Analysis

  • max time kernel
    235s
  • max time network
    234s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09-05-2024 13:25

General

  • Target

    http://delivery.pcapp.store/download.php?&src=mini_installer&file=1&pl=16&mini_ver=fa.1088ab

Malware Config

Signatures

  • PrivateLoader

    PrivateLoader is a downloader sold as a pay-per-install malware distribution service.

  • RisePro

    RisePro stealer is an infostealer distributed by PrivateLoader.

  • Downloads MZ/PE file
  • Checks computer location settings 2 TTPs 3 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file 1 IoCs
  • Executes dropped EXE 16 IoCs
  • Loads dropped DLL 50 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Enumerates connected drives 3 TTPs 1 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Checks system information in the registry 2 TTPs 2 IoCs

    System information is often read in order to detect sandboxing environments.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 12 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 1 IoCs
  • Modifies system certificate store 2 TTPs 3 IoCs
  • NTFS ADS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 42 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 27 IoCs
  • Suspicious use of SendNotifyMessage 7 IoCs
  • Suspicious use of SetWindowsHookEx 16 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://delivery.pcapp.store/download.php?&src=mini_installer&file=1&pl=16&mini_ver=fa.1088ab"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2992
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://delivery.pcapp.store/download.php?&src=mini_installer&file=1&pl=16&mini_ver=fa.1088ab
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • NTFS ADS
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2388
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2388.0.319578563\1601954634" -parentBuildID 20230214051806 -prefsHandle 1788 -prefMapHandle 1780 -prefsLen 22076 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6ea07544-c1c0-47af-a61b-b256d4e47287} 2388 "\\.\pipe\gecko-crash-server-pipe.2388" 1868 1ed2a92fb58 gpu
        3⤵
          PID:1256
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2388.1.82777935\218668050" -parentBuildID 20230214051806 -prefsHandle 2432 -prefMapHandle 2428 -prefsLen 22927 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2c00aecd-b3b3-467a-b657-28018495f02d} 2388 "\\.\pipe\gecko-crash-server-pipe.2388" 2460 1ed1678db58 socket
          3⤵
            PID:2996
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2388.2.1647148554\97847366" -childID 1 -isForBrowser -prefsHandle 3180 -prefMapHandle 3036 -prefsLen 22965 -prefMapSize 235121 -jsInitHandle 1248 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {89ab3804-ac28-46c7-8310-a21eb8649b3d} 2388 "\\.\pipe\gecko-crash-server-pipe.2388" 3040 1ed29893258 tab
            3⤵
              PID:4420
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2388.3.2024180849\1505460424" -childID 2 -isForBrowser -prefsHandle 3336 -prefMapHandle 3100 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1248 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7088ceee-75ad-41e7-85e4-80382ecc2f5c} 2388 "\\.\pipe\gecko-crash-server-pipe.2388" 3660 1ed2f27c258 tab
              3⤵
                PID:4396
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2388.4.288141349\16763361" -childID 3 -isForBrowser -prefsHandle 5432 -prefMapHandle 5428 -prefsLen 27737 -prefMapSize 235121 -jsInitHandle 1248 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f1e33639-5c3b-4525-8a2e-2f54525aefcb} 2388 "\\.\pipe\gecko-crash-server-pipe.2388" 5440 1ed2db12b58 tab
                3⤵
                  PID:4504
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2388.5.1580721762\112665207" -childID 4 -isForBrowser -prefsHandle 5584 -prefMapHandle 5380 -prefsLen 27737 -prefMapSize 235121 -jsInitHandle 1248 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f6a9b2b7-1f5f-4992-b711-0038c8a9b5e9} 2388 "\\.\pipe\gecko-crash-server-pipe.2388" 5572 1ed30cb1758 tab
                  3⤵
                    PID:4688
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2388.6.164723004\548033109" -childID 5 -isForBrowser -prefsHandle 5740 -prefMapHandle 5556 -prefsLen 27737 -prefMapSize 235121 -jsInitHandle 1248 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dc456dfe-972f-4aba-90cb-e2dbf9f7a53c} 2388 "\\.\pipe\gecko-crash-server-pipe.2388" 5780 1ed31a4dd58 tab
                    3⤵
                      PID:3108
                    • C:\Users\Admin\Downloads\Setup.exe
                      "C:\Users\Admin\Downloads\Setup.exe"
                      3⤵
                      • Checks computer location settings
                      • Drops startup file
                      • Executes dropped EXE
                      • Loads dropped DLL
                      • Suspicious behavior: EnumeratesProcesses
                      • Suspicious use of AdjustPrivilegeToken
                      • Suspicious use of SetWindowsHookEx
                      PID:4116
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" https://pcapp.store/installing.php?guid=41E50F4A-4A76-42E1-A3DF-51306E426307X&winver=19041&version=fa.1088ab&nocache=20240509132624.926
                        4⤵
                          PID:2676
                          • C:\Program Files\Mozilla Firefox\firefox.exe
                            "C:\Program Files\Mozilla Firefox\firefox.exe" https://pcapp.store/installing.php?guid=41E50F4A-4A76-42E1-A3DF-51306E426307X&winver=19041&version=fa.1088ab&nocache=20240509132624.926
                            5⤵
                            • Checks processor information in registry
                            PID:1052
                        • C:\Users\Admin\TyPlGfRe\setDRM.exe
                          "C:\Users\Admin\TyPlGfRe\setDRM.exe" 1715261152693725
                          4⤵
                          • Executes dropped EXE
                          • Suspicious use of SetWindowsHookEx
                          PID:6072
                        • C:\Users\Admin\TyPlGfRe\PcAppStore.exe
                          "C:\Users\Admin\TyPlGfRe\PcAppStore.exe" /init default
                          4⤵
                          • Executes dropped EXE
                          • Enumerates connected drives
                          • Suspicious behavior: EnumeratesProcesses
                          • Suspicious use of AdjustPrivilegeToken
                          • Suspicious use of FindShellTrayWindow
                          • Suspicious use of SendNotifyMessage
                          • Suspicious use of SetWindowsHookEx
                          PID:5764
                          • C:\Users\Admin\TyPlGfRe\nwjs\NW_store.exe
                            .\nwjs\NW_store.exe .\ui\.
                            5⤵
                            • Checks computer location settings
                            • Executes dropped EXE
                            • Loads dropped DLL
                            • Checks system information in the registry
                            • Enumerates system info in registry
                            • Modifies data under HKEY_USERS
                            • Suspicious behavior: EnumeratesProcesses
                            • Suspicious use of AdjustPrivilegeToken
                            • Suspicious use of FindShellTrayWindow
                            PID:5944
                            • C:\Users\Admin\TyPlGfRe\nwjs\NW_store.exe
                              C:\Users\Admin\TyPlGfRe\nwjs\NW_store.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\pc_app_store\User Data" /prefetch:7 --monitor-self --monitor-self-argument=--type=crashpad-handler "--monitor-self-argument=--user-data-dir=C:\Users\Admin\AppData\Local\pc_app_store\User Data" --monitor-self-argument=/prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\pc_app_store\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\pc_app_store\User Data" --annotation=plat=Win64 --annotation=prod=pc_app_store --annotation=ver=0.1.0 --initial-client-data=0x2c0,0x2c4,0x2c8,0x29c,0x2cc,0x7ffa0de49b48,0x7ffa0de49b58,0x7ffa0de49b68
                              6⤵
                              • Executes dropped EXE
                              • Loads dropped DLL
                              PID:5468
                              • C:\Users\Admin\TyPlGfRe\nwjs\NW_store.exe
                                C:\Users\Admin\TyPlGfRe\nwjs\NW_store.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\pc_app_store\User Data" /prefetch:7 --no-periodic-tasks --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\pc_app_store\User Data\Crashpad" --annotation=plat=Win64 --annotation=prod=pc_app_store --annotation=ver=0.1.0 --initial-client-data=0x1cc,0x1d0,0x1d4,0x154,0x1d8,0x7ff7d0a91da0,0x7ff7d0a91db0,0x7ff7d0a91dc0
                                7⤵
                                • Executes dropped EXE
                                • Loads dropped DLL
                                PID:5456
                            • C:\Users\Admin\TyPlGfRe\nwjs\NW_store.exe
                              "C:\Users\Admin\TyPlGfRe\nwjs\NW_store.exe" --type=gpu-process --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --start-stack-profiler --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1616 --field-trial-handle=2044,i,361745155402400417,18341541413374867800,131072 /prefetch:2
                              6⤵
                              • Executes dropped EXE
                              • Loads dropped DLL
                              • Suspicious behavior: EnumeratesProcesses
                              PID:5668
                            • C:\Users\Admin\TyPlGfRe\nwjs\NW_store.exe
                              "C:\Users\Admin\TyPlGfRe\nwjs\NW_store.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --start-stack-profiler --mojo-platform-channel-handle=1916 --field-trial-handle=2044,i,361745155402400417,18341541413374867800,131072 /prefetch:8
                              6⤵
                              • Executes dropped EXE
                              • Loads dropped DLL
                              • Modifies system certificate store
                              • Suspicious behavior: EnumeratesProcesses
                              PID:5676
                            • C:\Users\Admin\TyPlGfRe\nwjs\NW_store.exe
                              "C:\Users\Admin\TyPlGfRe\nwjs\NW_store.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --mojo-platform-channel-handle=1396 --field-trial-handle=2044,i,361745155402400417,18341541413374867800,131072 /prefetch:8
                              6⤵
                              • Executes dropped EXE
                              • Loads dropped DLL
                              • Suspicious behavior: EnumeratesProcesses
                              PID:5816
                            • C:\Users\Admin\TyPlGfRe\nwjs\NW_store.exe
                              "C:\Users\Admin\TyPlGfRe\nwjs\NW_store.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --nwjs --extension-process --first-renderer-process --no-sandbox --file-url-path-alias="/gen=C:\Users\Admin\TyPlGfRe\nwjs\gen" --no-zygote --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2796 --field-trial-handle=2044,i,361745155402400417,18341541413374867800,131072 /prefetch:1
                              6⤵
                              • Checks computer location settings
                              • Executes dropped EXE
                              • Loads dropped DLL
                              • NTFS ADS
                              • Suspicious behavior: EnumeratesProcesses
                              PID:6080
                            • C:\Users\Admin\TyPlGfRe\nwjs\NW_store.exe
                              "C:\Users\Admin\TyPlGfRe\nwjs\NW_store.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-sandbox --video-capture-use-gpu-memory-buffer --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --mojo-platform-channel-handle=4056 --field-trial-handle=2044,i,361745155402400417,18341541413374867800,131072 /prefetch:8
                              6⤵
                              • Executes dropped EXE
                              • Loads dropped DLL
                              • Suspicious behavior: EnumeratesProcesses
                              PID:5444
                            • C:\Users\Admin\TyPlGfRe\nwjs\NW_store.exe
                              "C:\Users\Admin\TyPlGfRe\nwjs\NW_store.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-sandbox --video-capture-use-gpu-memory-buffer --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --mojo-platform-channel-handle=4200 --field-trial-handle=2044,i,361745155402400417,18341541413374867800,131072 /prefetch:8
                              6⤵
                              • Executes dropped EXE
                              • Loads dropped DLL
                              • Suspicious behavior: EnumeratesProcesses
                              PID:6600
                            • C:\Users\Admin\TyPlGfRe\nwjs\NW_store.exe
                              "C:\Users\Admin\TyPlGfRe\nwjs\NW_store.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-sandbox --video-capture-use-gpu-memory-buffer --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --mojo-platform-channel-handle=4224 --field-trial-handle=2044,i,361745155402400417,18341541413374867800,131072 /prefetch:8
                              6⤵
                              • Executes dropped EXE
                              • Loads dropped DLL
                              • Suspicious behavior: EnumeratesProcesses
                              PID:7128
                            • C:\Users\Admin\TyPlGfRe\nwjs\NW_store.exe
                              "C:\Users\Admin\TyPlGfRe\nwjs\NW_store.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-sandbox --video-capture-use-gpu-memory-buffer --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --mojo-platform-channel-handle=4240 --field-trial-handle=2044,i,361745155402400417,18341541413374867800,131072 /prefetch:8
                              6⤵
                              • Executes dropped EXE
                              • Loads dropped DLL
                              • Suspicious behavior: EnumeratesProcesses
                              PID:7124
                            • C:\Users\Admin\TyPlGfRe\nwjs\NW_store.exe
                              "C:\Users\Admin\TyPlGfRe\nwjs\NW_store.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-sandbox --video-capture-use-gpu-memory-buffer --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --mojo-platform-channel-handle=4088 --field-trial-handle=2044,i,361745155402400417,18341541413374867800,131072 /prefetch:8
                              6⤵
                              • Executes dropped EXE
                              • Loads dropped DLL
                              • Suspicious behavior: EnumeratesProcesses
                              PID:6300
                            • C:\Users\Admin\TyPlGfRe\nwjs\NW_store.exe
                              "C:\Users\Admin\TyPlGfRe\nwjs\NW_store.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --start-stack-profiler --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4228 --field-trial-handle=2044,i,361745155402400417,18341541413374867800,131072 /prefetch:2
                              6⤵
                              • Executes dropped EXE
                              • Loads dropped DLL
                              • Suspicious behavior: EnumeratesProcesses
                              PID:1880
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2388.7.491752208\286685175" -childID 6 -isForBrowser -prefsHandle 6716 -prefMapHandle 6712 -prefsLen 27737 -prefMapSize 235121 -jsInitHandle 1248 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {98450a0b-58a9-400c-879e-b95d41a9f54c} 2388 "\\.\pipe\gecko-crash-server-pipe.2388" 6728 1ed31a24258 tab
                        3⤵
                          PID:5264
                    • C:\Windows\system32\msiexec.exe
                      C:\Windows\system32\msiexec.exe /V
                      1⤵
                      • Suspicious use of AdjustPrivilegeToken
                      PID:7064

                    Network

                    MITRE ATT&CK Enterprise v15

                    Replay Monitor

                    Loading Replay Monitor...

                    Downloads

                    • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qzr7kws6.default-release\activity-stream.discovery_stream.json.tmp

                      Filesize

                      23KB

                      MD5

                      7af47f6fb568f02ac4f77b012e165afe

                      SHA1

                      e2e12a1a7d8831fb2dbf17dbcfeeb5629f70188f

                      SHA256

                      e763b731804c816daa4d857847192337728568b821f4ef36bcbdfcc561381bfa

                      SHA512

                      46d26c44b441069958bad5519a89d6f91a757064e60bd5f57298ee3b3e4814abd8a44dd39dfa724c3de9b7f307efc1ddb75e8548d8a8ffc11a88918b0a0dfb03

                    • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qzr7kws6.default-release\cache2\entries\CC9AFF3BE02AD27708D587AE49B3DC68644172BA

                      Filesize

                      13KB

                      MD5

                      32cdcfef271ca61886b06e4ee8a00caa

                      SHA1

                      f65bc765ba768c47e9505b75137ae4ab3f813377

                      SHA256

                      d8e0840f457f740c48ef0940bb9c06d758213d2bbc7a702785ba8f249ae0e03d

                      SHA512

                      8fd561884cbc53338178b1956b7c5d8714e5756e10cbd7b33207715f31c06ffc73064cbd53d6ce74bf05926383d46df7c532da37b982da1cfa0199ef8176a9a3

                    • C:\Users\Admin\AppData\Local\Temp\nsd693B.tmp\Math.dll

                      Filesize

                      67KB

                      MD5

                      85428cf1f140e5023f4c9d179b704702

                      SHA1

                      1b51213ddbaedfffb7e7f098f172f1d4e5c9efba

                      SHA256

                      8d9a23dd2004b68c0d2e64e6c6ad330d0c648bffe2b9f619a1e9760ef978207a

                      SHA512

                      dfe7f9f3030485caf30ec631424120030c3985df778993342a371bf1724fa84aa885b4e466c6f6b356d99cc24e564b9c702c7bcdd33052172e0794c2fdecce59

                    • C:\Users\Admin\AppData\Local\Temp\nsd693B.tmp\System.dll

                      Filesize

                      12KB

                      MD5

                      cff85c549d536f651d4fb8387f1976f2

                      SHA1

                      d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e

                      SHA256

                      8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8

                      SHA512

                      531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

                    • C:\Users\Admin\AppData\Local\Temp\nsd693B.tmp\image.gif

                      Filesize

                      997B

                      MD5

                      1636218c14c357455b5c872982e2a047

                      SHA1

                      21fbd1308af7ad25352667583a8dc340b0847dbc

                      SHA256

                      9b8b6285bf65f086e08701eee04e57f2586e973a49c5a38660c9c6502a807045

                      SHA512

                      837fa6bcbe69a3728f5cb4c25c35c1d13e84b11232fc5279a91f21341892ad0e36003d86962c8ab1a056d3beeb2652c754d51d6ec7eee0e0ebfe19cd93fb5cb0

                    • C:\Users\Admin\AppData\Local\Temp\nsd693B.tmp\inetc.dll

                      Filesize

                      38KB

                      MD5

                      a35cdc9cf1d17216c0ab8c5282488ead

                      SHA1

                      ed8e8091a924343ad8791d85e2733c14839f0d36

                      SHA256

                      a793929232afb78b1c5b2f45d82094098bcf01523159fad1032147d8d5f9c4df

                      SHA512

                      0f15b00d0bf2aabd194302e599d69962147b4b3ef99e5a5f8d5797a7a56fd75dd9db0a667cfba9c758e6f0dab9ced126a9b43948935fe37fc31d96278a842bdf

                    • C:\Users\Admin\AppData\Local\Temp\nsd693B.tmp\nsDialogs.dll

                      Filesize

                      9KB

                      MD5

                      6c3f8c94d0727894d706940a8a980543

                      SHA1

                      0d1bcad901be377f38d579aafc0c41c0ef8dcefd

                      SHA256

                      56b96add1978b1abba286f7f8982b0efbe007d4a48b3ded6a4d408e01d753fe2

                      SHA512

                      2094f0e4bb7c806a5ff27f83a1d572a5512d979eefda3345baff27d2c89e828f68466d08c3ca250da11b01fc0407a21743037c25e94fbe688566dd7deaebd355

                    • C:\Users\Admin\AppData\Local\Temp\nsd693B.tmp\nsJSON.dll

                      Filesize

                      23KB

                      MD5

                      f4d89d9a2a3e2f164aea3e93864905c9

                      SHA1

                      4d4e05ee5e4e77a0631a3dd064c171ba2e227d4a

                      SHA256

                      64b3efdf3de54e338d4db96b549a7bdb7237bb88a82a0a63aef570327a78a6fb

                      SHA512

                      dbda3fe7ca22c23d2d0f2a5d9d415a96112e2965081582c7a42c139a55c5d861a27f0bd919504de4f82c59cf7d1b97f95ed5a55e87d574635afdb7eb2d8cadf2

                    • C:\Users\Admin\AppData\Local\Temp\tmpaddon

                      Filesize

                      442KB

                      MD5

                      85430baed3398695717b0263807cf97c

                      SHA1

                      fffbee923cea216f50fce5d54219a188a5100f41

                      SHA256

                      a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

                      SHA512

                      06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

                    • C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

                      Filesize

                      8.0MB

                      MD5

                      a01c5ecd6108350ae23d2cddf0e77c17

                      SHA1

                      c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

                      SHA256

                      345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

                      SHA512

                      b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

                    • C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Cache\Cache_Data\data_2

                      Filesize

                      8KB

                      MD5

                      0962291d6d367570bee5454721c17e11

                      SHA1

                      59d10a893ef321a706a9255176761366115bedcb

                      SHA256

                      ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

                      SHA512

                      f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

                    • C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Cache\Cache_Data\data_3

                      Filesize

                      8KB

                      MD5

                      41876349cb12d6db992f1309f22df3f0

                      SHA1

                      5cf26b3420fc0302cd0a71e8d029739b8765be27

                      SHA256

                      e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

                      SHA512

                      e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

                    • C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Code Cache\js\index-dir\the-real-index

                      Filesize

                      48B

                      MD5

                      df50ba0b584b735e07213a798088283c

                      SHA1

                      6f57e1137440b4a5b63001d564bfdc70aceef67b

                      SHA256

                      b2a68b078ac394c972b142b40f04329b1b9efee0c16d1bd3be304c5302467e78

                      SHA512

                      1e1bccca5f03da225aa6755c393e350bfa9c493fe7b0b9109ea0f2de2e6cd2d8c45cbe5d37ae160e4f89a4512baf3e92c8bed125b09effe580d986c2176245d5

                    • C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Code Cache\js\index-dir\the-real-index

                      Filesize

                      72B

                      MD5

                      e83f7b121d990e41eca3220e373dc81c

                      SHA1

                      d389b1b429a0e93f852a03b82f7488430aa61f45

                      SHA256

                      74b3a8db2e82238fc5d0c0437f42ca782c6d27eb2998ef9244ef76a7a53ef42e

                      SHA512

                      0bcffec17103b2feefc968876514a9465f38456baba996cb3b8215ad5115cedac6f71f479ac3bc07c2f9db2f6861197a6e2ab403f0e3f192b0e14f1f81886239

                    • C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Extension Scripts\MANIFEST-000001

                      Filesize

                      41B

                      MD5

                      5af87dfd673ba2115e2fcf5cfdb727ab

                      SHA1

                      d5b5bbf396dc291274584ef71f444f420b6056f1

                      SHA256

                      f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

                      SHA512

                      de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

                    • C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\Network Persistent State

                      Filesize

                      1KB

                      MD5

                      3d8d1f90ab354e43e17e9cfb0695b8d3

                      SHA1

                      47b81ba30e098070acba51ce3c9f51795b4ab69d

                      SHA256

                      791bf6b8f8937868fe2cea9de1cedf5adb79c45abc64b5763e351fa9ede3b3bc

                      SHA512

                      b794c9a8bf273f1f4dee08726f6605808baa864644ece3f3cfcf2a97fa6eb5f96f07b46488f9194d926d40be779b94fcd50c8d296b9004994ffb14cf02c21258

                    • C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\Network Persistent State

                      Filesize

                      1KB

                      MD5

                      bd2e11f44eda6f5a3decd60f6a9d6e9c

                      SHA1

                      ff4b3bd215b987076f4668f66cdb838c2aeaf937

                      SHA256

                      2fe1f41d3aa3d3b7289daa59996a31494c92bd2a923addd21e36615817381e9b

                      SHA512

                      954fa0c73c1489e8ee1502a268b8df5fb935ab1fe21a22fd68bfb9dde7e32b61855c034d7e2d38950b7d468254b310d355ef772c9fe4731989978ea86ceb2557

                    • C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\Network Persistent State~RFe58e961.TMP

                      Filesize

                      59B

                      MD5

                      2800881c775077e1c4b6e06bf4676de4

                      SHA1

                      2873631068c8b3b9495638c865915be822442c8b

                      SHA256

                      226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

                      SHA512

                      e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

                    • C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\TransportSecurity

                      Filesize

                      690B

                      MD5

                      17c08cb400762a70b448db85913bf6e7

                      SHA1

                      6a419dddfa54180062978638b505ce93ddfbd132

                      SHA256

                      bd38c2cd23f3a305a872e99a681ec2e199c34cb11ffc03962f4071c32cf6735b

                      SHA512

                      0da9d5820d35418929eaef22d4a8c09c7557e37aa421d125df1dc526231217251ee520b5f8551e513ce70a6426c8cb4066d49eb06640a603191d69fbb5cee653

                    • C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\TransportSecurity

                      Filesize

                      523B

                      MD5

                      19bc87adfd949f48aa69d9903cf008c2

                      SHA1

                      0aa257f7eb73f4dd71ba9df289b39731d17f281e

                      SHA256

                      346318e7c331165b475b5c39c07d28115944b6867911c18fb59db49b747e2cc6

                      SHA512

                      81bb116c4262c83c6a954ba17628f2a3959973b23608dba7be350dbfca7915979cd733c24c2931fe323e78e88fe1abe36bd8f2ec2b0628592b762304885fa7b6

                    • C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\TransportSecurity

                      Filesize

                      523B

                      MD5

                      d15a51589da4dcb81478bad38fab3589

                      SHA1

                      d1bbba4aa4bd49f42795c5be9a005cdda6e45616

                      SHA256

                      fa0e3d4f66b271ee0a54b793fac32ad5d38808cc7bfbe224db9383741ecac6d8

                      SHA512

                      4084a272414baf399b85235b9371efef74f383cb48b76ca853be611b11e6c870e3eaa979e3261198f6d771e7a7a68e00335c9dda7e6aeade245864bcbc65d6e0

                    • C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\TransportSecurity

                      Filesize

                      690B

                      MD5

                      6dd120d4edfca2f26aaac3073480b8c6

                      SHA1

                      370b66a9cea64e34ad3891b0941e5e8805bf361c

                      SHA256

                      e37f24688454314330385646aafbab4253fb6f45af39340c31114594e76d9468

                      SHA512

                      7e9572e0aa542891cb76ca08973d876fd6d7d807af76886a915f90983f96ccc43cac91b7ef71c78fe5ac68bcf2aab2ce95af6281e87e6cec2de6317dc4a4941f

                    • C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\TransportSecurity

                      Filesize

                      690B

                      MD5

                      0ae388b9c681140a77d4e98536fba29d

                      SHA1

                      04b117cccce92a8bf2e699698443c299917fec12

                      SHA256

                      f2bd858d08209364d583633384731f42ff52cd00a1a1740f6423d859af216269

                      SHA512

                      f5e865857e48dc6547877a191ebaaea186254a335f4e98a0a94fb0ae02c6e72d8187d8f9f2675eac3844dcaa99eea678dc3e174d3fac8c80130a9acfe72a0fbc

                    • C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\TransportSecurity~RFe5840cd.TMP

                      Filesize

                      523B

                      MD5

                      3724642a6f6f804f3437bfd180e65598

                      SHA1

                      88f5a3cb9c6e8c836b7513b9f8d7460d619a29f0

                      SHA256

                      eef94ce37e31a2bece5a6dc9e347318a50b70ea70bf00c6fa77f02feb91459d1

                      SHA512

                      114155494b3033e5b3b4fc4e96f35f0f946bf9006d1716c3327281d6d26d0d2b03d3255169da25b8bdcef2f549af58b3cd92e24a1bbbc0aa4d1921dc020e3a6a

                    • C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

                      Filesize

                      4KB

                      MD5

                      772d29be777beaf417b36d52419c4be5

                      SHA1

                      0fedc9fa2c31adad7fcc7a07e213e69c4a929334

                      SHA256

                      2851ccfb97d049a084ea362b19a40ff46dce4142c87d689b63f4b683185ae009

                      SHA512

                      0aeb22e1c36336d6f7a5097fd4b5c378efa3fecc571264c35da640f4a8c00c87766b7dd0c7d3785ace6541fc33b195039061193c9ca202aaad885a40f3db4b87

                    • C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

                      Filesize

                      4KB

                      MD5

                      d03364f72c8559e5b209da3a527d6881

                      SHA1

                      c942e98a264b033d48fce55b5361efba3ca3c64d

                      SHA256

                      110ceaaa40c66f0f540007812554bb6749dead81310af55c9400523634251006

                      SHA512

                      b8bb7fdadffbc3fd4e9673c07195b25f97cf19d3bf594ac15af527282cceffc55ca2d7f362e25ccb2dc3826f055ab810e4e7034665776cd006b337345648f247

                    • C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences~RFe587078.TMP

                      Filesize

                      3KB

                      MD5

                      2771e0d1666844f0a0e64168e98032bb

                      SHA1

                      28c3ff19189e5371f1d75df41d6ab432e653c08f

                      SHA256

                      e6914b1b63f33698580f175e7a346689907017bf93f48fbe558500f05dd2f9d1

                      SHA512

                      8695b886e3d711bd77b85abd211f456f8c5ba77af90a1a96109f46d285977ce07e0cf97fec14d5db35bb1af46af771d98ad252c6fc6d91ceb7c3aea03326b19e

                    • C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Site Characteristics Database\CURRENT

                      Filesize

                      16B

                      MD5

                      46295cac801e5d4857d09837238a6394

                      SHA1

                      44e0fa1b517dbf802b18faf0785eeea6ac51594b

                      SHA256

                      0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                      SHA512

                      8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                    • C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Web Applications\_nwjs_pcapp.store\pc_app_store.ico.md5

                      Filesize

                      16B

                      MD5

                      d5e6121f86812cc7ae58efc4f9ceacbb

                      SHA1

                      3dfb06418220ed62ab46b473bc4ab269ff4f7e33

                      SHA256

                      05f173bbb3d564e2da3d496c4298b69c3506771a30238eb5285f1cd9df00e3c0

                      SHA512

                      88c5c1b06ddcac46d53e1cad013fec4fb789f97589f294a076be3cc7ac1c10ed9ea0a1c3a11f9f9499efe01420917ca14348be74dc2cd1c8cdb4313783123740

                    • C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\ba4e5f67-3482-410a-8592-ec5f454257d5.tmp

                      Filesize

                      148KB

                      MD5

                      728fe78292f104659fea5fc90570cc75

                      SHA1

                      11b623f76f31ec773b79cdb74869acb08c4052cb

                      SHA256

                      d98e226bea7a9c56bfdfab3c484a8e6a0fb173519c43216d3a1115415b166d20

                      SHA512

                      91e81b91b29d613fdde24b010b1724be74f3bae1d2fb4faa2c015178248ed6a0405e2b222f4a557a6b895663c159f0bf0dc6d64d21259299e36f53d95d7067aa

                    • C:\Users\Admin\AppData\Local\pc_app_store\User Data\Local State

                      Filesize

                      3KB

                      MD5

                      ffdc490d47159bdf0525a46a69db86eb

                      SHA1

                      c7ffef2bc64c747f4c33d0d03270f2f2afe346ff

                      SHA256

                      fd05004433fc7f08f3dc9f0be9f532f539e1c0783f8013d324ca7a0c5a396551

                      SHA512

                      987023b0cad178ecd67b03eccbd7387affe5b155199ed4bfb90c96c361fafd477296a48e930facc283cba151c929ed384890216818d99c0846772e7bf4b6a530

                    • C:\Users\Admin\AppData\Local\pc_app_store\User Data\Local State~RFe57fa8c.TMP

                      Filesize

                      916B

                      MD5

                      ac627cff90dbb8302c63744ee858daa4

                      SHA1

                      8acb9576728d0809f672d6388452628bd2cc83d8

                      SHA256

                      ee61d68bd9163da52a5a61a579ee11062851c325a7ea883a449bfd140684772a

                      SHA512

                      389ede36f4788dcff7aebf28d09d6100a5e98d498ccf3df1efdb3d88694bc1a0bed838acfd7df0afcd053891494e7d5e99f6d48833eb4ee701ff36a66a46e0d8

                    • C:\Users\Admin\AppData\Local\pc_app_store\User Data\Module Info Cache

                      Filesize

                      98KB

                      MD5

                      bd1e0f12f301d7ee54453ad60c869378

                      SHA1

                      21d7b8e51864f062bf0c853c3068a774691051f1

                      SHA256

                      179eda85dd4ce2841b3887d188d17f3c0877cd0c511a3d60e2e8ae9698df111e

                      SHA512

                      77789a49510c07f5d253efcecd03f5de8ea8f62d9741c3250719334351ddf1bab42513172203fdf830931a05448855b6e2e967cfb1344a9263ea8e5a0da4409f

                    • C:\Users\Admin\AppData\Local\pc_app_store\User Data\Module Info Cache~RFe58701a.TMP

                      Filesize

                      94KB

                      MD5

                      6d4202efe58927e20d3e6b1621b089dd

                      SHA1

                      61881cf5caaf313665912041c7b2719a38fbe3a3

                      SHA256

                      e8645f2f28c3e2d45e944c805014138bcecc2eec11f7ab3ecede34b64adba818

                      SHA512

                      addbe9788e428b3fec37d65ad87353f1778cb5816c99d21880878f635dcebbcac55ef7193088c0c13d8831bba702c065e6290bc897fbe4ff7925678c8e4eab24

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qzr7kws6.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

                      Filesize

                      997KB

                      MD5

                      fe3355639648c417e8307c6d051e3e37

                      SHA1

                      f54602d4b4778da21bc97c7238fc66aa68c8ee34

                      SHA256

                      1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

                      SHA512

                      8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qzr7kws6.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

                      Filesize

                      116B

                      MD5

                      3d33cdc0b3d281e67dd52e14435dd04f

                      SHA1

                      4db88689282fd4f9e9e6ab95fcbb23df6e6485db

                      SHA256

                      f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

                      SHA512

                      a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qzr7kws6.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

                      Filesize

                      479B

                      MD5

                      49ddb419d96dceb9069018535fb2e2fc

                      SHA1

                      62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

                      SHA256

                      2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

                      SHA512

                      48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qzr7kws6.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

                      Filesize

                      372B

                      MD5

                      8be33af717bb1b67fbd61c3f4b807e9e

                      SHA1

                      7cf17656d174d951957ff36810e874a134dd49e0

                      SHA256

                      e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

                      SHA512

                      6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qzr7kws6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

                      Filesize

                      11.8MB

                      MD5

                      33bf7b0439480effb9fb212efce87b13

                      SHA1

                      cee50f2745edc6dc291887b6075ca64d716f495a

                      SHA256

                      8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

                      SHA512

                      d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qzr7kws6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

                      Filesize

                      1KB

                      MD5

                      688bed3676d2104e7f17ae1cd2c59404

                      SHA1

                      952b2cdf783ac72fcb98338723e9afd38d47ad8e

                      SHA256

                      33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

                      SHA512

                      7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qzr7kws6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

                      Filesize

                      1KB

                      MD5

                      937326fead5fd401f6cca9118bd9ade9

                      SHA1

                      4526a57d4ae14ed29b37632c72aef3c408189d91

                      SHA256

                      68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

                      SHA512

                      b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qzr7kws6.default-release\prefs-1.js

                      Filesize

                      8KB

                      MD5

                      19863a35444a90774314e4f6b909ad2e

                      SHA1

                      0d43750d15e92785f6b970714448db5aa1bc3079

                      SHA256

                      60fe6448e4081085557acb6d8a11354ffac971a01d0d16ed5d8357401345cc33

                      SHA512

                      e786193129093af2eaa798d77b5494177e1b07c30d22c9a3fc774176d97f06f81a63f08310224653d5a1a335bdf0d111056d48f3ee4dc4f16087a38b594fc609

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qzr7kws6.default-release\prefs-1.js

                      Filesize

                      7KB

                      MD5

                      1c59ce0fb0e709cef4071c1e86634fdd

                      SHA1

                      bec5644157b5980a6fe5a9da39bb9166bcb29df4

                      SHA256

                      6cdc2d6800a377383993d6a05c62b7077b76df595d2276e8bc3dcf15f81d59ee

                      SHA512

                      916e5be6f9ef94c80310752c6ab95f534f0451a8654cff25093a531d7c81843641a65c88d96dd3e256e4d99c9e769431bbbe513d3abb00b36e3695473ef7d619

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qzr7kws6.default-release\prefs.js

                      Filesize

                      6KB

                      MD5

                      71cff355c2332dd47b2d13bf17ef9eea

                      SHA1

                      6319b227df0a4ea8f3d5059b7e10f48b9a1503fa

                      SHA256

                      a4ad6cdaa11d2a2f774ff7f46acf2fcb9d3892b31b17bb2bc7c65d5762ca5863

                      SHA512

                      894236bd51b416c66aeadb89b3883408d340738258b20b58544705d8aaa5dccfe1170bc9d316d642c199d79c86d843ebc08ee15b2b76507886cca7beb6e8e230

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qzr7kws6.default-release\sessionstore-backups\recovery.jsonlz4

                      Filesize

                      2KB

                      MD5

                      ba71eaf2cd70a4918f90d0be8d2e22f3

                      SHA1

                      9b3ad5b6e58f74fc4acc655f3fe1300cec90de81

                      SHA256

                      404fbbf7b63ca629274a9a6aecc537a1cd74ff35082653d5473b13a61e6c7f12

                      SHA512

                      d486bcec0ceb18d585ec350fa4ad135a53216ae80c05cda6abb4cb4f9142a2d6e09b6470e1bdea8cf3f10d9c2b7d595163740f0b56d726c598f9b459cc10fe7a

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qzr7kws6.default-release\sessionstore-backups\recovery.jsonlz4

                      Filesize

                      1KB

                      MD5

                      3073e458dbd4c15d5c69dc75512a2130

                      SHA1

                      c255f600a564ba4443090efb8241744354811da9

                      SHA256

                      3ef570b367d7212668babf5a115462f1ebd7d09d65880fe2718ba6ec68f9fef5

                      SHA512

                      d833f8e9423647325ccec5798b5de2f1a03a3fdc6b2fb03e5754a997802bcb97e33f2006549c4ca807f7a790cf2a35442bbd22f0421985716c9f1e34f8bb7608

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qzr7kws6.default-release\sessionstore-backups\recovery.jsonlz4

                      Filesize

                      2KB

                      MD5

                      eb2bf9adc052e684ee8c038bcad255f0

                      SHA1

                      348b99f7103c589224edcfbe44b49db75de88ec2

                      SHA256

                      db43443182174f8c8aadd0e98fe1f16c56cb7ae9de09df56f594b36d3197360a

                      SHA512

                      143ee606985a4b0befbdf7dfdd7bdf86b1457e21fb616d71d07124acd4db680e7e49572ff40a06b1ab091af53672564e786fb188dd1fef23f56b11342a055c4d

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qzr7kws6.default-release\sessionstore-backups\recovery.jsonlz4

                      Filesize

                      1KB

                      MD5

                      6e0c253f13f4a78e1810a83cfd7dbfff

                      SHA1

                      61e23c3b0a7bf1af621144f2f39b6d5ce17fdf19

                      SHA256

                      01e1f24cfec9a549d8e9ec5423e95f4defcc47a7f96b725d64768a0b14ee1ffe

                      SHA512

                      07e236a78d387a9aa7eaec47b835dcbcbda335c7f5f3d16931d705c9fa62531b9eaf8310b2f9c8e714f4b79dc380c053017f8dba69c792f7c0932d558873d871

                    • C:\Users\Admin\TyPlGfRe\PCAppStore.exe

                      Filesize

                      1.9MB

                      MD5

                      e2e31f703c955e5a62551d062ebc8579

                      SHA1

                      dae38430b0851c27f3ef2a1fd72011212538bb8d

                      SHA256

                      ecfad5710a1450d40714ab00c6da19323e780b570fe10537a4bd4e5abd521e44

                      SHA512

                      7317aee91ac230996d773c1e2a753ee690f84bfb5e80390b14b5dde4e07449fc0a5995c3bfa26a865cbe4d776e63232abf4aef36a849adf2c8addb9fa8e83a71

                    • C:\Users\Admin\TyPlGfRe\Temp\tempPOSTData

                      Filesize

                      3KB

                      MD5

                      21c6229a0d07a57815944cfd9e823804

                      SHA1

                      c9b6d8a060a2a4bbfe77cb8c321881272b3f0211

                      SHA256

                      591dab4dfedb9e660e15acaaf8ecfa5ded52f3097752fb9d02acc5131cb40dbc

                      SHA512

                      d74d03c0aa69243c9d79f91cecd4944f42a1946cd9ec5f4397d7ac418340926a8c22c9d249055a687ec9946a1dbe1f0069449ca42883eaf50e70f4801f63d77e

                    • C:\Users\Admin\TyPlGfRe\Temp\tempPOSTResponse

                      Filesize

                      73B

                      MD5

                      3024a54e0c352abe5eb5f753ca4828da

                      SHA1

                      df0206851654405c8e5c2d3bc96fb536b8c2dcbf

                      SHA256

                      3cd0a703506c7394d6115d9ff721516560894358aef07459f30d8930df6c3b61

                      SHA512

                      d9d44051df56b29aa596ee38463b781dbe27f917f7dae1b2420122616da108520429dda58c75c7e6b2d41093f83c5a4bae96024885af3956f23a3ce5bd3f9358

                    • C:\Users\Admin\TyPlGfRe\nwjs\NW_store.exe

                      Filesize

                      2.4MB

                      MD5

                      aad2814325b2f176b0d03b827245bf92

                      SHA1

                      fcdf98ecd1964401eb1fa3431cd27c597bd6bff7

                      SHA256

                      3609c797b49acecc223e6243bf8d96f9adba54d07b0057cd4cc12b1f789953c2

                      SHA512

                      9ccf868b7acf13deee8cc8210ff1a339ddfe70dfc2d75c6ec67ce8a032d82e3565f9449a746e8f15c064499b46dfafc81641e663291bb276f9e22297ef01866f

                    • C:\Users\Admin\TyPlGfRe\nwjs\d3dcompiler_47.dll

                      Filesize

                      4.7MB

                      MD5

                      cb9807f6cf55ad799e920b7e0f97df99

                      SHA1

                      bb76012ded5acd103adad49436612d073d159b29

                      SHA256

                      5653bc7b0e2701561464ef36602ff6171c96bffe96e4c3597359cd7addcba88a

                      SHA512

                      f7c65bae4ede13616330ae46a197ebad106920dce6a31fd5a658da29ed1473234ca9e2b39cc9833ff903fb6b52ff19e39e6397fac02f005823ed366ca7a34f62

                    • C:\Users\Admin\TyPlGfRe\nwjs\ffmpeg.dll

                      Filesize

                      1.9MB

                      MD5

                      9518fcf62a52cf17f987b6beb1935a0d

                      SHA1

                      e4c55a1083b8fcbc2e1812b7a7a62ca75b1c66b6

                      SHA256

                      31132704944d3ae5101093f27cb523119ea3acfbba6e3c87216bf95ea2a0f40b

                      SHA512

                      418b169934a9e1d80743b8a7268ebb514055811c13b71d05aeb2f1b64f97e3156256b882a95677f693acf139b52373c512ad559fe17e79836d5fe796273e8fbc

                    • C:\Users\Admin\TyPlGfRe\nwjs\icudtl.dat

                      Filesize

                      10.1MB

                      MD5

                      2c367970ac87a9275eeec5629bb6fc3d

                      SHA1

                      399324d1aeee5e74747a6873501a1ee5aac005ee

                      SHA256

                      17d57b17d12dc5cfbf06413d68a06f45ccf245f4abdf5429f30256977c4ed6de

                      SHA512

                      f788a0d35f9e4bebe641ee67fff14968b62891f52d05bf638cd2c845df87f2e107c42a32bbe62f389f05e5673fe55cbdb85258571e698325400705cd7b16db01

                    • C:\Users\Admin\TyPlGfRe\nwjs\libEGL.dll

                      Filesize

                      446KB

                      MD5

                      778527981ef1c1ac7a65d8b1dd3d0a1a

                      SHA1

                      23b44770ca37765e368b618b999b7d119c20ff4d

                      SHA256

                      663eb32d7815efa625eb339f5e1c5856ae8beed65f501f32416d8e7744b533b1

                      SHA512

                      6e00b406d0ccc3316d98aed58d83abe6b7ae69c251be06915578945eb900276945a6f57ba0075d5bbbebf01c156605c08323166f80d0a41253a6431f4494c1e8

                    • C:\Users\Admin\TyPlGfRe\nwjs\libGLESv2.dll

                      Filesize

                      6.3MB

                      MD5

                      11fe117cf4fed191e380911d4df45565

                      SHA1

                      c881fee1c8f78c5ab09c36135da1403a0f274a81

                      SHA256

                      2a2511c2d292067edfdddc28406f08b3becf455e3df13954eecd6bfa320f7c8a

                      SHA512

                      2f6c5a2e666ab542785024d9c3eb22cc6a153d361f65ac20f0cf54fe5cd315e725dab1bdb7e4ee424a7708ed46d23d51b84b8ec826aa99faa30f7d3de2ed4546

                    • C:\Users\Admin\TyPlGfRe\nwjs\locales\bg.pak.info

                      Filesize

                      831KB

                      MD5

                      f2a134d21e79420e0e025b2f5d0e0564

                      SHA1

                      e4f6ead92945b87c3b980878c707467dc84cd616

                      SHA256

                      4c125a498bd06dd1cbbe3e4f05dca6fa47ce19297ad9f92df3af65eaf0a05d67

                      SHA512

                      032e8c44c1edbf6ba3effce1d67e5355e926b5509c8aa3dcf15677efe9fe3a2bf27d81d7d7ffae3a5caae1755830ad016a11f1417dddbf49977bd52083aaee1b

                    • C:\Users\Admin\TyPlGfRe\nwjs\locales\en-US.pak

                      Filesize

                      364KB

                      MD5

                      a93a5c83e482a4bc56736bb1451a88da

                      SHA1

                      afa0c1f46b6245ed9301bc9c2aa46402b6d10c37

                      SHA256

                      446764ecf3939c35e90f61c928ec55d445d83a483a19fafd38af378a70fd06c7

                      SHA512

                      550278670b857b15a8af557bc7d127695155ac16a0b61947f891040421c08bfed0aea26eccf0c45303b82b801801f6c2caf7fd0561dae97632b0ec2eb1bb2212

                    • C:\Users\Admin\TyPlGfRe\nwjs\node.dll

                      Filesize

                      16.4MB

                      MD5

                      1f2efb361f4e9a0e4a2b58368c256fd7

                      SHA1

                      ed807bc5c16b73fcd34a0cef641d54f296cf120e

                      SHA256

                      778d83f0f7add7d6ca086e1722745bc7b536dff2a14bd0830b68c1480abfb550

                      SHA512

                      c5e489ac43d8ab930f7e65af878a7d095cb400464ccd1045803ee5fc861f774df715deff0704a01e241fc2f76fc6bea3fa2af07f571c9a6822d42d2260e24a92

                    • C:\Users\Admin\TyPlGfRe\nwjs\nw_100_percent.pak

                      Filesize

                      595KB

                      MD5

                      979a087011c664b56b619bafa2122534

                      SHA1

                      186724cebbb0047e88640aa0ff3498340cdd5703

                      SHA256

                      db914fa3e593a30e4037ea26d482c9f6788a155d8b992b2778021766aa7be49d

                      SHA512

                      ecfb1ecb3a16f9e777f5e01440118ac7263d138f6945ca7a746f7e5bda2287332ce0ed228ceb050ce24fb25c1169c952a17c497f33147dfe1ccae36f0f1d47ae

                    • C:\Users\Admin\TyPlGfRe\nwjs\nw_200_percent.pak

                      Filesize

                      891KB

                      MD5

                      7587d9a73cadc14f70174d95618f86d3

                      SHA1

                      dc4261b0fc4ac28825811beae0496122fe06704d

                      SHA256

                      00da64185f149bf0060f555a78bda17570cd2b45be0cad1a9570f9816ece5936

                      SHA512

                      435cccbbcea41a599af7a9c8fee9f0434c0464b4d1e8d5a2ed1d1307508ece7d49b61cb6a7c7858976a8281ef58de01107294eaf6e7fc8b56331ed2b981297ac

                    • C:\Users\Admin\TyPlGfRe\nwjs\nw_elf.dll

                      Filesize

                      1.0MB

                      MD5

                      b58238a4c19e14ab64846be1c57be70a

                      SHA1

                      47f6d9ab46f579481b8f01b54f9e23f34f2c129e

                      SHA256

                      7a879b77ba31f4ead57c6efa19ab468c1ca72d0271fbb553fb7c02d00a250273

                      SHA512

                      9dc2d7b22ec0af9bb982fc6e1d46de1d30c408e6abac714ed8731cf5b8c95060564aa85b93989d68b4cad6cc358e47087f14790bbeb3f5609a035a5f35a61600

                    • C:\Users\Admin\TyPlGfRe\nwjs\resources.pak

                      Filesize

                      4.2MB

                      MD5

                      a5322a11e67811c10c4756fdff7dff68

                      SHA1

                      1c411726268dfc94f3d97286949e253e3acf57d6

                      SHA256

                      b3aee308664663a2e3f523d1bc192e0e5d8bb0c01d7f9142930bb9a28cccc635

                      SHA512

                      717e64a15c20906d2d3fdc09c09ffda7967489b4f24a7201873d67464fce979777e66c679bfb3069cc09e758eff1f07b030514dd032e07d119dc12c23dfaec06

                    • C:\Users\Admin\TyPlGfRe\nwjs\v8_context_snapshot.bin

                      Filesize

                      455KB

                      MD5

                      0313894f6ddaa2b25681ba90b68a2a93

                      SHA1

                      d6534b9444a97fc642fd9c6b489ca2fe3a8e7fca

                      SHA256

                      31c068f791be9b7e39a791570e446b37d655b41dfca90335557c44a622fde880

                      SHA512

                      57a9e9e7c06ccb5ecdcd2783573e59b3b4e2911d278ec875f5545518caefaeb7f46fb128159a6fe35c83e7d03de21266c7b68b81114189059975f9a75bcee69c

                    • C:\Users\Admin\TyPlGfRe\nwjs\vk_swiftshader.dll

                      Filesize

                      4.2MB

                      MD5

                      b596ca1cb8e51e7f932278f16b6ad85e

                      SHA1

                      6464502069be06424db049f9989e4491437ad971

                      SHA256

                      9315416d8528e8263150eec63bdc4261254e1d1134b675e1c1e8b538bbe1e4f8

                      SHA512

                      dae3628b97a274dc7e9f67ceac32698c6d75abadb6f85d464629bff704639385400f42a3b09c17bd90ad2fcaa2890106772000c72cae912d857c2acec81ec647

                    • C:\Users\Admin\TyPlGfRe\setDRM.exe

                      Filesize

                      2.4MB

                      MD5

                      ee14da91f888b7935f002804378fb4b1

                      SHA1

                      d580bc3cbb272bc536612c399318ecf74182ec65

                      SHA256

                      cf53431d9af20114d46af84f0b34f142eb734dc646b6245b57ee691bd60adbb3

                      SHA512

                      61d42c3eafa4c54b38b2e8183ff8f479392cade5c0bd116df21a48dd6e692b827cd046ae48e6446f2e5d25f899107f9275113676667d883450405a9d5f8ba7a8

                    • C:\Users\Admin\TyPlGfRe\ui\package.json

                      Filesize

                      2KB

                      MD5

                      34fd02368a4717326f0e4c9776c4b3da

                      SHA1

                      24cf4907d4d9a9e1243a108c3e6232f4bd767d93

                      SHA256

                      c465dfaaabad312164b43c25ae04ae3ccd9ed687116afa5f93c2e006e3d5157b

                      SHA512

                      58681b3ee95d9ffa5cb7e35b2fce06f45e4e1d2be51a2c4c6cc1caefb80d854d74853eac852f3e5b27d6b4c98fe28db60104199726d93e75f10c4e22ed1d88eb

                    • memory/1880-2802-0x000001CE60FC0000-0x000001CE60FC1000-memory.dmp

                      Filesize

                      4KB

                    • memory/1880-2794-0x000001CE60FC0000-0x000001CE60FC1000-memory.dmp

                      Filesize

                      4KB

                    • memory/1880-2793-0x000001CE60FC0000-0x000001CE60FC1000-memory.dmp

                      Filesize

                      4KB

                    • memory/1880-2799-0x000001CE60FC0000-0x000001CE60FC1000-memory.dmp

                      Filesize

                      4KB

                    • memory/1880-2805-0x000001CE60FC0000-0x000001CE60FC1000-memory.dmp

                      Filesize

                      4KB

                    • memory/1880-2804-0x000001CE60FC0000-0x000001CE60FC1000-memory.dmp

                      Filesize

                      4KB

                    • memory/1880-2803-0x000001CE60FC0000-0x000001CE60FC1000-memory.dmp

                      Filesize

                      4KB

                    • memory/1880-2795-0x000001CE60FC0000-0x000001CE60FC1000-memory.dmp

                      Filesize

                      4KB

                    • memory/1880-2801-0x000001CE60FC0000-0x000001CE60FC1000-memory.dmp

                      Filesize

                      4KB

                    • memory/1880-2800-0x000001CE60FC0000-0x000001CE60FC1000-memory.dmp

                      Filesize

                      4KB

                    • memory/5944-706-0x0000020FD3410000-0x0000020FD3596000-memory.dmp

                      Filesize

                      1.5MB

                    • memory/5944-635-0x0000020FD3410000-0x0000020FD3596000-memory.dmp

                      Filesize

                      1.5MB