88b5bb996a4d40d82c59c76c889b7ae96dea8f79f2be608e0dbade499f208674

Analysis

max time kernel
246s
max time network
248s
platform
windows11-21h2_x64
resource
win11-20231215-en
resource tags

arch:x64arch:x86image:win11-20231215-enlocale:en-usos:windows11-21h2-x64system
submitted
25/01/2024, 14:13

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Setup.exe
Size

163KB
MD5

813ef468c7dc387f3960dee0458a1fd5
SHA1

7564a65cc8452a94f35dfb9e67b5dc707a6dd926
SHA256

9181383fc458bbabc8044057035a8084e5c2d49c409a07b0e48cf3e40a276057
SHA512

55b4c7b2573f6f8e27c3e2d266ed61cf6e18734e5ca9fdfd10225965768e30fe3291e947705f881a7039f573942cb333a0b0e2e922272f8705a590735fae04e2
SSDEEP

3072:qbG7N2kDTHUpoujZs3Vic/HrmXAXePzy5n+7bFs:qbE/HUbZAgUHLery5ngi

Score

7^/10

discovery persistence

Malware Config

Signatures

Executes dropped EXE 17 IoCs

pid	Process
4060	nsnD8FD.tmp
1624	nsnD8FD.tmp
2796	setDRM.exe
4052	PcAppStore.exe
4976	NW_store.exe
2016	NW_store.exe
2372	NW_store.exe
2148	NW_store.exe
1948	NW_store.exe
1544	NW_store.exe
2444	NW_store.exe
6072	NW_store.exe
4968	NW_store.exe
5756	NW_store.exe
5796	NW_store.exe
5628	NW_store.exe
1380	NW_store.exe

Loads dropped DLL 59 IoCs

pid	Process
2932	Setup.exe
2932	Setup.exe
2932	Setup.exe
2932	Setup.exe
2932	Setup.exe
2932	Setup.exe
2932	Setup.exe
2932	Setup.exe
2932	Setup.exe
1624	nsnD8FD.tmp
1624	nsnD8FD.tmp
1624	nsnD8FD.tmp
2932	Setup.exe
1624	nsnD8FD.tmp
1624	nsnD8FD.tmp
1624	nsnD8FD.tmp
1624	nsnD8FD.tmp
1624	nsnD8FD.tmp
4976	NW_store.exe
4976	NW_store.exe
4976	NW_store.exe
2016	NW_store.exe
2372	NW_store.exe
2148	NW_store.exe
1948	NW_store.exe
1948	NW_store.exe
1948	NW_store.exe
1544	NW_store.exe
2148	NW_store.exe
2148	NW_store.exe
1544	NW_store.exe
2148	NW_store.exe
1544	NW_store.exe
2148	NW_store.exe
2148	NW_store.exe
2148	NW_store.exe
2444	NW_store.exe
2444	NW_store.exe
2444	NW_store.exe
2444	NW_store.exe
6072	NW_store.exe
6072	NW_store.exe
6072	NW_store.exe
4968	NW_store.exe
4968	NW_store.exe
4968	NW_store.exe
5756	NW_store.exe
5796	NW_store.exe
5756	NW_store.exe
5756	NW_store.exe
5796	NW_store.exe
5796	NW_store.exe
5628	NW_store.exe
5628	NW_store.exe
5628	NW_store.exe
1380	NW_store.exe
1380	NW_store.exe
1380	NW_store.exe
1380	NW_store.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3632047111-1948211978-3010235048-1000\Software\Microsoft\Windows\CurrentVersion\Run\PCApp = "\"C:\\Users\\Admin\\PCAppStore\\PcAppStore.exe\" /init default"	nsnD8FD.tmp

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates connected drives 3 TTPs 1 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\F:	PcAppStore.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	NW_store.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	NW_store.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	NW_store.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	NW_store.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133506657714428733"	NW_store.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3632047111-1948211978-3010235048-1000\{1EB6CFA0-4ED4-4D97-92CC-8FDA8510B9D7}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3632047111-1948211978-3010235048-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3632047111-1948211978-3010235048-1000\{CBD64EF6-7672-4425-9DB7-5879FD924A0D}	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\PCAppStore\assets\images\css2?family=Inter:wght@400;500;600;700&family=Open+Sans:wght@400;600;700&family=Roboto:wght@400;500;700&display=swap	NW_store.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2932	Setup.exe
2932	Setup.exe
2932	Setup.exe
2932	Setup.exe
2932	Setup.exe
2932	Setup.exe
2932	Setup.exe
2932	Setup.exe
3420	msedge.exe
3420	msedge.exe
5004	msedge.exe
5004	msedge.exe
2988	msedge.exe
2988	msedge.exe
3480	identity_helper.exe
3480	identity_helper.exe
3816	msedge.exe
3816	msedge.exe
1624	nsnD8FD.tmp
1624	nsnD8FD.tmp
1624	nsnD8FD.tmp
1624	nsnD8FD.tmp
1624	nsnD8FD.tmp
1624	nsnD8FD.tmp
4052	PcAppStore.exe
4052	PcAppStore.exe
4052	PcAppStore.exe
4052	PcAppStore.exe
4052	PcAppStore.exe
4052	PcAppStore.exe
1948	NW_store.exe
1948	NW_store.exe
2148	NW_store.exe
2148	NW_store.exe
1544	NW_store.exe
1544	NW_store.exe
4976	NW_store.exe
4976	NW_store.exe
2444	NW_store.exe
2444	NW_store.exe
4052	PcAppStore.exe
4052	PcAppStore.exe
6072	NW_store.exe
6072	NW_store.exe
4968	NW_store.exe
4968	NW_store.exe
5756	NW_store.exe
5756	NW_store.exe
5796	NW_store.exe
5796	NW_store.exe
5628	NW_store.exe
5628	NW_store.exe
5500	msedge.exe
5500	msedge.exe
5500	msedge.exe
5500	msedge.exe
1380	NW_store.exe
1380	NW_store.exe
1380	NW_store.exe
1380	NW_store.exe
4052	PcAppStore.exe
4052	PcAppStore.exe
5948	msedge.exe
5948	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
4768	msedge.exe
4768	msedge.exe
4768	msedge.exe
4768	msedge.exe
4768	msedge.exe
4768	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4976	NW_store.exe
Token: SeCreatePagefilePrivilege	4976	NW_store.exe
Token: SeShutdownPrivilege	4976	NW_store.exe
Token: SeCreatePagefilePrivilege	4976	NW_store.exe
Token: SeShutdownPrivilege	4976	NW_store.exe
Token: SeCreatePagefilePrivilege	4976	NW_store.exe
Token: SeShutdownPrivilege	4976	NW_store.exe
Token: SeCreatePagefilePrivilege	4976	NW_store.exe
Token: SeSecurityPrivilege	3540	msiexec.exe
Token: SeShutdownPrivilege	4976	NW_store.exe
Token: SeCreatePagefilePrivilege	4976	NW_store.exe
Token: SeShutdownPrivilege	4976	NW_store.exe
Token: SeCreatePagefilePrivilege	4976	NW_store.exe
Token: SeShutdownPrivilege	4976	NW_store.exe
Token: SeCreatePagefilePrivilege	4976	NW_store.exe
Token: SeShutdownPrivilege	4976	NW_store.exe
Token: SeCreatePagefilePrivilege	4976	NW_store.exe
Token: SeShutdownPrivilege	4976	NW_store.exe
Token: SeCreatePagefilePrivilege	4976	NW_store.exe
Token: SeShutdownPrivilege	4976	NW_store.exe
Token: SeCreatePagefilePrivilege	4976	NW_store.exe
Token: SeShutdownPrivilege	4976	NW_store.exe
Token: SeCreatePagefilePrivilege	4976	NW_store.exe
Token: SeShutdownPrivilege	4976	NW_store.exe
Token: SeCreatePagefilePrivilege	4976	NW_store.exe
Token: SeShutdownPrivilege	4976	NW_store.exe
Token: SeCreatePagefilePrivilege	4976	NW_store.exe
Token: SeShutdownPrivilege	4976	NW_store.exe
Token: SeCreatePagefilePrivilege	4976	NW_store.exe
Token: SeShutdownPrivilege	4976	NW_store.exe
Token: SeCreatePagefilePrivilege	4976	NW_store.exe
Token: SeShutdownPrivilege	4976	NW_store.exe
Token: SeCreatePagefilePrivilege	4976	NW_store.exe
Token: SeShutdownPrivilege	4976	NW_store.exe
Token: SeCreatePagefilePrivilege	4976	NW_store.exe
Token: SeShutdownPrivilege	4976	NW_store.exe
Token: SeCreatePagefilePrivilege	4976	NW_store.exe
Token: SeShutdownPrivilege	4976	NW_store.exe
Token: SeCreatePagefilePrivilege	4976	NW_store.exe
Token: SeShutdownPrivilege	4976	NW_store.exe
Token: SeCreatePagefilePrivilege	4976	NW_store.exe
Token: SeShutdownPrivilege	4976	NW_store.exe
Token: SeCreatePagefilePrivilege	4976	NW_store.exe
Token: SeShutdownPrivilege	4976	NW_store.exe
Token: SeCreatePagefilePrivilege	4976	NW_store.exe
Token: SeShutdownPrivilege	4976	NW_store.exe
Token: SeCreatePagefilePrivilege	4976	NW_store.exe
Token: SeShutdownPrivilege	4976	NW_store.exe
Token: SeCreatePagefilePrivilege	4976	NW_store.exe
Token: SeShutdownPrivilege	4976	NW_store.exe
Token: SeCreatePagefilePrivilege	4976	NW_store.exe
Token: SeShutdownPrivilege	4976	NW_store.exe
Token: SeCreatePagefilePrivilege	4976	NW_store.exe
Token: SeShutdownPrivilege	4976	NW_store.exe
Token: SeCreatePagefilePrivilege	4976	NW_store.exe
Token: SeShutdownPrivilege	4976	NW_store.exe
Token: SeCreatePagefilePrivilege	4976	NW_store.exe
Token: SeShutdownPrivilege	4976	NW_store.exe
Token: SeCreatePagefilePrivilege	4976	NW_store.exe
Token: SeShutdownPrivilege	4976	NW_store.exe
Token: SeCreatePagefilePrivilege	4976	NW_store.exe
Token: SeShutdownPrivilege	4976	NW_store.exe
Token: SeCreatePagefilePrivilege	4976	NW_store.exe
Token: SeShutdownPrivilege	4976	NW_store.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
4052	PcAppStore.exe
4052	PcAppStore.exe
4052	PcAppStore.exe
4976	NW_store.exe
4976	NW_store.exe
4976	NW_store.exe
4976	NW_store.exe
4976	NW_store.exe
4976	NW_store.exe
4976	NW_store.exe
4976	NW_store.exe
4976	NW_store.exe
4976	NW_store.exe
4976	NW_store.exe
4976	NW_store.exe
4976	NW_store.exe
4976	NW_store.exe
4052	PcAppStore.exe
4052	PcAppStore.exe
4976	NW_store.exe
4976	NW_store.exe
4976	NW_store.exe
4976	NW_store.exe
4976	NW_store.exe
5004	msedge.exe
4976	NW_store.exe
4768	msedge.exe
4768	msedge.exe
4768	msedge.exe
4768	msedge.exe
4768	msedge.exe
4768	msedge.exe
4768	msedge.exe
4768	msedge.exe
4768	msedge.exe
4768	msedge.exe
4768	msedge.exe
4768	msedge.exe
4768	msedge.exe

Suspicious use of SendNotifyMessage 46 IoCs

pid	Process
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
4052	PcAppStore.exe
4052	PcAppStore.exe
4052	PcAppStore.exe
4052	PcAppStore.exe
4052	PcAppStore.exe
4052	PcAppStore.exe
4052	PcAppStore.exe
4052	PcAppStore.exe
4052	PcAppStore.exe
4052	PcAppStore.exe
4052	PcAppStore.exe
4052	PcAppStore.exe
4052	PcAppStore.exe
4052	PcAppStore.exe
4052	PcAppStore.exe
4052	PcAppStore.exe
4052	PcAppStore.exe
4052	PcAppStore.exe
4052	PcAppStore.exe
4052	PcAppStore.exe
4052	PcAppStore.exe
4052	PcAppStore.exe
4768	msedge.exe
4768	msedge.exe
4768	msedge.exe
4768	msedge.exe
4768	msedge.exe
4768	msedge.exe
4768	msedge.exe
4768	msedge.exe
4768	msedge.exe
4768	msedge.exe
4768	msedge.exe
4768	msedge.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
5004	msedge.exe
5004	msedge.exe
4052	PcAppStore.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
4976	NW_store.exe
4976	NW_store.exe
4976	NW_store.exe
4976	NW_store.exe
4976	NW_store.exe
4976	NW_store.exe
4976	NW_store.exe
4976	NW_store.exe
4976	NW_store.exe
4976	NW_store.exe
4976	NW_store.exe
4976	NW_store.exe
4976	NW_store.exe
4976	NW_store.exe
4976	NW_store.exe
4976	NW_store.exe
4976	NW_store.exe
4976	NW_store.exe
4976	NW_store.exe
4976	NW_store.exe
4976	NW_store.exe
4976	NW_store.exe
4976	NW_store.exe
4976	NW_store.exe
4976	NW_store.exe
4976	NW_store.exe
4976	NW_store.exe
4976	NW_store.exe
4976	NW_store.exe
4976	NW_store.exe
4976	NW_store.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2932 wrote to memory of 5004	2932	Setup.exe	81
PID 2932 wrote to memory of 5004	2932	Setup.exe	81
PID 5004 wrote to memory of 1408	5004	msedge.exe	82
PID 5004 wrote to memory of 1408	5004	msedge.exe	82
PID 5004 wrote to memory of 1032	5004	msedge.exe	83
PID 5004 wrote to memory of 1032	5004	msedge.exe	83
PID 5004 wrote to memory of 1032	5004	msedge.exe	83
PID 5004 wrote to memory of 1032	5004	msedge.exe	83
PID 5004 wrote to memory of 1032	5004	msedge.exe	83
PID 5004 wrote to memory of 1032	5004	msedge.exe	83
PID 5004 wrote to memory of 1032	5004	msedge.exe	83
PID 5004 wrote to memory of 1032	5004	msedge.exe	83
PID 5004 wrote to memory of 1032	5004	msedge.exe	83
PID 5004 wrote to memory of 1032	5004	msedge.exe	83
PID 5004 wrote to memory of 1032	5004	msedge.exe	83
PID 5004 wrote to memory of 1032	5004	msedge.exe	83
PID 5004 wrote to memory of 1032	5004	msedge.exe	83
PID 5004 wrote to memory of 1032	5004	msedge.exe	83
PID 5004 wrote to memory of 1032	5004	msedge.exe	83
PID 5004 wrote to memory of 1032	5004	msedge.exe	83
PID 5004 wrote to memory of 1032	5004	msedge.exe	83
PID 5004 wrote to memory of 1032	5004	msedge.exe	83
PID 5004 wrote to memory of 1032	5004	msedge.exe	83
PID 5004 wrote to memory of 1032	5004	msedge.exe	83
PID 5004 wrote to memory of 1032	5004	msedge.exe	83
PID 5004 wrote to memory of 1032	5004	msedge.exe	83
PID 5004 wrote to memory of 1032	5004	msedge.exe	83
PID 5004 wrote to memory of 1032	5004	msedge.exe	83
PID 5004 wrote to memory of 1032	5004	msedge.exe	83
PID 5004 wrote to memory of 1032	5004	msedge.exe	83
PID 5004 wrote to memory of 1032	5004	msedge.exe	83
PID 5004 wrote to memory of 1032	5004	msedge.exe	83
PID 5004 wrote to memory of 1032	5004	msedge.exe	83
PID 5004 wrote to memory of 1032	5004	msedge.exe	83
PID 5004 wrote to memory of 1032	5004	msedge.exe	83
PID 5004 wrote to memory of 1032	5004	msedge.exe	83
PID 5004 wrote to memory of 1032	5004	msedge.exe	83
PID 5004 wrote to memory of 1032	5004	msedge.exe	83
PID 5004 wrote to memory of 1032	5004	msedge.exe	83
PID 5004 wrote to memory of 1032	5004	msedge.exe	83
PID 5004 wrote to memory of 1032	5004	msedge.exe	83
PID 5004 wrote to memory of 1032	5004	msedge.exe	83
PID 5004 wrote to memory of 1032	5004	msedge.exe	83
PID 5004 wrote to memory of 1032	5004	msedge.exe	83
PID 5004 wrote to memory of 3420	5004	msedge.exe	84
PID 5004 wrote to memory of 3420	5004	msedge.exe	84
PID 5004 wrote to memory of 2808	5004	msedge.exe	85
PID 5004 wrote to memory of 2808	5004	msedge.exe	85
PID 5004 wrote to memory of 2808	5004	msedge.exe	85
PID 5004 wrote to memory of 2808	5004	msedge.exe	85
PID 5004 wrote to memory of 2808	5004	msedge.exe	85
PID 5004 wrote to memory of 2808	5004	msedge.exe	85
PID 5004 wrote to memory of 2808	5004	msedge.exe	85
PID 5004 wrote to memory of 2808	5004	msedge.exe	85
PID 5004 wrote to memory of 2808	5004	msedge.exe	85
PID 5004 wrote to memory of 2808	5004	msedge.exe	85
PID 5004 wrote to memory of 2808	5004	msedge.exe	85
PID 5004 wrote to memory of 2808	5004	msedge.exe	85
PID 5004 wrote to memory of 2808	5004	msedge.exe	85
PID 5004 wrote to memory of 2808	5004	msedge.exe	85
PID 5004 wrote to memory of 2808	5004	msedge.exe	85
PID 5004 wrote to memory of 2808	5004	msedge.exe	85
PID 5004 wrote to memory of 2808	5004	msedge.exe	85
PID 5004 wrote to memory of 2808	5004	msedge.exe	85

C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pcapp.store/installing.php?guid=63DD4DF1-1E4F-4B56-ADE8-008E05FE359DX&winver=22000&version=fa.1077v&nocache=20240125141505.924&_fcid=1706121073648232
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:5004
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0xdc,0x104,0x108,0x100,0x10c,0x7fff54963cb8,0x7fff54963cc8,0x7fff54963cd8
    3⤵
    PID:1408
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1920,914318549856235403,12419116922578950049,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1928 /prefetch:2
    3⤵
    PID:1032
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1920,914318549856235403,12419116922578950049,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2380 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3420
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1920,914318549856235403,12419116922578950049,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2696 /prefetch:8
    3⤵
    PID:2808
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,914318549856235403,12419116922578950049,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
    3⤵
    PID:4076
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,914318549856235403,12419116922578950049,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
    3⤵
    PID:3508
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1920,914318549856235403,12419116922578950049,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5016 /prefetch:8
    3⤵
    - Modifies registry class
    - Suspicious behavior: EnumeratesProcesses
    PID:2988
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1920,914318549856235403,12419116922578950049,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5004 /prefetch:8
    3⤵
    PID:1864
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,914318549856235403,12419116922578950049,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4696 /prefetch:1
    3⤵
    PID:2796
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,914318549856235403,12419116922578950049,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4700 /prefetch:1
    3⤵
    PID:1948
- - C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1920,914318549856235403,12419116922578950049,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5736 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3480
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,914318549856235403,12419116922578950049,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4004 /prefetch:1
    3⤵
    PID:2260
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,914318549856235403,12419116922578950049,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:1
    3⤵
    PID:4524
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1920,914318549856235403,12419116922578950049,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5496 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3816
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1920,914318549856235403,12419116922578950049,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5852 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5500
- C:\Users\Admin\PCAppStore\Temp\nsnD8FD.tmp
  "C:\Users\Admin\PCAppStore\Temp\nsnD8FD.tmp" /verify
  2⤵
  - Executes dropped EXE
  PID:4060
- C:\Users\Admin\PCAppStore\Temp\nsnD8FD.tmp
  "C:\Users\Admin\PCAppStore\Temp\nsnD8FD.tmp" /internal 1706121073648232 /force
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Adds Run key to start application
  - Suspicious behavior: EnumeratesProcesses
  PID:1624
- - C:\Users\Admin\PCAppStore\setDRM.exe
    "C:\Users\Admin\PCAppStore\setDRM.exe" 1706121073648232
    3⤵
    - Executes dropped EXE
    PID:2796
- - C:\Users\Admin\PCAppStore\PcAppStore.exe
    "C:\Users\Admin\PCAppStore\PcAppStore.exe" /init default
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    PID:4052
  - - C:\Users\Admin\PCAppStore\nwjs\NW_store.exe
      .\nwjs\NW_store.exe .\ui\.
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Enumerates system info in registry
      Modifies data under HKEY_USERS
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of FindShellTrayWindow
      Suspicious use of SetWindowsHookEx
      PID:4976
    - - C:\Users\Admin\PCAppStore\nwjs\NW_store.exe
        
        C:\Users\Admin\PCAppStore\nwjs\NW_store.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\pc_app_store\User Data" /prefetch:7 --monitor-self --monitor-self-argument=--type=crashpad-handler "--monitor-self-argument=--user-data-dir=C:\Users\Admin\AppData\Local\pc_app_store\User Data" --monitor-self-argument=/prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\pc_app_store\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\pc_app_store\User Data" --annotation=plat=Win64 --annotation=prod=pc_app_store --annotation=ver=0.1.0 --initial-client-data=0x2b0,0x2b4,0x2b8,0x28c,0x2bc,0x7fff41d99b48,0x7fff41d99b58,0x7fff41d99b68
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2016
    - - C:\Users\Admin\PCAppStore\nwjs\NW_store.exe
        
        "C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --start-stack-profiler --mojo-platform-channel-handle=1900 --field-trial-handle=1964,i,472634648756683093,15464322746072842592,131072 /prefetch:8
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        
        PID:1948
    - - C:\Users\Admin\PCAppStore\nwjs\NW_store.exe
        
        "C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --mojo-platform-channel-handle=2056 --field-trial-handle=1964,i,472634648756683093,15464322746072842592,131072 /prefetch:8
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        
        PID:1544
    - - C:\Users\Admin\PCAppStore\nwjs\NW_store.exe
        
        "C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=gpu-process --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --start-stack-profiler --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1560 --field-trial-handle=1964,i,472634648756683093,15464322746072842592,131072 /prefetch:2
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        
        PID:2148
    - - C:\Users\Admin\PCAppStore\nwjs\NW_store.exe
        
        "C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --nwjs --extension-process --first-renderer-process --no-sandbox --file-url-path-alias="/gen=C:\Users\Admin\PCAppStore\nwjs\gen" --no-zygote --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2864 --field-trial-handle=1964,i,472634648756683093,15464322746072842592,131072 /prefetch:1
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        NTFS ADS
        Suspicious behavior: EnumeratesProcesses
        
        PID:2444
    - - C:\Users\Admin\PCAppStore\nwjs\NW_store.exe
        
        "C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-sandbox --video-capture-use-gpu-memory-buffer --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --mojo-platform-channel-handle=3976 --field-trial-handle=1964,i,472634648756683093,15464322746072842592,131072 /prefetch:8
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        
        PID:6072
    - - C:\Users\Admin\PCAppStore\nwjs\NW_store.exe
        
        "C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-sandbox --video-capture-use-gpu-memory-buffer --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --mojo-platform-channel-handle=4160 --field-trial-handle=1964,i,472634648756683093,15464322746072842592,131072 /prefetch:8
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        
        PID:4968
    - - C:\Users\Admin\PCAppStore\nwjs\NW_store.exe
        
        "C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-sandbox --video-capture-use-gpu-memory-buffer --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --mojo-platform-channel-handle=4320 --field-trial-handle=1964,i,472634648756683093,15464322746072842592,131072 /prefetch:8
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        
        PID:5796
    - - C:\Users\Admin\PCAppStore\nwjs\NW_store.exe
        
        "C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-sandbox --video-capture-use-gpu-memory-buffer --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --mojo-platform-channel-handle=4328 --field-trial-handle=1964,i,472634648756683093,15464322746072842592,131072 /prefetch:8
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        
        PID:5756
    - - C:\Users\Admin\PCAppStore\nwjs\NW_store.exe
        
        "C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-sandbox --video-capture-use-gpu-memory-buffer --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --mojo-platform-channel-handle=4364 --field-trial-handle=1964,i,472634648756683093,15464322746072842592,131072 /prefetch:8
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        
        PID:5628
    - - C:\Users\Admin\PCAppStore\nwjs\NW_store.exe
        
        "C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --start-stack-profiler --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=708 --field-trial-handle=1964,i,472634648756683093,15464322746072842592,131072 /prefetch:2
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        
        PID:1380
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pcapp.store/?p=lpd_av_r8_list&fspk=msoffice21_bus&oid=1356&guid=63DD4DF1-1E4F-4B56-ADE8-008E05FE359DX
      4⤵
      Enumerates system info in registry
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      PID:4768
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff54963cb8,0x7fff54963cc8,0x7fff54963cd8
        5⤵
        
        PID:5256
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1792,13279921551379514900,12903772019070364533,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1908 /prefetch:2
        5⤵
        
        PID:5980
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1792,13279921551379514900,12903772019070364533,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:5948
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1792,13279921551379514900,12903772019070364533,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:8
        5⤵
        
        PID:3700
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1792,13279921551379514900,12903772019070364533,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
        5⤵
        
        PID:336
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1792,13279921551379514900,12903772019070364533,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
        5⤵
        
        PID:6084
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1792,13279921551379514900,12903772019070364533,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5092 /prefetch:8
        5⤵
        Modifies registry class
        
        PID:2140
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1792,13279921551379514900,12903772019070364533,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5112 /prefetch:8
        5⤵
        
        PID:864
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1792,13279921551379514900,12903772019070364533,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3904 /prefetch:1
        5⤵
        
        PID:4076
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1792,13279921551379514900,12903772019070364533,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3988 /prefetch:1
        5⤵
        
        PID:928
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1792,13279921551379514900,12903772019070364533,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4504 /prefetch:1
        5⤵
        
        PID:4968
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1792,13279921551379514900,12903772019070364533,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3512 /prefetch:1
        5⤵
        
        PID:4540
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1792,13279921551379514900,12903772019070364533,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5412 /prefetch:8
        5⤵
        
        PID:3904
    - - C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1792,13279921551379514900,12903772019070364533,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5740 /prefetch:8
        5⤵
        
        PID:2468

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3912

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4284

C:\Users\Admin\PCAppStore\nwjs\NW_store.exe
C:\Users\Admin\PCAppStore\nwjs\NW_store.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\pc_app_store\User Data" /prefetch:7 --no-periodic-tasks --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\pc_app_store\User Data\Crashpad" --annotation=plat=Win64 --annotation=prod=pc_app_store --annotation=ver=0.1.0 --initial-client-data=0x13c,0x140,0x144,0x118,0x148,0x7ff612e01da0,0x7ff612e01db0,0x7ff612e01dc0
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2372

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3540

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5980

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
PID:1168

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5476

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4104

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\14561BF7422BB6F70A9CB14F5AA8A7DA_D6E78B0AEA84104DBBC037A2B5332C92

Filesize
727B

MD5
d25ead5479b5f99597a81d57ecfc41ae

SHA1
a60f0a985506fa041a3544e9b04f353113e710bb

SHA256
8ef7e2a9ff4512a7988cd3b66b5c364304478c591b61ab3e818acebc55435eeb

SHA512
67b5a33fb81e76b29b1cafd7bbd41cd103e2857bd7a9bcfc8a09b3268e3ea872d071a763347ad58ea40e223f2df91f04a00b2a7bf1cd7dc293474d8945e387c0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_23FFFDCAABB8E63694AD1202ED02BF57

Filesize
471B

MD5
4e5f24a4b963e2fd929e5861286ab118

SHA1
58b6139eb081ada9ddae06c854586e5cb64eb622

SHA256
b636cfca9a5f050502e68858f2a55b79e0585d038ef9f959df70824149dcacae

SHA512
98d5527acb074b5f367bb117d83c782a3cb1dad616aa50fa21d5adc0712e0df27465bf418b4ab5b30dc92f2b3edcf306a0d360e9a69f02dbd92f0d3e421602c3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\14561BF7422BB6F70A9CB14F5AA8A7DA_D6E78B0AEA84104DBBC037A2B5332C92

Filesize
408B

MD5
41a7da85591d3151b43cdb18a1117507

SHA1
7306343d2cfbe4cce70d42ea94ad8237942f07da

SHA256
57d6bfc1a285aea66ad8fde372d0a47a2f5a31700a68389aa8f501be1ce6607e

SHA512
a6f4d0f55c5e2c7f1e27551fb6fb136566af16539000e0a0dc0aa1652c83567b5115a4b24837b784e703596b37fea19348087ab7a4066b590f650917ff9c7a3b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_23FFFDCAABB8E63694AD1202ED02BF57

Filesize
400B

MD5
301298d32d55e67c9c221135057b0a3c

SHA1
3e78ba967a1c17e03ac1e1735d7446a2c2737189

SHA256
9062872ebed834e009c4452cb3e6d87ca6ab76a1f4caff38b720909b739bbf5c

SHA512
96d40766df8ceb0407b24c644dda3a380261ca3c41e9fe09d407c3d0ddd01bfa38e3c68d2eb632cec1663c5e30212c0cfde0b960cbb44c5b338a6283076686c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f6b75d3f2fa2a971a5d6f16e84148f22

SHA1
a9b218ccf94ad3d5a7d65fd99387d8d4cb2a23a2

SHA256
3d7f1c442515414c9bba2219d949ecb166756d3b80ea3e156d25225826893f85

SHA512
d16a3b033e7fca13eb3a282fadbe2b759a1ef001bb042e9001a856ad4383b654cd6d7556190efb8bebf33b3f4d116542dfcc50c525a7af6d54ee48445750fcd0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
38913501bbfddbeeb4308699661fee84

SHA1
b9a3bcee86eb69126f4c7da4eed0c2eb96e37083

SHA256
e6abc81521af11e2c2eca2c6b3bbcb1f7363ecd8b9a4388ff2b8ecb045bdd11f

SHA512
77cea2e18b9fd99a97e0a1101c8a8609295e00d6c82116f15a0f3a0d9a748bd82fcaf5a4e81048baef49defa052d23c2e9180fcbeb48534aa3b50e4b862455d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
552758a7bb19b27354a76866861c4801

SHA1
93a74b56e5bb5aa86a53db413081b3ca7ffb808b

SHA256
53e1302ff50d199fd0002ddb9d4f66fd264b17e73a50e67299adf1243663530c

SHA512
13889bc4ffe240d8a7cf71ca0f2a397f33e38106116f38b5b8fa6c977187899d2d7084d606288f2892d14776460c2fe450adbeb93d2d200caffefe9919076fcc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\8cbbcd65-fdad-4dcb-b84d-177a4782e47b.tmp

Filesize
25KB

MD5
63b6255b3f07d9e42bedebea98f2aca2

SHA1
40ebdc3a328e822aec42b2373d092dc73101342f

SHA256
51efbb488012f6ba9fd2182e4f57da8fe07e915e6b2c000fe96617c1d25d349a

SHA512
0e54c65fd7616217d813904524e84af94d966c93b9097053d0253f0e7111883f47aea07016b9d1096c6e6f877fe2c5754c035e82c6a5246418303da8662bf652

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\94a165ab-4c3c-4bb0-81f1-1091720622d0.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
5d4ef67fb0987cf764f64e5939a06b69

SHA1
9928daee5c1f7e442c01f48c7c56391baf75e84a

SHA256
1d9560a85054d831c75028fe5f882f57092f3e12eade03bb7f9bbd60ced3deed

SHA512
a2e7d6d0ab1cfb960c5241d5304696b6dda3ecdfe90ff98eb977bed6f82d81c3fdeae8522c64c84f9aaf060a045eec88be617a313ca4d0acee60aa38b468b160

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
360B

MD5
4f1b4b1527c431ff8f2490fdd90da8a0

SHA1
c8bcae1dadacf849f43c326b76cd120420aac406

SHA256
38a30bdef8a1eb471747c87e9c856b6b3735a0072e2192f2fffec5e3fa2e8e7b

SHA512
6c1d7da4f66b6baab686ac49565eedb1e5fc45681d414494ba16d12a1000a8b4da9f191aea93df8acf7ed5d41764cb6062f2008a42784c18c021e1b06e5d8d7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
ca29b5dc5adb1f871106c17f5d62530a

SHA1
23360d86d34257ee504cf0b8025902a0632275a7

SHA256
3fe86978b4906faee8d8920ac41a73a46a47b52511a25bccbeb83584d3aac431

SHA512
5929e1599b02b082ff7442c39924d2bf6f5a74f359575fdc0f6a1521e0ab9ea0b41210a17aea1b94e2f42a315052ddf1f60b757095850cb2ca134c91e4f7c5b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
9fc19f7e960e11123287e0bff6f09357

SHA1
5d168fc5331ab2bff48e1e2de5460d71d392a7d2

SHA256
7df9ba8762b0aec9f6eab8e325d846bb6a8005a1d99f35a169134eb29b09aad5

SHA512
0068a94225c2d213c7d9b9efaa9768187940b903c7501b6e0807e1449e869ead9249957424b7c807d26ce362c9a83e6c9dcc00985f5a6f517cfe0c9238835542

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
035b68cdc0b0ee46a73c3c8b3e25c35e

SHA1
3f4dfbc28b1bb058b6fc764cb00db03bc1957f55

SHA256
29cf85bc6ce72472cc6732422141bf7701df5154c926f5d8e446c0c1eca47d9a

SHA512
0b9723e64177d69901dff67f74e7359d72fee1121db285e94e58711e56180b76d62a7304e7cc2f819dc306cecf31da82dcd270c72bcdff56a3dd8bdf7562bb85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
dfc0848746d5b6565bf4c9981dea8c4c

SHA1
a5466ceb4e3abd5264921cf985fe4c8e0efb9224

SHA256
d6b0957b0fa91cec16ed4cdd6d4ac0764f2a75af63d9579ac99471ac27f87cd8

SHA512
720928f2c5ff7e4ac38bfa5741b24438fe67875ebe2cd658e8662e85873eae96b8eb94b2ba1b9903526ab9aea236dba2c8a880f3b776098d84debae525ead804

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
c9630271220c25138cd1ae659a1df7f0

SHA1
2a96d68c029089e4f7afa66d5398f0c7eb68b5d8

SHA256
a9cfb498911f1cd45e1466d8d29c494d672940b1cd8f4c1b49dc554dbbedb5d9

SHA512
7ce68439356feb37e75fa4e621259032c855eee274f478d1dff011c8ce463846ddec07240d9266a906bd33b6999f62fb5665c7edc15c3082fecb0fc54d6486b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
375f3880d3461129120c6ff2b1bcf1bb

SHA1
e3ef3bed06de9d68c3ad7a53c9a94a662a2c1f95

SHA256
3bd52c023f7e0c90a4f284ef178e64ed3223918a2c527894b902efb2ed534ca3

SHA512
d32d164a19676e65b5ffa6b4c23b15e775ca6586f5f4356e9d4a007159238883855f8308cdde22dcf352585ecfc7edb06c0321f763dccae56156d466a803a18f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f807db82da2ac764d120f50a29f0c189

SHA1
920cc7e029063ba273b3d04e0711da83ae484a6b

SHA256
240189aae0a3994406e77c826f36de02f651be247e390666b246dcbcd2b12ece

SHA512
7eb9077577c685ef4e896ac4a6e5fbc9c451ffc784e540f5b4564da5ae97992ad03e0cdb7004273e438ba57ad18e4cb031da7bc6e4635a15b033ab6481d2227a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
35849f82c8b6bb205b498e2ec8532d60

SHA1
0cf1e196e634a8124f1916c0ef16f7392b26653d

SHA256
46a0a8ce8dc77ff1040a735268076935e1549b4f9fc67f5723156c406bc82768

SHA512
bd1770c9722e688c0efbadb48ed444a5f0247a6fde6c96e71e620b6fe92c9f6a6f2221b28a2294cc1f8a24be9722d02d20b827e29bccde0a8da0e588efdc9fc7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
b667a4a778290368c4d9ecae063e8064

SHA1
f5825cd4daf9c5d88a69ce7fccd380aa611845e3

SHA256
79c685ddad0e959a29323e40848ac2fd41dcf0cea311b716347e7f255b660cb6

SHA512
c3b0f4a28d79e66b4e486624b4d4e22bcbc2f5be01854a787197a793e488cf2014430b213fc88af6631c817233a0453626e7f3a672d3ffeb00b748ee490d0bac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f43828c4c3470d418b844c03cf1561f5

SHA1
26f9120fde504ad43eb8fa623abb30339a6bdc9a

SHA256
02c057f2712c48045659ec87d368743c8b02f2227b9589f9783c4aceb3a87624

SHA512
a04e8059ff40810a211697cab64c4d8e4f48e55d4f97077c0a9e60ab4eb9ec3729c7473c4ed193abc2275ff76a18c54aa759020f566469c40e626962d39a3264

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
8ea160b0c1de629d0216a77b28983084

SHA1
c446e438ade22f296754cc74d3c4697445cb8054

SHA256
aa5f70b37930077c89553e52802d4380cc9fd55775736ada83ea8b55a0051df8

SHA512
e70367e0217b0044b844bb76c521c319405bdd6b9364a69ac38a21090f3507dde85cd8e59327b017f0198c28cbe759272cfa401dc369fb3946a74616b49b3102

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
f7ffd4dd360b8c9d9877b578dd535d97

SHA1
29cf6c765122288322a3358ee769fc2ad03d9021

SHA256
c8308e3445267266dbc3e4931e0c2ce0f3c579b2092bc891da4380a7f4fbe5bd

SHA512
38a07646537c14385e39fc1439461db7bfb970040f6ab4f1f9b97a05ed9e1711a445ed9eddfe3c3d5782633ef8b85b95d59c03d2153111ee1d51909a76c5c897

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
f7a8b012e24aea79612b2b6e238ed524

SHA1
39b63c454ced4a9664b93df531081f9e4919c9aa

SHA256
6d29a8285f77948211e121ace2e7ab84cc2c574c57d3b1c6a6d1233c5380363d

SHA512
d1265fe762c8048ffc2236d80c934a15ab02fdcd8baf498665d0a097f0b0d02192f3b0c30274b6cdc74b8b1c55e545bae51bdb7d24fede263c17d6e8a106aaa8

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
d3ecf3bf674914eb3a6b11333501df1b

SHA1
ce322abd893abca069ebabab19822a2e78a27856

SHA256
6e0f7c84197e5b5f31f09670986e133c9878f1f4d37f8e9154ac4c1b1dda2d55

SHA512
01b1f95fb38179fd94138276889ef38091fb16e1969cee5e0489f95d5dcf14a4e42e57fb085e9414d8221e8cd688698930a1599a09f6943fa43061a9ce95d661

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi4042.tmp\Math.dll

Filesize
67KB

MD5
85428cf1f140e5023f4c9d179b704702

SHA1
1b51213ddbaedfffb7e7f098f172f1d4e5c9efba

SHA256
8d9a23dd2004b68c0d2e64e6c6ad330d0c648bffe2b9f619a1e9760ef978207a

SHA512
dfe7f9f3030485caf30ec631424120030c3985df778993342a371bf1724fa84aa885b4e466c6f6b356d99cc24e564b9c702c7bcdd33052172e0794c2fdecce59

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz9F3E.tmp\System.dll

Filesize
12KB

MD5
cff85c549d536f651d4fb8387f1976f2

SHA1
d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e

SHA256
8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8

SHA512
531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz9F3E.tmp\inetc.dll

Filesize
38KB

MD5
a35cdc9cf1d17216c0ab8c5282488ead

SHA1
ed8e8091a924343ad8791d85e2733c14839f0d36

SHA256
a793929232afb78b1c5b2f45d82094098bcf01523159fad1032147d8d5f9c4df

SHA512
0f15b00d0bf2aabd194302e599d69962147b4b3ef99e5a5f8d5797a7a56fd75dd9db0a667cfba9c758e6f0dab9ced126a9b43948935fe37fc31d96278a842bdf

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz9F3E.tmp\nsDialogs.dll

Filesize
9KB

MD5
6c3f8c94d0727894d706940a8a980543

SHA1
0d1bcad901be377f38d579aafc0c41c0ef8dcefd

SHA256
56b96add1978b1abba286f7f8982b0efbe007d4a48b3ded6a4d408e01d753fe2

SHA512
2094f0e4bb7c806a5ff27f83a1d572a5512d979eefda3345baff27d2c89e828f68466d08c3ca250da11b01fc0407a21743037c25e94fbe688566dd7deaebd355

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\06339a8f-d857-4f6b-9e57-d855f1b917c4.tmp

Filesize
148KB

MD5
728fe78292f104659fea5fc90570cc75

SHA1
11b623f76f31ec773b79cdb74869acb08c4052cb

SHA256
d98e226bea7a9c56bfdfab3c484a8e6a0fb173519c43216d3a1115415b166d20

SHA512
91e81b91b29d613fdde24b010b1724be74f3bae1d2fb4faa2c015178248ed6a0405e2b222f4a557a6b895663c159f0bf0dc6d64d21259299e36f53d95d7067aa

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Cache\Cache_Data\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Cache\Cache_Data\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
af7edd07f6d530c2a745c4eceab3483a

SHA1
69aa1048a662ca72168d0160e66356357717101d

SHA256
08d010ee96991d3690cd7902e49e8c4b05f707dea56fea58ef94c716f8b35854

SHA512
27b33a8f232db7280a2e1831bc88f368c56ea65c84024778a6d149a489522ad14b5459ff2bc67cbe1ad2961130a46576e534de2ed698402a5211746872ff5181

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
d7252f1c1f90f3d781857ed20f772a05

SHA1
fac2bf50673db529f047c01cf969f54a198940c7

SHA256
8931d1c373d90cc7c1ed0285fadfb4f8bff4805d08d041c0d622e34a596167da

SHA512
b87fce8e91cf9df2707ccd8dd28c1473ab5c2d64357ba8d0cd9d92ddfa6786c02594eb3a75f1ded31cfc0128e09e1821ee4e85f7ea6dba7a820d4b35db08dfc4

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Extension Scripts\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
d0ef8a5c3e3698aed5c2f14c092b1469

SHA1
182000fe48fcace771a934eee841e05ccdf1fe1d

SHA256
0659c4d6b50ecbb1558ebe04e11533b60933fef329f1618a22fe69225758288b

SHA512
cad2f5fe44adc38fcfef77bbb2215700391472454ecda35217ca605bf8274aef1db92bd029f6ec00c10733aab292b540a67bca67b65f916194e4d0bc7ae6b338

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
77511c6b4538cc175838aba8e85d1dca

SHA1
bcb4d5e595f8c8f3da28f0e3adc9725d0c799a9d

SHA256
6d9ac73704c1b494f3f7b1c19127bcd3cf28578943e7c752d4e474730c494ce8

SHA512
5e11b85a203d41637ba7f4c78cf033c0c266a18c1ac72bcc7f8b729b21edeefd7ed982fa8c99ccc9425c76841422c944c0b9f8edae2c6fc3a91f2891e661c783

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\Network Persistent State~RFe59c8c5.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
4a87189adc7415e85611850105c98ff6

SHA1
e0c0e3b45e7a7001677d7d5c126f85993750f8b3

SHA256
bad4b6ae3f23c83594d19048069a11abc16f6591e3f2f1b7b9cab6f1395bab34

SHA512
f3ae87ea29422de43f848069d8a166987bac6bea4bca450a12b65ceb2ba7ef510eab281104301057b536c52e09ed6683796e85e9f21b0d193aec7cb2464fa3ad

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
f03f23d344b4f9d0a5c2c6b0355044ed

SHA1
7c30c96a643e755a9c156a389281a9d66462ae6a

SHA256
22a64f028b1e574efe8f89d502e357bd3640d7fb474e03d699e9a96960868710

SHA512
6df076077f3a19aa4b576b48abea9608c0d4b92c0758137d4130980696cb95d204d627dd3e9b5e8489fd0e0fa5b55ca70634ec8d8d54bdbfcb4aeee248b39fff

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
29289814d31be85560886d1290a97598

SHA1
fa32070e7abc0ff2dfc080114018455435ddcc4f

SHA256
f7434866fefa35363f8545467eaff28aa882650b7ea6462c483e1bc98d63412e

SHA512
0ef867666c5d09c25a8adbba952887d95ca899648b794da0c01e9a61f87d0095478bba7b3b786e6b9d01b7be1745f607106c0e5f863166e7933d199259493dd4

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
ca9f90e386de9fbf550adde7434aae14

SHA1
d3d12c3a740948aa9aafa7bcafe9e332246ea2b8

SHA256
93f91977cf7870cc0f9a09ab61399799315db7357f4871c4f7c357d898be6c83

SHA512
15f5874e9330bfd6ce053e167f3fb49279639c818cda41c997953c7c236b760c65cada808c302a70434cae9b511269601b3eededc7cacc4eca8bf81b31fe29ee

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
d1814ec2392bda1e4b3be36b24fadea5

SHA1
4ec0047bab7a9e58b374c0ebd908b7285c99ccb9

SHA256
21341547ffcb0ce65cb0cfa9efdcbc591112dde26aa48f283e8aa753d6f166e9

SHA512
d7878c39e6169a20383533a45e659919df4529521541d2e67835bc7e134a58ac8e786ea6164109547d14c484c5979c5997662f56008030dfa6b9d481713f4ce4

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
cd2083a714d6619e3eebc3fc28d8c97d

SHA1
b03a4c54aa4e01dbef57133ad28d686a97d94279

SHA256
4949c20255250cb1605be184666df5d26019c8995780ee7c627073b5021cc61a

SHA512
7435a20e2d305b2b2aaba805c2bcce5da0f0ae9355c919c09af52abfb89b75a91df8dff1c14f9296c77f3a90947db72d11e9c030b9df16a840bc3265ac4010c2

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\TransportSecurity~RFe592409.TMP

Filesize
690B

MD5
47d4217fbe5562d5d7b63612dd72dff8

SHA1
fd6979da7b098c79e62a1949eca7aa81168c166f

SHA256
e4ccc7732db6b3ec9049de5ea039fa185dd359f024f1a0f1377640e41b34482f

SHA512
4fa1d75592359bb561506c41f89cada5c3cb5c080ccee1487ad1b0187af87b69c1447d1d0a7e47a47742d94794d2cddb3dd7f791c60eb29f861209f34f15604f

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
4KB

MD5
4cbd42f25944bcdc25a7edc2117d1bac

SHA1
83516b4bc41cc1d49bf771c3e7c800c432cc4dc8

SHA256
522fe297f2e9e0a5816e49f4c0f4e46c6acb65da43872c6e979b8118deefdc24

SHA512
6bdd04475b8413c10dfc9394c4ff6483baa25913f0aa429c3bd2b5adf9c22c98c42d92cb6c1630a17624e720410dabe72f3148abf580dc6dacb99298dcff830e

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
4KB

MD5
be722a5f2646a9f01fd08f9a24cc35e3

SHA1
5c8714a059011adefec0247c924a0344423ba93d

SHA256
dd6cb193c0b1d17e8b29c457c21b38dd992d7a5606b0bf62cf5f533bb037f990

SHA512
68d141ecacf7353251603ab2730e1029d8edd1e435be1769a368e2362775d4f50d55f2526bd58fd57433a90a06e87d7e6571048cc9e50532dab437c203ce5328

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
4KB

MD5
839d6de590931ec90206abfadc62159c

SHA1
10383e5d8dbbe8c6fa2186e866187ca39a42fd9a

SHA256
afc31f5c48772956f71830d710d971c950593b8656a1624afd83787d690ab5c1

SHA512
f5fc24b8cb497af6458b5464f4ded7f11b7d1b60dd1e9f3d7d752cac60d00dec15b42d82af5a41601439dc2c8a0b623f0e737947e7e6ee2e5ec4ecee3e0a1d2e

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
4KB

MD5
7ed31c74e1482a4832a1985003665155

SHA1
06d66aa26bddfc02d5031e3875b607a7eb9d54cb

SHA256
431e93d2af98df8641f810acc2823c90f94f0c19aa6427be7f812950df381bfb

SHA512
bf7160c15bd2a3c39eee90dd18d59748ad1292ded71c1b5fd411d1ce94ddc7a582a7df7e5c6f65679f98628960c866af0428d435b0827123a02b3cc10daafa0f

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
3KB

MD5
753b606d9b275bd3022d0c35288abbfc

SHA1
e9f48b13789ed157f38161308c45ed69431eb7ad

SHA256
b995686f846455f2292a0867bc15da59f8e6a2c210606a68417c4f053fa94820

SHA512
3d7a5ef7a7bcaa7ebee6b7e3a88ce8324a9762328b1b84faed5b522b667595227821ef85b2cddb39b39f10ab725d74060550ede48ba72812d72831a68b2ab1cb

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
4KB

MD5
867ac481edad18f2b85ca359b9bdad30

SHA1
28935e95a3206e6ab3530ec92b2a7769e389a2bb

SHA256
d9182ad542397945b867450c373d4a50369c0d535cf9a51d3ac55e0ef20202a0

SHA512
5533c1146d2f8a88ed085e7170f56d762754a666d8ccf9e6973da0da682dd6736d9da4771454494ffecf90be99faf8e8bb097bb5fb43a1a5a8e3c7fb397b1853

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences~RFe59236c.TMP

Filesize
3KB

MD5
6fa5e38360860a4c5479a002a61f3908

SHA1
996e1417c01136aeccb04d2670504d261f090bb1

SHA256
03db25c106ad8e76b73d42e3e74bdbb3736362a8b47b7d64c92d873a1a87c106

SHA512
f91a05e591066fe46f5ac8d08a0ca9efa50b2e6b95871abf7fc9526302c051fbc4c9b9f5190cd4fc7a5dacdeb42f4fe88929ad889c7b5763aed6e96c22e62e87

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Web Applications\_nwjs_pcapp.store\pc_app_store.ico.md5

Filesize
16B

MD5
d5e6121f86812cc7ae58efc4f9ceacbb

SHA1
3dfb06418220ed62ab46b473bc4ab269ff4f7e33

SHA256
05f173bbb3d564e2da3d496c4298b69c3506771a30238eb5285f1cd9df00e3c0

SHA512
88c5c1b06ddcac46d53e1cad013fec4fb789f97589f294a076be3cc7ac1c10ed9ea0a1c3a11f9f9499efe01420917ca14348be74dc2cd1c8cdb4313783123740

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Local State

Filesize
3KB

MD5
587123750e8f314af7367e9f2162c2ec

SHA1
3dade1ea12ac3a6b1c5471c56d6dc04931802dd3

SHA256
9a23232fd594e98be165f4892ee848aa071f7ee20f19eb2814a9df468505e3ed

SHA512
719b1df31b37637604291a53757484516efb426c663125d347b4698e4bb8f639447e2177ee3f821326b4dd26a03c0ffa80a9fb17e4e20805ccd246b542900f48

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Local State~RFe58d8b7.TMP

Filesize
915B

MD5
8af50763b7db6db65f68356c3cf9c5d9

SHA1
3ab6d99edbc18196c57bbe66cef05029cb5e0b96

SHA256
b762b8bdf6d7d4d285bc838b6325573fba7ab11387d499b20f6cf45eaac4fe59

SHA512
859d0223cf283f43164a1326dfcf53426d05732a5b1bfcedf727c6970f4e9068d808aa591459a0d2869c819625afba3828cf0206bbceb7e8bd7829d4794ace85

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Module Info Cache

Filesize
90KB

MD5
8f53be875a639cac1300494b673093d3

SHA1
2eb61219d2d21ffe4337612708b395ebd33214aa

SHA256
2261f5b917c9bf416f2d65cd2543f62a52354630028d2135435215afcd16bbb5

SHA512
b120693d75390498cecfa4087c8e9a3fedaf34070fb26fbe408a06e79c666d9ca0bd370a8319245d65a0aaefa290c0422f92d2d42cd221961daea3f4a124012c

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Module Info Cache~RFe594e55.TMP

Filesize
86KB

MD5
0594d39b35143b548875a667713cd62c

SHA1
8a21f8733bfa09e65f05007e3e59ba99233493e0

SHA256
ec2acc27501eb996c2dbe781bbb3823e9970f94bfd7a64b441ad978835f43883

SHA512
6bd2f1f6679b930fed49ae68de2081044a0a3c4f485069fd6d69084be390049d0d1ac0c7149e96c1cf541c42389f5d51e907edb14f3421da58d20ea6d65690b5

Download Submit
C:\Users\Admin\PCAppStore\PCAppStore.exe

Filesize
1.9MB

MD5
4061f29b4f214282d611b9a105a53904

SHA1
96ebed2064c7f49e826b5ae06e8b55676f22d831

SHA256
4c45c39ada1e05544907073476f03b8f57a51e14f8a7d495c8323e426c3d8f76

SHA512
5ec0d8e979a1ce6e05b6e2935ce9a8e77e3571b32004ca4a00be98ea3e7b7917f253d392b152a7919925bb38a53f47908f3107f7a8008860075dfa394606d5ae

Download Submit
C:\Users\Admin\PCAppStore\Temp\nsnD8FD.tmp

Filesize
3.8MB

MD5
1d77f04a0142afca4dbfb1f29526878e

SHA1
d8c48bd2518469821bfe5d79ae8e6b67360175b6

SHA256
cd09a00953548e553d815a5175fea514751385ff2fefcd7ef3781dbb09dcde1f

SHA512
e93d60f4df2790bc09455621bbd6a0628fac6ec39b0b65ac4b55d14a135bc94f09facd907c6658dd1360b729fead8d8449f3a6d611b26dfebd4855daf42b5d7e

Download Submit
C:\Users\Admin\PCAppStore\Temp\nsnD8FD.tmp

Filesize
4.1MB

MD5
2825206a883735a70a5672026b05d458

SHA1
0032d318999034a46930c1378edcd3441cd5c3c5

SHA256
4ee3d85758594350de1f3371b85bd6bac6f76c20a85f9b777f2085c21ca212c7

SHA512
13bdcec88b042e3b74dea5ad71864298621cee1724a05e61bfd310f0d322b6f6e5ccdf96222b216d912318a375d5f4dff93729a05a2cb1e145bd1d1e13689ed1

Download Submit
C:\Users\Admin\PCAppStore\Temp\nsnD8FD.tmp

Filesize
1.5MB

MD5
c14013b00d30f7c83f356b0dc98b2d2c

SHA1
b96eeaac360741acd7093a96460fe5bd466672d5

SHA256
fcaae33560cde6c68d2760dc4f899ce687471f3c0cc97c6f19ecf13eb75b489f

SHA512
f7f8c6883b17f306056aaa18dd5fbd802a286d660c6f867253c928dfb75997006e7e463f1509df5994f0d6a190b0b3c27d29be6210794a1ccad7017682f1c5d7

Download Submit
C:\Users\Admin\PCAppStore\Temp\tempPOSTData

Filesize
16B

MD5
eb1dab911e88682d14139466363fe59f

SHA1
f09b903cc25f13dd23c7aa899765408286fbc8b9

SHA256
7651362e0943d01e8ad4fa5356e10cf6891a20e974cf3820c2f70ba2299d7ec7

SHA512
15bcbee743c6a416bb337f7e712bd9b7a2fa1f411d4b659f80454098b6b8f8dae68df3bb4e3d912c191cedb5f9550b8f2b3f6e97c919bbbb09eeb6af6447afc4

Download Submit
C:\Users\Admin\PCAppStore\Temp\tempPOSTData

Filesize
3KB

MD5
03f79319515b17142f9941bd6d5f835e

SHA1
bdd40f633d6ccb06a1e5bed174c4881100bcb3ae

SHA256
f82f140e7051a639b2e52c46fbeff1ac4f6982fd65b55d39a9093974a274cc57

SHA512
d9eddb3f71e3de1abc2210f39b707ee873978211fdb057bc5c217e81885758708dbc63c85e9510b392f6c53f752541f6f13be011dc3761b21b7f1e1fa6c69f2a

Download Submit
C:\Users\Admin\PCAppStore\Temp\tempPOSTResponse

Filesize
7B

MD5
c21f969b5f03d33d43e04f8f136e7682

SHA1
7505d64a54e061b7acd54ccd58b49dc43500b635

SHA256
37a8eec1ce19687d132fe29051dca629d164e2c4958ba141d5f4133a33f0688f

SHA512
1625cdb75d25d9f699fd2779f44095b6e320767f606f095eb7edab5581e9e3441adbb0d628832f7dc4574a77a382973ce22911b7e4df2a9d2c693826bbd125bc

Download Submit
C:\Users\Admin\PCAppStore\nwjs\NW_store.exe

Filesize
1.6MB

MD5
60ff5563243cb08a0c31de032559687d

SHA1
b9a5130c946cc65a7c4eefc19a8c4f61294b743d

SHA256
84fa01e29c3c4794adb7b6922883951efcf2a94a3156affcac718fd10705b333

SHA512
752f9c7834cd5256d999db192f92939412a040e7085f24788050e703382cfc5baf9e557dd4018200ba67dabce525db1dbc4aac9dca0ff6ac5bc0e44b76fdde7c

Download Submit
C:\Users\Admin\PCAppStore\nwjs\NW_store.exe

Filesize
697KB

MD5
cb9664364b5cc98e1098252961cb6578

SHA1
e3910222f69b01c84c8ccb4826a7fb2583f86335

SHA256
bd5d60af691ba3cb10741c508149239edb1b2759b31993b370a0de84687785a7

SHA512
19d699f4be776dafac2462e90b5dbff4ef6df372d09e87556489732aa9c7fb386ea65b8586c8e3843707174c2820d2f7d39d17c337c4bb460f5b0397d11f0079

Download Submit
C:\Users\Admin\PCAppStore\nwjs\NW_store.exe

Filesize
1.0MB

MD5
67d7728ede6ab6def13221ada1112d35

SHA1
d41c46fe9ed8d218dd8a55c8310eb3f6db410760

SHA256
d8fe848376218222c7055e713c10ceab3067d920d0a7d59157b074ef00db1a8e

SHA512
8d62d8081109880573954b64c830351d2ff23b15ca66ed745bceb3fc3d0178c024d94379ff85a33f45703a7577a6ecc451de7084e6c1e9169c4138ab5266c889

Download Submit
C:\Users\Admin\PCAppStore\nwjs\NW_store.exe

Filesize
697KB

MD5
7dfbeac23806c2b59076f133950cc4f0

SHA1
4c7a1cd2dde7f2272f0b6bdff45f8d90fdbd1ce9

SHA256
369328f74dcec5b95aef0ae472ca06c06568b0931d874498df1de00d6b7041c9

SHA512
49703b5c32842652b7ff3dfa6b8892d4cdb5d71ed7dfdb378ddd3659a763b427338de037b7599f24df94455fc27a5bc694efc1feabf3bbadf6925d1b6dcee112

Download Submit
C:\Users\Admin\PCAppStore\nwjs\NW_store.exe

Filesize
418KB

MD5
eba1079274e112c6455a3547af8d3475

SHA1
b5bdfdabeb134aa8726c5138ec9d6a7ef240da68

SHA256
a2d4a7799ae57453109f27118d2b2be36f875238b67139aa8b9511ba337fc22a

SHA512
dd49e50f0d1bf04d0b291280b844606ec52e4727f6c6e79a39be10cf7810e26ab636a4b5a4eea089221c2f42e6cdc084ccaca5dd5127eedfa74e2acf31a9c2a4

Download Submit
C:\Users\Admin\PCAppStore\nwjs\ffmpeg.dll

Filesize
953KB

MD5
7d8d6df4a2188210ef38c1c3a9b4783a

SHA1
92a4cf64c23f7e655f83235c0b9f7a2cfe34200d

SHA256
d24767b0f0facf5736e671ad2ff8e87990f8bef862686dbaa19efaaa14860adc

SHA512
f9c9b6c14ea01eae2bf90a312f972ce9df01426c8352e7d976b5980324ee53f99606b28ad77d8e733815367da83ded510a3f9a6ae6bd5ca40bea6e08a46b7bdf

Download Submit
C:\Users\Admin\PCAppStore\nwjs\ffmpeg.dll

Filesize
885KB

MD5
c8318e9ec285b29769ad2efc1faebc0a

SHA1
dcf663182a5b6bcb08fbbbcf338e52e84e92304d

SHA256
278daa9fc47a08563d8b2a1b98b7b35a0079213345b9c7f441c840032cfcf2d9

SHA512
f7ced1c485bd61e2750df663da72f8d3963b3cf5db27f3fde136e0f2941e9d7d563f3ec45c7e163151802f696946b048b969e532ce80328b3adeeffc78022e42

Download Submit
C:\Users\Admin\PCAppStore\nwjs\icudtl.dat

Filesize
658KB

MD5
9992140aaf085403e3cd0d70b6e98d53

SHA1
9d2b0782a0d2eae1642e407eb164673509c6ead9

SHA256
bb07df98ace73a2f8ce2591e3258c8277afa205c1030ccf74e23f0ee0d369998

SHA512
155227a6118753820db8616190da458443a791314d466809e53635ad4d6a0b80f7027d23f93b424c3120f388b1afba34d41ef745bf47c2680e550fb56197dae1

Download Submit
C:\Users\Admin\PCAppStore\nwjs\locales\bg.pak.info

Filesize
831KB

MD5
f2a134d21e79420e0e025b2f5d0e0564

SHA1
e4f6ead92945b87c3b980878c707467dc84cd616

SHA256
4c125a498bd06dd1cbbe3e4f05dca6fa47ce19297ad9f92df3af65eaf0a05d67

SHA512
032e8c44c1edbf6ba3effce1d67e5355e926b5509c8aa3dcf15677efe9fe3a2bf27d81d7d7ffae3a5caae1755830ad016a11f1417dddbf49977bd52083aaee1b

Download Submit
C:\Users\Admin\PCAppStore\nwjs\locales\en-US.pak

Filesize
364KB

MD5
a93a5c83e482a4bc56736bb1451a88da

SHA1
afa0c1f46b6245ed9301bc9c2aa46402b6d10c37

SHA256
446764ecf3939c35e90f61c928ec55d445d83a483a19fafd38af378a70fd06c7

SHA512
550278670b857b15a8af557bc7d127695155ac16a0b61947f891040421c08bfed0aea26eccf0c45303b82b801801f6c2caf7fd0561dae97632b0ec2eb1bb2212

Download Submit
C:\Users\Admin\PCAppStore\nwjs\nw.dll

Filesize
2.1MB

MD5
2e3764aa99e3dd98390c42037281fc07

SHA1
3b0c868099f107a07f3f34f1c784895a408b467c

SHA256
dce15f4881db0019c7b589e103484b2c513a54885fffd94f40893e74a555fe23

SHA512
17c86e7555390539fc43c4fcdf531e88f4422331c113ebec66264db3564fcbfbbac45b1a2f0926f375bc0392e506e2489e9a031d645a317843884048448ba189

Download Submit
C:\Users\Admin\PCAppStore\nwjs\nw.dll

Filesize
69KB

MD5
19647d4b768514bb81fbaa0b341bbdcf

SHA1
2748ed753e9a925214dc6ec446f39e2734311a43

SHA256
0ae51ada7fd622c678dcc97aeef9cf5699dab7c1d52260d5b849d06358525d62

SHA512
3bec384d94684534b9386f48bb3c4e8f5384704d37e823b28243fd91dec944863edfef8c75e72e0beb60c9aa824582c62ed36ae0fcfc9a678be9d61249098a7d

Download Submit
C:\Users\Admin\PCAppStore\nwjs\nw_100_percent.pak

Filesize
595KB

MD5
979a087011c664b56b619bafa2122534

SHA1
186724cebbb0047e88640aa0ff3498340cdd5703

SHA256
db914fa3e593a30e4037ea26d482c9f6788a155d8b992b2778021766aa7be49d

SHA512
ecfb1ecb3a16f9e777f5e01440118ac7263d138f6945ca7a746f7e5bda2287332ce0ed228ceb050ce24fb25c1169c952a17c497f33147dfe1ccae36f0f1d47ae

Download Submit
C:\Users\Admin\PCAppStore\nwjs\nw_200_percent.pak

Filesize
514KB

MD5
4381d09c80922ba4d9e3b99be6ab2b0c

SHA1
c6ab695f269e38b7d85c11863aa8755c65701420

SHA256
6577b3e24187daf0dd6997929b33c41443a7624f523a964b40bbb9689af74df1

SHA512
08df847ed0216b2f795cc989552a1c5e2af7fdcdd3d7ff584e37e32accfbcdbfaa5cba17dee4d69962884d5e95d400dc01a50450a97c0c9e1342a1216bcbc81f

Download Submit
C:\Users\Admin\PCAppStore\nwjs\nw_elf.dll

Filesize
1.0MB

MD5
b58238a4c19e14ab64846be1c57be70a

SHA1
47f6d9ab46f579481b8f01b54f9e23f34f2c129e

SHA256
7a879b77ba31f4ead57c6efa19ab468c1ca72d0271fbb553fb7c02d00a250273

SHA512
9dc2d7b22ec0af9bb982fc6e1d46de1d30c408e6abac714ed8731cf5b8c95060564aa85b93989d68b4cad6cc358e47087f14790bbeb3f5609a035a5f35a61600

Download Submit
C:\Users\Admin\PCAppStore\nwjs\nw_elf.dll

Filesize
611KB

MD5
2b1d0dbf81d547e0bfe180e7afd5ea96

SHA1
3f79827c4710cc4ff252c642f10d1f7a8cb32b2e

SHA256
87c0264f9e4d549b17e441c1a72c3ce5705c22ec7a2219b67c6bf4acaa8a448f

SHA512
c2342fbdb3c067ee8a585be40081e7a5b03bfd164263418cf0dab8782d408ae04ed1eeb604c6b328f51dea24612d778e65e06c553d788ef0e0a5d96bbe619783

Download Submit
C:\Users\Admin\PCAppStore\nwjs\nw_elf.dll

Filesize
44KB

MD5
ba51dcc08baf13592d6538a000f668e5

SHA1
580035a54184efc90481673a9b150bd99b51adb2

SHA256
a6d230456d5feda74a07d308a30fbb90ce4f062508e4f53290deb60853db987d

SHA512
fdefb09705e472500b71cb20538186e371cd8c2c73a6cb931bdd033db24e34ebfe5f752cdec9e68089a08ff6b3ae1137a9f38365db90c73f61e2f947665436ef

Download Submit
C:\Users\Admin\PCAppStore\nwjs\resources.pak

Filesize
986KB

MD5
2f73b2a374bd63a4ffc61a9f5bc3dc75

SHA1
65271f149a99e21477e46755f78c03b29bb16086

SHA256
18ff4a41f0c19d796cc1a240f36eeb1a1ef0e53070c210bb81af55a04cabed2a

SHA512
100ece5cdf4cc11699d7078ee6a80f1bcb729ff3ed7197c45a88f2b3a0a825a1a47ba3ae386aaedc2b8d3902cd2d5013348bbc96a7209c1934de6684633c9f2f

Download Submit
C:\Users\Admin\PCAppStore\setDRM.exe

Filesize
2.4MB

MD5
f2c1d64a6b93a988cc2a8a88bf7e277b

SHA1
5c464f06140c2a2dbf3e49402a7018e173ca2d3b

SHA256
91222465180acc34c5e76e3ee2a701acccb30f6a4ed1882a47f11b2fc2a8547d

SHA512
e72ac4c879578a260f71a457407bc8fdb9eb233d25f4336673d8ff9cfa52bca5efe2221729d184074e2407d1e971e28754045913cbc0457aca4d393fd2f66e17

Download Submit
C:\Users\Admin\PCAppStore\ui\package.json

Filesize
2KB

MD5
34fd02368a4717326f0e4c9776c4b3da

SHA1
24cf4907d4d9a9e1243a108c3e6232f4bd767d93

SHA256
c465dfaaabad312164b43c25ae04ae3ccd9ed687116afa5f93c2e006e3d5157b

SHA512
58681b3ee95d9ffa5cb7e35b2fce06f45e4e1d2be51a2c4c6cc1caefb80d854d74853eac852f3e5b27d6b4c98fe28db60104199726d93e75f10c4e22ed1d88eb

Download Submit
memory/1380-1838-0x0000023236C60000-0x0000023236C61000-memory.dmp

Filesize
4KB

Download
memory/1380-1839-0x0000023236C60000-0x0000023236C61000-memory.dmp

Filesize
4KB

Download
memory/1380-1847-0x0000023236C60000-0x0000023236C61000-memory.dmp

Filesize
4KB

Download
memory/1380-1844-0x0000023236C60000-0x0000023236C61000-memory.dmp

Filesize
4KB

Download
memory/1380-1846-0x0000023236C60000-0x0000023236C61000-memory.dmp

Filesize
4KB

Download
memory/1380-1850-0x0000023236C60000-0x0000023236C61000-memory.dmp

Filesize
4KB

Download
memory/1380-1849-0x0000023236C60000-0x0000023236C61000-memory.dmp

Filesize
4KB

Download
memory/1380-1840-0x0000023236C60000-0x0000023236C61000-memory.dmp

Filesize
4KB

Download
memory/1380-1848-0x0000023236C60000-0x0000023236C61000-memory.dmp

Filesize
4KB

Download
memory/1380-1845-0x0000023236C60000-0x0000023236C61000-memory.dmp

Filesize
4KB

Download