Overview

overview

8

Static

static

1

MSPCManagerSetup.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    151s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21-07-2023 21:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    MSPCManagerSetup.exe

  • Size

    3.9MB

  • MD5

    0b218125c9a370e64c20ed3c469a9bd6

  • SHA1

    5d165c039e71df8ba83aeb4f40c7dd652f4d6d7e

  • SHA256

    211fbe8f94b555ad524fe352485a8e143c5b351d9589916285cd05f1f106dbda

  • SHA512

    13006d8ffa93812cc466a75e7952319a191691ba3216eb894c2c630964e8848277df2cb76133eeee926c6eb2a5b226ded28f0a53b49bd3bc02127fbe5881f404

  • SSDEEP

    98304:eC4JOySugi+4CMG/y3qT2huprsQr02vNyL3s0xKi:AJONugvPKhTO0AoL3Ai

Score
8/10
discoveryevasionpersistencespywarestealertrojan

Malware Config

Signatures

  • Downloads MZ/PE file
  • Sets file execution options in registry 2 TTPs 2 IoCs
    persistence
  • Checks computer location settings 2 TTPs 5 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 22 IoCs
  • Loads dropped DLL 64 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Registers COM server for autorun 1 TTPs 37 IoCs
    persistence
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Checks system information in the registry 2 TTPs 12 IoCs

    System information is often read in order to detect sandboxing environments.

  • Drops file in System32 directory 8 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 4 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 64 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • System policy modification 1 TTPs 1 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\MSPCManagerSetup.exe
    "C:\Users\Admin\AppData\Local\Temp\MSPCManagerSetup.exe"
    1⤵
    • Checks computer location settings
    • Loads dropped DLL
    • Adds Run key to start application
    • Drops file in Program Files directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2252
    • C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe
      C:\Users\Admin\AppData\Local\Temp\\MicrosoftEdgeWebview2Setup.exe /silent /install
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      • Suspicious use of WriteProcessMemory
      PID:4548
      • C:\Program Files (x86)\Microsoft\Temp\EUEE29.tmp\MicrosoftEdgeUpdate.exe
        "C:\Program Files (x86)\Microsoft\Temp\EUEE29.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"
        3⤵
        • Sets file execution options in registry
        • Checks computer location settings
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks system information in the registry
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2728
        • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
          "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Modifies registry class
          PID:1036
        • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
          "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Modifies registry class
          • Suspicious use of WriteProcessMemory
          PID:2860
          • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.161.35\MicrosoftEdgeUpdateComRegisterShell64.exe
            "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.161.35\MicrosoftEdgeUpdateComRegisterShell64.exe"
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • Registers COM server for autorun
            • Modifies registry class
            PID:3076
          • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.161.35\MicrosoftEdgeUpdateComRegisterShell64.exe
            "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.161.35\MicrosoftEdgeUpdateComRegisterShell64.exe"
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • Registers COM server for autorun
            • Modifies registry class
            PID:4328
          • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.161.35\MicrosoftEdgeUpdateComRegisterShell64.exe
            "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.161.35\MicrosoftEdgeUpdateComRegisterShell64.exe"
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • Registers COM server for autorun
            • Modifies registry class
            PID:5016
        • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
          "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNjEuMzUiIHNoZWxsX3ZlcnNpb249IjEuMy4xNjEuMzUiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RUNCRUI3MjUtMDNCRi00RURBLUE0NDQtNUY2Mjg0M0I0RjFFfSIgdXNlcmlkPSJ7RjVDMDg5Q0QtMzJERC00MjA4LTkyRTYtQjdDRDI4OTA2ODM2fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9Ins5NTcwQzhEQy01OERDLTRCMzItQjIxMC1GMEM1RjRGODc0QkZ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IkRBRFkiIHByb2R1Y3RfbmFtZT0iU3RhbmRhcmQgUEMgKFEzNSArIElDSDksIDIwMDkpIi8-PGV4cCBldGFnPSImcXVvdDtxV0pTeld3UGZkY0xSK1hHSXY2eHJaZmlZT3hoUFUyczFOV21qV2NhRlBnPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIxLjMuMTc1LjI5IiBuZXh0dmVyc2lvbj0iMS4zLjE2MS4zNSIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgaW5zdGFsbF90aW1lX21zPSIxOTM3Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks system information in the registry
          PID:924
        • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
          "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{ECBEB725-03BF-4EDA-A444-5F62843B4F1E}" /silent
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          PID:64
  • C:\Program Files\Microsoft PC Manager\MSPCManagerService.exe
    "C:\Program Files\Microsoft PC Manager\MSPCManagerService.exe"
    1⤵
    • Executes dropped EXE
    • Loads dropped DLL
    • Drops file in System32 directory
    • Checks processor information in registry
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:416
  • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
    "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
    1⤵
    • Executes dropped EXE
    • Loads dropped DLL
    • Checks system information in the registry
    • Modifies data under HKEY_USERS
    • Suspicious use of WriteProcessMemory
    PID:1032
    • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNjEuMzUiIHNoZWxsX3ZlcnNpb249IjEuMy4xNjEuMzUiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RUNCRUI3MjUtMDNCRi00RURBLUE0NDQtNUY2Mjg0M0I0RjFFfSIgdXNlcmlkPSJ7RjVDMDg5Q0QtMzJERC00MjA4LTkyRTYtQjdDRDI4OTA2ODM2fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9Ins1QTZCNzcwQy0wNzlCLTQzM0QtOTVCMi0wOUZDNzIxOTBFNEN9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IkRBRFkiIHByb2R1Y3RfbmFtZT0iU3RhbmRhcmQgUEMgKFEzNSArIElDSDksIDIwMDkpIi8-PGV4cCBldGFnPSImcXVvdDtyNDUydDErazJUZ3EvSFh6anZGTkJSaG9wQldSOXNialh4cWVVREg5dVgwPSZxdW90OyIvPjxhcHAgYXBwaWQ9Ins4QTY5RDM0NS1ENTY0LTQ2M2MtQUZGMS1BNjlEOUU1MzBGOTZ9IiB2ZXJzaW9uPSIxMDYuMC41MjQ5LjExOSIgbmV4dHZlcnNpb249IjEwNi4wLjUyNDkuMTE5IiBsYW5nPSJlbiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIj48ZXZlbnQgZXZlbnR0eXBlPSIzMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iNSIvPjwvYXBwPjwvcmVxdWVzdD4
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks system information in the registry
      PID:3456
    • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{270F8869-E049-4A72-BF4F-5C26342BE9AE}\MicrosoftEdge_X64_115.0.1901.183.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{270F8869-E049-4A72-BF4F-5C26342BE9AE}\MicrosoftEdge_X64_115.0.1901.183.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
      2⤵
      • Executes dropped EXE
      • Suspicious use of WriteProcessMemory
      PID:1796
      • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{270F8869-E049-4A72-BF4F-5C26342BE9AE}\EDGEMITMP_D7749.tmp\setup.exe
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{270F8869-E049-4A72-BF4F-5C26342BE9AE}\EDGEMITMP_D7749.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{270F8869-E049-4A72-BF4F-5C26342BE9AE}\MicrosoftEdge_X64_115.0.1901.183.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
        3⤵
        • Executes dropped EXE
        • Adds Run key to start application
        • Drops file in Program Files directory
        PID:4832
    • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNjEuMzUiIHNoZWxsX3ZlcnNpb249IjEuMy4xNjEuMzUiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RUNCRUI3MjUtMDNCRi00RURBLUE0NDQtNUY2Mjg0M0I0RjFFfSIgdXNlcmlkPSJ7RjVDMDg5Q0QtMzJERC00MjA4LTkyRTYtQjdDRDI4OTA2ODM2fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntDQzRCNDg0Ni03REEzLTQ2NzktOEJDRi0yQTNFMUQwQkUxRUR9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IkRBRFkiIHByb2R1Y3RfbmFtZT0iU3RhbmRhcmQgUEMgKFEzNSArIElDSDksIDIwMDkpIi8-PGV4cCBldGFnPSImcXVvdDtWUFFvUDFGK2ZxMTV3UnpoMWtQTDRQTXBXaDhPUk1CNWl6dnJPQy9jaGpRPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGMzAxNzIyNi1GRTJBLTQyOTUtOEJERi0wMEMzQTlBN0U0QzV9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxMTUuMC4xOTAxLjE4MyIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiIGluc3RhbGxhZ2U9Ii0xIiBpbnN0YWxsZGF0ZT0iLTEiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iOSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiBkb3dubG9hZGVyPSJiaXRzIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuZi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy83YzFlMTc1My0yMjkzLTQ2NDItODc3ZS01M2MyMDJjNmI0ODQ_UDE9MTY5MDU4MDg0NCZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1WYyUyZnBnem5oUFZOT1MzWTMxeGhJSTNmbEwzWUcwJTJiVnllbFcxd1pvcndyakVNcXBWMHhJZDNyaGE2TFY4YVd3QjNqeHptWjZ1NHh2ZUJrWkJvbFBnU1ElM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIxNTA3NzcyODgiIHRvdGFsPSIxNTA3NzcyODgiIGRvd25sb2FkX3RpbWVfbXM9IjkyNTAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjE5NjYwOSIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9IjgyOCIgZG93bmxvYWRfdGltZV9tcz0iMTg2NzIiIGRvd25sb2FkZWQ9IjE1MDc3NzI4OCIgdG90YWw9IjE1MDc3NzI4OCIgcGFja2FnZV9jYWNoZV9yZXN1bHQ9IjAiIGluc3RhbGxfdGltZV9tcz0iMzI2MDQiLz48L2FwcD48L3JlcXVlc3Q-
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks system information in the registry
      PID:348
  • C:\Program Files\Microsoft PC Manager\MSPCManager.exe
    "C:\Program Files\Microsoft PC Manager\MSPCManager.exe"
    1⤵
    • Checks computer location settings
    • Executes dropped EXE
    • Loads dropped DLL
    • Registers COM server for autorun
    • Checks whether UAC is enabled
    • Checks processor information in registry
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4628
    • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\115.0.1901.183\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\115.0.1901.183\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=MSPCManager.exe --webview-exe-version=1.2.4.22027 --user-data-dir="C:\Users\Admin\AppData\Local\PC Manager\webview2\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --enable-features=MojoIpcz,msSingleSignOnOSForPrimaryAccountIsShared --mojo-named-platform-channel-pipe=4628.684.12192184180475316876
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      • Checks system information in the registry
      • Enumerates system info in registry
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      • System policy modification
      PID:4680
      • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\115.0.1901.183\msedgewebview2.exe
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\115.0.1901.183\msedgewebview2.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\PC Manager\webview2\EBWebView" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\PC Manager\webview2\EBWebView\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=115.0.5790.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\115.0.1901.183\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=115.0.1901.183 --initial-client-data=0x18c,0x190,0x194,0x168,0x1dc,0x7ff929acd310,0x7ff929acd320,0x7ff929acd330
        3⤵
        • Executes dropped EXE
        PID:1900
      • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\115.0.1901.183\msedgewebview2.exe
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\115.0.1901.183\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\PC Manager\webview2\EBWebView" --webview-exe-name=MSPCManager.exe --webview-exe-version=1.2.4.22027 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1848 --field-trial-handle=1852,i,4856496156591425022,3792496695401488005,262144 --enable-features=MojoIpcz,msSingleSignOnOSForPrimaryAccountIsShared /prefetch:2
        3⤵
        • Executes dropped EXE
        PID:4672
      • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\115.0.1901.183\msedgewebview2.exe
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\115.0.1901.183\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\PC Manager\webview2\EBWebView" --webview-exe-name=MSPCManager.exe --webview-exe-version=1.2.4.22027 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=3004 --field-trial-handle=1852,i,4856496156591425022,3792496695401488005,262144 --enable-features=MojoIpcz,msSingleSignOnOSForPrimaryAccountIsShared /prefetch:8
        3⤵
        • Executes dropped EXE
        PID:4544
      • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\115.0.1901.183\msedgewebview2.exe
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\115.0.1901.183\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\PC Manager\webview2\EBWebView" --webview-exe-name=MSPCManager.exe --webview-exe-version=1.2.4.22027 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --mojo-platform-channel-handle=3248 --field-trial-handle=1852,i,4856496156591425022,3792496695401488005,262144 --enable-features=MojoIpcz,msSingleSignOnOSForPrimaryAccountIsShared /prefetch:1
        3⤵
        • Checks computer location settings
        • Executes dropped EXE
        PID:4996
      • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\115.0.1901.183\msedgewebview2.exe
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\115.0.1901.183\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\PC Manager\webview2\EBWebView" --webview-exe-name=MSPCManager.exe --webview-exe-version=1.2.4.22027 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=2020 --field-trial-handle=1852,i,4856496156591425022,3792496695401488005,262144 --enable-features=MojoIpcz,msSingleSignOnOSForPrimaryAccountIsShared /prefetch:3
        3⤵
        • Executes dropped EXE
        PID:3324

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\Microsoft\EdgeCore\115.0.1901.183\Installer\setup.exe
    Filesize

    3.5MB

    MD5

    d463c9c3651f1be4f789b6eb02f6784f

    SHA1

    223311a9f809158d33c377eb18d0163c6dedb207

    SHA256

    fb55843e093c83d347e36e15a10d36b9973410261395f7f7ed3850b0c576bcd9

    SHA512

    7586df47344821e6823c7f5e1e5291210be613dc1cff78315cd0358c7b9d85f19aa57403573234aad0162ff3eb3795f7f7196cf95575f4b7089e20dbeba62ad2

    Download Submit

  • C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}\115.0.1901.183\MicrosoftEdge_X64_115.0.1901.183.exe
    Filesize

    143.8MB

    MD5

    879842ed39f030bbcd770fcc1baa9a09

    SHA1

    d67dd62d30ee28e964cab3972b1eeb8b4102e1cb

    SHA256

    074c1a1e86497333b3c166a9b5dd648d77c48593c218fccae876d27048abc4a6

    SHA512

    ccb3d8ae440935002ac10ff7987a68cb0245a90d62daa25844877b92bc2dd93a5be0b049cac850a8dad402b2d0e5ceb6322fb875589cfcc967a57484a079f67b

    Download Submit

  • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
    Filesize

    200KB

    MD5

    3019ff91babc254f837717e7cb4d248e

    SHA1

    d5d51f6b337da30128301bac753dfbc76bc20bbc

    SHA256

    3f3c8c8736fb691c246b2510b3f88f6c7e56ca3b87d8532dc26424dfcaddcac3

    SHA512

    a781bde845914a7fead19b20cf2843b065f3b523e1beaf76ae4887be4c405c072567bd85e700087054468db35da40bb1751afadf26c6803da48d8375aa9efa9e

    Download Submit

  • C:\Program Files\Microsoft PC Manager\MSPCManager.exe
    Filesize

    539KB

    MD5

    bffee750e204442d07e5991bf0c74ba8

    SHA1

    102b0a23306a24c12766ca8cc4c0fc2fad983704

    SHA256

    52edbb9a0c4d71d1a5238d780c0cd6ba83cb5d1c069d7f922f1b9a529a94503a

    SHA512

    52b9364f2abd0b8fd33ccb1366ca9adebb0d75db5bfbe3739fd2c04cb6d2ce41ffe41339206720ca6e61cae56aed504b4d7c1b05e7b285a5661e0f38c99fde12

    Download Submit

  • C:\Program Files\Microsoft PC Manager\MSPCManagerService.exe
    Filesize

    77KB

    MD5

    59e307897b380adb9392346e60a3f159

    SHA1

    7e6215415c9f287f1de37dc081b5c642495f6690

    SHA256

    8cc7727d55bdc48b57f700297bfafe10a81936fe4ae060f3f09ae5d54b51fe8f

    SHA512

    9b09a36625fd3c80cc6a57339d64276bfad39a410e08ddb384eef4c5e6b189729e0f9c0127b22f2b768967933f3810cc59d8db6805c8affeae7ac896ee3b99ec

    Download Submit

  • C:\Program Files\Microsoft PC Manager\MSPCManagerService.exe
    Filesize

    77KB

    MD5

    59e307897b380adb9392346e60a3f159

    SHA1

    7e6215415c9f287f1de37dc081b5c642495f6690

    SHA256

    8cc7727d55bdc48b57f700297bfafe10a81936fe4ae060f3f09ae5d54b51fe8f

    SHA512

    9b09a36625fd3c80cc6a57339d64276bfad39a410e08ddb384eef4c5e6b189729e0f9c0127b22f2b768967933f3810cc59d8db6805c8affeae7ac896ee3b99ec

    Download Submit

  • C:\Program Files\Microsoft PC Manager\MSPCManagerService.exe.config
    Filesize

    4KB

    MD5

    6c911df4d05001f6937f20a958a23958

    SHA1

    b38a23aa53209b1531ee2289e04ecf980fe4982a

    SHA256

    047f32e8fa2f5efb34c48a169ec838e8e437e78719733f7bb1f619dfd608eff5

    SHA512

    646480e2f03e06782945aaec1e1f57e5f9a67fb62cfa704042698a38c825b804c2160d70653cca1f55251926709c0a73c1fe44dd09023aafb1fad3748d0b235f

    Download Submit

  • C:\Program Files\Microsoft PC Manager\Microsoft.ApplicationInsights.dll
    Filesize

    371KB

    MD5

    699cee0987f003b1cf476f976a6d74f2

    SHA1

    9275e7aa34109503b6a4d0b595aa383fb22baec7

    SHA256

    3283271e1fe2eb7bbd4ebb9be07456862c5c24741e86f7e8b160b9b23072629c

    SHA512

    235aea95660c83b4af46ff459b881d028d3f6ce028157777df70b0b8b50f000f6ccfb4e17b1d404c75018c08939690a63af419af6646083575370d55648554e1

    Download Submit

  • C:\Program Files\Microsoft PC Manager\Microsoft.Bcl.AsyncInterfaces.dll
    Filesize

    22KB

    MD5

    04c88564420358b917e0409f695decce

    SHA1

    34667acd804fb513f5819cf60345ad54b9be5835

    SHA256

    e836df6699bf61452aee1e4b102d914f8f07b054793f28b35871c6e1453cc06e

    SHA512

    f7276ec99141bd5882e4bb0a6e163688f65939a5d51c484537f9043d6c676b664b308f099b021f4918356dcb8783d0674dc9e92a2a0cac88c5bee2c1c50db567

    Download Submit

  • C:\Program Files\Microsoft PC Manager\Microsoft.Extensions.Configuration.Abstractions.dll
    Filesize

    20KB

    MD5

    065386e3586bed941b5d15d7b15a3023

    SHA1

    86a292d4e3bc75fed59f83e6905090fef1a1b523

    SHA256

    a88e5fb59ba29e21a4828b766d355d124daaa0f2a4b70a8729881b85f4f8c109

    SHA512

    94948659f2f7b1668972ff76358177e2e1e3460de6fcf6558d30bf50361fb0e082390adb0b203c5070a92d693231fe8bb5d17125142694a7524ebd4052ec8a22

    Download Submit

  • C:\Program Files\Microsoft PC Manager\Microsoft.Extensions.Configuration.Binder.dll
    Filesize

    28KB

    MD5

    1d5808f5b0b2f8bf1d340d2a2a450b94

    SHA1

    bfdaf2afb7c9aed3517a3ef655462bd75151b17b

    SHA256

    d11f95c78ed0c7fb3cf38c159c58cfe745c29e0cba004c11c67e6a08339b6ad2

    SHA512

    8854f718539377d7b02d4c197c7c032eb8b22be751a61f647d110699dea6f673f038e13128667cc68d4cb0f4c6784fdb983557b828d007d872940707956b4de4

    Download Submit

  • C:\Program Files\Microsoft PC Manager\Microsoft.Extensions.Configuration.CommandLine.dll
    Filesize

    23KB

    MD5

    632f516d18c95129e2910480da3815fc

    SHA1

    aafe130921577817f9feb736014bcc74571353be

    SHA256

    f9013dcdfc64fc60cf07f221a19029386c2faf113be72343722267027285c444

    SHA512

    76e313476adf6942311b6f1b581fe604d9389f02d3eab097e6321f9081c025f3a07cf6ef42724ab0158520bfd9a061488029226805da7a01efe5fd1f4ffefee2

    Download Submit

  • C:\Program Files\Microsoft PC Manager\Microsoft.Extensions.Configuration.EnvironmentVariables.dll
    Filesize

    20KB

    MD5

    32ee789f0d5e0376344dcc1a8e35ea2d

    SHA1

    e5755275b7e9a5623d8be42232b41d1748a4f3b5

    SHA256

    9079bcc3a884b267caf57c3c16847471da7fcd805af8507ddc2cf76a602ca90c

    SHA512

    bfd29fbfadabad9b69db0871b75c1b4676efb19228f50d1bb44b3bbb7c7627333cce3331764c061451bbaa49395a0021bf0d4021d7bbe0bce5cd8c06f63e47b2

    Download Submit

  • C:\Program Files\Microsoft PC Manager\Microsoft.Extensions.Configuration.FileExtensions.dll
    Filesize

    25KB

    MD5

    b94b3d9cf15e53f593b9cbd23272bfe6

    SHA1

    19d8117696f08bc55508ae3974ffd17cc2dc981b

    SHA256

    29e4ed0e015edde176290ea8fe6c538e07f9e47135c40d6eff860b855eb49a1e

    SHA512

    319a23968bb0a6a336b20fa40b333ce525e02429c8a6905ae82ea7a6e055f73e0a4ca816a6d0f1e50026e2e37fa6bcdcdbdefd621eb4afb05bc810884aeb1eff

    Download Submit

  • C:\Program Files\Microsoft PC Manager\Microsoft.Extensions.Configuration.Json.dll
    Filesize

    25KB

    MD5

    29855d891ace514ed3daff86cde8cd4e

    SHA1

    63c0d75add8a3241d7e11596233b038217d34e8f

    SHA256

    68e7bf5aba5ab4446904e97484db2a20033a96fe3bc9805386a18c7465c49ddf

    SHA512

    5235c9c6f5755e42b32d872597269daab9a8884054b0356e4d015db9d07c0f74df46416444bdb60eb622909b7ac1dab7bc2a90c206350cdb735aaaf0afe95de5

    Download Submit

  • C:\Program Files\Microsoft PC Manager\Microsoft.Extensions.Configuration.UserSecrets.dll
    Filesize

    24KB

    MD5

    dcd22611fc96de193cbc8ea2ed5a410d

    SHA1

    6860805d411398b1d3d6041e40a4b8c76b1b9323

    SHA256

    d5c3fbefa1a4e356c0c92c9be72bab3680382c10f6e3372ccad8dccbaa94cd6e

    SHA512

    a90bd2fa8780af23406e12a1bf09c6c102a2805dddfba2bb825c138ce2cf460acf0e90afbdbe0a8b3ca88f4674d20e25a86e05fbdda67653b8b4a3177e48f878

    Download Submit

  • C:\Program Files\Microsoft PC Manager\Microsoft.Extensions.Configuration.dll
    Filesize

    30KB

    MD5

    d39f9ba091d6a52478ebd897b02f1633

    SHA1

    305493e663791a17c9e361c0a0665a46a8176cc8

    SHA256

    e2f5eb2aea0203c4fd1956e03136fad5547d5aeb6861dbfcd190e26c92f54ed5

    SHA512

    e92ed4861576a22006e1417ac4334bd68492a049e64045b14534ea0358224382e500971ebce7cc6564d45525e7ce16001a97b610c1038bc7dec7a2f77e16275b

    Download Submit

  • C:\Program Files\Microsoft PC Manager\Microsoft.Extensions.DependencyInjection.Abstractions.dll
    Filesize

    46KB

    MD5

    383f7c7e268f59dfc5327ba51c7fd3cc

    SHA1

    3bdb65452e61895a84daf0b80762f1601c802869

    SHA256

    b93b4fcb144d4dcaceb84e62c13076c08a28a7e53396b7eaf514e7586c4ef8ce

    SHA512

    eb234ce0248c6cd8f80378ab1e41f36a20dae17a787c70b89721ab3291a634bca0abcb6965c18025c257a5c88a84e9bc2bc7de1365160a9f27a967a0d16d10fb

    Download Submit

  • C:\Program Files\Microsoft PC Manager\Microsoft.Extensions.DependencyInjection.dll
    Filesize

    83KB

    MD5

    0158436ccb2aa3d5e06f0cf64fe36a57

    SHA1

    41fd251dc2243b7e70eff0127b1cf6a24aca93c4

    SHA256

    d86630855ba73029af5db5e83530be088e4960e43760a75faeffb37d9fa84d4b

    SHA512

    27cf889baf0fd2a251f281ecef0fcbd51d0a15e7715b505a135648962fc0f1b24c260fbec0b2a94bacd5b143a8ae9129f6bad5d3958f1a2e18e3fd1243270d09

    Download Submit

  • C:\Program Files\Microsoft PC Manager\Microsoft.Extensions.FileProviders.Abstractions.dll
    Filesize

    17KB

    MD5

    f8ffa048b4f60009ab75276628bedb4f

    SHA1

    b5692482a40ef28571b757f885c748b14208339d

    SHA256

    8b7dd4319c6da10d30ec16f6419812251f6436720f6078fd8363800379eb436f

    SHA512

    69fa805b07478ccd841c499c9363bee91b8567dacd03bd248e5a7bcf31d003c35d6914e288e87d6edb2f11ecaaabe2ca2bf043733e56ed6b4e540a3945e99581

    Download Submit

  • C:\Program Files\Microsoft PC Manager\Microsoft.Extensions.FileProviders.Physical.dll
    Filesize

    35KB

    MD5

    3c0589db2aba7ecaa52600338517396f

    SHA1

    0680bc943bba786a67685da1e32b7c75ec96c5a9

    SHA256

    60769c5f701a6cdea46d02d4371c69b69ba51c1ce29ee227a65070352b836850

    SHA512

    1ea458e39b61f442120e892e1b4a949baed4a76dc14caa813e357f6b8cd49145d4fb17d644d0d67da77aa1d77dc5c302bd846aebbad9703d8843e779e3e79387

    Download Submit

  • C:\Program Files\Microsoft PC Manager\Microsoft.Extensions.FileSystemGlobbing.dll
    Filesize

    39KB

    MD5

    7c0eecce8660c6d0076d655d5437f841

    SHA1

    1551667de7dfab5b0174dcc71f5be390eebc69f0

    SHA256

    732123ffc4bf6b52278831e393d08ae82081cd5a3f1a6b6ace7cbc341e9f5973

    SHA512

    eb05b179cef10aa047f7dc2d2e67a09da63e9261ddf2629a6ad4f449f757a56f31ed87fa73328efdc1df4758e991315781a0e15dd3fa53d7b7e942dcaeb08e03

    Download Submit

  • C:\Program Files\Microsoft PC Manager\Microsoft.Extensions.Hosting.Abstractions.dll
    Filesize

    27KB

    MD5

    c7c202bc30663ff57330d9c324696cd0

    SHA1

    94a87545fbefe85c59f95a17a8a61c836d573561

    SHA256

    ad4dc8e3d6e3c2faaff966030e5c50a976e92ed9539623262c54ae076cd8abaa

    SHA512

    bfdba1f37287a52ab126f1d1bd1cb21fb2f08dfb63a407158500e78e9c079ab4e3872e564e3d2297a2561a5af3088922a8f571efd58f61330a8680e1f92d0e0b

    Download Submit

  • C:\Program Files\Microsoft PC Manager\Microsoft.Extensions.Hosting.WindowsServices.dll
    Filesize

    22KB

    MD5

    07e695c0130c209d3414664620d9cd43

    SHA1

    c420f2540fedbeb56e7fffe997a3c2f6fb2bcedf

    SHA256

    156124400596f9af1b22f7dff12ebcaf436f5b8bdc2ae3068d8c40634843db93

    SHA512

    6c4bd38e5c2d45c177d807cceb050e4fbe39467ff2cb42012f62349199113a8ed033dc1293bd92f004a847c6e24dbede5b24738d8c80e5b2f572fed2ce09c3f0

    Download Submit

  • C:\Program Files\Microsoft PC Manager\Microsoft.Extensions.Hosting.dll
    Filesize

    42KB

    MD5

    8304258d92f955c0ee24ca4a6093d8a3

    SHA1

    cd6760b04e75b5b5966a066b18687bff1f23d43d

    SHA256

    216c804092d22f903fd271247b0c7284e06b29d0b117e4f5ac442bdb5b562205

    SHA512

    86125f4bc55a77fc1e88847228c7ebf810c7e8455c0178a392a2a354980b9a1fdf3362ac6ca7898c40e948c803f26446d7483021f74a1b645df12adab8403933

    Download Submit

  • C:\Program Files\Microsoft PC Manager\Microsoft.Extensions.Logging.Abstractions.dll
    Filesize

    63KB

    MD5

    5acd0f2044c973bc02c39e351722e68b

    SHA1

    bf95069d8e25164a261af69a93331f0aa7092073

    SHA256

    a02f31c3288ab0df96cab2db6a587b1a668cf0ab13ac0887f2718f2be5245c3d

    SHA512

    95c251b6b9b51590c7b7e28393fad85beeff469f8d34eee836da8d53e13e2de79012b0292946c65f871c7b371aec5d388297137868b21bd60dd1cfba9b1881cd

    Download Submit

  • C:\Program Files\Microsoft PC Manager\Microsoft.Extensions.Logging.Configuration.dll
    Filesize

    20KB

    MD5

    21c0e96c854f082ef6795f879b2175d0

    SHA1

    9239fe934ecf0a61249b6339887a9c195e9861cf

    SHA256

    6179c8b7483d67581e930448798d8ae7eaf737016c4fb56aa391b664d5c10bb4

    SHA512

    3ef97ad5744415bd5cd88de0fd3019c5de06c428dfe9f72cc587da2aa6985ecbb92650faa6c11cc9c9dd79dcd7d5fa4fcd2191e5c8fbdfaa5e52eb1daa96b824

    Download Submit

  • C:\Program Files\Microsoft PC Manager\Microsoft.Extensions.Logging.Console.dll
    Filesize

    51KB

    MD5

    4bd1c156be36bb58f01260d78f92a885

    SHA1

    5c71c3175eb9121f2cd8cd912fb4dd6005dab17a

    SHA256

    71ddc87dbe583b107586ced316e764ee5a317c567291a94eebca2588ace5d9d2

    SHA512

    cbaf07665ce5b790f62187d22d2fdff2892c8adde7c133e208fddcc5c7d2120e08c41dcd54522fb06cf78501e998ee8c7792afc6195ccddfc52a2096154804d6

    Download Submit

  • C:\Program Files\Microsoft PC Manager\Microsoft.Extensions.Logging.Debug.dll
    Filesize

    18KB

    MD5

    6d867ec03640cef6abb47fdaec98f7e0

    SHA1

    58b43fd5b145aa3db9a48b594883ee5788c8f055

    SHA256

    19c3baa051318db9325d3b095ca37525fdda35bc8c73648c9fa1d7e3f03b3ded

    SHA512

    04b5480866fb10de1bd87917f3d4c64fc6b21af80175d78425ea59cfc931cc3d8a55d2dbf82eaf2d698b5b6423582b2ffa9ae3f7d286fbb93c1d824380bb1df1

    Download Submit

  • C:\Program Files\Microsoft PC Manager\Microsoft.Extensions.Logging.EventLog.dll
    Filesize

    22KB

    MD5

    9b66d76f8cbbf99bc4a61dbe81f6c0ec

    SHA1

    e641c2dd76da2ac7d01b32efe8518e4fb66ab0a8

    SHA256

    8faf79f1b5b0fbf4c6e9b129f62f757c4cb652ca9ea395fd9b0613e6e44aea79

    SHA512

    2f3186e83e87282422cb9704e03c459629eb37f113c2106daad445a2db9dc603d765588b9e639811aceefee266f00ea0b0fccf36e3c6dd38be7e5069512cad2d

    Download Submit

  • C:\Program Files\Microsoft PC Manager\Microsoft.Extensions.Logging.EventSource.dll
    Filesize

    30KB

    MD5

    742ddb8a7862b6ed29ae44c8820c3f97

    SHA1

    9a5523a293bc8f55e287bc6963d6e598897be372

    SHA256

    36dc6fa88937b774a74e5f8b9e3df36c1b35713e00704057aaaa18af8617eebc

    SHA512

    903e2853c2bb3e3cd25e5666c97d02a893dc5d112e7722c15fa54c2c38a52a45fab4170d3c4071668651e00a84372a5ceeba632c11f01f20a56c6cc5173f8533

    Download Submit

  • C:\Program Files\Microsoft PC Manager\Microsoft.Extensions.Logging.dll
    Filesize

    44KB

    MD5

    f458bd72ae4987afb1269932ce649922

    SHA1

    df5e664d018efa3ee4369a3029ea618697d5e071

    SHA256

    071b313444a5d540a437a5b71366299e3f1da35bf985e23ddee4bb9c176c5b2e

    SHA512

    08eb40bd7f51af0845aa098bb0f78742f0a98c95643916bec1e77efb3f24e0d7b64f0c4aadd39c006097096ddc1407a7ba2acf9bdb525d2cca6ef333dd0647b7

    Download Submit

  • C:\Program Files\Microsoft PC Manager\Microsoft.Extensions.Options.ConfigurationExtensions.dll
    Filesize

    19KB

    MD5

    4a54efcc56d972aa5920dfb90c5d7741

    SHA1

    7b314eacc97a618aeba154d59ee57d75f47ed70c

    SHA256

    b53e34276e9accb20384235ad3b95611785a03fc501311065074bd61e129342a

    SHA512

    65078df022bb2b089f7abce9f9e3c65b976e4c638ac0c20a251c32001c2c2aa2af939dfcd38b8b90ab48ca1c211e2204d2f521770424ae116cadbbaffd6499cb

    Download Submit

  • C:\Program Files\Microsoft PC Manager\Microsoft.Extensions.Options.dll
    Filesize

    57KB

    MD5

    6735d046ed6886ebb1fd28fdd3a6c63d

    SHA1

    00dad112ec2700139249cd9dfc5394642e0a9981

    SHA256

    c95a76d2597180d8de538c3d991eee8b2b453233f24ea84dfab6ce4f3d4c8135

    SHA512

    bf7bb13ef418e87d615b561d8e9d28b0f1a0d4cd5213f7e6b18f950a58b7cbf4f7b68a93ce8145c25dcdb59675f4475a35c2a1fcaee2bc76e15846f67f0b12ab

    Download Submit

  • C:\Program Files\Microsoft PC Manager\Microsoft.Extensions.Primitives.dll
    Filesize

    42KB

    MD5

    80fc9582a35b32ff99dd745395fc0d3b

    SHA1

    88898ba23e4be6c125c5b954534beb0943aa2f26

    SHA256

    31dff40223eb323a19f981b263ebd59e618e5380dc87265c34bb9899f8d3e4d9

    SHA512

    bcc506f2aa841d1270be6473f40a37a56327e014754c0bd57ab0a44072b033e6c3368d104b7ca1fe81448d5ec43ac247f6999b8349c3f138bfac7b1b2bcfe08e

    Download Submit

  • C:\Program Files\Microsoft PC Manager\Microsoft.WIC.LocalRpc.dll
    Filesize

    135KB

    MD5

    265a83bd16c50d7c9fd0332283ddc5c1

    SHA1

    182791488aa394ebf3e0731bfc96cd9ac112d414

    SHA256

    a539c00d472799256b7b5d520ec1cc7886f21f52d6a482570351d155cde659e5

    SHA512

    313c4ea88dcd4220fe2f19e26ac7079616366b3c2cbdef9a8e16e81e56698764d0e60b3d272fae815aa7c43ecfe2852b16e7ca0b7615e7f525d4f22aac676429

    Download Submit

  • C:\Program Files\Microsoft PC Manager\Microsoft.WIC.PCManager.AntiHack.Service.dll
    Filesize

    64KB

    MD5

    532f6b8a6d4ad856b5a1073df4d3f643

    SHA1

    e00183045327a5c1b747f52512d2a46a42e94c49

    SHA256

    a7b7875575b75c9826b1ace38a5445815728303157af5e93c016f80d495400d7

    SHA512

    9d6b924cefdd46a718d7ec4bd3b1641eeaa57a783af73cc837dc260092ff82137cdf7fe2ca58df0f2e05601e14b982ea2c8aa1ef89e74608574507ad01b20ec8

    Download Submit

  • C:\Program Files\Microsoft PC Manager\Microsoft.WIC.PCManager.AntiHack.Service.dll
    Filesize

    64KB

    MD5

    532f6b8a6d4ad856b5a1073df4d3f643

    SHA1

    e00183045327a5c1b747f52512d2a46a42e94c49

    SHA256

    a7b7875575b75c9826b1ace38a5445815728303157af5e93c016f80d495400d7

    SHA512

    9d6b924cefdd46a718d7ec4bd3b1641eeaa57a783af73cc837dc260092ff82137cdf7fe2ca58df0f2e05601e14b982ea2c8aa1ef89e74608574507ad01b20ec8

    Download Submit

  • C:\Program Files\Microsoft PC Manager\Microsoft.WIC.PCManager.AntiHack.Service.dll
    Filesize

    64KB

    MD5

    532f6b8a6d4ad856b5a1073df4d3f643

    SHA1

    e00183045327a5c1b747f52512d2a46a42e94c49

    SHA256

    a7b7875575b75c9826b1ace38a5445815728303157af5e93c016f80d495400d7

    SHA512

    9d6b924cefdd46a718d7ec4bd3b1641eeaa57a783af73cc837dc260092ff82137cdf7fe2ca58df0f2e05601e14b982ea2c8aa1ef89e74608574507ad01b20ec8

    Download Submit

  • C:\Program Files\Microsoft PC Manager\Microsoft.WIC.PCManager.AntiVirus.dll
    Filesize

    113KB

    MD5

    807d4dd95c9fcf1503695ac8a92f86b7

    SHA1

    237da5f5ce7654dab48bf9de1a82315cfb38c844

    SHA256

    4a76d36a80f34691ca6e23518e6efe616a06a0c64fcb310208a599a29d654cea

    SHA512

    4d1950882acbc0bb1eb6dee58539ffadc6a132531acfd919a265f644afcc0cf6dddc2951ecb31fe4825a404076792c3c72f3aefb8af2511e1d541914091988e5

    Download Submit

  • C:\Program Files\Microsoft PC Manager\Microsoft.WIC.PCManager.AntiVirus.dll
    Filesize

    113KB

    MD5

    807d4dd95c9fcf1503695ac8a92f86b7

    SHA1

    237da5f5ce7654dab48bf9de1a82315cfb38c844

    SHA256

    4a76d36a80f34691ca6e23518e6efe616a06a0c64fcb310208a599a29d654cea

    SHA512

    4d1950882acbc0bb1eb6dee58539ffadc6a132531acfd919a265f644afcc0cf6dddc2951ecb31fe4825a404076792c3c72f3aefb8af2511e1d541914091988e5

    Download Submit

  • C:\Program Files\Microsoft PC Manager\Microsoft.WIC.PCManager.AntiVirus.dll
    Filesize

    113KB

    MD5

    807d4dd95c9fcf1503695ac8a92f86b7

    SHA1

    237da5f5ce7654dab48bf9de1a82315cfb38c844

    SHA256

    4a76d36a80f34691ca6e23518e6efe616a06a0c64fcb310208a599a29d654cea

    SHA512

    4d1950882acbc0bb1eb6dee58539ffadc6a132531acfd919a265f644afcc0cf6dddc2951ecb31fe4825a404076792c3c72f3aefb8af2511e1d541914091988e5

    Download Submit

  • C:\Program Files\Microsoft PC Manager\Microsoft.WIC.PCManager.CleanTrash.Service.dll
    Filesize

    66KB

    MD5

    065a6e7a091f30e762276d5dae2b9102

    SHA1

    5afdeca927ca073da251229761f34fec2a67afd3

    SHA256

    dfe3316dc212688bb2dbbdc6a1aeade6daec5732ff1be9a956196d24f0d3c755

    SHA512

    23b769ec5c54aeffe54cb90444cb8772f89dda926b10564d60945058f3569bc0ca2cfb1bd9ff022f6fceaad8628b22516caf678af8d77498e8868c498033995b

    Download Submit

  • C:\Program Files\Microsoft PC Manager\Microsoft.WIC.PCManager.CleanTrash.Service.dll
    Filesize

    66KB

    MD5

    065a6e7a091f30e762276d5dae2b9102

    SHA1

    5afdeca927ca073da251229761f34fec2a67afd3

    SHA256

    dfe3316dc212688bb2dbbdc6a1aeade6daec5732ff1be9a956196d24f0d3c755

    SHA512

    23b769ec5c54aeffe54cb90444cb8772f89dda926b10564d60945058f3569bc0ca2cfb1bd9ff022f6fceaad8628b22516caf678af8d77498e8868c498033995b

    Download Submit

  • C:\Program Files\Microsoft PC Manager\Microsoft.WIC.PCManager.CleanTrash.Service.dll
    Filesize

    66KB

    MD5

    065a6e7a091f30e762276d5dae2b9102

    SHA1

    5afdeca927ca073da251229761f34fec2a67afd3

    SHA256

    dfe3316dc212688bb2dbbdc6a1aeade6daec5732ff1be9a956196d24f0d3c755

    SHA512

    23b769ec5c54aeffe54cb90444cb8772f89dda926b10564d60945058f3569bc0ca2cfb1bd9ff022f6fceaad8628b22516caf678af8d77498e8868c498033995b

    Download Submit

  • C:\Program Files\Microsoft PC Manager\Microsoft.WIC.PCManager.Common.AhFlt.dll
    Filesize

    27KB

    MD5

    0eacbfcc68cbc47c8ac444c175c4283b

    SHA1

    e85beb3ff6b98ec59dfb1eb04978818ac1ee7aed

    SHA256

    b74acf8da656e4b9c1f519ecdd86709588a0fae20775c1ed01bb9c5523b2c85e

    SHA512

    f7c50443ea747c5a3a52b40ff334638483d666c8dc9fd44b90c40587bb4303cc4aa0d4d7159f9ef50dbde7d331bed0c59b01aa7b7700630e3b0134f3bc46b887

    Download Submit

  • C:\Program Files\Microsoft PC Manager\Microsoft.WIC.PCManager.Common.AhFlt.dll
    Filesize

    27KB

    MD5

    0eacbfcc68cbc47c8ac444c175c4283b

    SHA1

    e85beb3ff6b98ec59dfb1eb04978818ac1ee7aed

    SHA256

    b74acf8da656e4b9c1f519ecdd86709588a0fae20775c1ed01bb9c5523b2c85e

    SHA512

    f7c50443ea747c5a3a52b40ff334638483d666c8dc9fd44b90c40587bb4303cc4aa0d4d7159f9ef50dbde7d331bed0c59b01aa7b7700630e3b0134f3bc46b887

    Download Submit

  • C:\Program Files\Microsoft PC Manager\Microsoft.WIC.PCManager.Common.AhFlt.dll
    Filesize

    27KB

    MD5

    0eacbfcc68cbc47c8ac444c175c4283b

    SHA1

    e85beb3ff6b98ec59dfb1eb04978818ac1ee7aed

    SHA256

    b74acf8da656e4b9c1f519ecdd86709588a0fae20775c1ed01bb9c5523b2c85e

    SHA512

    f7c50443ea747c5a3a52b40ff334638483d666c8dc9fd44b90c40587bb4303cc4aa0d4d7159f9ef50dbde7d331bed0c59b01aa7b7700630e3b0134f3bc46b887

    Download Submit

  • C:\Program Files\Microsoft PC Manager\Microsoft.WIC.PCManager.Common.Rpc.Schema.dll
    Filesize

    171KB

    MD5

    740490519003a204a45e572efe6ed4b7

    SHA1

    041e2d6adabccdfd5488651c05ee345c634c970d

    SHA256

    41492a3b97269b2efa2932e09fec8472534a26d07485304bc6fcdb692fc6d386

    SHA512

    d64687f312a9bb93f12d4865dfa4f239845a4df03aae1acc842f2db2f8196c58e460fbfd2f90d2c2b1259a58228fc3474716f913eeaec4f33e08369deae0fbef

    Download Submit

  • C:\Program Files\Microsoft PC Manager\Microsoft.WIC.PCManager.Common.Rpc.Schema.dll
    Filesize

    171KB

    MD5

    740490519003a204a45e572efe6ed4b7

    SHA1

    041e2d6adabccdfd5488651c05ee345c634c970d

    SHA256

    41492a3b97269b2efa2932e09fec8472534a26d07485304bc6fcdb692fc6d386

    SHA512

    d64687f312a9bb93f12d4865dfa4f239845a4df03aae1acc842f2db2f8196c58e460fbfd2f90d2c2b1259a58228fc3474716f913eeaec4f33e08369deae0fbef

    Download Submit

  • C:\Program Files\Microsoft PC Manager\Microsoft.WIC.PCManager.Common.Rpc.Schema.dll
    Filesize

    171KB

    MD5

    740490519003a204a45e572efe6ed4b7

    SHA1

    041e2d6adabccdfd5488651c05ee345c634c970d

    SHA256

    41492a3b97269b2efa2932e09fec8472534a26d07485304bc6fcdb692fc6d386

    SHA512

    d64687f312a9bb93f12d4865dfa4f239845a4df03aae1acc842f2db2f8196c58e460fbfd2f90d2c2b1259a58228fc3474716f913eeaec4f33e08369deae0fbef

    Download Submit

  • C:\Program Files\Microsoft PC Manager\Microsoft.WIC.PCManager.Common.dll
    Filesize

    199KB

    MD5

    f1324816052a2ee92cd9ef28f0813cbb

    SHA1

    023f1fe9146799f915e694e4000ba96c52263b11

    SHA256

    b9e7592a3bfb506bb63b292e8d41f3b9fb804b5e2642868c0931957e24482775

    SHA512

    cdb443afb95f465f2bd755bc282f373d588b8ba2f881aac29d0f358d1f9ac77a26926657e14c973d7c7a2433886e384824d4028ae568faabe2109de871b23d9e

    Download Submit

  • C:\Program Files\Microsoft PC Manager\Microsoft.WIC.PCManager.Common.dll
    Filesize

    199KB

    MD5

    f1324816052a2ee92cd9ef28f0813cbb

    SHA1

    023f1fe9146799f915e694e4000ba96c52263b11

    SHA256

    b9e7592a3bfb506bb63b292e8d41f3b9fb804b5e2642868c0931957e24482775

    SHA512

    cdb443afb95f465f2bd755bc282f373d588b8ba2f881aac29d0f358d1f9ac77a26926657e14c973d7c7a2433886e384824d4028ae568faabe2109de871b23d9e

    Download Submit

  • C:\Program Files\Microsoft PC Manager\Microsoft.WIC.PCManager.Common.dll
    Filesize

    199KB

    MD5

    f1324816052a2ee92cd9ef28f0813cbb

    SHA1

    023f1fe9146799f915e694e4000ba96c52263b11

    SHA256

    b9e7592a3bfb506bb63b292e8d41f3b9fb804b5e2642868c0931957e24482775

    SHA512

    cdb443afb95f465f2bd755bc282f373d588b8ba2f881aac29d0f358d1f9ac77a26926657e14c973d7c7a2433886e384824d4028ae568faabe2109de871b23d9e

    Download Submit

  • C:\Program Files\Microsoft PC Manager\Microsoft.WIC.PCManager.Configuration.dll
    Filesize

    41KB

    MD5

    9641bbccf3d60a4ea51e4194bacc5809

    SHA1

    f73d609bb901b561eb947b9e6190edc243d08190

    SHA256

    950166944de92ed9fd460e99111c0eac823d4bdc9f03e557df277bd83541a91d

    SHA512

    bd692c2d039ef9c18c5b352460c37606d08cf4ad04fb5d44cca4693e2b9daa710b195c2624f627e334d85801eb51e13beb1a94ab1aedbc321e5bf64a05a468b2

    Download Submit

  • C:\Program Files\Microsoft PC Manager\Microsoft.WIC.PCManager.Configuration.dll
    Filesize

    41KB

    MD5

    9641bbccf3d60a4ea51e4194bacc5809

    SHA1

    f73d609bb901b561eb947b9e6190edc243d08190

    SHA256

    950166944de92ed9fd460e99111c0eac823d4bdc9f03e557df277bd83541a91d

    SHA512

    bd692c2d039ef9c18c5b352460c37606d08cf4ad04fb5d44cca4693e2b9daa710b195c2624f627e334d85801eb51e13beb1a94ab1aedbc321e5bf64a05a468b2

    Download Submit

  • C:\Program Files\Microsoft PC Manager\Microsoft.WIC.PCManager.Configuration.dll
    Filesize

    41KB

    MD5

    9641bbccf3d60a4ea51e4194bacc5809

    SHA1

    f73d609bb901b561eb947b9e6190edc243d08190

    SHA256

    950166944de92ed9fd460e99111c0eac823d4bdc9f03e557df277bd83541a91d

    SHA512

    bd692c2d039ef9c18c5b352460c37606d08cf4ad04fb5d44cca4693e2b9daa710b195c2624f627e334d85801eb51e13beb1a94ab1aedbc321e5bf64a05a468b2

    Download Submit

  • C:\Program Files\Microsoft PC Manager\System.Buffers.dll
    Filesize

    21KB

    MD5

    bb1236091a2a394d5bfc9c22c50318a5

    SHA1

    72dedbf90ffb0cb5073e54fd978ff0742494b279

    SHA256

    06310457c34f10a56901ba2a7528a5b0c64cac71eab858b4e095b5f65ab6f2d8

    SHA512

    5fa6cc1783a000532d122fbd5aeaf8733b57d972b2fefcaa029722cc7d0b417bd569fbec52bc22063bd97ca8b41bdcc11352974f691ec40bf285c4e2fda1ed91

    Download Submit

  • C:\Program Files\Microsoft PC Manager\System.Memory.dll
    Filesize

    138KB

    MD5

    aa768e0050c6f8f93a22ebb286f8a38d

    SHA1

    bb4f070bc71a37f72412cadc815151a25c9e2805

    SHA256

    fa7899703b65e86bccd4875ccb47fa6fda98e947a7177a648246187b3da3f583

    SHA512

    6f89fd7f8d4ad5bb664a83edc60cc36a51e0c6aa1bf2dba997002164d0687d3eb45d52a0f866b574507fb6546338c6a0feec6ffaac55330aefe247ce8b34d520

    Download Submit

  • C:\Program Files\Microsoft PC Manager\System.Numerics.Vectors.dll
    Filesize

    107KB

    MD5

    858a2835f3152e9e1cb67c96ef5e73d6

    SHA1

    f40caf36dfe1cc3ada7ef5f80f0cb1254aea9507

    SHA256

    de7c850c6118bdb40c35a30d0a8a018b065aef5b3913462d272cd5e04cd769db

    SHA512

    d6d998ea6ab673fbd19f4854b78ade0a744eb222a43a8631a76169e370b7ffea2aa8bf46949fc9b772c1550cd5959c1202fc1ccd60d6c7529df8685c1d6c4b63

    Download Submit

  • C:\Program Files\Microsoft PC Manager\System.Runtime.CompilerServices.Unsafe.dll
    Filesize

    18KB

    MD5

    4c6651af6dbe98f8d359c7d6ca90627a

    SHA1

    98c91743860c9ad197a1afa63e6f23295a97a5c4

    SHA256

    a971743f0af42eaf410cd830a729162de33a1132d8e4c4dec63f1d2320bc7537

    SHA512

    3d02dc7846b5975d79d8fbd9cfff97ecca643ca8840ea97778c267dd78bb32af5744ac4489a19aca77a884f6bcd82478c1f1204c0836e9d99e041805663150c6

    Download Submit

  • C:\Program Files\Microsoft PC Manager\System.ServiceProcess.ServiceController.dll
    Filesize

    18KB

    MD5

    11e4c794999755c910a1a5ff93b5d505

    SHA1

    06f2a077b8bfd15262efc4300f1a38e3c527299f

    SHA256

    d223ac5ce922c3a18d98edbd5dcab1f6d372e0f874db1f4aab5c481eddbe6a6e

    SHA512

    665d5892b49a2a276e0b91ea442a1560a811b54b20f4bd8adca2b72df6f032bc0051d91ebd5924ea63fa87343f556de026ad7a637b35c39e9105bcfaca8e326c

    Download Submit

  • C:\Program Files\Microsoft PC Manager\System.Text.Encodings.Web.dll
    Filesize

    65KB

    MD5

    9674db0c2c8182f11cf3f52c1aa7b495

    SHA1

    1f9514e2fd595a9dd6bd54f34dcf481cc9908bf1

    SHA256

    c9e3b0cbd5276be54bf3d1e13b2f59733ff68a6ce94dbe405d746cbc23ace549

    SHA512

    70d6d9979063c6b85760e1553fab59ce5d03403d6a3f6eaf5fb8ce27e28c1760bcbef85594e3792fb67c20917e9701775099f19dc10adab84a07edf1670833c1

    Download Submit

  • C:\Program Files\Microsoft PC Manager\System.Text.Json.dll
    Filesize

    348KB

    MD5

    8b0baf941361ca52d5634cb84e62300c

    SHA1

    894c72abee625e54508eb98bedea4f71eafd331a

    SHA256

    759af56a662fcad7a428a5322fe0a063313f55bacfbf8a928fd83a57529db55c

    SHA512

    6c5005e4b0e56ae74f93fa013fb9e418dab29dff567ee6ef2e45c10127b742bc0fdc8efd39b00317a518e1dea7b45b20a88564fde805e81cf60652d2a5fcb11c

    Download Submit

  • C:\Program Files\Microsoft PC Manager\System.Threading.Tasks.Extensions.dll
    Filesize

    26KB

    MD5

    e2820fb081079560846425f96056b878

    SHA1

    89b7faba5e1d23982d63f3e92f73bc52e87b8f5b

    SHA256

    f38ab38519ed7bf5d766599ca87b84f311466e87c2efda31a701856674420e61

    SHA512

    df875b74b24cdb75b45baff03688dcb8d10c09ae81ddb93404a5be23847e1d4ceb7072e55ed71cb59fd96fdfe355120b294a59d6c7bb9fdd304ecfce466895e0

    Download Submit

  • C:\Program Files\Microsoft PC Manager\appsettings.json
    Filesize

    172B

    MD5

    61860bba2e9734eeb31999b36d82fdb1

    SHA1

    413fbce3ae09566d290c6d07750a78843e11d5fc

    SHA256

    2ff9730fc1639bce7dccec51498a0446b31a6bed3aa1fcf0e5cf51f52f21c658

    SHA512

    5dda4e7ad6b3dcb858508b9f6dfe387ed2c36f4d30db012c9d7c558e1281081eb93325272d602be27187466baf35e4b961aea3b34369c6f4af57c9cb823a47ab

    Download Submit

  • C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log
    Filesize

    128KB

    MD5

    3e0fa1a95457c8f8d891aefb2a676f8c

    SHA1

    7bb691c6e995bb1db264c4665c2d2061505629c0

    SHA256

    b5ee8d1b070c9dc99fd615841c76b51ba3835fd09b8da3da76bc904123caf2c6

    SHA512

    173a1cd107b4b08e233430d2eb95f90f97d0f8da2e43c1e5c9a888aca0f70233d354ac54efde97802a19a8975a76740f0235b1be7fe9659d3affbc5bc9b9ecfe

    Download Submit

  • C:\ProgramData\Windows Master\Common\IconCache\chrome.png
    Filesize

    1KB

    MD5

    b095e0109a8d54a00b85be0d2a7e6e50

    SHA1

    70ec9a62c019f3a6a2199a171ce3ec5f35b0824b

    SHA256

    e1923cec0124f606f320391ec346fec5df8c1507a4e366f78e54ca8c464ee8d4

    SHA512

    4c556d07719b6f1b060c94edb9d5a7a8c7bf1e9f58f565c60010b15cef2d81351d8a0115b3d888faa36997be46252c8cd6c6edb5b2731e7e2c628618d14d3de3

    Download Submit

  • C:\ProgramData\Windows Master\Common\IconCache\firefox.png
    Filesize

    2KB

    MD5

    3660dfc75a5e606366caa45360acde03

    SHA1

    0796263ac8e5125b27a8bb2a95de131cf222a38a

    SHA256

    7c0a86835e68156b1596949eac540ef1ba90a87008219fcc5a24f02b8e7b4d20

    SHA512

    51eccfb08326558f44d84fb2f5d3cdd179849a35e7c3ccb6d261f1747f3d8453ccdb5c8466de35e09d4e309e755f6416371b077c44ef2401dd9c503d9088226a

    Download Submit

  • C:\ProgramData\Windows Master\Common\IconCache\msedge.png
    Filesize

    2KB

    MD5

    e0d65c60a38c4b9874ef76b1ae1accdb

    SHA1

    f17c5aefe57b91f54517ff668435b0c6777af610

    SHA256

    ee4105f1f35583d53d305ce6f66da5f8822b5e47e3e236dc8a4e44af695a1b59

    SHA512

    424274b6e89f687883365cf0eeb731c90bdceed4708b8432bc0ccfd85d9c9574f15182de9daf4319cd3359771510b5211050a2fc21cd5206db38dd6d340fdad6

    Download Submit

  • C:\Users\Admin\AppData\Local\PC Manager\webview2\EBWebView\Crashpad\settings.dat
    Filesize

    280B

    MD5

    8afc513b7bbd4f7a746a1064c0b0f3c0

    SHA1

    4440c37f345dfe8bfe66065fd1a1d80635ddc449

    SHA256

    3d316cefa35c644989944bd450fa586acdf874f585cf4829dc207403cea8ecf3

    SHA512

    4829ca0b58562d0b06552b092ada6ee6381ac2b8360f1554abf7b7370c9d47c57c5ddb383d72a2d650dc62a02e868d56bdb786135025f17aa205232b5f22d60f

    Download Submit

  • C:\Users\Admin\AppData\Local\PC Manager\webview2\EBWebView\Crashpad\settings.dat
    Filesize

    280B

    MD5

    9e8681a5c2d6827aa722daf58a7f1b59

    SHA1

    d121ee3553ac7051229e849a37714166eed7c4d5

    SHA256

    7ca98e367eb3cb6ae5657697c83f71c5865903d44837241277d37e04e8a72733

    SHA512

    3813af999e6980a042d298d4525a7aa4aea0f24fac28f18d21c0b216ceab42fb8272564a6d58d69e7ad98584fa0fb916c551f998d44053bca871f520f1064bf8

    Download Submit

  • C:\Users\Admin\AppData\Local\PC Manager\webview2\EBWebView\Default\Cache\Cache_Data\data_0
    Filesize

    8KB

    MD5

    cf89d16bb9107c631daabf0c0ee58efb

    SHA1

    3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

    SHA256

    d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

    SHA512

    8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

    Download Submit

  • C:\Users\Admin\AppData\Local\PC Manager\webview2\EBWebView\Default\Cache\Cache_Data\data_1
    Filesize

    264KB

    MD5

    d0d388f3865d0523e451d6ba0be34cc4

    SHA1

    8571c6a52aacc2747c048e3419e5657b74612995

    SHA256

    902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

    SHA512

    376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

    Download Submit

  • C:\Users\Admin\AppData\Local\PC Manager\webview2\EBWebView\Default\Cache\Cache_Data\data_2
    Filesize

    8KB

    MD5

    0962291d6d367570bee5454721c17e11

    SHA1

    59d10a893ef321a706a9255176761366115bedcb

    SHA256

    ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

    SHA512

    f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

    Download Submit

  • C:\Users\Admin\AppData\Local\PC Manager\webview2\EBWebView\Default\Cache\Cache_Data\data_3
    Filesize

    8KB

    MD5

    41876349cb12d6db992f1309f22df3f0

    SHA1

    5cf26b3420fc0302cd0a71e8d029739b8765be27

    SHA256

    e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

    SHA512

    e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

    Download Submit

  • C:\Users\Admin\AppData\Local\PC Manager\webview2\EBWebView\Default\Code Cache\js\index-dir\the-real-index
    Filesize

    120B

    MD5

    4643e4b26b07b6613393ee522b6a97dc

    SHA1

    79199956a280d6846b929ca266aeadc8910623e2

    SHA256

    7e72177bd2160bfb9c5a4df06ede6a1b1b920914f85c8ce7faaa1112cfe6674d

    SHA512

    0975f7ffe7b5eb8a05ee53b1272e5e28ac5803c9c7938754faa7ab17c2b561d3390a6dba2113d6bc1f8036bc76e8d68cce3d9cc74c532443ded47832a4481ad1

    Download Submit

  • C:\Users\Admin\AppData\Local\PC Manager\webview2\EBWebView\Default\Code Cache\js\index-dir\the-real-index~RFe597ac4.TMP
    Filesize

    48B

    MD5

    e0fd282700e3a18a15ec9322d23db8d7

    SHA1

    2ee7a0892b42d8e580d8663d7cb9171264040865

    SHA256

    d844db21868500cc98730067cbb11232071d3f5737624291f950913689926230

    SHA512

    3882b98868db960c77a1346a68a96927a42ba198fae8360e17f3af4f68bd0ead22d1b15108cee25c33aecf8f0eaa03e908e2b900b160a8f8f12716890e9f58d9

    Download Submit

  • C:\Users\Admin\AppData\Local\PC Manager\webview2\EBWebView\Default\Extension Rules\CURRENT
    Filesize

    16B

    MD5

    46295cac801e5d4857d09837238a6394

    SHA1

    44e0fa1b517dbf802b18faf0785eeea6ac51594b

    SHA256

    0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

    SHA512

    8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

    Download Submit

  • C:\Users\Admin\AppData\Local\PC Manager\webview2\EBWebView\Default\Extension Scripts\MANIFEST-000001
    Filesize

    41B

    MD5

    5af87dfd673ba2115e2fcf5cfdb727ab

    SHA1

    d5b5bbf396dc291274584ef71f444f420b6056f1

    SHA256

    f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

    SHA512

    de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

    Download Submit

  • C:\Users\Admin\AppData\Local\PC Manager\webview2\EBWebView\Default\Network\SCT Auditing Pending Reports
    Filesize

    2B

    MD5

    d751713988987e9331980363e24189ce

    SHA1

    97d170e1550eee4afc0af065b78cda302a97674c

    SHA256

    4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

    SHA512

    b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

    Download Submit

  • C:\Users\Admin\AppData\Local\PC Manager\webview2\EBWebView\Default\Preferences
    Filesize

    5KB

    MD5

    a0d9e19cd30e81715bbf264961c1d605

    SHA1

    1a2326dba158668c24ffee37b0d14be1078647df

    SHA256

    0d2142afea90ba9a11ba36281b52d21d535fb74587a58f822eaef5b73a7036c6

    SHA512

    246a395d60f2e16df8829dbb122af18467708358b76cca92fceb2bf76b0162d8bb46f8fbff62f2bed128de80dd5b1a86f2bc31fd5fbd091c1899c19811b2473d

    Download Submit

  • C:\Users\Admin\AppData\Local\PC Manager\webview2\EBWebView\Default\Preferences~RFe59bcaf.TMP
    Filesize

    5KB

    MD5

    4607224f7992c2f756bddd3000daa4a8

    SHA1

    2bee71c575e7b950ccbc52a1ed9d360a1507d2e6

    SHA256

    0674901a3f14adcae3fc5863a1bc8b85f0a09a9c816aa01399058b6854f5d6e6

    SHA512

    34fe5ada6c3bea91b0f150373495f628296ba28b21a718eb00dc2bfc7ee245020d238aceb3dd9fe3346007ae5ec4123a390d53f6c7c03babd41780a51dd9707f

    Download Submit

  • C:\Users\Admin\AppData\Local\PC Manager\webview2\EBWebView\Local State
    Filesize

    1KB

    MD5

    aed304fe45aa5526a9f89f275c6a41a9

    SHA1

    2255559878f769be52adb40a95082e5cbd48acb6

    SHA256

    d0eadd424fb28ac24f16020ef6d90c58d14c81e121cc874c5ee5b74129d712f1

    SHA512

    e022b71b092c7d082dc1564c4a62775898aea6e755f51133c6b2b9fba24c1e6a3a8ad078bf3a09c39b3ac49a4618881de00b4b181f98e2733574df75cff67860

    Download Submit

  • C:\Users\Admin\AppData\Local\PC Manager\webview2\EBWebView\Local State
    Filesize

    14KB

    MD5

    4df5d72b35a9e83676b5800c39dcfd2f

    SHA1

    6ecb5594a3a2e70f88dd5147c49d6ae362b845bd

    SHA256

    dccdf1dd95283cb728811f9c86bea593d2472712a227924d638170ef3aa63ea4

    SHA512

    24e55cc88b3ad6b8e56d0f44ec487f7240cc706d8ab1134486debbe42b657d34dd58b5f896cfdc4261ac265a4e318334c62f32e8865671e29ac61b3615884a20

    Download Submit

  • C:\Users\Admin\AppData\Local\PC Manager\webview2\EBWebView\Local State
    Filesize

    15KB

    MD5

    d9750e017803f6f802197b2870f350bf

    SHA1

    3677e17df0db1cf37903857d52d6305244ce9349

    SHA256

    6841a8d81e4e6cafa4330cf35b4aa752391ce530c765742ece182112324a0323

    SHA512

    b3d85b223b5d966513a2e78953cbf012c4f877a992cde08b42b4957acb75070e4038b4fd2ecba5376127065b526f1eba5e2fa483fbc653bda1baca6f4a9c56b5

    Download Submit

  • C:\Users\Admin\AppData\Local\PC Manager\webview2\EBWebView\Local State~RFe592001.TMP
    Filesize

    930B

    MD5

    6b847b723a16a53ea79b6d210b59ab10

    SHA1

    5f29f9720ed2e5a936db1605ac1fb0b1d934c9a6

    SHA256

    3e3790349bae8dd6a298c3f86484bc2dcb3a7113e280847612d17b8ac9f1c7f5

    SHA512

    006c0ad99008a33d98dccf347f1816803620a1195401e6fa3790e61ae49206c1d72d45e469c9a075480a2474137ea73f2473deea807e6a8bdd143f22a6b761d0

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Installer.dll
    Filesize

    388KB

    MD5

    a240350cfd8018e675dade42ce46f330

    SHA1

    44ed95530f8b114be8dc241c1b954a4b7096e46a

    SHA256

    700f0bd044d3ae63013f467b9a15b9443bccd79972741ebd4715019a36487ec8

    SHA512

    cac6ef99e8fa6ee92f041180a5ed6568856ae4d1e206a6bd03c720b649eb1676ed41996d15da522c3f81fd83cfcff8ff131ef89d0c2abe56a5eb8762508c7d88

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Installer.dll
    Filesize

    388KB

    MD5

    a240350cfd8018e675dade42ce46f330

    SHA1

    44ed95530f8b114be8dc241c1b954a4b7096e46a

    SHA256

    700f0bd044d3ae63013f467b9a15b9443bccd79972741ebd4715019a36487ec8

    SHA512

    cac6ef99e8fa6ee92f041180a5ed6568856ae4d1e206a6bd03c720b649eb1676ed41996d15da522c3f81fd83cfcff8ff131ef89d0c2abe56a5eb8762508c7d88

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe
    Filesize

    1.8MB

    MD5

    c56905370fd00d80e6c87146b2b79043

    SHA1

    366288994801930c7748750811db9e9ce2b5295b

    SHA256

    7229ef4aff277a824fcd6db51a8df25a1daa638071b469cdde256d50e033e61e

    SHA512

    8b22b4331c632d63164664b90f6d26c0da0c27c877010a5f5d7a5c3cdd350661b1a2dbbf92c451e9393b379eb9d6054d4e528674957c8fc820f1c1a9459eb8c0

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\PCManagerFiles.zip
    Filesize

    12.3MB

    MD5

    11c9cfd45af3089ac93f2844be85df9b

    SHA1

    98902b149ce023dc80836b15229d481347809265

    SHA256

    9f3268665b6ca92c75de374aac1bc1bec4bc059ffc537774fc9ffa1f19dd5a15

    SHA512

    22d59d11544a39f707330b7e6262c2f92c399492e1f4d0e2538c01f2298ba6b6e63dd886218dbdca22d1907eb1e5a6189b887b2146cf1e232711fc4ef0532308

    Download Submit

  • memory/416-409-0x00000214343D0000-0x00000214343DA000-memory.dmp

    Filesize

    40KB

    Download

  • memory/416-563-0x0000021434760000-0x0000021434768000-memory.dmp

    Filesize

    32KB

    Download

  • memory/416-508-0x0000021434620000-0x000002143463E000-memory.dmp

    Filesize

    120KB

    Download

  • memory/416-496-0x00000214345D0000-0x00000214345DC000-memory.dmp

    Filesize

    48KB

    Download

  • memory/416-491-0x0000021434640000-0x0000021434674000-memory.dmp

    Filesize

    208KB

    Download

  • memory/416-487-0x00000214345C0000-0x00000214345C8000-memory.dmp

    Filesize

    32KB

    Download

  • memory/416-484-0x00000214345E0000-0x00000214345F4000-memory.dmp

    Filesize

    80KB

    Download

  • memory/416-465-0x00000214344B0000-0x00000214344BA000-memory.dmp

    Filesize

    40KB

    Download

  • memory/416-519-0x0000021434680000-0x0000021434692000-memory.dmp

    Filesize

    72KB

    Download

  • memory/416-481-0x00000214345B0000-0x00000214345B8000-memory.dmp

    Filesize

    32KB

    Download

  • memory/416-525-0x0000021434600000-0x0000021434608000-memory.dmp

    Filesize

    32KB

    Download

  • memory/416-479-0x00000214345A0000-0x00000214345AA000-memory.dmp

    Filesize

    40KB

    Download

  • memory/416-476-0x0000021434590000-0x000002143459C000-memory.dmp

    Filesize

    48KB

    Download

  • memory/416-474-0x0000021434580000-0x0000021434588000-memory.dmp

    Filesize

    32KB

    Download

  • memory/416-530-0x00000214346C0000-0x00000214346D2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/416-469-0x00000214344C0000-0x00000214344D0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/416-462-0x0000021434560000-0x0000021434574000-memory.dmp

    Filesize

    80KB

    Download

  • memory/416-455-0x0000021434480000-0x000002143448A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/416-458-0x0000021434540000-0x0000021434552000-memory.dmp

    Filesize

    72KB

    Download

  • memory/416-452-0x0000021434470000-0x000002143447A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/416-445-0x0000021434490000-0x00000214344AE000-memory.dmp

    Filesize

    120KB

    Download

  • memory/416-438-0x0000021434430000-0x000002143443A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/416-536-0x0000021434770000-0x000002143479C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/416-538-0x00000214347A0000-0x00000214347C4000-memory.dmp

    Filesize

    144KB

    Download

  • memory/416-542-0x0000021434610000-0x0000021434618000-memory.dmp

    Filesize

    32KB

    Download

  • memory/416-544-0x00000214346A0000-0x00000214346A8000-memory.dmp

    Filesize

    32KB

    Download

  • memory/416-545-0x00000214346B0000-0x00000214346BE000-memory.dmp

    Filesize

    56KB

    Download

  • memory/416-548-0x00000214347D0000-0x00000214347F2000-memory.dmp

    Filesize

    136KB

    Download

  • memory/416-550-0x0000021434800000-0x0000021434820000-memory.dmp

    Filesize

    128KB

    Download

  • memory/416-552-0x0000021434820000-0x000002143484C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/416-555-0x0000021434890000-0x00000214348C8000-memory.dmp

    Filesize

    224KB

    Download

  • memory/416-561-0x0000021434750000-0x000002143475A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/416-557-0x0000021434740000-0x000002143474E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/416-503-0x00000214346E0000-0x0000021434740000-memory.dmp

    Filesize

    384KB

    Download

  • memory/416-565-0x0000021434880000-0x000002143488A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/416-581-0x0000021435050000-0x0000021435578000-memory.dmp

    Filesize

    5.2MB

    Download

  • memory/416-582-0x0000021434E10000-0x0000021434E3C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/416-585-0x0000021434EF0000-0x0000021434FA0000-memory.dmp

    Filesize

    704KB

    Download

  • memory/416-433-0x0000021434410000-0x0000021434418000-memory.dmp

    Filesize

    32KB

    Download

  • memory/416-431-0x00000214344E0000-0x000002143453A000-memory.dmp

    Filesize

    360KB

    Download

  • memory/416-426-0x0000021434420000-0x0000021434428000-memory.dmp

    Filesize

    32KB

    Download

  • memory/416-424-0x0000021434440000-0x0000021434466000-memory.dmp

    Filesize

    152KB

    Download

  • memory/416-421-0x0000021434400000-0x000002143440E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/416-412-0x00000214343E0000-0x00000214343EA000-memory.dmp

    Filesize

    40KB

    Download

  • memory/416-415-0x00000214343F0000-0x00000214343FA000-memory.dmp

    Filesize

    40KB

    Download

  • memory/416-410-0x00000214344D0000-0x00000214344E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/416-407-0x00007FF933D60000-0x00007FF934821000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/416-405-0x00000214343C0000-0x00000214343CA000-memory.dmp

    Filesize

    40KB

    Download

  • memory/416-358-0x000002141B170000-0x000002141B186000-memory.dmp

    Filesize

    88KB

    Download

  • memory/416-402-0x000002141BBE0000-0x000002141BBEC000-memory.dmp

    Filesize

    48KB

    Download

  • memory/416-361-0x000002141B530000-0x000002141B53A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/416-364-0x000002141B9D0000-0x000002141B9DE000-memory.dmp

    Filesize

    56KB

    Download

  • memory/416-367-0x000002141B9E0000-0x000002141B9EA000-memory.dmp

    Filesize

    40KB

    Download

  • memory/416-400-0x000002141BBD0000-0x000002141BBD8000-memory.dmp

    Filesize

    32KB

    Download

  • memory/416-393-0x000002141BBC0000-0x000002141BBCE000-memory.dmp

    Filesize

    56KB

    Download

  • memory/416-390-0x000002141BBB0000-0x000002141BBBA000-memory.dmp

    Filesize

    40KB

    Download

  • memory/416-388-0x000002141BBA0000-0x000002141BBA8000-memory.dmp

    Filesize

    32KB

    Download

  • memory/416-385-0x000002141BB70000-0x000002141BB7C000-memory.dmp

    Filesize

    48KB

    Download

  • memory/416-382-0x000002141BB60000-0x000002141BB68000-memory.dmp

    Filesize

    32KB

    Download

  • memory/416-379-0x000002141BB80000-0x000002141BB98000-memory.dmp

    Filesize

    96KB

    Download

  • memory/416-376-0x000002141BB30000-0x000002141BB3E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/416-373-0x000002141BB20000-0x000002141BB2A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/416-371-0x000002141B9F0000-0x000002141BA00000-memory.dmp

    Filesize

    64KB

    Download

  • memory/416-368-0x000002141BB40000-0x000002141BB5A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/4544-772-0x00007FF953BB0000-0x00007FF953BB1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4544-784-0x00007FF951D10000-0x00007FF951D11000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4672-744-0x00007FF9527B0000-0x00007FF9527B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4996-769-0x00007FF9527B0000-0x00007FF9527B1000-memory.dmp

    Filesize

    4KB

    Download