hxxps://www[.]guru3d[.]com/download/gpu-z-download-techpowerup/

Analysis

max time kernel
1050s
max time network
996s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
24/02/2024, 14:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.guru3d.com/download/gpu-z-download-techpowerup/

Score

7^/10

discovery

Malware Config

Signatures

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PC App Store.lnk	nsk174A.tmp

Executes dropped EXE 18 IoCs

pid	Process
4952	Setup.exe
4620	nsk174A.tmp
3336	nsk174A.tmp
1608	setDRM.exe
2748	PcAppStore.exe
788	NW_store.exe
3760	NW_store.exe
952	NW_store.exe
1428	NW_store.exe
2532	NW_store.exe
1548	NW_store.exe
1208	NW_store.exe
4392	NW_store.exe
956	NW_store.exe
5124	NW_store.exe
2308	NW_store.exe
3240	NW_store.exe
5200	NW_store.exe

Loads dropped DLL 61 IoCs

pid	Process
4952	Setup.exe
4952	Setup.exe
4952	Setup.exe
4952	Setup.exe
4952	Setup.exe
4952	Setup.exe
4952	Setup.exe
4952	Setup.exe
4952	Setup.exe
4952	Setup.exe
3336	nsk174A.tmp
3336	nsk174A.tmp
3336	nsk174A.tmp
3336	nsk174A.tmp
4952	Setup.exe
3336	nsk174A.tmp
3336	nsk174A.tmp
3336	nsk174A.tmp
3336	nsk174A.tmp
3336	nsk174A.tmp
788	NW_store.exe
788	NW_store.exe
788	NW_store.exe
3760	NW_store.exe
952	NW_store.exe
1428	NW_store.exe
2532	NW_store.exe
1428	NW_store.exe
1428	NW_store.exe
2532	NW_store.exe
2532	NW_store.exe
1428	NW_store.exe
1428	NW_store.exe
1428	NW_store.exe
1428	NW_store.exe
1548	NW_store.exe
1208	NW_store.exe
1548	NW_store.exe
1208	NW_store.exe
1548	NW_store.exe
1208	NW_store.exe
1208	NW_store.exe
4392	NW_store.exe
4392	NW_store.exe
4392	NW_store.exe
956	NW_store.exe
956	NW_store.exe
956	NW_store.exe
2308	NW_store.exe
5124	NW_store.exe
2308	NW_store.exe
2308	NW_store.exe
5124	NW_store.exe
5124	NW_store.exe
3240	NW_store.exe
3240	NW_store.exe
3240	NW_store.exe
5200	NW_store.exe
5200	NW_store.exe
5200	NW_store.exe
5200	NW_store.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates connected drives 3 TTPs 1 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\F:	PcAppStore.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	NW_store.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	NW_store.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	NW_store.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	NW_store.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133532602048609613"	NW_store.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1637591879-962683004-3585269084-1000\{17BD5F18-F3A8-4722-9445-C4C5877627A8}	msedge.exe

NTFS ADS 3 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 166222.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Setup.exe:Zone.Identifier	msedge.exe
File created	C:\Users\Admin\StrPIC\assets\images\css2?family=Inter:wght@400;500;600;700&family=Open+Sans:wght@400;600;700&family=Roboto:wght@400;500;700&display=swap	NW_store.exe

Suspicious behavior: EnumeratesProcesses 62 IoCs

pid	Process
4676	msedge.exe
4676	msedge.exe
3896	msedge.exe
3896	msedge.exe
4956	identity_helper.exe
4956	identity_helper.exe
4844	msedge.exe
4844	msedge.exe
3136	msedge.exe
3136	msedge.exe
3120	msedge.exe
3120	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
4952	Setup.exe
4952	Setup.exe
4952	Setup.exe
4952	Setup.exe
4952	Setup.exe
4952	Setup.exe
4952	Setup.exe
4952	Setup.exe
3336	nsk174A.tmp
3336	nsk174A.tmp
3336	nsk174A.tmp
3336	nsk174A.tmp
3336	nsk174A.tmp
3336	nsk174A.tmp
2748	PcAppStore.exe
2748	PcAppStore.exe
2748	PcAppStore.exe
2748	PcAppStore.exe
2748	PcAppStore.exe
2748	PcAppStore.exe
2532	NW_store.exe
2532	NW_store.exe
1428	NW_store.exe
1428	NW_store.exe
788	NW_store.exe
788	NW_store.exe
1548	NW_store.exe
1548	NW_store.exe
1208	NW_store.exe
1208	NW_store.exe
2748	PcAppStore.exe
2748	PcAppStore.exe
4392	NW_store.exe
4392	NW_store.exe
956	NW_store.exe
956	NW_store.exe
2308	NW_store.exe
2308	NW_store.exe
5124	NW_store.exe
5124	NW_store.exe
3240	NW_store.exe
3240	NW_store.exe
5200	NW_store.exe
5200	NW_store.exe
5200	NW_store.exe
5200	NW_store.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	788	NW_store.exe
Token: SeCreatePagefilePrivilege	788	NW_store.exe
Token: SeShutdownPrivilege	788	NW_store.exe
Token: SeCreatePagefilePrivilege	788	NW_store.exe
Token: SeShutdownPrivilege	788	NW_store.exe
Token: SeCreatePagefilePrivilege	788	NW_store.exe
Token: SeSecurityPrivilege	3336	msiexec.exe
Token: SeShutdownPrivilege	788	NW_store.exe
Token: SeCreatePagefilePrivilege	788	NW_store.exe
Token: SeShutdownPrivilege	788	NW_store.exe
Token: SeCreatePagefilePrivilege	788	NW_store.exe
Token: SeShutdownPrivilege	788	NW_store.exe
Token: SeCreatePagefilePrivilege	788	NW_store.exe
Token: SeShutdownPrivilege	788	NW_store.exe
Token: SeCreatePagefilePrivilege	788	NW_store.exe
Token: SeShutdownPrivilege	788	NW_store.exe
Token: SeCreatePagefilePrivilege	788	NW_store.exe
Token: SeShutdownPrivilege	788	NW_store.exe
Token: SeCreatePagefilePrivilege	788	NW_store.exe
Token: SeShutdownPrivilege	788	NW_store.exe
Token: SeCreatePagefilePrivilege	788	NW_store.exe
Token: SeShutdownPrivilege	788	NW_store.exe
Token: SeCreatePagefilePrivilege	788	NW_store.exe
Token: SeShutdownPrivilege	788	NW_store.exe
Token: SeCreatePagefilePrivilege	788	NW_store.exe
Token: SeShutdownPrivilege	788	NW_store.exe
Token: SeCreatePagefilePrivilege	788	NW_store.exe
Token: SeShutdownPrivilege	788	NW_store.exe
Token: SeCreatePagefilePrivilege	788	NW_store.exe
Token: SeShutdownPrivilege	788	NW_store.exe
Token: SeCreatePagefilePrivilege	788	NW_store.exe
Token: SeShutdownPrivilege	788	NW_store.exe
Token: SeCreatePagefilePrivilege	788	NW_store.exe
Token: SeShutdownPrivilege	788	NW_store.exe
Token: SeCreatePagefilePrivilege	788	NW_store.exe
Token: SeShutdownPrivilege	788	NW_store.exe
Token: SeCreatePagefilePrivilege	788	NW_store.exe
Token: SeShutdownPrivilege	788	NW_store.exe
Token: SeCreatePagefilePrivilege	788	NW_store.exe
Token: SeShutdownPrivilege	788	NW_store.exe
Token: SeCreatePagefilePrivilege	788	NW_store.exe
Token: SeShutdownPrivilege	788	NW_store.exe
Token: SeCreatePagefilePrivilege	788	NW_store.exe
Token: SeShutdownPrivilege	788	NW_store.exe
Token: SeCreatePagefilePrivilege	788	NW_store.exe
Token: SeShutdownPrivilege	788	NW_store.exe
Token: SeCreatePagefilePrivilege	788	NW_store.exe
Token: SeShutdownPrivilege	788	NW_store.exe
Token: SeCreatePagefilePrivilege	788	NW_store.exe
Token: SeShutdownPrivilege	788	NW_store.exe
Token: SeCreatePagefilePrivilege	788	NW_store.exe
Token: SeShutdownPrivilege	788	NW_store.exe
Token: SeCreatePagefilePrivilege	788	NW_store.exe
Token: SeShutdownPrivilege	788	NW_store.exe
Token: SeCreatePagefilePrivilege	788	NW_store.exe
Token: SeShutdownPrivilege	788	NW_store.exe
Token: SeCreatePagefilePrivilege	788	NW_store.exe
Token: SeShutdownPrivilege	788	NW_store.exe
Token: SeCreatePagefilePrivilege	788	NW_store.exe
Token: SeShutdownPrivilege	788	NW_store.exe
Token: SeCreatePagefilePrivilege	788	NW_store.exe
Token: SeShutdownPrivilege	788	NW_store.exe
Token: SeCreatePagefilePrivilege	788	NW_store.exe
Token: SeShutdownPrivilege	788	NW_store.exe

Suspicious use of FindShellTrayWindow 56 IoCs

pid	Process
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
2748	PcAppStore.exe
2748	PcAppStore.exe
2748	PcAppStore.exe
788	NW_store.exe
788	NW_store.exe
788	NW_store.exe
788	NW_store.exe
788	NW_store.exe
788	NW_store.exe
788	NW_store.exe
788	NW_store.exe
788	NW_store.exe
788	NW_store.exe
788	NW_store.exe
788	NW_store.exe
788	NW_store.exe
788	NW_store.exe
2748	PcAppStore.exe
2748	PcAppStore.exe
788	NW_store.exe
788	NW_store.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
2748	PcAppStore.exe
2748	PcAppStore.exe
2748	PcAppStore.exe
2748	PcAppStore.exe
2748	PcAppStore.exe
2748	PcAppStore.exe
2748	PcAppStore.exe
2748	PcAppStore.exe
2748	PcAppStore.exe
2748	PcAppStore.exe
2748	PcAppStore.exe
2748	PcAppStore.exe
2748	PcAppStore.exe
2748	PcAppStore.exe
2748	PcAppStore.exe
2748	PcAppStore.exe
2748	PcAppStore.exe
2748	PcAppStore.exe
2748	PcAppStore.exe
2748	PcAppStore.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
4952	Setup.exe
4620	nsk174A.tmp
3336	nsk174A.tmp
1608	setDRM.exe
2748	PcAppStore.exe
3896	msedge.exe
3896	msedge.exe
2748	PcAppStore.exe
788	NW_store.exe
788	NW_store.exe
788	NW_store.exe
788	NW_store.exe
788	NW_store.exe
788	NW_store.exe
788	NW_store.exe
788	NW_store.exe
788	NW_store.exe
788	NW_store.exe
788	NW_store.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
788	NW_store.exe
788	NW_store.exe
788	NW_store.exe
788	NW_store.exe
788	NW_store.exe
788	NW_store.exe
788	NW_store.exe
788	NW_store.exe
788	NW_store.exe
788	NW_store.exe
788	NW_store.exe
788	NW_store.exe
788	NW_store.exe
788	NW_store.exe
788	NW_store.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3896 wrote to memory of 4024	3896	msedge.exe	80
PID 3896 wrote to memory of 4024	3896	msedge.exe	80
PID 3896 wrote to memory of 244	3896	msedge.exe	81
PID 3896 wrote to memory of 244	3896	msedge.exe	81
PID 3896 wrote to memory of 244	3896	msedge.exe	81
PID 3896 wrote to memory of 244	3896	msedge.exe	81
PID 3896 wrote to memory of 244	3896	msedge.exe	81
PID 3896 wrote to memory of 244	3896	msedge.exe	81
PID 3896 wrote to memory of 244	3896	msedge.exe	81
PID 3896 wrote to memory of 244	3896	msedge.exe	81
PID 3896 wrote to memory of 244	3896	msedge.exe	81
PID 3896 wrote to memory of 244	3896	msedge.exe	81
PID 3896 wrote to memory of 244	3896	msedge.exe	81
PID 3896 wrote to memory of 244	3896	msedge.exe	81
PID 3896 wrote to memory of 244	3896	msedge.exe	81
PID 3896 wrote to memory of 244	3896	msedge.exe	81
PID 3896 wrote to memory of 244	3896	msedge.exe	81
PID 3896 wrote to memory of 244	3896	msedge.exe	81
PID 3896 wrote to memory of 244	3896	msedge.exe	81
PID 3896 wrote to memory of 244	3896	msedge.exe	81
PID 3896 wrote to memory of 244	3896	msedge.exe	81
PID 3896 wrote to memory of 244	3896	msedge.exe	81
PID 3896 wrote to memory of 244	3896	msedge.exe	81
PID 3896 wrote to memory of 244	3896	msedge.exe	81
PID 3896 wrote to memory of 244	3896	msedge.exe	81
PID 3896 wrote to memory of 244	3896	msedge.exe	81
PID 3896 wrote to memory of 244	3896	msedge.exe	81
PID 3896 wrote to memory of 244	3896	msedge.exe	81
PID 3896 wrote to memory of 244	3896	msedge.exe	81
PID 3896 wrote to memory of 244	3896	msedge.exe	81
PID 3896 wrote to memory of 244	3896	msedge.exe	81
PID 3896 wrote to memory of 244	3896	msedge.exe	81
PID 3896 wrote to memory of 244	3896	msedge.exe	81
PID 3896 wrote to memory of 244	3896	msedge.exe	81
PID 3896 wrote to memory of 244	3896	msedge.exe	81
PID 3896 wrote to memory of 244	3896	msedge.exe	81
PID 3896 wrote to memory of 244	3896	msedge.exe	81
PID 3896 wrote to memory of 244	3896	msedge.exe	81
PID 3896 wrote to memory of 244	3896	msedge.exe	81
PID 3896 wrote to memory of 244	3896	msedge.exe	81
PID 3896 wrote to memory of 244	3896	msedge.exe	81
PID 3896 wrote to memory of 244	3896	msedge.exe	81
PID 3896 wrote to memory of 4676	3896	msedge.exe	82
PID 3896 wrote to memory of 4676	3896	msedge.exe	82
PID 3896 wrote to memory of 236	3896	msedge.exe	83
PID 3896 wrote to memory of 236	3896	msedge.exe	83
PID 3896 wrote to memory of 236	3896	msedge.exe	83
PID 3896 wrote to memory of 236	3896	msedge.exe	83
PID 3896 wrote to memory of 236	3896	msedge.exe	83
PID 3896 wrote to memory of 236	3896	msedge.exe	83
PID 3896 wrote to memory of 236	3896	msedge.exe	83
PID 3896 wrote to memory of 236	3896	msedge.exe	83
PID 3896 wrote to memory of 236	3896	msedge.exe	83
PID 3896 wrote to memory of 236	3896	msedge.exe	83
PID 3896 wrote to memory of 236	3896	msedge.exe	83
PID 3896 wrote to memory of 236	3896	msedge.exe	83
PID 3896 wrote to memory of 236	3896	msedge.exe	83
PID 3896 wrote to memory of 236	3896	msedge.exe	83
PID 3896 wrote to memory of 236	3896	msedge.exe	83
PID 3896 wrote to memory of 236	3896	msedge.exe	83
PID 3896 wrote to memory of 236	3896	msedge.exe	83
PID 3896 wrote to memory of 236	3896	msedge.exe	83
PID 3896 wrote to memory of 236	3896	msedge.exe	83
PID 3896 wrote to memory of 236	3896	msedge.exe	83

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.guru3d.com/download/gpu-z-download-techpowerup/
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xb8,0x10c,0x7ffca8a93cb8,0x7ffca8a93cc8,0x7ffca8a93cd8
  2⤵
  PID:4024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1896,7587546273580757383,3959554258561606718,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1908 /prefetch:2
  2⤵
  PID:244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1896,7587546273580757383,3959554258561606718,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2336 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1896,7587546273580757383,3959554258561606718,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:8
  2⤵
  PID:236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,7587546273580757383,3959554258561606718,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:4540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,7587546273580757383,3959554258561606718,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:3976
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1896,7587546273580757383,3959554258561606718,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5240 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1896,7587546273580757383,3959554258561606718,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5300 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,7587546273580757383,3959554258561606718,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:1
  2⤵
  PID:1472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,7587546273580757383,3959554258561606718,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1
  2⤵
  PID:1632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,7587546273580757383,3959554258561606718,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4624 /prefetch:1
  2⤵
  PID:1996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,7587546273580757383,3959554258561606718,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6060 /prefetch:1
  2⤵
  PID:1516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,7587546273580757383,3959554258561606718,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6428 /prefetch:1
  2⤵
  PID:2272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,7587546273580757383,3959554258561606718,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6628 /prefetch:1
  2⤵
  PID:4916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1896,7587546273580757383,3959554258561606718,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6336 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:3136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1896,7587546273580757383,3959554258561606718,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6764 /prefetch:8
  2⤵
  PID:4304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,7587546273580757383,3959554258561606718,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6192 /prefetch:1
  2⤵
  PID:3500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1896,7587546273580757383,3959554258561606718,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6152 /prefetch:8
  2⤵
  PID:1128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,7587546273580757383,3959554258561606718,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6280 /prefetch:1
  2⤵
  PID:3416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,7587546273580757383,3959554258561606718,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4600 /prefetch:1
  2⤵
  PID:4300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,7587546273580757383,3959554258561606718,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6660 /prefetch:1
  2⤵
  PID:4088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,7587546273580757383,3959554258561606718,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6000 /prefetch:1
  2⤵
  PID:4484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1896,7587546273580757383,3959554258561606718,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4568 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:3120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1896,7587546273580757383,3959554258561606718,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5944 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:764
- C:\Users\Admin\Downloads\Setup.exe
  "C:\Users\Admin\Downloads\Setup.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:4952
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://pcapp.store/installing.php?guid=6F6F3B96-C90D-49E3-BF49-AF8F1B70C337X&winver=22000&version=fa.1086d&nocache=20240224145559.520&_fcid=1708786264972335
    3⤵
    PID:2052
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffca8a93cb8,0x7ffca8a93cc8,0x7ffca8a93cd8
      4⤵
      PID:3400
- - C:\Users\Admin\StrPIC\Temp\nsk174A.tmp
    "C:\Users\Admin\StrPIC\Temp\nsk174A.tmp" /verify
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4620
- - C:\Users\Admin\StrPIC\Temp\nsk174A.tmp
    "C:\Users\Admin\StrPIC\Temp\nsk174A.tmp" /internal 1708786264972335 /force
    3⤵
    - Drops startup file
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SetWindowsHookEx
    PID:3336
  - - C:\Users\Admin\StrPIC\setDRM.exe
      "C:\Users\Admin\StrPIC\setDRM.exe" 1708786264972335
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1608
  - - C:\Users\Admin\StrPIC\PcAppStore.exe
      "C:\Users\Admin\StrPIC\PcAppStore.exe" /init default
      4⤵
      Executes dropped EXE
      Enumerates connected drives
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      Suspicious use of SetWindowsHookEx
      PID:2748
    - - C:\Users\Admin\StrPIC\nwjs\NW_store.exe
        
        .\nwjs\NW_store.exe .\ui\.
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Enumerates system info in registry
        Modifies data under HKEY_USERS
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of FindShellTrayWindow
        Suspicious use of SetWindowsHookEx
        
        PID:788
      - C:\Users\Admin\StrPIC\nwjs\NW_store.exe
        
        C:\Users\Admin\StrPIC\nwjs\NW_store.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\pc_app_store\User Data" /prefetch:7 --monitor-self --monitor-self-argument=--type=crashpad-handler "--monitor-self-argument=--user-data-dir=C:\Users\Admin\AppData\Local\pc_app_store\User Data" --monitor-self-argument=/prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\pc_app_store\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\pc_app_store\User Data" --annotation=plat=Win64 --annotation=prod=pc_app_store --annotation=ver=0.1.0 --initial-client-data=0x2dc,0x2e0,0x2e4,0x2b8,0x2e8,0x7ffca90f9b48,0x7ffca90f9b58,0x7ffca90f9b68
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:3760
        
        C:\Users\Admin\StrPIC\nwjs\NW_store.exe
        
        C:\Users\Admin\StrPIC\nwjs\NW_store.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\pc_app_store\User Data" /prefetch:7 --no-periodic-tasks --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\pc_app_store\User Data\Crashpad" --annotation=plat=Win64 --annotation=prod=pc_app_store --annotation=ver=0.1.0 --initial-client-data=0x1d8,0x1dc,0x1e0,0x144,0x1e4,0x7ff6aad61da0,0x7ff6aad61db0,0x7ff6aad61dc0
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:952
      - C:\Users\Admin\StrPIC\nwjs\NW_store.exe
        
        "C:\Users\Admin\StrPIC\nwjs\NW_store.exe" --type=gpu-process --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --start-stack-profiler --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1716 --field-trial-handle=1820,i,15363335057970534221,18052769807496459529,131072 /prefetch:2
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        
        PID:1428
      - C:\Users\Admin\StrPIC\nwjs\NW_store.exe
        
        "C:\Users\Admin\StrPIC\nwjs\NW_store.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --start-stack-profiler --mojo-platform-channel-handle=2012 --field-trial-handle=1820,i,15363335057970534221,18052769807496459529,131072 /prefetch:8
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        
        PID:2532
      - C:\Users\Admin\StrPIC\nwjs\NW_store.exe
        
        "C:\Users\Admin\StrPIC\nwjs\NW_store.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --mojo-platform-channel-handle=2112 --field-trial-handle=1820,i,15363335057970534221,18052769807496459529,131072 /prefetch:8
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        
        PID:1548
      - C:\Users\Admin\StrPIC\nwjs\NW_store.exe
        
        "C:\Users\Admin\StrPIC\nwjs\NW_store.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --nwjs --extension-process --first-renderer-process --no-sandbox --file-url-path-alias="/gen=C:\Users\Admin\StrPIC\nwjs\gen" --no-zygote --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2780 --field-trial-handle=1820,i,15363335057970534221,18052769807496459529,131072 /prefetch:1
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        NTFS ADS
        Suspicious behavior: EnumeratesProcesses
        
        PID:1208
      - C:\Users\Admin\StrPIC\nwjs\NW_store.exe
        
        "C:\Users\Admin\StrPIC\nwjs\NW_store.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-sandbox --video-capture-use-gpu-memory-buffer --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --mojo-platform-channel-handle=3996 --field-trial-handle=1820,i,15363335057970534221,18052769807496459529,131072 /prefetch:8
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        
        PID:4392
      - C:\Users\Admin\StrPIC\nwjs\NW_store.exe
        
        "C:\Users\Admin\StrPIC\nwjs\NW_store.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-sandbox --video-capture-use-gpu-memory-buffer --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --mojo-platform-channel-handle=4172 --field-trial-handle=1820,i,15363335057970534221,18052769807496459529,131072 /prefetch:8
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        
        PID:956
      - C:\Users\Admin\StrPIC\nwjs\NW_store.exe
        
        "C:\Users\Admin\StrPIC\nwjs\NW_store.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-sandbox --video-capture-use-gpu-memory-buffer --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --mojo-platform-channel-handle=4008 --field-trial-handle=1820,i,15363335057970534221,18052769807496459529,131072 /prefetch:8
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        
        PID:5124
      - C:\Users\Admin\StrPIC\nwjs\NW_store.exe
        
        "C:\Users\Admin\StrPIC\nwjs\NW_store.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-sandbox --video-capture-use-gpu-memory-buffer --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --mojo-platform-channel-handle=4212 --field-trial-handle=1820,i,15363335057970534221,18052769807496459529,131072 /prefetch:8
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        
        PID:2308
      - C:\Users\Admin\StrPIC\nwjs\NW_store.exe
        
        "C:\Users\Admin\StrPIC\nwjs\NW_store.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-sandbox --video-capture-use-gpu-memory-buffer --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --mojo-platform-channel-handle=4348 --field-trial-handle=1820,i,15363335057970534221,18052769807496459529,131072 /prefetch:8
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        
        PID:3240
      - C:\Users\Admin\StrPIC\nwjs\NW_store.exe
        
        "C:\Users\Admin\StrPIC\nwjs\NW_store.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --start-stack-profiler --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4348 --field-trial-handle=1820,i,15363335057970534221,18052769807496459529,131072 /prefetch:2
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        
        PID:5200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,7587546273580757383,3959554258561606718,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4800 /prefetch:1
  2⤵
  PID:3720

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2912

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3780

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3336

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\773CFF2C7835D48C4E76FE153DBA9F81_15174A80589B8DAF9768E9131F4845C0

Filesize
471B

MD5
32573888d1bd64aab12864511eb78780

SHA1
7b0101a0344cbff6edd2d2f78f25fdd6d53c62f4

SHA256
d7f8532b864ef3d595e14a86c8a8b04cb7a8df6cccc64bac6d12318783e5742a

SHA512
684986ad5a8448b59f3a5a96eedf664b726a776ef63ab13169c2a438597fe1155fb51a03d7af4bbbc40f011a5100dbeffb4d4436d67b02469ba202a32a735fc3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_C39E9DBC666D19C07EEE7CD1E11AF8BE

Filesize
471B

MD5
be6d72743e9bcd2492f0f3f1428424b4

SHA1
1062d7c9620d53d5b6b923746c84fd147e6e9d45

SHA256
bfb11b771408cf5fbf32407ebcc357c51e204e088c7f97720d115e15b96081a1

SHA512
fc03bcaba175f6e43bd38f8658e7df6c6648835776aec504740b34db861d8fa0cb55afd3befc5e9d2e649793647d453bd4f6473ec3408a1f9b9e29963f8fc0bd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\773CFF2C7835D48C4E76FE153DBA9F81_15174A80589B8DAF9768E9131F4845C0

Filesize
404B

MD5
9dae43bb18dc6cdb20008fcdb003ee03

SHA1
5592f2f90b5588b3d26e6e3e2c97d4ec6d1c99bb

SHA256
f5deadd7b1db71d852f1c33ca2479d119e2cd6b0db8e0bd1f2dcdafc502c9322

SHA512
532c89d2e3a1274c2165f084c82ba2078d4fb8cde41a668f0b0ef61c6b8ff8c5e4688e703f22dc2e1b95a30013ac3e2ca58a4ea4109fe09edee8a56934f8aa54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_C39E9DBC666D19C07EEE7CD1E11AF8BE

Filesize
412B

MD5
64fc5a19e7be6a7871f00e782f88722f

SHA1
cbd91b8cf74826e4b1b3b978c79f5a72448413ea

SHA256
09349347d0e6b9a1af7fc01aa5ec2cc1af685575e361b9157bd6ab026023d711

SHA512
a9af7dd813b5895498b72c1fba5a37f2619684228000594870bfa9dc4103d5e205faafc3789133836c03df90c7c3cb227e379f55c0192c70c06c451a4ce268f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d459a8c16562fb3f4b1d7cadaca620aa

SHA1
7810bf83e8c362e0c69298e8c16964ed48a90d3a

SHA256
fa31bc49a2f9af06d325871104e36dd69bfe3847cd521059b62461a92912331a

SHA512
35cb00c21908e1332c3439af1ec9867c81befcc4792248ee392080b455b1f5ce2b0c0c2415e344d91537469b5eb72f330b79feb7e8a86eeb6cf41ec5be5dfd2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
656bb397c72d15efa159441f116440a6

SHA1
5b57747d6fdd99160af6d3e580114dbbd351921f

SHA256
770ed0fcd22783f60407cdc55b5998b08e37b3e06efb3d1168ffed8768751fab

SHA512
5923db1d102f99d0b29d60916b183b92e6be12cc55733998d3da36d796d6158c76e385cef320ec0e9afa242a42bfb596f7233b60b548f719f7d41cb8f404e73c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\7c07fe18-5600-435a-8c62-11c33849577d.tmp

Filesize
1KB

MD5
5ba2b74d72da392a6df184459d98c562

SHA1
93fb927f1edd3cdcc3d46a863a2764a2755bc7c2

SHA256
27b8fcfaaf50182252dfbc2d7c5a52de1fa256131ae1e71c4e888cc0ce2c16ac

SHA512
bef1efe6311e376c0566900784cc3b93c87de43e4b64336df7639bf51bd597fc5342e1e98ac340fcd4be5b35be3608a32a091596a13769b5e6c35e9025cbaf9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

Filesize
61KB

MD5
1971e737391eabf87667012e84069a5a

SHA1
8fd29644afc6da70873c25f9bf9d1c495c759843

SHA256
c9aab23276584648e971c3745fca3bed6d9e4c7e373bf3dc7ad316f2aef42fd3

SHA512
23062a1d410b69532d3bf97ec7d1fa3c27e974613326fe3a3d80f909d595bda78f2ba366bcd612e494ecee1af1493264d0044a26fae604466e5437a25da6280b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
33071494f4d08ae7ff7d1036b139f489

SHA1
4fe704241c55e53b74099d7aeefabb463211148c

SHA256
ad9ae2eb221ad74fd56da89b8e3aa0100c9c951c377030c3beb622e2430780c7

SHA512
3b3fcc2555981554ae504d9286c1ea8dc2ef1f7fc60b2f1f94c163203f89ec874b51a44094c9a5f6e142489b6fd2c013819e30700e13856314a039332c394849

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
8307279acce4bcfe74f140dc97b37105

SHA1
fb451521d132bf61a703f7aef7e0927f2e42f5ad

SHA256
db45993cef99783bc6e546ebcc6701c32e1daf3f5a86ef837ab86663ede3a6eb

SHA512
e32a84409ee38df46c980a9c09f4ec444c8fd2bd8f19c9bc9e71b9ff35cf4205b0daf87da649a04d173a55d1087ce42f9850962d1d7c10b2a0349c3dca5c4290

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
f97528b388138eddb9adf9a75e79d3da

SHA1
45243e76390f2422719ea114626c85cbe0dabaf7

SHA256
8b8b2cef75f288337e2c17494fab51b21809cc76325aa0d3aa1da0b66b29b990

SHA512
901384a3e0a5c8e6d28ac4f0293ea2ed83993bf52ee8cc05aaa328d246b0d2b42da746d90e863faf2fc9e4648c9fe33a915072060c0c926bc28adec46688938c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
a6629c240d22cfaf3da9a23233bf663e

SHA1
e5120f3f44556e54adeaf1040daf0133ec15c867

SHA256
0b17c98cdb4ee55c71125696854b2ef3aab480f997ff40b544d0d9a08bdcbe90

SHA512
fcc9c829b6e6a07a1f8d540681ee662d214c7f8112b98f64bd8dab64f0f882b0657897fd4aa5494418128d06311c2fee150459af1e6b6760bd45374ab4a28084

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4cd5aa6fa23d9d1c48336e576bf2d604

SHA1
5584f381679c2529c9e65877e3a5ab2d1e78ac95

SHA256
79aa9a833b3b24e50ae71b45fcdfcb9aef45c418adbce4db62c4ebb67208b017

SHA512
57d2d7d927cca9a8fe0f9c37de36690a87727d59b78fe8dd3bc4640bbdd7a633e08dc87c6572e5dcf1f5bf2eeb0a594d9befd12f2d2eb327bc017dd97b6e9aa5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
4a13f8caa05bef32704a9d404b85c890

SHA1
f96a5622b0a1cfe970af4611a69ccd926da3a7ab

SHA256
97dd101f5dd7988cda9ecf6c825d4b3cedf7e2fda0973a7992ae341f69ed1218

SHA512
95b92701ea4cb6b5aff5db3960f579f3cfe3e861663e30d041db78c3f35da90de3fce9085abbc09bc80b0b069947df5a37b071942c47ce26660598ec872f267d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
a41ab9c60106df6eb80446507d722f5e

SHA1
2bcf88450186ba426dfb1722e1bee407502bd9a4

SHA256
d36776eaa84a7aa5cb40edb413d428e23956f96baa57c2deea44368f1a9fb362

SHA512
61947bfc7f13ca835f23f55237d91b426c48dc82ab912dc64eb4e8f3cfb72df131b9334a9f1ef03b8351f5165d860be653cacbe19dee2775ad859c047a2355d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
f852a65fa14baa8d4f620815a4384846

SHA1
807d6c957fcaec4a3e82496178ba5001e1d10bc6

SHA256
548049825c1bfaed7ab34c17a70ac8f51f9c9e3dc24d27059e21de940b4fe795

SHA512
99af03432851c7ab5c5b1020d47a5cfa9e35ecb33e1135cfbbc2362c32e8805efd2e8f72d61cf17627a9e3c1c2f7b20056c90ff9fff4f710805a7e2571357fa7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\085120c090cd27105fa44b23a0aa84f8fd70b0ed\bc03a653-2982-437f-9997-8c77ca54011f\index-dir\the-real-index

Filesize
816B

MD5
50a103cbbb13fdd2a9854fe91938e6a3

SHA1
6b3f89f668de2f7edd9b5a8ea2e0c7140777ca24

SHA256
77bcfc2379c4e2e2a7eb4dc7643b42ac4d5e8b9e6bfa32457b62507329dd53db

SHA512
ab236c7ff528e4b0f40e66f9538b3f07407402e2952a8fb1b5caabbf72d0150ac673448cf864a435c3f90c0e39c0081c3ab260d0c12e2929b919975d82b71011

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\085120c090cd27105fa44b23a0aa84f8fd70b0ed\bc03a653-2982-437f-9997-8c77ca54011f\index-dir\the-real-index~RFe57c803.TMP

Filesize
48B

MD5
5b88024c037bce712a59a5f661f51124

SHA1
ecc3c8fc40614eb0ae0cae45217726bb9584f249

SHA256
35049fdb6fe84727bdded695f55676ccd301be2906849e8a40c52fc0145d914f

SHA512
138a538c774f8c19756df999ed8d36888ba65bd0f3d719c4b6eedae79a43075567e4808d3523adf08a01d6c8f0116f20e31e20d916a8dc20bfc3269f8a0d47b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\085120c090cd27105fa44b23a0aa84f8fd70b0ed\index.txt

Filesize
122B

MD5
4a41d1ca8941ab243d0fb2379f95b879

SHA1
50af73ced20a128de925ad9a78b6a8f91f1997d1

SHA256
57b6920d755ce4530fc60384ca3ccaffcf048f6eb7b3d575bbd1970a50681240

SHA512
40636c35154e8e426dfa3905f1c36140a711a541219e42cdabbf9eb7eb6d71e18c46113e54265d0f8a6f7cee61a0b33ff5571c7a38689cc671598738923bb335

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\085120c090cd27105fa44b23a0aa84f8fd70b0ed\index.txt

Filesize
117B

MD5
68017581abfadff0e76ad5e71e9cec3c

SHA1
04da862d08c4c19ee537e84f8b65727d5cc4dbde

SHA256
4b2439b0717ae18782b2dcf669dd464dcff06994eb58b915ad934bdf1ce2ceb5

SHA512
1112c3eb235f8bf6d5212e65902a74764eb0cf0e99a8a5bef7b5a3929eb32115211e20f7cf1b3e2042173769cd89cabc7f98e0f46dd196f7d5d57b7d27584598

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
1116be62ca5d863f8a8077ad76bac408

SHA1
35aaaec6c5d30c941e8b5dbbf79f19c53a085ff1

SHA256
aa6d752bf7b05e48ac14c216f191348ec3108ca7d48a7a694687d86007189ca6

SHA512
474c6fed29bf585eb9701b9c6799f1ec0911f152bdfff22b41e26009e7bc1ea3037014f4279d7c5a416be21d551932dfefd4e6c818a5336a9d44a3f59018906e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57c36f.TMP

Filesize
48B

MD5
22199d2257f2bc32462e08a9f95cb106

SHA1
aed7238b9a3215847978d3531f9c57694422daaa

SHA256
26d6a3600f07d428aad6ecdfa11af630f6d6f82eaf37829b3017c665d3933307

SHA512
8dfdefbb39acc29b5828a051fe7e533f08b455639be32a5c161eed3c10056aad60b1a2a70725012fc62bf547ca3685e2b8274f31bd1e6bcc0682b59a4337978c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
168195c5b9569d25f64faad2ced2f030

SHA1
e84aa6d9ec446f878c54daf156ca137f05453a33

SHA256
21f509a092f7ba9d72078c0282ff3cdf1d93c22fbbd6abd4e722d4a1f13c2fdd

SHA512
554f12a71439def4e8a648225aa9effb207e152e33a75754e00270cb7b2378afe534215e7c5a27c14bbf927b9709b15c28a91ab7b3c1ccf1a4c9801432093ca6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
31d4fcf40a0b29356539d7214192dd41

SHA1
d033c2925aae1f7b8e213da6bdd42820fe75bebb

SHA256
f1c482b4a9c7babeeb5e28d3309579a6b377c77478917cfff91b5011a69adc99

SHA512
9aa6c3c888472424ba0f37a31df630a1ee8171ad895430de23725067b251d8f90a1bbff07bf4b318b56f57f3c0c66928c81ad8dd1a5b958238f90795dbe2286a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57bd55.TMP

Filesize
1KB

MD5
8be62ff393845f0f7e8dc1118600bdc6

SHA1
b34e79451d91fdcd6f21c687ab60dceb97d24260

SHA256
8920805c33075b46a0c6b16eeb65e1a446d524566d7c76aae8706b0d57c91e02

SHA512
3808c717ef86b870d913a7c942d7f56d16d5123c4da96d573f81d08b27a853839be971d7359084d023243a2aa2787ba5f16f52de448ae77936ba93748431b34b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ee307e306b8983ebd785884f3ab85228

SHA1
fd2a31f1c1c0fed3c2f254d6251a46c82457605d

SHA256
f03b82076fbaaa8efdd5177003a466c1a70b6651c20fe6fdb781e89c643e9a43

SHA512
6083ad1e6b53cce16bba1e6b1c7c43892b9d50326c425aec53b18ddc65dac4de19e4f2c5328016aee2daccd6be75b2fe36a2c53a8a27b3e1cd1fea3225cb845f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a52fb472ede316f790d9770919779047

SHA1
4e310dc610b27b0fee61b1ea30386907d6c94ad1

SHA256
bbc02744b5b97bf6a6aec8f4babcccf35c3945806a4d4e256d2eb66be8991ae1

SHA512
c6b06830269a1d847951a2c2bdff8890321dae2de92c0d8735bed7dba0b4e539b5abbdce44ea330fecacdb9d4965761159023790558a30c9b94070eda474d5af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
bff2b512531fd668fd26a73bc283feeb

SHA1
6283251d1ca34c71dd9fa2676c56d2d440f1fe76

SHA256
01811e5368e9408a5e38f78c54b7c873bf7f6cbd761b2bcd1febadb159507a50

SHA512
49bc29645fc0658e42af82da33c789cd27c3ecdb44f8fa8af8be039edeff6a412588dd49cf643a55e457613d75837f5d1ab0766324fa0634d001b7ef247ffb1d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq721C.tmp\Math.dll

Filesize
67KB

MD5
85428cf1f140e5023f4c9d179b704702

SHA1
1b51213ddbaedfffb7e7f098f172f1d4e5c9efba

SHA256
8d9a23dd2004b68c0d2e64e6c6ad330d0c648bffe2b9f619a1e9760ef978207a

SHA512
dfe7f9f3030485caf30ec631424120030c3985df778993342a371bf1724fa84aa885b4e466c6f6b356d99cc24e564b9c702c7bcdd33052172e0794c2fdecce59

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr11F4.tmp\System.dll

Filesize
12KB

MD5
cff85c549d536f651d4fb8387f1976f2

SHA1
d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e

SHA256
8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8

SHA512
531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr11F4.tmp\inetc.dll

Filesize
38KB

MD5
a35cdc9cf1d17216c0ab8c5282488ead

SHA1
ed8e8091a924343ad8791d85e2733c14839f0d36

SHA256
a793929232afb78b1c5b2f45d82094098bcf01523159fad1032147d8d5f9c4df

SHA512
0f15b00d0bf2aabd194302e599d69962147b4b3ef99e5a5f8d5797a7a56fd75dd9db0a667cfba9c758e6f0dab9ced126a9b43948935fe37fc31d96278a842bdf

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr11F4.tmp\nsDialogs.dll

Filesize
9KB

MD5
6c3f8c94d0727894d706940a8a980543

SHA1
0d1bcad901be377f38d579aafc0c41c0ef8dcefd

SHA256
56b96add1978b1abba286f7f8982b0efbe007d4a48b3ded6a4d408e01d753fe2

SHA512
2094f0e4bb7c806a5ff27f83a1d572a5512d979eefda3345baff27d2c89e828f68466d08c3ca250da11b01fc0407a21743037c25e94fbe688566dd7deaebd355

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr11F4.tmp\nsJSON.dll

Filesize
23KB

MD5
f4d89d9a2a3e2f164aea3e93864905c9

SHA1
4d4e05ee5e4e77a0631a3dd064c171ba2e227d4a

SHA256
64b3efdf3de54e338d4db96b549a7bdb7237bb88a82a0a63aef570327a78a6fb

SHA512
dbda3fe7ca22c23d2d0f2a5d9d415a96112e2965081582c7a42c139a55c5d861a27f0bd919504de4f82c59cf7d1b97f95ed5a55e87d574635afdb7eb2d8cadf2

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\099a9763-79ac-4fd6-896b-bbc7956b2421.tmp

Filesize
148KB

MD5
728fe78292f104659fea5fc90570cc75

SHA1
11b623f76f31ec773b79cdb74869acb08c4052cb

SHA256
d98e226bea7a9c56bfdfab3c484a8e6a0fb173519c43216d3a1115415b166d20

SHA512
91e81b91b29d613fdde24b010b1724be74f3bae1d2fb4faa2c015178248ed6a0405e2b222f4a557a6b895663c159f0bf0dc6d64d21259299e36f53d95d7067aa

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Cache\Cache_Data\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Cache\Cache_Data\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Cache\Cache_Data\f_000005

Filesize
47KB

MD5
015c126a3520c9a8f6a27979d0266e96

SHA1
2acf956561d44434a6d84204670cf849d3215d5f

SHA256
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa

SHA512
02a20f2788bb1c3b2c7d3142c664cdec306b6ba5366e57e33c008edb3eb78638b98dc03cdf932a9dc440ded7827956f99117e7a3a4d55acadd29b006032d9c5c

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
5588b76da8a7a473e093eeb9f6e79cde

SHA1
7fb07e34b6b4e0fd77c86b65bfa743ce29483274

SHA256
ce751b76d81f79c7d615d3abc289526e9a7f3d6d3686bc6db9db27f2cb2991db

SHA512
4d538c89357a71cc34b5365b59b8dfd612af2112374f0af3a7961bfc6f1e0790c14c729455c4964aedb9a2a42a9afc7b6e6711892256d98f1f644f075e63e941

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Code Cache\wasm\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Code Cache\wasm\index-dir\temp-index

Filesize
48B

MD5
53d029a19c6b71ef881d8004df515d73

SHA1
fe9b778e52254fe6129f4a6c911d7aab5f45c6e1

SHA256
9d23ea69cfbb2287d76782e985e164f580153cb13222c2251768b5bd6e6c70b6

SHA512
d179e8e2ee6da12c799e88f6d43165ea7d847e3b185b6ee0579552dc4039b356f758266bbc7eb23c76e41ca6355749c52175fd12ec44d49857a411c1a5f84a07

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
6511089b08f88ee58d8d9521d9cba84c

SHA1
cedd11d9893f582d027b09a93685fd39d9ae46eb

SHA256
dd25a980fc3c27b2bc2ab0a07b5e74b26fb29d20fb4ced66a3426142a2a168d7

SHA512
80f8278707e5c32307a7500f418cb2f9e1cebda4cf9c6984dd79bd758631f8914cd0abd41f50dd719d7558d10c3374d18dc9ba351f80aebe54231036df1575ea

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
0cdb79e542edf0436cb913f42fe41f85

SHA1
36aa13bf6780f6d287346454f213fd13bda2000b

SHA256
205a1baa2a1a5f884d64fc21071d2baec13cbc987adcf61d33e92eafe46b928d

SHA512
318dfe74d8108401ca9a6476afa7dd2e803d6ce97e7cdf3b442d41e01e19ffe942e0a1d0c5d3863b8f4b6ddae5779b0a8528fc7d63d0c06b933219890d95b30d

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
ed3f8b25f1f26485681fa7ee7ce5fb05

SHA1
943fc8b798618bc9d7c7fc486c86cc2554ecc1ca

SHA256
d5993291234418c158dcefa884d76a6b1cc6f5e2e2ee79864e7649dc683d5909

SHA512
e6d56f7641c2d536ba56ac772b2877d4cd1ca50fa0dabddd3e899f75a63632f2be58b80ff36292fcaf1a9fddbce223bfc7acff9a247992cb542d9804409aae60

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
ea36e82063f1210a1c40d75fab225e0e

SHA1
0366cc6120af4f1c291fffa4f8cffa71ccf971f5

SHA256
9e16e96e6abb7cd9409c2198573faa8fc531230e984aca105d5f11978576fb4a

SHA512
4aa0dffab7ac1d9765abca15a42ed594e5c17ad4a9a9ca6f5255889c495a40531c9d962ab70538957fbe826288cc02f3b28c85f6b9f9e0900421cda1a6914e4f

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
5428a96a9858e49c44e24b19dd3d0c55

SHA1
49ff82f0d45a2e7d4241fc0a882f9b28d505fb9c

SHA256
3a101b79283180064b70033a0b222418db1da1fabda0ed9a1316e76da7e393c4

SHA512
3ac4037b50900ea02b25746aaf854ab855d81405ba693c71533edf0df97c4bf36ce86477bed208ffcd1cf3a0feaf6ec65492826a74e066940fd80b4e5dadfb6f

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\Network Persistent State~RFe5dcd55.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\TransportSecurity

Filesize
682B

MD5
e36116329cfa59858b47854463f6fdf0

SHA1
c0046f808fe2f646aab58481bf038d7120b2a64c

SHA256
a7cfa191dcf54074ab7674007dfdf50fe699fd72c7007e706c96381914b62c5b

SHA512
f3bd68e486dda65e7a6b18df674cb24df0f892ccea3f6d34f7408914adc03cacacb5b905a78c3b4e7fcfe8c3159b4af33a066c0bf040edc6c5a18bd3e0fbe738

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\TransportSecurity

Filesize
684B

MD5
6cd47a3e3dc00e6972c7ab951416bf97

SHA1
45c4f54df72b11ae06623534a5789902babc302b

SHA256
b27234043f82ecfcf2a72fde51c08b0f1602529c3336f9f62df1e0c0936f95ef

SHA512
b124fa21d34ececa4dfc42617efe28f3d91b874d0ce248e8664ea57c0fa77e394b855e6025b3f933f89158e5f4b454742e886dd28bd2b990eacd6c17a874f0e3

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\TransportSecurity

Filesize
684B

MD5
ae663b3812c649b38aaaaf63a74bb825

SHA1
d83a94aaaf88777eb519223901ffab104c5dc3ee

SHA256
1e81d6cdd5450cf3b0207ef54bac898c131df88f2345c97265d875c998387490

SHA512
35d0084ebdd786591bf7decdd77d37430acba809896739d272cf94a9f64d9eeddadac3445a0c8d02b3ada9c8b4451da42480e15f3e2ef4a1a25ccf1f1510b9fe

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\TransportSecurity

Filesize
684B

MD5
b3bc4b996abdbbaea9ecb3dd7f1ad91c

SHA1
3b5ae8501707caf641689a84d10af300978b8486

SHA256
6a0a85e87bed894540015d6cdebdef4c5dbdf60dd2953e0533c52a64d5c3519c

SHA512
8ace77871c5266f99a3f101e45d1aff64471093bd6711f620e0498aaa298270d0e246a0f0a81b51542aab37d4aa917bd4d701e6ded229bfb8282bfae0a67febb

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\TransportSecurity

Filesize
684B

MD5
45f26a7326f1005bdd9320e7334f104b

SHA1
446efc000e6325f9be149f16978fc812d7e1934c

SHA256
6d42c97b772e9eea1ecf3fbe2fd4fc765c27a5a5ffc07ed9d5c813e87bcca413

SHA512
a0c4ffab1694428f96f12a763fc5cb078aa67f5eba1fe4e9165bd63fa506e27059d07a39c5d30821b902c51328cfb2e72df5eaf73ff1ce63e2225415f10d2017

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\TransportSecurity

Filesize
682B

MD5
96ad869f9ce454f44a3b997eca81044c

SHA1
b696de005d4f08893da457267869afa0753822a8

SHA256
30cf04f76c823c2ce28fb431ec7284ada4c971fb196283368219f35262f9afec

SHA512
fc8a9d506ab7e224ee4ecf2d2d93e68c4895b1952ee47bb6603c814c80c1d0feebbdcf85f1d156b7c9fae624950493282785f3b765ccae0bcdafec2b0c473b30

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\TransportSecurity~RFe5d1446.TMP

Filesize
682B

MD5
d9229563b70597d4a1a29301983b42a2

SHA1
1d3794e3f94b60d3001922cd615d713993c9fa0a

SHA256
d6e5ba7d415fd37fa9a6ffe975d8d387ab00c61b93db0a113df9a415902b2961

SHA512
89eb949e77530e465ec109481476d4a76af54691c6e3328e2fec151448695514c93e1c53aa460b43fcf519ef03299ff61bf29f3798ba5601c5296ade78681ddb

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
4KB

MD5
3bef1c9691dfc4a27a028e1eefa8b7c8

SHA1
e092f30d577bc74ca2cdfdc17d507793da50bfaf

SHA256
3ac569a2d9b307243baa6eb1e016d23b68ff7a58fc54eb047316bee0683bf737

SHA512
fdde7816ba369f78ced8a73de60a355f88ebc0a193026fa013c4d1acc6b68cc10b8633dbc80cd0a77afedb4703f3cbf36ee693a079b4365ef42cac0b40fbb67f

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
4KB

MD5
cda3e4987ada12ef8cf0411d725324b8

SHA1
121ebd9d72a5c058f01f7b7d3f76598e10975b9f

SHA256
d54e27d9a5aad923a6c4145f330733a95adf94e06bc4297921f5a9e6271b2e9f

SHA512
5f35605c5f8a9826016ab30bdf81956da7a9b86293b97cb2acdb7326f81da2896f584f0e0a7c2bc8d1c9f8dc406ed574648fa676c9230b9d233ce3e043851bac

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences~RFe5d5518.TMP

Filesize
3KB

MD5
ec46f3ac755676368e7c741d45cb916f

SHA1
7fff36be8eda61897145659690587c7466079414

SHA256
55973b5407bb298a0aaa0a631b6e545f89f47a33de24fedc0a77db9d1bb52b8a

SHA512
15f8165e14da1032595c2595b18229d225311feac77cffe5a7222e0cc45a013947b80785dfece66c4c3d90b0588bae2380f668606f5a7aabea0c67fb08f6c9f8

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Site Characteristics Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Sync Data\LevelDB\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Web Applications\_nwjs_pcapp.store\pc_app_store.ico.md5

Filesize
16B

MD5
d5e6121f86812cc7ae58efc4f9ceacbb

SHA1
3dfb06418220ed62ab46b473bc4ab269ff4f7e33

SHA256
05f173bbb3d564e2da3d496c4298b69c3506771a30238eb5285f1cd9df00e3c0

SHA512
88c5c1b06ddcac46d53e1cad013fec4fb789f97589f294a076be3cc7ac1c10ed9ea0a1c3a11f9f9499efe01420917ca14348be74dc2cd1c8cdb4313783123740

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Local State

Filesize
3KB

MD5
aef6ab5345021a71c2dd620e66bc12aa

SHA1
b9ece42c1cb66a147103552d37964e474ed740fe

SHA256
2fb22cb1b45a6a191225e0c0e8cabaa56e77a09230d97273f6a6ea92bf1d8c1c

SHA512
af135c9dc1d6fc7b60bf2604ea305fd012f9e0fb44f990aaa1e2e86be4821f54e84f2c3432b41e2e44815814fedbe2321f44cb158189ef9079f5b1a41485d745

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Local State~RFe5cdf7a.TMP

Filesize
916B

MD5
e79acbff64bfdf148f7ef51009c22407

SHA1
52a2c5dfb787ec0b680b5b8fa2c0a9c87930e79d

SHA256
dfe9eb571f66bd45efa112d1881cc6adeca3c38abdf9c74e9d4a914af78bc925

SHA512
392570ecf5228e9d095e99411c1d50961eafb99e99a79fdb56cb9478cdffec131c814a4838e0e3c10402b830b7807d4216ef3172410ea998a2f79780428bcae7

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Module Info Cache

Filesize
86KB

MD5
24342e7686dbdfb1db9e84bbd8133af7

SHA1
20b539458c536c387a5bb985897f1c1e441b766e

SHA256
44180e570aa294b141945b267a3f156891a0cd31c2d20eea99208eed9b42a572

SHA512
4c68ea976dc432074b185d05d2978732d78eaac5ce76722f7f7c023d84c2b2e0734eeaabfcad808027f8365222260244b35f3f8ee1fe057fbc8eb29008dd3b2e

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Module Info Cache

Filesize
90KB

MD5
1df5385f6b4c745e2c2bc6a44b966e20

SHA1
6f5553168c475b1bd5cbfea00e9ed338c041dd8e

SHA256
c5734fa9a6cffb5b623d0a7a962116a5acf4fecb14c3ffc819ba73516ac04bc0

SHA512
8222cbd5b2833ffec8a24fd78904ed231f79c5b8891d7ec9ee346780c9bb2f14cb18b99d1a189f10d15db7a13194e439d72565b6494eccbae66bb324daabc7bd

Download Submit
C:\Users\Admin\Downloads\Setup.exe

Filesize
176KB

MD5
13881983ee69bd499b0343ea968a4bd4

SHA1
6af995af81047d1014856667f17435a292f43c14

SHA256
eca56e60c09a68d5635d27890a47b931bc0b310079d40372608341e3618c9924

SHA512
ee33df7d65fbfa37e1fc5a0d84b02dc7535156874ec8b1d3fb82bb771de12716679f5d7833596bbff11f5ff4163a8fefa26327c6d7bbfddf30a088d1ee91780a

Download Submit
C:\Users\Admin\Downloads\Setup.exe:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Users\Admin\StrPIC\PCAppStore.exe

Filesize
1.9MB

MD5
dc200f03e20dc5a14d4b2a34a73a6c29

SHA1
dd5e10a61c5722db226ef70f7b17e5d61b982c85

SHA256
79be763b7c4a61782d3af3bd1d8d93463412a4a52218bb2145a4e6f3016101ee

SHA512
7ca78da591187f6537cdd351818bbafb5615e2aca38a8f935c1996c3d0c44686a4c89852ceb186e2113bcaff834f6d4db5f99c3621e53ffef8ace1b5970da138

Download Submit
C:\Users\Admin\StrPIC\Temp\nsk174A.tmp

Filesize
4.6MB

MD5
1b6d869082306367bc7dc4c6c65fca5e

SHA1
9feddd62452d88bad8e2e62c81a4bf3c5eccb3e1

SHA256
82118ddd62d9170d859f0326ce9bcc7a4d05cc933645c3e03bd450d6b1b4a3b2

SHA512
6d5bd9f8aa35566809b8200de082d57b69f2ced070e1810da8c5b335f5e48a0de10d4638071e6a60b236004f1e7b3f91be3e8e8e6895a272cdfc4250a986e5c5

Download Submit
C:\Users\Admin\StrPIC\Temp\nsk174A.tmp

Filesize
5.3MB

MD5
8bc58054f04f8c6ed98bf31e5cbaa55b

SHA1
b3e6196c0ee7fc9b84cf674687cc682b5fcf6854

SHA256
db360d26736e881cb90d03f80f3c9d273936201b3b63c8bde17356fbd48bd6e6

SHA512
088d2e5df71ecd9f28d0b27dbc618e9b0cb13d38ee061dfa9bdca9793cf16da37995518e5c91a9c71f9be1defd6f56b954bf5052a29e8d3f8d698b994db63dc5

Download Submit
C:\Users\Admin\StrPIC\Temp\nsk174A.tmp

Filesize
7.3MB

MD5
bafd890e386ea8f8efe833203ed3efb7

SHA1
8f3eaafffda97708974f6550742a9c99832f0ea5

SHA256
4bf975dff6637161d366a1172eb884d1adb77b55f7f35ebb3d9e0f80500587ad

SHA512
46422a205f7a2ebd51d80d6c65fd7e6368236f6b71fa30a64391cbba645e6ead766f349a052c86d0c5e821e72a006f4d3e749a499379e03c7981db481e73d1a0

Download Submit
C:\Users\Admin\StrPIC\Temp\tempPOSTData

Filesize
3KB

MD5
49ea6458a073e7573efe62c8ae314979

SHA1
9a1507286b2bc6a0052594b5128f46e1688af1a9

SHA256
c22c42d9c8e66f012ed11a767929ac94eb20b9f24e2f46fc071b1199cd39af83

SHA512
a7ac6f26be05db81f75c4ba27cb8ecf61770a3362e971486502ac7019a1584ea7e200c83420e31884f962f4950ab11544f15ec965ab7577cd63a6b5186f2d0cc

Download Submit
C:\Users\Admin\StrPIC\Temp\tempPOSTResponse

Filesize
52B

MD5
dcd8194ea6cb3d38d680e0dffa8d9a54

SHA1
277fa750737da96e3c9c0361f229f5fdaa35e166

SHA256
d3b09720d0bb91001083c716278daf39dae4f00f16d38be548eee01e29185dad

SHA512
9afc29f7df702932418ee383a29818d9da256c25dd744bd445adfee5a666d91cf94c7e6e5a121909a48682c4b10bee41d6f3cf362410c3b758852ffc33ac4884

Download Submit
C:\Users\Admin\StrPIC\nwjs\NW_store.exe

Filesize
2.4MB

MD5
aad2814325b2f176b0d03b827245bf92

SHA1
fcdf98ecd1964401eb1fa3431cd27c597bd6bff7

SHA256
3609c797b49acecc223e6243bf8d96f9adba54d07b0057cd4cc12b1f789953c2

SHA512
9ccf868b7acf13deee8cc8210ff1a339ddfe70dfc2d75c6ec67ce8a032d82e3565f9449a746e8f15c064499b46dfafc81641e663291bb276f9e22297ef01866f

Download Submit
C:\Users\Admin\StrPIC\nwjs\locales\bg.pak.info

Filesize
831KB

MD5
f2a134d21e79420e0e025b2f5d0e0564

SHA1
e4f6ead92945b87c3b980878c707467dc84cd616

SHA256
4c125a498bd06dd1cbbe3e4f05dca6fa47ce19297ad9f92df3af65eaf0a05d67

SHA512
032e8c44c1edbf6ba3effce1d67e5355e926b5509c8aa3dcf15677efe9fe3a2bf27d81d7d7ffae3a5caae1755830ad016a11f1417dddbf49977bd52083aaee1b

Download Submit
C:\Users\Admin\StrPIC\setDRM.exe

Filesize
2.4MB

MD5
7d25008c6978460b984f26906f98e3b1

SHA1
490195ae2b85afc82bf80b3d2f59dbaf47054fb2

SHA256
1696d57ea0181a2712025fc687ce760215518940263ce9b4d8063ad6a773ef6b

SHA512
e2cab61ad3513cd8ed08df2483e91dfe6bbf2c2236c3a1dd340bda9b0eee1209c4341c6b597f229df363224eab667c8b84c6bdfca06e501e80f4f3f5787602a1

Download Submit
memory/5200-4868-0x0000020203170000-0x0000020203171000-memory.dmp

Filesize
4KB

Download
memory/5200-4877-0x0000020203170000-0x0000020203171000-memory.dmp

Filesize
4KB

Download
memory/5200-4878-0x0000020203170000-0x0000020203171000-memory.dmp

Filesize
4KB

Download
memory/5200-4875-0x0000020203170000-0x0000020203171000-memory.dmp

Filesize
4KB

Download
memory/5200-4876-0x0000020203170000-0x0000020203171000-memory.dmp

Filesize
4KB

Download
memory/5200-4873-0x0000020203170000-0x0000020203171000-memory.dmp

Filesize
4KB

Download
memory/5200-4874-0x0000020203170000-0x0000020203171000-memory.dmp

Filesize
4KB

Download
memory/5200-4872-0x0000020203170000-0x0000020203171000-memory.dmp

Filesize
4KB

Download
memory/5200-4867-0x0000020203170000-0x0000020203171000-memory.dmp

Filesize
4KB

Download
memory/5200-4866-0x0000020203170000-0x0000020203171000-memory.dmp

Filesize
4KB

Download