0853597cb408a2cf199f05e02705df3fc15de

SHA512
8a6ec40722054025a8969a80e795b026fc806a0710eb2f9e016feb68cc09a19333404a8a62910e9b0335729fd64e8e1b6250513ffc334dc8d669d96de62eb5d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
cfd585ce0db9a1484f8223dc2cfce2f8

SHA1
4e5e287160c05ecdff8acdfa0899faa5bad4de82

SHA256
0bcae3ddcadfadb917e4f910daefde07af8d2708b7795f3a1146102dcf6cf445

SHA512
b45dd6c3231a79155508d807d4b6f839d49e6120841c4f31147a83039515d3358822fa1fa4ae6f770b4369b96f221326c0b80dc2f0cd99d605440b12c93fb648

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
534B

MD5
ada80d8d72342b20ec076d4198bd3893

SHA1
2667b3d5cb94513f3a771027f546b929d1961eed

SHA256
833bde2bf89b62fc541bbd19300ed54dfa69f30739ab137d62ee598ad47facf0

SHA512
4bdbe3e8844dac625fd13de9d62dd5fafb9ea2effb8f96d22559bd0e8e7b78184a5b4826a54a7350e9c33b9a842753403246728008552fbad999ec83de236d12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
534B

MD5
9ea1a654fc472c6758c16975de2d994c

SHA1
06c37758f1e800dd3acb804d119e41ef6235fe45

SHA256
b745701498bdafcc9cf692ecd6255e5d78f115cd53777522ded9e97df97a4d5b

SHA512
f91800c398f19c8331168f51f3589b0010f75eb2812c5f13d314310589856f28299639110868f0b43e2ceaf71e0ffca61d1b58f2d1cc8e6d117badb640dfaca8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
534B

MD5
27a5ede9f4f274afcb185963afe72d03

SHA1
a94415af7d488f84f8e056a9eed60508df58b249

SHA256
71d02fa7b7ccb9d255533f5938ef6ac83a660528a0bb5a82cffd4eea08e56b50

SHA512
e0f4de82caaf3c08bd8243d4b98b79b3458ae36903ce65608a006d084a9a22f8b7b7926fd3e1c3a5cffb2b7dd7c07277da14e89a7c5551144d9a4048e12b4ac4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
534B

MD5
d5cc4f49f72a03c0091d321af5c36b09

SHA1
b8fbec8487b7e4810da66037996c028122ed5b39

SHA256
81ca1a31dce96b54717efacf98517eebb403df87934238afd0ea8ba6b8656597

SHA512
2442cde16b39258a262a88daecdde45953fd0f55d673ede2058f786fd8275f293fa8176b52a7df60196b1ca71b613ab5802fa988ae514b5835318b14e3970e70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
534B

MD5
71108ea2f46462b06d1a1e324f75e73d

SHA1
efaeac9bbc7e3afa6abc52af556037b1d75e3365

SHA256
c53e697635942829e2a87803ca35d0aece2954e40d8aecdba035f56c1a411ab6

SHA512
c294fd812f6d09381eddb464328e8ba45940c0d0d738e0567fcb5137894ce21f259fafb891f0e3fe2de04585967b6b8c520c70a959e5ca4ee34f4f8437e2db88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5729cf.TMP

Filesize
534B

MD5
a5e5f9b1c5a1407922cbd3d575967852

SHA1
0ceae0e973c443f0ed5a10c4e180d8b4deb5aa91

SHA256
198f10abcde422f34ea533fe9a8a79a06543dd5ebc41d52c811e940cb1474bb8

SHA512
e888f1e2a61f8c87249d87e9e5d39ff172b7c4e0d03b91420dbd0ac935efcc00a26ab24a6f9887c390f40ce907c056aa1c7a0a363a3d39386bb15a6c2da05539

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
13KB

MD5
fb2785705156f8229bc829bb0c603cf6

SHA1
85474be4760f35b29dd67bb79810130014135693

SHA256
9f9e2b94791483c217aaf0a36fbc1d42862d1c64f71d60d6f54736cb54db0541

SHA512
4e32a0b9bc5e098a5fc63a8273e2a3ad30a63fbefc78e05a91b7e9c388a268dea7d06ead7a5a1f1533589451c122e117be54c7b8a31c07b60954e404f7f7668f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
13KB

MD5
166c4c8cdd94dde7b2c92de1186dd16a

SHA1
0a37a450b534220958d4532ae87782beee9cffa3

SHA256
5fb793737d469d4c7fa9c07f13bd102777e101be2eb63e747962c736eeab8c65

SHA512
a110305bcc3694549cabdb52589e0ee50ec3c366fea386bb357092eabf8723f6e74981127e078847c1a675096c226a5c02e78db070a903041f689205f82bfb5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
9KB

MD5
e8a2735119be32a9c0c6a607a142a35c

SHA1
9f914b13c7c10a4dc8b0cb4123cc4e0e1d0ea708

SHA256
79567d5967d56959549ffe100531288be1613ef7fb4d1e3716895726df9724ac

SHA512
7be42484097f078a054b58f3373a3dac4708091345f2368061d61e013522010f1fd78bfb3b828d4c80488d5920c03e3c724c85c1c46e3432f975b4f343721321

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
e058777600030a404ebf4623a353872f

SHA1
a87ef7292da1bf6d6690a44236f7e1ca93cdf8bb

SHA256
ff46193edce77a16aba24e5ae33936291bf19d3d48679f1f0c076a4acf3f06fc

SHA512
62a82ea2b176b140c2e854d0b47f5e7185b627eef8c41958504b14f35e6b52f32b74113710cc072c0784dbcb1122654eac31c258dd3dda49520067e816fb8722

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
13KB

MD5
02cedf9746db5fd18c3bbf9a09215599

SHA1
a83cde43daf3074dc0d121a9f60c4131ebc3689d

SHA256
480d9c423dd5f4f2ef72b43299b6346cb5fd57d3671eef84642369c4f9cc99a5

SHA512
dbecd9a33fa244f3adb82b782211f85bfd9b7480f7783fae7d5c2365041941fce70d9fa56303134076689c38f909c32bd3290923fdb8a837ba3e38be07d9a00a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsg6557.tmp\System.dll

Filesize
12KB

MD5
cff85c549d536f651d4fb8387f1976f2

SHA1
d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e

SHA256
8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8

SHA512
531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsg6557.tmp\System.dll

Filesize
12KB

MD5
cff85c549d536f651d4fb8387f1976f2

SHA1
d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e

SHA256
8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8

SHA512
531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsg6557.tmp\image.gif

Filesize
997B

MD5
1636218c14c357455b5c872982e2a047

SHA1
21fbd1308af7ad25352667583a8dc340b0847dbc

SHA256
9b8b6285bf65f086e08701eee04e57f2586e973a49c5a38660c9c6502a807045

SHA512
837fa6bcbe69a3728f5cb4c25c35c1d13e84b11232fc5279a91f21341892ad0e36003d86962c8ab1a056d3beeb2652c754d51d6ec7eee0e0ebfe19cd93fb5cb0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsg6557.tmp\inetc.dll

Filesize
38KB

MD5
a35cdc9cf1d17216c0ab8c5282488ead

SHA1
ed8e8091a924343ad8791d85e2733c14839f0d36

SHA256
a793929232afb78b1c5b2f45d82094098bcf01523159fad1032147d8d5f9c4df

SHA512
0f15b00d0bf2aabd194302e599d69962147b4b3ef99e5a5f8d5797a7a56fd75dd9db0a667cfba9c758e6f0dab9ced126a9b43948935fe37fc31d96278a842bdf

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsg6557.tmp\inetc.dll

Filesize
38KB

MD5
a35cdc9cf1d17216c0ab8c5282488ead

SHA1
ed8e8091a924343ad8791d85e2733c14839f0d36

SHA256
a793929232afb78b1c5b2f45d82094098bcf01523159fad1032147d8d5f9c4df

SHA512
0f15b00d0bf2aabd194302e599d69962147b4b3ef99e5a5f8d5797a7a56fd75dd9db0a667cfba9c758e6f0dab9ced126a9b43948935fe37fc31d96278a842bdf

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsg6557.tmp\inetc.dll

Filesize
38KB

MD5
a35cdc9cf1d17216c0ab8c5282488ead

SHA1
ed8e8091a924343ad8791d85e2733c14839f0d36

SHA256
a793929232afb78b1c5b2f45d82094098bcf01523159fad1032147d8d5f9c4df

SHA512
0f15b00d0bf2aabd194302e599d69962147b4b3ef99e5a5f8d5797a7a56fd75dd9db0a667cfba9c758e6f0dab9ced126a9b43948935fe37fc31d96278a842bdf

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsg6557.tmp\inetc.dll

Filesize
38KB

MD5
a35cdc9cf1d17216c0ab8c5282488ead

SHA1
ed8e8091a924343ad8791d85e2733c14839f0d36

SHA256
a793929232afb78b1c5b2f45d82094098bcf01523159fad1032147d8d5f9c4df

SHA512
0f15b00d0bf2aabd194302e599d69962147b4b3ef99e5a5f8d5797a7a56fd75dd9db0a667cfba9c758e6f0dab9ced126a9b43948935fe37fc31d96278a842bdf

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsg6557.tmp\inetc.dll

Filesize
38KB

MD5
a35cdc9cf1d17216c0ab8c5282488ead

SHA1
ed8e8091a924343ad8791d85e2733c14839f0d36

SHA256
a793929232afb78b1c5b2f45d82094098bcf01523159fad1032147d8d5f9c4df

SHA512
0f15b00d0bf2aabd194302e599d69962147b4b3ef99e5a5f8d5797a7a56fd75dd9db0a667cfba9c758e6f0dab9ced126a9b43948935fe37fc31d96278a842bdf

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsg6557.tmp\nsDialogs.dll

Filesize
9KB

MD5
6c3f8c94d0727894d706940a8a980543

SHA1
0d1bcad901be377f38d579aafc0c41c0ef8dcefd

SHA256
56b96add1978b1abba286f7f8982b0efbe007d4a48b3ded6a4d408e01d753fe2

SHA512
2094f0e4bb7c806a5ff27f83a1d572a5512d979eefda3345baff27d2c89e828f68466d08c3ca250da11b01fc0407a21743037c25e94fbe688566dd7deaebd355

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsg6557.tmp\nsDialogs.dll

Filesize
9KB

MD5
6c3f8c94d0727894d706940a8a980543

SHA1
0d1bcad901be377f38d579aafc0c41c0ef8dcefd

SHA256
56b96add1978b1abba286f7f8982b0efbe007d4a48b3ded6a4d408e01d753fe2

SHA512
2094f0e4bb7c806a5ff27f83a1d572a5512d979eefda3345baff27d2c89e828f68466d08c3ca250da11b01fc0407a21743037c25e94fbe688566dd7deaebd355

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsmA5DC.tmp

Filesize
84.6MB

MD5
0e167b5aeec155c784c678d42a22e1b9

SHA1
6876b0a2a8d90fd7b8ebcddc2b48cbff2a821acc

SHA256
72528d094438e300e028d80183b3ea5424897999123ffde14e06645d489343ae

SHA512
0c04a4234028c7f167cb5280977cfef3bc32837522d8788f364c7c6b2e3ddf83278650d325ca8b5acb772bc33afbecc8f4285ab69c36695dc967c42232337df8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsmA5DC.tmp

Filesize
84.6MB

MD5
0e167b5aeec155c784c678d42a22e1b9

SHA1
6876b0a2a8d90fd7b8ebcddc2b48cbff2a821acc

SHA256
72528d094438e300e028d80183b3ea5424897999123ffde14e06645d489343ae

SHA512
0c04a4234028c7f167cb5280977cfef3bc32837522d8788f364c7c6b2e3ddf83278650d325ca8b5acb772bc33afbecc8f4285ab69c36695dc967c42232337df8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsmA5DC.tmp

Filesize
84.6MB

MD5
0e167b5aeec155c784c678d42a22e1b9

SHA1
6876b0a2a8d90fd7b8ebcddc2b48cbff2a821acc

SHA256
72528d094438e300e028d80183b3ea5424897999123ffde14e06645d489343ae

SHA512
0c04a4234028c7f167cb5280977cfef3bc32837522d8788f364c7c6b2e3ddf83278650d325ca8b5acb772bc33afbecc8f4285ab69c36695dc967c42232337df8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu590.tmp\NSISFastLib.dll

Filesize
125KB

MD5
fd536f0a2a489e7135a0bc0b11870082

SHA1
8f5d8a20f27b7e8509e9f3e4b270e73e41829cbc

SHA256
349f0844080c71dd430ae8362a1d7c248034f4cf2d06ee2925c549c702d71b73

SHA512
70f3610893b1900b486f4477d462b52936f4c6e74ecd3ead6d5d1aede716d75a295d15e46342eb530d538415c325572e35b335b4ec0f500fdc0c6e4492b3cfc2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu590.tmp\NSISFastLib.dll

Filesize
125KB

MD5
fd536f0a2a489e7135a0bc0b11870082

SHA1
8f5d8a20f27b7e8509e9f3e4b270e73e41829cbc

SHA256
349f0844080c71dd430ae8362a1d7c248034f4cf2d06ee2925c549c702d71b73

SHA512
70f3610893b1900b486f4477d462b52936f4c6e74ecd3ead6d5d1aede716d75a295d15e46342eb530d538415c325572e35b335b4ec0f500fdc0c6e4492b3cfc2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu590.tmp\NSISFastLib.dll

Filesize
125KB

MD5
fd536f0a2a489e7135a0bc0b11870082

SHA1
8f5d8a20f27b7e8509e9f3e4b270e73e41829cbc

SHA256
349f0844080c71dd430ae8362a1d7c248034f4cf2d06ee2925c549c702d71b73

SHA512
70f3610893b1900b486f4477d462b52936f4c6e74ecd3ead6d5d1aede716d75a295d15e46342eb530d538415c325572e35b335b4ec0f500fdc0c6e4492b3cfc2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu590.tmp\System.dll

Filesize
12KB

MD5
cff85c549d536f651d4fb8387f1976f2

SHA1
d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e

SHA256
8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8

SHA512
531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu590.tmp\inetc.dll

Filesize
38KB

MD5
a35cdc9cf1d17216c0ab8c5282488ead

SHA1
ed8e8091a924343ad8791d85e2733c14839f0d36

SHA256
a793929232afb78b1c5b2f45d82094098bcf01523159fad1032147d8d5f9c4df

SHA512
0f15b00d0bf2aabd194302e599d69962147b4b3ef99e5a5f8d5797a7a56fd75dd9db0a667cfba9c758e6f0dab9ced126a9b43948935fe37fc31d96278a842bdf

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu590.tmp\inetc.dll

Filesize
38KB

MD5
a35cdc9cf1d17216c0ab8c5282488ead

SHA1
ed8e8091a924343ad8791d85e2733c14839f0d36

SHA256
a793929232afb78b1c5b2f45d82094098bcf01523159fad1032147d8d5f9c4df

SHA512
0f15b00d0bf2aabd194302e599d69962147b4b3ef99e5a5f8d5797a7a56fd75dd9db0a667cfba9c758e6f0dab9ced126a9b43948935fe37fc31d96278a842bdf

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu590.tmp\inetc.dll

Filesize
38KB

MD5
a35cdc9cf1d17216c0ab8c5282488ead

SHA1
ed8e8091a924343ad8791d85e2733c14839f0d36

SHA256
a793929232afb78b1c5b2f45d82094098bcf01523159fad1032147d8d5f9c4df

SHA512
0f15b00d0bf2aabd194302e599d69962147b4b3ef99e5a5f8d5797a7a56fd75dd9db0a667cfba9c758e6f0dab9ced126a9b43948935fe37fc31d96278a842bdf

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu590.tmp\inetc.dll

Filesize
38KB

MD5
a35cdc9cf1d17216c0ab8c5282488ead

SHA1
ed8e8091a924343ad8791d85e2733c14839f0d36

SHA256
a793929232afb78b1c5b2f45d82094098bcf01523159fad1032147d8d5f9c4df

SHA512
0f15b00d0bf2aabd194302e599d69962147b4b3ef99e5a5f8d5797a7a56fd75dd9db0a667cfba9c758e6f0dab9ced126a9b43948935fe37fc31d96278a842bdf

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu590.tmp\inetc.dll

Filesize
38KB

MD5
a35cdc9cf1d17216c0ab8c5282488ead

SHA1
ed8e8091a924343ad8791d85e2733c14839f0d36

SHA256
a793929232afb78b1c5b2f45d82094098bcf01523159fad1032147d8d5f9c4df

SHA512
0f15b00d0bf2aabd194302e599d69962147b4b3ef99e5a5f8d5797a7a56fd75dd9db0a667cfba9c758e6f0dab9ced126a9b43948935fe37fc31d96278a842bdf

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu590.tmp\inetc.dll

Filesize
38KB

MD5
a35cdc9cf1d17216c0ab8c5282488ead

SHA1
ed8e8091a924343ad8791d85e2733c14839f0d36

SHA256
a793929232afb78b1c5b2f45d82094098bcf01523159fad1032147d8d5f9c4df

SHA512
0f15b00d0bf2aabd194302e599d69962147b4b3ef99e5a5f8d5797a7a56fd75dd9db0a667cfba9c758e6f0dab9ced126a9b43948935fe37fc31d96278a842bdf

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu590.tmp\inetc.dll

Filesize
38KB

MD5
a35cdc9cf1d17216c0ab8c5282488ead

SHA1
ed8e8091a924343ad8791d85e2733c14839f0d36

SHA256
a793929232afb78b1c5b2f45d82094098bcf01523159fad1032147d8d5f9c4df

SHA512
0f15b00d0bf2aabd194302e599d69962147b4b3ef99e5a5f8d5797a7a56fd75dd9db0a667cfba9c758e6f0dab9ced126a9b43948935fe37fc31d96278a842bdf

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu590.tmp\inetc.dll

Filesize
38KB

MD5
a35cdc9cf1d17216c0ab8c5282488ead

SHA1
ed8e8091a924343ad8791d85e2733c14839f0d36

SHA256
a793929232afb78b1c5b2f45d82094098bcf01523159fad1032147d8d5f9c4df

SHA512
0f15b00d0bf2aabd194302e599d69962147b4b3ef99e5a5f8d5797a7a56fd75dd9db0a667cfba9c758e6f0dab9ced126a9b43948935fe37fc31d96278a842bdf

Download Submit
C:\Users\Admin\AppData\Local\Temp\temp

Filesize
42B

MD5
d89746888da2d9510b64a9f031eaecd5

SHA1
d5fceb6532643d0d84ffe09c40c481ecdf59e15a

SHA256
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

SHA512
d5da26b5d496edb0221df1a4057a8b0285d15592a8f8dc7016a294df37ed335f3fde6a2252962e0df38b62847f8b771463a0124ef3f84299f262ed9d9d3cee4c

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
0cea837a3d9999fc706991d105a1bdcb

SHA1
40fe4bcda98f8c5d57c53b632419a442641537d7

SHA256
2f432d3e8b7899295f9472ba1090b269f6be6cc85e51b96d7c720b663e7068fe

SHA512
85a7abdb7ec4a6e389fa823081dbcff69e370fdcee273c09646298f8049377d83c7359c2fb03aad8f9f00fad1f96e1187e156bc0d3c6c1747a5ddf3b3a301077

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe5894b9.TMP

Filesize
48B

MD5
c3dd2e7dd4643362f70f14855745df9d

SHA1
2c81e1e227e964b2462d7eca5ae9d24d0963bf5b

SHA256
979a86e8eccb95dce364f9953cfa5e514f210acba34e49f80208d584ae8948f5

SHA512
7cadb95f62e8320e4c0992efd985a5bee831dbc84e5853998cc7687a2c83769fd468ef8444eee4dab231311aeb68cef89461ac15b25fc133ec2b6f15cd40eac0

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\DawnCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\DawnCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
812e57b6f3803f80e0a858397e72a7d5

SHA1
407bc6ea722bad325a0e6de5c99f80b02ff475f5

SHA256
90659a06c1004b77bcced63b14b0bb336118cbeeab8af18c3ebdcd402766809a

SHA512
47551fce8ca1624208e70132e37bdbb78d3de4b4aecd8f07db2de9a4fcc075f2bad0679222a3d18c123b219a2917da9422f7fff995bd62e1d771ab1fcf104d6a

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
bb1ee1a88ff8214eeae27d44f51c8629

SHA1
bdfaed1f2cddb45a34ecdaa2429eed829a7a3d40

SHA256
c899d561f3da52f994b8f7c7f5693793909e6fe3bdee755a2e2e78060bdd1450

SHA512
38e0f6ddb49d9fa0859389ee8e56fb88297f58359dc235eed522b500b7c7962a8845212bc3fb7c98ddb3a37110d1c95adc1a93ceb4f38e706b77230335b8ee9c

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
4364c44e5b1f976e2e63564b7da1ecfb

SHA1
71be31dc5992ecb568fe3fbf2f86f8768692b97c

SHA256
be80d02c5f105f46d7edc4b02d1074366a2e45e3609c5b63a5bf87a07712b862

SHA512
af1f20eec4a4e82c44f57b693ede622f4d4ce3e9d801a0a62e64a6740bc9d84128371824735d629fa8679540971a48aa6bf5a71507cf70752cf93117781b3fea

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\TransportSecurity~RFe589ebc.TMP

Filesize
690B

MD5
324ad34d7fc5bfd03bc879ef36defaa7

SHA1
d0f09f02066ddd76f0a082142be4ca2c8a47fa18

SHA256
3ec692c86fa7a008405058e35a3b0466b6cc6b63a4ae9ff81add5a3fa93bda8b

SHA512
6a185b00b07b2f507ed1383078d22fd309f0ffbbbee1948aaeaea25c5edb882f81676216c20df6a76fe4f27bb9af2caece1739c3be04a881eac32c995ff95fad

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
4KB

MD5
5ed81bf25df87131bdb7093322f0bd3d

SHA1
b74bd57ad5e83037f709211ae42bbf3eae674dcc

SHA256
1c62f61bd5fabe4d91c9e429ac1b758eac70e2772fed8a81441f6637f8d101d0

SHA512
06379b77dba726a4cade885bc623540a3efe8a917be7e0042f80513ac93b50b488489d643954b40089227a4669ad96e5d63449c9ee92c85449c84d2655ce488a

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
4KB

MD5
9d0cfae7e23c6f85e40f8e9112f5bd04

SHA1
889b7b91537d4e2b1da4e9ed1f6da9489424889a

SHA256
3e183bc72b96e1b0a07c2d864a6376aacaa9318da9651e8bdd2fa42fca4c397a

SHA512
b7e1b86091ce6ad94bfb350557f1cb8c6fe403c470ff38d995e2538bed4bcb992affb5a1fff721e13ec8451f3275b6972114bdbf4de44b34b486046aeabdfc68

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
4KB

MD5
2600bb602d3d7afbaa37c7ff9a04f692

SHA1
738f6883542af9492052b7ed9efa392aaa5cb6b0

SHA256
1e51d6d15b67c55a61b4fe665a2edf66c953ef738ce3adc3aafd4224158ef111

SHA512
8116f326368228230dbbaeeeb259a1107d50e73b1a46530e79e7e46fc3a60bd85fdeac28b15c826df520605474031198a3c6bdb2aa948da58e55e72ee59f46fd

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
3KB

MD5
cb42e3835466a56643f0deb73a6b38a5

SHA1
0e60633449cefbc8d6743914c70a88599fff04fa

SHA256
fc8401f3d3b25950bb2f8e03985d41494305ede8fa8f0dc013e138d218fbae82

SHA512
174e8f2373e755911df7860b8795a0e66ab038a9ef2edb7f080f9c2ef8aef12253df1484149ae7e61c6cdee1ed4cb828f7583de910d1f80d865b74a61f5c3b6e

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences~RFe584fd1.TMP

Filesize
3KB

MD5
0a1f046674b3e63cc9168821eda058ab

SHA1
ace772cdc21e155bf1673d8179c37a574be479c7

SHA256
489cd00ca154d71497b3cd1994a760df23bcb7c05368b7fd3fd8b3b03ed78f32

SHA512
3d2cb43ead91e0f73b36079b59588d51fadf5da79460f0b3bf0787c4879ded1ea8d56b855aeaeb8d1fbe83a3fa637c634f044db2df7ad1962301e4c8be044149

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Secure Preferences

Filesize
4KB

MD5
a436a6ced752dd2c305a2037375f70e9

SHA1
056a8cf5b2052bc869cc77139f7bfd2361e34be8

SHA256
98f2fefa26a63caeec65de9fc4c6dbf50a6122e6f63bb3eea5ecdad6fe970bbc

SHA512
ca0c641d6cce2219045b60d993ef2dbf68cda5578ee4e8d75f06862fbbccbb47572711d5afe71f05872de3b6bef11ffd1f4ecad5dc2ca8dc57c273ae4e4f2b7e

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Secure Preferences~RFe584f92.TMP

Filesize
4KB

MD5
e943393c0962b2eb305dc72bebb8484f

SHA1
9757a434d0a5823c3b974b810a76d238fff63e09

SHA256
47c7ea852aa16e6d8806ff48bfbeac6f8e3b41a687dca5f41ab8f9c6fae0d33d

SHA512
05301b42a37926853da9b59a57c1838123dbd2aad20f9804a0de9aa2c3d2e1e895d84517d00118b490673f47dcccd85c0ef2f76d41511c77f172df1ff22a5128

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Web Applications\_nwjs_pcapp.store\pc_app_store.ico.md5

Filesize
16B

MD5
d5e6121f86812cc7ae58efc4f9ceacbb

SHA1
3dfb06418220ed62ab46b473bc4ab269ff4f7e33

SHA256
05f173bbb3d564e2da3d496c4298b69c3506771a30238eb5285f1cd9df00e3c0

SHA512
88c5c1b06ddcac46d53e1cad013fec4fb789f97589f294a076be3cc7ac1c10ed9ea0a1c3a11f9f9499efe01420917ca14348be74dc2cd1c8cdb4313783123740

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\a24ed6d3-5ace-486a-b5a0-e2a1a35af813.tmp

Filesize
148KB

MD5
728fe78292f104659fea5fc90570cc75

SHA1
11b623f76f31ec773b79cdb74869acb08c4052cb

SHA256
d98e226bea7a9c56bfdfab3c484a8e6a0fb173519c43216d3a1115415b166d20

SHA512
91e81b91b29d613fdde24b010b1724be74f3bae1d2fb4faa2c015178248ed6a0405e2b222f4a557a6b895663c159f0bf0dc6d64d21259299e36f53d95d7067aa

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\GrShaderCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Local State

Filesize
3KB

MD5
cc18d9f1ed359c55b98fefdb639e3fb8

SHA1
aa8312d3a4d492c38881b226f2179700509cbb08

SHA256
ef3af5eccd692d2dce454ada0a3b56057d58fd0b0450df45a624c969ac3feb03

SHA512
02facdada5690421fea6dff4089fec77087c9325eeeee57cef38b9a92ccb2712b3f55709e262d24d57883df2ee339216c9b66be37fe7c9453afb115583fa2fa4

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Local State

Filesize
3KB

MD5
a7b8a1e1aec3376d893995ecf244051c

SHA1
74eec14fce09c097b18aa7c090275a677416b1e0

SHA256
76cfbb9e41778693148b320a9d733cac2108d96f12a07a4048f13c924334c01b

SHA512
99cb6c6fade8d73fa61a049a663c5b61c8823b119ba14af70051671dee67f7ab2bdbbf024103606b83a4d6f556c8c4c3236d7cdc70121f3cb80d7f79b346fc93

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Local State~RFe5827d6.TMP

Filesize
916B

MD5
8248a9e66f47bf39df636d8082270507

SHA1
6ba0bbf2948c7a88aa47f1e1f0e869aa77b41f66

SHA256
5fb3b8f6343071f828e923fb6a428eb71802ddbdcadd30b7d6298de69ba360ec

SHA512
6a47cb4f9efd2b08aaa2497dcd371ed8999a9583e0b55d18889523442b6710e9e01ed18e1ede221d631cbf36fafee969245506bae54b8d8e281937f3de83b396

Download Submit
C:\Users\Admin\AppData\Roaming\PCAppStore\Data\fa.xml

Filesize
12B

MD5
5fbb0f7ffa3a881a4598fa845f20ad91

SHA1
51a8dac62dc29cf881d311dd7a56020bda83073c

SHA256
afc25b3f891c8261067b3440838ba5700e7063b90cdc2ab24a0f5be094817e5b

SHA512
2c40db248d1bafd6aaa4f2e8c481ecb52d6a5a491ff006eabcad6cae5bbd249b8d93ac3cf10005bf31b39f133fb4c0191f5d3e43e7f9cb7d529a7a19220c0a5b

Download Submit
C:\Users\Admin\PCAppStore\PcAppStore.exe

Filesize
1.8MB

MD5
a0d255a0293c7775d917eb7bd8f79223

SHA1
4bb7eab10ac5db958b219099d33ef3f6ce66c227

SHA256
76ea6de812fa8c3612c2c5b6ec6fc34e52fb9b2b8380d5447e31638dd4a1a24f

SHA512
351710969af5edc8ce57efc46b4f90cecf9ec7f08f96ecb20e85b07978cc65b1b7fe455ed56db169a06d218b7bce599ea3b2c65d0053b72588fa61ccde52987c

Download Submit
C:\Users\Admin\PCAppStore\PcAppStore.exe

Filesize
1.8MB

MD5
a0d255a0293c7775d917eb7bd8f79223

SHA1
4bb7eab10ac5db958b219099d33ef3f6ce66c227

SHA256
76ea6de812fa8c3612c2c5b6ec6fc34e52fb9b2b8380d5447e31638dd4a1a24f

SHA512
351710969af5edc8ce57efc46b4f90cecf9ec7f08f96ecb20e85b07978cc65b1b7fe455ed56db169a06d218b7bce599ea3b2c65d0053b72588fa61ccde52987c

Download Submit
C:\Users\Admin\PCAppStore\nwjs\NW_store.exe

Filesize
2.4MB

MD5
aad2814325b2f176b0d03b827245bf92

SHA1
fcdf98ecd1964401eb1fa3431cd27c597bd6bff7

SHA256
3609c797b49acecc223e6243bf8d96f9adba54d07b0057cd4cc12b1f789953c2

SHA512
9ccf868b7acf13deee8cc8210ff1a339ddfe70dfc2d75c6ec67ce8a032d82e3565f9449a746e8f15c064499b46dfafc81641e663291bb276f9e22297ef01866f

Download Submit
C:\Users\Admin\PCAppStore\nwjs\NW_store.exe

Filesize
2.4MB

MD5
aad2814325b2f176b0d03b827245bf92

SHA1
fcdf98ecd1964401eb1fa3431cd27c597bd6bff7

SHA256
3609c797b49acecc223e6243bf8d96f9adba54d07b0057cd4cc12b1f789953c2

SHA512
9ccf868b7acf13deee8cc8210ff1a339ddfe70dfc2d75c6ec67ce8a032d82e3565f9449a746e8f15c064499b46dfafc81641e663291bb276f9e22297ef01866f

Download Submit
C:\Users\Admin\PCAppStore\nwjs\NW_store.exe

Filesize
2.4MB

MD5
aad2814325b2f176b0d03b827245bf92

SHA1
fcdf98ecd1964401eb1fa3431cd27c597bd6bff7

SHA256
3609c797b49acecc223e6243bf8d96f9adba54d07b0057cd4cc12b1f789953c2

SHA512
9ccf868b7acf13deee8cc8210ff1a339ddfe70dfc2d75c6ec67ce8a032d82e3565f9449a746e8f15c064499b46dfafc81641e663291bb276f9e22297ef01866f

Download Submit
C:\Users\Admin\PCAppStore\nwjs\NW_store.exe

Filesize
2.4MB

MD5
aad2814325b2f176b0d03b827245bf92

SHA1
fcdf98ecd1964401eb1fa3431cd27c597bd6bff7

SHA256
3609c797b49acecc223e6243bf8d96f9adba54d07b0057cd4cc12b1f789953c2

SHA512
9ccf868b7acf13deee8cc8210ff1a339ddfe70dfc2d75c6ec67ce8a032d82e3565f9449a746e8f15c064499b46dfafc81641e663291bb276f9e22297ef01866f

Download Submit
C:\Users\Admin\PCAppStore\nwjs\NW_store.exe

Filesize
2.4MB

MD5
aad2814325b2f176b0d03b827245bf92

SHA1
fcdf98ecd1964401eb1fa3431cd27c597bd6bff7

SHA256
3609c797b49acecc223e6243bf8d96f9adba54d07b0057cd4cc12b1f789953c2

SHA512
9ccf868b7acf13deee8cc8210ff1a339ddfe70dfc2d75c6ec67ce8a032d82e3565f9449a746e8f15c064499b46dfafc81641e663291bb276f9e22297ef01866f

Download Submit
C:\Users\Admin\PCAppStore\nwjs\NW_store.exe

Filesize
2.4MB

MD5
aad2814325b2f176b0d03b827245bf92

SHA1
fcdf98ecd1964401eb1fa3431cd27c597bd6bff7

SHA256
3609c797b49acecc223e6243bf8d96f9adba54d07b0057cd4cc12b1f789953c2

SHA512
9ccf868b7acf13deee8cc8210ff1a339ddfe70dfc2d75c6ec67ce8a032d82e3565f9449a746e8f15c064499b46dfafc81641e663291bb276f9e22297ef01866f

Download Submit
C:\Users\Admin\PCAppStore\nwjs\NW_store.exe

Filesize
2.4MB

MD5
aad2814325b2f176b0d03b827245bf92

SHA1
fcdf98ecd1964401eb1fa3431cd27c597bd6bff7

SHA256
3609c797b49acecc223e6243bf8d96f9adba54d07b0057cd4cc12b1f789953c2

SHA512
9ccf868b7acf13deee8cc8210ff1a339ddfe70dfc2d75c6ec67ce8a032d82e3565f9449a746e8f15c064499b46dfafc81641e663291bb276f9e22297ef01866f

Download Submit
C:\Users\Admin\PCAppStore\nwjs\ffmpeg.dll

Filesize
1.9MB

MD5
9518fcf62a52cf17f987b6beb1935a0d

SHA1
e4c55a1083b8fcbc2e1812b7a7a62ca75b1c66b6

SHA256
31132704944d3ae5101093f27cb523119ea3acfbba6e3c87216bf95ea2a0f40b

SHA512
418b169934a9e1d80743b8a7268ebb514055811c13b71d05aeb2f1b64f97e3156256b882a95677f693acf139b52373c512ad559fe17e79836d5fe796273e8fbc

Download Submit
C:\Users\Admin\PCAppStore\nwjs\ffmpeg.dll

Filesize
1.9MB

MD5
9518fcf62a52cf17f987b6beb1935a0d

SHA1
e4c55a1083b8fcbc2e1812b7a7a62ca75b1c66b6

SHA256
31132704944d3ae5101093f27cb523119ea3acfbba6e3c87216bf95ea2a0f40b

SHA512
418b169934a9e1d80743b8a7268ebb514055811c13b71d05aeb2f1b64f97e3156256b882a95677f693acf139b52373c512ad559fe17e79836d5fe796273e8fbc

Download Submit
C:\Users\Admin\PCAppStore\nwjs\ffmpeg.dll

Filesize
1.9MB

MD5
9518fcf62a52cf17f987b6beb1935a0d

SHA1
e4c55a1083b8fcbc2e1812b7a7a62ca75b1c66b6

SHA256
31132704944d3ae5101093f27cb523119ea3acfbba6e3c87216bf95ea2a0f40b

SHA512
418b169934a9e1d80743b8a7268ebb514055811c13b71d05aeb2f1b64f97e3156256b882a95677f693acf139b52373c512ad559fe17e79836d5fe796273e8fbc

Download Submit
C:\Users\Admin\PCAppStore\nwjs\icudtl.dat

Filesize
10.1MB

MD5
2c367970ac87a9275eeec5629bb6fc3d

SHA1
399324d1aeee5e74747a6873501a1ee5aac005ee

SHA256
17d57b17d12dc5cfbf06413d68a06f45ccf245f4abdf5429f30256977c4ed6de

SHA512
f788a0d35f9e4bebe641ee67fff14968b62891f52d05bf638cd2c845df87f2e107c42a32bbe62f389f05e5673fe55cbdb85258571e698325400705cd7b16db01

Download Submit
C:\Users\Admin\PCAppStore\nwjs\locales\bg.pak.info

Filesize
831KB

MD5
f2a134d21e79420e0e025b2f5d0e0564

SHA1
e4f6ead92945b87c3b980878c707467dc84cd616

SHA256
4c125a498bd06dd1cbbe3e4f05dca6fa47ce19297ad9f92df3af65eaf0a05d67

SHA512
032e8c44c1edbf6ba3effce1d67e5355e926b5509c8aa3dcf15677efe9fe3a2bf27d81d7d7ffae3a5caae1755830ad016a11f1417dddbf49977bd52083aaee1b

Download Submit
C:\Users\Admin\PCAppStore\nwjs\locales\en-US.pak

Filesize
364KB

MD5
a93a5c83e482a4bc56736bb1451a88da

SHA1
afa0c1f46b6245ed9301bc9c2aa46402b6d10c37

SHA256
446764ecf3939c35e90f61c928ec55d445d83a483a19fafd38af378a70fd06c7

SHA512
550278670b857b15a8af557bc7d127695155ac16a0b61947f891040421c08bfed0aea26eccf0c45303b82b801801f6c2caf7fd0561dae97632b0ec2eb1bb2212

Download Submit
C:\Users\Admin\PCAppStore\nwjs\nw.dll

Filesize
181.4MB

MD5
19050d8c461aa314242b5a8d5cc0af71

SHA1
a8624e765c1495b7779f61baded17ca08ef546e6

SHA256
ba0118d44c3068266becfea0b387472f1699f8ccb437bdeba1590bb0daa2edf1

SHA512
9bdd0c24ea847ccc58934bc5cde2ef0e3d00687b08a22d98cbe8b8a705a94bcf9648da35bbf1db2967419a9f67d01213cde4ae04c3026ae4da4444a28b27be84

Download Submit
C:\Users\Admin\PCAppStore\nwjs\nw.dll

Filesize
181.4MB

MD5
19050d8c461aa314242b5a8d5cc0af71

SHA1
a8624e765c1495b7779f61baded17ca08ef546e6

SHA256
ba0118d44c3068266becfea0b387472f1699f8ccb437bdeba1590bb0daa2edf1

SHA512
9bdd0c24ea847ccc58934bc5cde2ef0e3d00687b08a22d98cbe8b8a705a94bcf9648da35bbf1db2967419a9f67d01213cde4ae04c3026ae4da4444a28b27be84

Download Submit
C:\Users\Admin\PCAppStore\nwjs\nw.dll

Filesize
181.4MB

MD5
19050d8c461aa314242b5a8d5cc0af71

SHA1
a8624e765c1495b7779f61baded17ca08ef546e6

SHA256
ba0118d44c3068266becfea0b387472f1699f8ccb437bdeba1590bb0daa2edf1

SHA512
9bdd0c24ea847ccc58934bc5cde2ef0e3d00687b08a22d98cbe8b8a705a94bcf9648da35bbf1db2967419a9f67d01213cde4ae04c3026ae4da4444a28b27be84

Download Submit
C:\Users\Admin\PCAppStore\nwjs\nw_100_percent.pak

Filesize
595KB

MD5
979a087011c664b56b619bafa2122534

SHA1
186724cebbb0047e88640aa0ff3498340cdd5703

SHA256
db914fa3e593a30e4037ea26d482c9f6788a155d8b992b2778021766aa7be49d

SHA512
ecfb1ecb3a16f9e777f5e01440118ac7263d138f6945ca7a746f7e5bda2287332ce0ed228ceb050ce24fb25c1169c952a17c497f33147dfe1ccae36f0f1d47ae

Download Submit
C:\Users\Admin\PCAppStore\nwjs\nw_200_percent.pak

Filesize
891KB

MD5
7587d9a73cadc14f70174d95618f86d3

SHA1
dc4261b0fc4ac28825811beae0496122fe06704d

SHA256
00da64185f149bf0060f555a78bda17570cd2b45be0cad1a9570f9816ece5936

SHA512
435cccbbcea41a599af7a9c8fee9f0434c0464b4d1e8d5a2ed1d1307508ece7d49b61cb6a7c7858976a8281ef58de01107294eaf6e7fc8b56331ed2b981297ac

Download Submit
C:\Users\Admin\PCAppStore\nwjs\nw_elf.dll

Filesize
1.0MB

MD5
b58238a4c19e14ab64846be1c57be70a

SHA1
47f6d9ab46f579481b8f01b54f9e23f34f2c129e

SHA256
7a879b77ba31f4ead57c6efa19ab468c1ca72d0271fbb553fb7c02d00a250273

SHA512
9dc2d7b22ec0af9bb982fc6e1d46de1d30c408e6abac714ed8731cf5b8c95060564aa85b93989d68b4cad6cc358e47087f14790bbeb3f5609a035a5f35a61600

Download Submit
C:\Users\Admin\PCAppStore\nwjs\nw_elf.dll

Filesize
1.0MB

MD5
b58238a4c19e14ab64846be1c57be70a

SHA1
47f6d9ab46f579481b8f01b54f9e23f34f2c129e

SHA256
7a879b77ba31f4ead57c6efa19ab468c1ca72d0271fbb553fb7c02d00a250273

SHA512
9dc2d7b22ec0af9bb982fc6e1d46de1d30c408e6abac714ed8731cf5b8c95060564aa85b93989d68b4cad6cc358e47087f14790bbeb3f5609a035a5f35a61600

Download Submit
C:\Users\Admin\PCAppStore\nwjs\nw_elf.dll

Filesize
1.0MB

MD5
b58238a4c19e14ab64846be1c57be70a

SHA1
47f6d9ab46f579481b8f01b54f9e23f34f2c129e

SHA256
7a879b77ba31f4ead57c6efa19ab468c1ca72d0271fbb553fb7c02d00a250273

SHA512
9dc2d7b22ec0af9bb982fc6e1d46de1d30c408e6abac714ed8731cf5b8c95060564aa85b93989d68b4cad6cc358e47087f14790bbeb3f5609a035a5f35a61600

Download Submit
C:\Users\Admin\PCAppStore\nwjs\nw_elf.dll

Filesize
1.0MB

MD5
b58238a4c19e14ab64846be1c57be70a

SHA1
47f6d9ab46f579481b8f01b54f9e23f34f2c129e

SHA256
7a879b77ba31f4ead57c6efa19ab468c1ca72d0271fbb553fb7c02d00a250273

SHA512
9dc2d7b22ec0af9bb982fc6e1d46de1d30c408e6abac714ed8731cf5b8c95060564aa85b93989d68b4cad6cc358e47087f14790bbeb3f5609a035a5f35a61600

Download Submit
C:\Users\Admin\PCAppStore\nwjs\nw_elf.dll

Filesize
1.0MB

MD5
b58238a4c19e14ab64846be1c57be70a

SHA1
47f6d9ab46f579481b8f01b54f9e23f34f2c129e

SHA256
7a879b77ba31f4ead57c6efa19ab468c1ca72d0271fbb553fb7c02d00a250273

SHA512
9dc2d7b22ec0af9bb982fc6e1d46de1d30c408e6abac714ed8731cf5b8c95060564aa85b93989d68b4cad6cc358e47087f14790bbeb3f5609a035a5f35a61600

Download Submit
C:\Users\Admin\PCAppStore\nwjs\nw_elf.dll

Filesize
1.0MB

MD5
b58238a4c19e14ab64846be1c57be70a

SHA1
47f6d9ab46f579481b8f01b54f9e23f34f2c129e

SHA256
7a879b77ba31f4ead57c6efa19ab468c1ca72d0271fbb553fb7c02d00a250273

SHA512
9dc2d7b22ec0af9bb982fc6e1d46de1d30c408e6abac714ed8731cf5b8c95060564aa85b93989d68b4cad6cc358e47087f14790bbeb3f5609a035a5f35a61600

Download Submit
C:\Users\Admin\PCAppStore\nwjs\resources.pak

Filesize
4.2MB

MD5
a5322a11e67811c10c4756fdff7dff68

SHA1
1c411726268dfc94f3d97286949e253e3acf57d6

SHA256
b3aee308664663a2e3f523d1bc192e0e5d8bb0c01d7f9142930bb9a28cccc635

SHA512
717e64a15c20906d2d3fdc09c09ffda7967489b4f24a7201873d67464fce979777e66c679bfb3069cc09e758eff1f07b030514dd032e07d119dc12c23dfaec06

Download Submit
C:\Users\Admin\PCAppStore\ui\package.json

Filesize
2KB

MD5
34fd02368a4717326f0e4c9776c4b3da

SHA1
24cf4907d4d9a9e1243a108c3e6232f4bd767d93

SHA256
c465dfaaabad312164b43c25ae04ae3ccd9ed687116afa5f93c2e006e3d5157b

SHA512
58681b3ee95d9ffa5cb7e35b2fce06f45e4e1d2be51a2c4c6cc1caefb80d854d74853eac852f3e5b27d6b4c98fe28db60104199726d93e75f10c4e22ed1d88eb

Download Submit