risepro | 2a90929580395d5f6155f09fc76682bd036ee72d72573c83763e4a7ef4510d4e

Analysis

max time kernel
209s
max time network
211s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
21-06-2024 18:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

$RAGT9PA.exe
Size

117KB
MD5

af3bb615defa66760811ab9a33a497a5
SHA1

01546c9ed244c19bed123763fc0d161ff47e9c38
SHA256

2a90929580395d5f6155f09fc76682bd036ee72d72573c83763e4a7ef4510d4e
SHA512

bdf9ec39e0340118134b20d9ee14fd873b7f5fbba7b39f5bd87a490bfc58fbd3b57b9f5aa2fba1088b2df518256f6c0c240a065a5097b64d1222dfc66ee0c8c6
SSDEEP

3072:ZbG7N2kDTHUpouUPScWxAPzy5n+/mGCKEUP:ZbE/HUMPGqry5nmJP

Score

10^/10

risepro discovery persistence stealer

Malware Config

Signatures

RisePro
RisePro stealer is an infostealer distributed by PrivateLoader.
stealer risepro
Downloads MZ/PE file

Checks computer location settings 2 TTPs 4 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Control Panel\International\Geo\Nation	$RAGT9PA.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Control Panel\International\Geo\Nation	NW_store.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Control Panel\International\Geo\Nation	NW_store.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Control Panel\International\Geo\Nation	NW_store.exe

Executes dropped EXE 15 IoCs

pid	Process
4564	nsl6FC3.tmp
2752	PcAppStore.exe
316	PcAppStoreWatchdog.exe
4316	NW_store.exe
4740	NW_store.exe
4160	NW_store.exe
4672	NW_store.exe
4856	NW_store.exe
4980	NW_store.exe
5276	NW_store.exe
5448	NW_store.exe
5472	NW_store.exe
7000	NW_store.exe
7008	NW_store.exe
5968	NW_store.exe

Loads dropped DLL 57 IoCs

pid	Process
3896	$RAGT9PA.exe
3896	$RAGT9PA.exe
3896	$RAGT9PA.exe
3896	$RAGT9PA.exe
3896	$RAGT9PA.exe
3896	$RAGT9PA.exe
3896	$RAGT9PA.exe
3896	$RAGT9PA.exe
3896	$RAGT9PA.exe
3896	$RAGT9PA.exe
4564	nsl6FC3.tmp
4564	nsl6FC3.tmp
4564	nsl6FC3.tmp
4564	nsl6FC3.tmp
4564	nsl6FC3.tmp
4564	nsl6FC3.tmp
4564	nsl6FC3.tmp
4564	nsl6FC3.tmp
4564	nsl6FC3.tmp
4316	NW_store.exe
4316	NW_store.exe
4316	NW_store.exe
4740	NW_store.exe
4160	NW_store.exe
4672	NW_store.exe
4856	NW_store.exe
4672	NW_store.exe
4856	NW_store.exe
4856	NW_store.exe
4672	NW_store.exe
4980	NW_store.exe
4672	NW_store.exe
4672	NW_store.exe
4672	NW_store.exe
4980	NW_store.exe
4980	NW_store.exe
4672	NW_store.exe
5276	NW_store.exe
5276	NW_store.exe
5276	NW_store.exe
5276	NW_store.exe
5448	NW_store.exe
5448	NW_store.exe
5448	NW_store.exe
5472	NW_store.exe
5472	NW_store.exe
5472	NW_store.exe
7000	NW_store.exe
7008	NW_store.exe
7000	NW_store.exe
7000	NW_store.exe
7008	NW_store.exe
7008	NW_store.exe
5968	NW_store.exe
5968	NW_store.exe
5968	NW_store.exe
5968	NW_store.exe

Adds Run key to start application 2 TTPs 3 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Windows\CurrentVersion\Run\PCAppStore = "\"C:\\Users\\Admin\\PCAppStore\\PCAppStore.exe\" /init default"	nsl6FC3.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Windows\CurrentVersion\Run\PcAppStoreUpdater = "\"C:\\Users\\Admin\\PCAppStore\\AutoUpdater.exe\" /i"	nsl6FC3.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Windows\CurrentVersion\Run\PcAppStoreWatchdog = "\"C:\\Users\\Admin\\PCAppStore\\PcAppStoreWatchdog.exe\" /guid=98F325B1-1085-43B7-8E27-43D9CDB6EA3FX /rid=20240621183256.298240640468 /ver=fa.1091o"	nsl6FC3.tmp

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 36 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	MicrosoftEdgeCP.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	MicrosoftEdgeCP.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	MicrosoftEdgeCP.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	MicrosoftEdgeCP.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	MicrosoftEdgeCP.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	MicrosoftEdgeCP.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	MicrosoftEdgeCP.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName	MicrosoftEdgeCP.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	MicrosoftEdgeCP.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	MicrosoftEdgeCP.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	MicrosoftEdgeCP.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	MicrosoftEdgeCP.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	MicrosoftEdgeCP.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	MicrosoftEdgeCP.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	MicrosoftEdgeCP.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	MicrosoftEdgeCP.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	MicrosoftEdgeCP.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	MicrosoftEdgeCP.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	MicrosoftEdgeCP.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	MicrosoftEdgeCP.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	MicrosoftEdgeCP.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	MicrosoftEdgeCP.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	MicrosoftEdgeCP.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000	MicrosoftEdgeCP.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	MicrosoftEdgeCP.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	MicrosoftEdgeCP.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	MicrosoftEdgeCP.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	MicrosoftEdgeCP.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	MicrosoftEdgeCP.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	MicrosoftEdgeCP.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000	MicrosoftEdgeCP.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	MicrosoftEdgeCP.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	MicrosoftEdgeCP.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	MicrosoftEdgeCP.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	MicrosoftEdgeCP.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	MicrosoftEdgeCP.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	NW_store.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	NW_store.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	NW_store.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe

Modifies data under HKEY_USERS 4 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	NW_store.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133634683940978873"	NW_store.exe
Key created	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\NGC\SoftLockoutVolatileKey	svchost.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Explorer\Main	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 37bc035e09c4da01	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$http://www.typepad.com/	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BingPageData	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{A8A88C49-5EB2-4990-A1A2-08760 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BingPageData\RulesFileNextUpdateDate = "425156855"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\OneTimeCleanup = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OnlineHistory	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$WordPress	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\CTLs	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath\dummySetting = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\LowMic	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\IETld\LowMic	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI\IsSignedIn = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Revision = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DeviceId = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionHigh = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = a8f7df5d09c4da01	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History\CacheLimit = "1"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListDOSTime = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VendorId = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History\CacheLimit = "1"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\FileNames	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA\CTLs	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionHigh = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\""	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\LastCleanup = 74227c6309c4da01	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\TreeView = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 0b07ea7109c4da01	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\PrivacyAdvanced = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modif = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\NextUpdateDate = "425759720"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$blogger	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$Telligent	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\FileVersion = "2016061511"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust\Certificates	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\DisallowDefaultBrowserPrompt = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\Certificates	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content	MicrosoftEdgeCP.exe

NTFS ADS 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\PCAppStore\assets\images\css2?family=Inter:wght@400;500;600;700&family=Open+Sans:wght@400;600;700&family=Roboto:wght@400;500;700&display=swap	NW_store.exe

Suspicious behavior: EnumeratesProcesses 42 IoCs

pid	Process
3896	$RAGT9PA.exe
3896	$RAGT9PA.exe
3896	$RAGT9PA.exe
3896	$RAGT9PA.exe
3896	$RAGT9PA.exe
3896	$RAGT9PA.exe
3896	$RAGT9PA.exe
3896	$RAGT9PA.exe
4564	nsl6FC3.tmp
4564	nsl6FC3.tmp
4564	nsl6FC3.tmp
4564	nsl6FC3.tmp
4564	nsl6FC3.tmp
4564	nsl6FC3.tmp
316	PcAppStoreWatchdog.exe
316	PcAppStoreWatchdog.exe
2752	PcAppStore.exe
2752	PcAppStore.exe
316	PcAppStoreWatchdog.exe
316	PcAppStoreWatchdog.exe
2752	PcAppStore.exe
2752	PcAppStore.exe
2752	PcAppStore.exe
2752	PcAppStore.exe
4740	NW_store.exe
4740	NW_store.exe
4740	NW_store.exe
4740	NW_store.exe
4316	NW_store.exe
4316	NW_store.exe
2752	PcAppStore.exe
2752	PcAppStore.exe
2752	PcAppStore.exe
2752	PcAppStore.exe
3376	chrome.exe
3376	chrome.exe
5968	NW_store.exe
5968	NW_store.exe
5968	NW_store.exe
5968	NW_store.exe
3652	chrome.exe
3652	chrome.exe

Suspicious behavior: MapViewOfSection 4 IoCs

pid	Process
4816	MicrosoftEdgeCP.exe
4816	MicrosoftEdgeCP.exe
4816	MicrosoftEdgeCP.exe
4816	MicrosoftEdgeCP.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	2280	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	2280	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	2280	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	2280	MicrosoftEdgeCP.exe
Token: SeShutdownPrivilege	4316	NW_store.exe
Token: SeCreatePagefilePrivilege	4316	NW_store.exe
Token: SeShutdownPrivilege	4316	NW_store.exe
Token: SeCreatePagefilePrivilege	4316	NW_store.exe
Token: SeShutdownPrivilege	4316	NW_store.exe
Token: SeCreatePagefilePrivilege	4316	NW_store.exe
Token: SeShutdownPrivilege	4316	NW_store.exe
Token: SeCreatePagefilePrivilege	4316	NW_store.exe
Token: SeSecurityPrivilege	5556	msiexec.exe
Token: SeShutdownPrivilege	4316	NW_store.exe
Token: SeCreatePagefilePrivilege	4316	NW_store.exe
Token: SeShutdownPrivilege	4316	NW_store.exe
Token: SeCreatePagefilePrivilege	4316	NW_store.exe
Token: SeShutdownPrivilege	4316	NW_store.exe
Token: SeCreatePagefilePrivilege	4316	NW_store.exe
Token: SeShutdownPrivilege	4316	NW_store.exe
Token: SeCreatePagefilePrivilege	4316	NW_store.exe
Token: SeShutdownPrivilege	4316	NW_store.exe
Token: SeCreatePagefilePrivilege	4316	NW_store.exe
Token: SeShutdownPrivilege	4316	NW_store.exe
Token: SeCreatePagefilePrivilege	4316	NW_store.exe
Token: SeShutdownPrivilege	4316	NW_store.exe
Token: SeCreatePagefilePrivilege	4316	NW_store.exe
Token: SeShutdownPrivilege	4316	NW_store.exe
Token: SeCreatePagefilePrivilege	4316	NW_store.exe
Token: SeShutdownPrivilege	4316	NW_store.exe
Token: SeCreatePagefilePrivilege	4316	NW_store.exe
Token: SeShutdownPrivilege	4316	NW_store.exe
Token: SeCreatePagefilePrivilege	4316	NW_store.exe
Token: SeShutdownPrivilege	4316	NW_store.exe
Token: SeCreatePagefilePrivilege	4316	NW_store.exe
Token: SeShutdownPrivilege	4316	NW_store.exe
Token: SeCreatePagefilePrivilege	4316	NW_store.exe
Token: SeShutdownPrivilege	4316	NW_store.exe
Token: SeCreatePagefilePrivilege	4316	NW_store.exe
Token: SeShutdownPrivilege	4316	NW_store.exe
Token: SeCreatePagefilePrivilege	4316	NW_store.exe
Token: SeShutdownPrivilege	4316	NW_store.exe
Token: SeCreatePagefilePrivilege	4316	NW_store.exe
Token: SeShutdownPrivilege	4316	NW_store.exe
Token: SeCreatePagefilePrivilege	4316	NW_store.exe
Token: SeShutdownPrivilege	4316	NW_store.exe
Token: SeCreatePagefilePrivilege	4316	NW_store.exe
Token: SeShutdownPrivilege	4316	NW_store.exe
Token: SeCreatePagefilePrivilege	4316	NW_store.exe
Token: SeShutdownPrivilege	3376	chrome.exe
Token: SeCreatePagefilePrivilege	3376	chrome.exe
Token: SeShutdownPrivilege	4316	NW_store.exe
Token: SeCreatePagefilePrivilege	4316	NW_store.exe
Token: SeShutdownPrivilege	3376	chrome.exe
Token: SeCreatePagefilePrivilege	3376	chrome.exe
Token: SeShutdownPrivilege	4316	NW_store.exe
Token: SeCreatePagefilePrivilege	4316	NW_store.exe
Token: SeShutdownPrivilege	3376	chrome.exe
Token: SeCreatePagefilePrivilege	3376	chrome.exe
Token: SeShutdownPrivilege	4316	NW_store.exe
Token: SeCreatePagefilePrivilege	4316	NW_store.exe
Token: SeShutdownPrivilege	3376	chrome.exe
Token: SeCreatePagefilePrivilege	3376	chrome.exe
Token: SeShutdownPrivilege	4316	NW_store.exe

Suspicious use of FindShellTrayWindow 49 IoCs

pid	Process
2752	PcAppStore.exe
2752	PcAppStore.exe
2752	PcAppStore.exe
4316	NW_store.exe
4316	NW_store.exe
4316	NW_store.exe
4316	NW_store.exe
4316	NW_store.exe
4316	NW_store.exe
4316	NW_store.exe
4316	NW_store.exe
4316	NW_store.exe
4316	NW_store.exe
4316	NW_store.exe
4316	NW_store.exe
4316	NW_store.exe
4316	NW_store.exe
4316	NW_store.exe
4316	NW_store.exe
2752	PcAppStore.exe
2752	PcAppStore.exe
4316	NW_store.exe
4316	NW_store.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe

Suspicious use of SendNotifyMessage 50 IoCs

pid	Process
2752	PcAppStore.exe
2752	PcAppStore.exe
2752	PcAppStore.exe
2752	PcAppStore.exe
2752	PcAppStore.exe
2752	PcAppStore.exe
2752	PcAppStore.exe
2752	PcAppStore.exe
2752	PcAppStore.exe
2752	PcAppStore.exe
2752	PcAppStore.exe
2752	PcAppStore.exe
2752	PcAppStore.exe
2752	PcAppStore.exe
2752	PcAppStore.exe
2752	PcAppStore.exe
2752	PcAppStore.exe
2752	PcAppStore.exe
2752	PcAppStore.exe
2752	PcAppStore.exe
2752	PcAppStore.exe
2752	PcAppStore.exe
2752	PcAppStore.exe
2752	PcAppStore.exe
2752	PcAppStore.exe
2752	PcAppStore.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe
3376	chrome.exe

Suspicious use of SetWindowsHookEx 20 IoCs

pid	Process
4340	MicrosoftEdge.exe
4816	MicrosoftEdgeCP.exe
2280	MicrosoftEdgeCP.exe
4816	MicrosoftEdgeCP.exe
2752	PcAppStore.exe
2752	PcAppStore.exe
2752	PcAppStore.exe
2752	PcAppStore.exe
2752	PcAppStore.exe
2752	PcAppStore.exe
2752	PcAppStore.exe
2752	PcAppStore.exe
2752	PcAppStore.exe
2752	PcAppStore.exe
2752	PcAppStore.exe
2752	PcAppStore.exe
2752	PcAppStore.exe
2752	PcAppStore.exe
2752	PcAppStore.exe
2752	PcAppStore.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4816 wrote to memory of 4732	4816	MicrosoftEdgeCP.exe	78
PID 4816 wrote to memory of 4732	4816	MicrosoftEdgeCP.exe	78
PID 4816 wrote to memory of 4732	4816	MicrosoftEdgeCP.exe	78
PID 4816 wrote to memory of 4732	4816	MicrosoftEdgeCP.exe	78
PID 4816 wrote to memory of 4732	4816	MicrosoftEdgeCP.exe	78
PID 4816 wrote to memory of 4732	4816	MicrosoftEdgeCP.exe	78
PID 4816 wrote to memory of 4732	4816	MicrosoftEdgeCP.exe	78
PID 4816 wrote to memory of 4732	4816	MicrosoftEdgeCP.exe	78
PID 4816 wrote to memory of 4732	4816	MicrosoftEdgeCP.exe	78
PID 4816 wrote to memory of 4732	4816	MicrosoftEdgeCP.exe	78
PID 3896 wrote to memory of 4564	3896	$RAGT9PA.exe	80
PID 3896 wrote to memory of 4564	3896	$RAGT9PA.exe	80
PID 3896 wrote to memory of 4564	3896	$RAGT9PA.exe	80
PID 4564 wrote to memory of 2752	4564	nsl6FC3.tmp	81
PID 4564 wrote to memory of 2752	4564	nsl6FC3.tmp	81
PID 4564 wrote to memory of 2752	4564	nsl6FC3.tmp	81
PID 4564 wrote to memory of 316	4564	nsl6FC3.tmp	82
PID 4564 wrote to memory of 316	4564	nsl6FC3.tmp	82
PID 2752 wrote to memory of 4316	2752	PcAppStore.exe	85
PID 2752 wrote to memory of 4316	2752	PcAppStore.exe	85
PID 4316 wrote to memory of 4740	4316	NW_store.exe	86
PID 4316 wrote to memory of 4740	4316	NW_store.exe	86
PID 4740 wrote to memory of 4160	4740	NW_store.exe	87
PID 4740 wrote to memory of 4160	4740	NW_store.exe	87
PID 4316 wrote to memory of 4672	4316	NW_store.exe	88
PID 4316 wrote to memory of 4672	4316	NW_store.exe	88
PID 4316 wrote to memory of 4856	4316	NW_store.exe	89
PID 4316 wrote to memory of 4856	4316	NW_store.exe	89
PID 4316 wrote to memory of 4980	4316	NW_store.exe	90
PID 4316 wrote to memory of 4980	4316	NW_store.exe	90
PID 4316 wrote to memory of 5276	4316	NW_store.exe	91
PID 4316 wrote to memory of 5276	4316	NW_store.exe	91
PID 4316 wrote to memory of 5448	4316	NW_store.exe	94
PID 4316 wrote to memory of 5448	4316	NW_store.exe	94
PID 4316 wrote to memory of 5472	4316	NW_store.exe	97
PID 4316 wrote to memory of 5472	4316	NW_store.exe	97
PID 4816 wrote to memory of 4732	4816	MicrosoftEdgeCP.exe	78
PID 4816 wrote to memory of 4732	4816	MicrosoftEdgeCP.exe	78
PID 4816 wrote to memory of 4732	4816	MicrosoftEdgeCP.exe	78
PID 4816 wrote to memory of 4732	4816	MicrosoftEdgeCP.exe	78
PID 4816 wrote to memory of 4732	4816	MicrosoftEdgeCP.exe	78
PID 4816 wrote to memory of 4732	4816	MicrosoftEdgeCP.exe	78
PID 4816 wrote to memory of 4732	4816	MicrosoftEdgeCP.exe	78
PID 4816 wrote to memory of 4732	4816	MicrosoftEdgeCP.exe	78
PID 4816 wrote to memory of 4732	4816	MicrosoftEdgeCP.exe	78
PID 4816 wrote to memory of 4732	4816	MicrosoftEdgeCP.exe	78
PID 4816 wrote to memory of 4732	4816	MicrosoftEdgeCP.exe	78
PID 4816 wrote to memory of 4732	4816	MicrosoftEdgeCP.exe	78
PID 4816 wrote to memory of 4732	4816	MicrosoftEdgeCP.exe	78
PID 4816 wrote to memory of 4732	4816	MicrosoftEdgeCP.exe	78
PID 4816 wrote to memory of 4732	4816	MicrosoftEdgeCP.exe	78
PID 4816 wrote to memory of 4732	4816	MicrosoftEdgeCP.exe	78
PID 4816 wrote to memory of 4732	4816	MicrosoftEdgeCP.exe	78
PID 4816 wrote to memory of 4732	4816	MicrosoftEdgeCP.exe	78
PID 4816 wrote to memory of 4732	4816	MicrosoftEdgeCP.exe	78
PID 4816 wrote to memory of 4732	4816	MicrosoftEdgeCP.exe	78
PID 4816 wrote to memory of 4732	4816	MicrosoftEdgeCP.exe	78
PID 4816 wrote to memory of 4732	4816	MicrosoftEdgeCP.exe	78
PID 4816 wrote to memory of 4732	4816	MicrosoftEdgeCP.exe	78
PID 4816 wrote to memory of 4732	4816	MicrosoftEdgeCP.exe	78
PID 4816 wrote to memory of 4732	4816	MicrosoftEdgeCP.exe	78
PID 4816 wrote to memory of 4732	4816	MicrosoftEdgeCP.exe	78
PID 3376 wrote to memory of 5820	3376	chrome.exe	105
PID 3376 wrote to memory of 5820	3376	chrome.exe	105

C:\Users\Admin\AppData\Local\Temp\$RAGT9PA.exe
"C:\Users\Admin\AppData\Local\Temp\$RAGT9PA.exe"
1⤵
- Checks computer location settings
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3896
- C:\Users\Admin\AppData\Local\Temp\nsl6FC3.tmp
  "C:\Users\Admin\AppData\Local\Temp\nsl6FC3.tmp" /internal 1718922877654342 /force
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Adds Run key to start application
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4564
- - C:\Users\Admin\PCAppStore\PcAppStore.exe
    "C:\Users\Admin\PCAppStore\PcAppStore.exe" /init default
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2752
  - - C:\Users\Admin\PCAppStore\nwjs\NW_store.exe
      .\nwjs\NW_store.exe .\ui\.
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      Enumerates system info in registry
      Modifies data under HKEY_USERS
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of FindShellTrayWindow
      Suspicious use of WriteProcessMemory
      PID:4316
    - - C:\Users\Admin\PCAppStore\nwjs\NW_store.exe
        
        C:\Users\Admin\PCAppStore\nwjs\NW_store.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\pc_app_store\User Data" /prefetch:4 --monitor-self --monitor-self-argument=--type=crashpad-handler "--monitor-self-argument=--user-data-dir=C:\Users\Admin\AppData\Local\pc_app_store\User Data" --monitor-self-argument=/prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\pc_app_store\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\pc_app_store\User Data" --annotation=plat=Win64 --annotation=prod=pc_app_store --annotation=ver=0.1.0 --initial-client-data=0x284,0x288,0x28c,0x280,0x290,0x7ffa2180a960,0x7ffa2180a970,0x7ffa2180a980
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:4740
      - C:\Users\Admin\PCAppStore\nwjs\NW_store.exe
        
        C:\Users\Admin\PCAppStore\nwjs\NW_store.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\pc_app_store\User Data" /prefetch:4 --no-periodic-tasks --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\pc_app_store\User Data\Crashpad" --annotation=plat=Win64 --annotation=prod=pc_app_store --annotation=ver=0.1.0 --initial-client-data=0x168,0x16c,0x170,0x130,0x174,0x7ff6d9e58a60,0x7ff6d9e58a70,0x7ff6d9e58a80
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:4160
    - - C:\Users\Admin\PCAppStore\nwjs\NW_store.exe
        
        "C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=gpu-process --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --no-appcompat-clear --start-stack-profiler --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1924 --field-trial-handle=1928,i,3246967641921967596,218835699009061578,262144 --variations-seed-version /prefetch:2
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:4672
    - - C:\Users\Admin\PCAppStore\nwjs\NW_store.exe
        
        "C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --no-appcompat-clear --start-stack-profiler --mojo-platform-channel-handle=1932 --field-trial-handle=1928,i,3246967641921967596,218835699009061578,262144 --variations-seed-version /prefetch:3
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:4856
    - - C:\Users\Admin\PCAppStore\nwjs\NW_store.exe
        
        "C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --no-appcompat-clear --mojo-platform-channel-handle=2056 --field-trial-handle=1928,i,3246967641921967596,218835699009061578,262144 --variations-seed-version /prefetch:8
        5⤵
        Checks computer location settings
        Executes dropped EXE
        Loads dropped DLL
        
        PID:4980
    - - C:\Users\Admin\PCAppStore\nwjs\NW_store.exe
        
        "C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --nwjs --extension-process --no-appcompat-clear --no-sandbox --file-url-path-alias="/gen=C:\Users\Admin\PCAppStore\nwjs\gen" --no-zygote --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2980 --field-trial-handle=1928,i,3246967641921967596,218835699009061578,262144 --variations-seed-version /prefetch:2
        5⤵
        Checks computer location settings
        Executes dropped EXE
        Loads dropped DLL
        NTFS ADS
        
        PID:5276
    - - C:\Users\Admin\PCAppStore\nwjs\NW_store.exe
        
        "C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --no-appcompat-clear --mojo-platform-channel-handle=4204 --field-trial-handle=1928,i,3246967641921967596,218835699009061578,262144 --variations-seed-version /prefetch:8
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:5448
    - - C:\Users\Admin\PCAppStore\nwjs\NW_store.exe
        
        "C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --no-appcompat-clear --mojo-platform-channel-handle=4304 --field-trial-handle=1928,i,3246967641921967596,218835699009061578,262144 --variations-seed-version /prefetch:8
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:5472
    - - C:\Users\Admin\PCAppStore\nwjs\NW_store.exe
        
        "C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --no-appcompat-clear --mojo-platform-channel-handle=3508 --field-trial-handle=1928,i,3246967641921967596,218835699009061578,262144 --variations-seed-version /prefetch:8
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:7000
    - - C:\Users\Admin\PCAppStore\nwjs\NW_store.exe
        
        "C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --no-appcompat-clear --mojo-platform-channel-handle=4476 --field-trial-handle=1928,i,3246967641921967596,218835699009061578,262144 --variations-seed-version /prefetch:8
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:7008
    - - C:\Users\Admin\PCAppStore\nwjs\NW_store.exe
        
        "C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --no-appcompat-clear --start-stack-profiler --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=4344 --field-trial-handle=1928,i,3246967641921967596,218835699009061578,262144 --variations-seed-version /prefetch:8
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        
        PID:5968
- - C:\Users\Admin\PCAppStore\PcAppStoreWatchdog.exe
    "C:\Users\Admin\PCAppStore\PcAppStoreWatchdog.exe" /guid=98F325B1-1085-43B7-8E27-43D9CDB6EA3FX /rid=20240621183256.298240640468 /ver=fa.1091o
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:316

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4340

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
PID:4808

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4816

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2280

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Modifies registry class
PID:4732

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x40c
1⤵
PID:4244

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:4940

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5556

\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s NgcSvc
1⤵
PID:5852

\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s DeviceAssociationService
1⤵
PID:6108

\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s NgcCtnrSvc
1⤵
- Modifies data under HKEY_USERS
PID:4716

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffa0c869758,0x7ffa0c869768,0x7ffa0c869778
  2⤵
  PID:5820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1636 --field-trial-handle=1784,i,12899513882329150784,17491032592219954965,131072 /prefetch:2
  2⤵
  PID:3208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2012 --field-trial-handle=1784,i,12899513882329150784,17491032592219954965,131072 /prefetch:8
  2⤵
  PID:6112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2076 --field-trial-handle=1784,i,12899513882329150784,17491032592219954965,131072 /prefetch:8
  2⤵
  PID:5576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2880 --field-trial-handle=1784,i,12899513882329150784,17491032592219954965,131072 /prefetch:1
  2⤵
  PID:5108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2888 --field-trial-handle=1784,i,12899513882329150784,17491032592219954965,131072 /prefetch:1
  2⤵
  PID:5296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4460 --field-trial-handle=1784,i,12899513882329150784,17491032592219954965,131072 /prefetch:1
  2⤵
  PID:6432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4600 --field-trial-handle=1784,i,12899513882329150784,17491032592219954965,131072 /prefetch:8
  2⤵
  PID:6472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4784 --field-trial-handle=1784,i,12899513882329150784,17491032592219954965,131072 /prefetch:8
  2⤵
  PID:6540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4824 --field-trial-handle=1784,i,12899513882329150784,17491032592219954965,131072 /prefetch:8
  2⤵
  PID:6696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4960 --field-trial-handle=1784,i,12899513882329150784,17491032592219954965,131072 /prefetch:8
  2⤵
  PID:6768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4964 --field-trial-handle=1784,i,12899513882329150784,17491032592219954965,131072 /prefetch:8
  2⤵
  PID:6808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5320 --field-trial-handle=1784,i,12899513882329150784,17491032592219954965,131072 /prefetch:1
  2⤵
  PID:4176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3720 --field-trial-handle=1784,i,12899513882329150784,17491032592219954965,131072 /prefetch:1
  2⤵
  PID:6516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5536 --field-trial-handle=1784,i,12899513882329150784,17491032592219954965,131072 /prefetch:1
  2⤵
  PID:5776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5412 --field-trial-handle=1784,i,12899513882329150784,17491032592219954965,131072 /prefetch:8
  2⤵
  PID:7072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5752 --field-trial-handle=1784,i,12899513882329150784,17491032592219954965,131072 /prefetch:1
  2⤵
  PID:5944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5356 --field-trial-handle=1784,i,12899513882329150784,17491032592219954965,131072 /prefetch:1
  2⤵
  PID:6680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=6040 --field-trial-handle=1784,i,12899513882329150784,17491032592219954965,131072 /prefetch:1
  2⤵
  PID:6744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5436 --field-trial-handle=1784,i,12899513882329150784,17491032592219954965,131072 /prefetch:1
  2⤵
  PID:6324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=1712 --field-trial-handle=1784,i,12899513882329150784,17491032592219954965,131072 /prefetch:1
  2⤵
  PID:5552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=6020 --field-trial-handle=1784,i,12899513882329150784,17491032592219954965,131072 /prefetch:1
  2⤵
  PID:5288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5292 --field-trial-handle=1784,i,12899513882329150784,17491032592219954965,131072 /prefetch:8
  2⤵
  PID:6212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5132 --field-trial-handle=1784,i,12899513882329150784,17491032592219954965,131072 /prefetch:8
  2⤵
  PID:6188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=4800 --field-trial-handle=1784,i,12899513882329150784,17491032592219954965,131072 /prefetch:1
  2⤵
  PID:6472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=4672 --field-trial-handle=1784,i,12899513882329150784,17491032592219954965,131072 /prefetch:1
  2⤵
  PID:4208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=2888 --field-trial-handle=1784,i,12899513882329150784,17491032592219954965,131072 /prefetch:1
  2⤵
  PID:2192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5968 --field-trial-handle=1784,i,12899513882329150784,17491032592219954965,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5844 --field-trial-handle=1784,i,12899513882329150784,17491032592219954965,131072 /prefetch:8
  2⤵
  PID:1900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5368 --field-trial-handle=1784,i,12899513882329150784,17491032592219954965,131072 /prefetch:8
  2⤵
  PID:6700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5232 --field-trial-handle=1784,i,12899513882329150784,17491032592219954965,131072 /prefetch:8
  2⤵
  PID:6968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5092 --field-trial-handle=1784,i,12899513882329150784,17491032592219954965,131072 /prefetch:8
  2⤵
  PID:5292

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:6316

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\773CFF2C7835D48C4E76FE153DBA9F81_15174A80589B8DAF9768E9131F4845C0

Filesize
471B

MD5
2aa74d4897a9541cd9cefcb7f4d0851f

SHA1
534e4df389c72c1fce6b28fd7ad6003131d9e02b

SHA256
0fd49e11930612d6f3fcca10d6dba52e63b5b6b60b9fdc6998e613aa3e533360

SHA512
6cedc58db0999368792b60f825de4cd8f77d158541995019ada1cb42b194be88b76e65e8d06a43a61136f392fb0a4a5827745e28dc44ec3f233d91369c70fcfb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_C39E9DBC666D19C07EEE7CD1E11AF8BE

Filesize
471B

MD5
b756d81fb2f1590a041558a17c491f2d

SHA1
ff0f48f90d20069b9fe796942aea9c380b2ccc4d

SHA256
326c25195d4f2feec347b7f9f7c941f1aa7119b14226a7af489a60f980a854c2

SHA512
bebeeac2dbeffd9dbdbe271be09db929bff5388fb1ff4ab82f3e347b20563fbcd27b876c0a8d963adb2fbe6cad6dce389b475b3a3a68d0e84b15dc169f35332b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\773CFF2C7835D48C4E76FE153DBA9F81_15174A80589B8DAF9768E9131F4845C0

Filesize
404B

MD5
eabfcd373b61cbf70361733b6af2cf75

SHA1
eeee6654519abc4645d8943d726e3fdda86a26e0

SHA256
71e04e7a72f81ba6e4a20fe297bb39c6d2a84b11d06fa5de83a304c46b2306e7

SHA512
a5de99360954c498bffd75ae258b67327a4e189b57b3b3adc7741e528e30642dcc78b12245eeab22a272b7b75478eff1b1d5a4e8b03235f5b7b0f083c0b18b03

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_C39E9DBC666D19C07EEE7CD1E11AF8BE

Filesize
412B

MD5
1e8ca4a7f1031ac3667fd3f218ea6099

SHA1
05251f2cde67a3e2ee64e1bd41ee4cdfc4f55049

SHA256
727bc3d2f5694964aa5b4f05980f814393009fc7524c76030b0c3038f14515cd

SHA512
a20934e6f062cca61ef72b136119d0b628bb34ad89879ccfedd63f039fd8c47a34cbf7ad3738ca85dd6fe68c0e31a2e0ee569d2fa6a8d944e4f7acd4de14f4bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
69KB

MD5
921df38cecd4019512bbc90523bd5df5

SHA1
5bf380ffb3a385b734b70486afcfc493462eceec

SHA256
83289571497cbf2f2859d8308982493a9c92baa23bebfb41ceed584e3a6f8f3f

SHA512
35fa5f8559570af719f8a56854d6184daa7ef218d38c257e1ad71209272d37355e9ad93aaa9fbe7e3b0a9b8b46dfc9085879b01ce7bb86dd9308d4a6f35f09e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
328KB

MD5
15b07d0834be5ce9e1fa1265079859a1

SHA1
9aae71abb06cd4554a594f88b09f52f6629ffdc8

SHA256
870ca3db53a1372427fe59c45385d6ab7916ce1cfe21ddd48bc6631e45318f73

SHA512
36d2fddbcc3c5322ed37e5c8c8292b9a52c96ac2c301776b5dad08eb8e4c80f5f565c850cb5cb70498565903c3828c0ff1f4620f33540fe645e58ce258579449

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
134KB

MD5
98a3ad25ba6bbb1c3a2771f571477292

SHA1
80bd1832f49b7222a63ef05b664acca8183ce1e9

SHA256
9bb58278c69600273d233c9461cafa3a65de1eea361f1333a1ad00dd41078328

SHA512
df350e0e0c3ac2c6ac7f3b714ae6340e52c2c962131b7f22eda866ea5e941b89f37e2ff99d54b01f03d73d4996b2edc27051aec49afb24d3c3ea1c9f5d3fe1ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b

Filesize
101KB

MD5
441fb98cd7fccf87b5f910ea0c11fcb2

SHA1
b7046d79ed690ee42d41dcdcd7ab4937bfe24b4d

SHA256
e6e7c532af7bbba5df36e773b51cb2a6be8f90f015c2d432e2efa82df74a7553

SHA512
41996d8a6e63c7640d3b2751bc4f7d6493f267282898a45e42c6ecf01c9045b3b686dc46077c09bde997b1bbe9e473a10d8851a46bc4db99a2e4c48a4074ee8d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c

Filesize
52KB

MD5
897b3993b57764f779410c03a4dc55ec

SHA1
18530c2df29ff79436d0052e87e48c7e5ff4fe89

SHA256
4ecc6fe9ce9029838102d554666a97ab6921aee9d106bc83f912126a87a13c2f

SHA512
5e643236e568776a026946d906e618a8e5876276fe0313b64f11e156a95bbefbc45ce64a79dbd9044b4f309fc1ed79277f4efb5d819c30d46116cda5d73d24bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000029

Filesize
19KB

MD5
e78f9f9e3c27e7c593b4355a84d7f65a

SHA1
562ce4ba516712d05ed293f34385d18f7138c904

SHA256
75488ac5677083f252c43009f026c2ec023ac4da3e65c5d7a084742e32abce3d

SHA512
05f9fbbd59c286024b3ad49961c4e0eaa1abcf36ed29a1d07ea73d2b057075d46fbfdda56f135145f942bd0c3d48246c73be1771c21861eec4ddf8bbc365a286

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000039

Filesize
226KB

MD5
12a946fafe430a89d3e7ee3ff37934a3

SHA1
cf46d69bf283d22c9d9d8cb980cbf50cd45f6bcc

SHA256
8fb8fe3aa67a7b73063fce39c0c40d90b7c078764c1c5a587ac0834222ad540c

SHA512
8ef266ec0bb300112865d9f01b7b418df0afa75bd301c8453ba30b879b18714b5683c61b1db519f56df496106cdd9720fd07c855a354ff3f94e0e18ce13de1db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003d

Filesize
46KB

MD5
3dda883b89b1f31dd1e8e0be2d4250e9

SHA1
ff69000e8307afcb2b4db7d6117b47975f9de06a

SHA256
e60268695e6c66a62ad318850e45954bb22d21f2ae62fe9f0c5490dcb1e69f9b

SHA512
25176c5acc9cf658129508ccc1b7fc8e93777cc59a404caf06a0e0eeb7c10b5276923aa51d56a99ebfd45d9f05b16f598794fb31ea0aa39565770b3c3b8c8c43

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003e

Filesize
806KB

MD5
296107fd9e4b08da2a5eb5381e62e59c

SHA1
0fab647f77db64c6284dd6335f6f01696217fb88

SHA256
9a75f06abaf3c4db9cb4110d32c18ba80356efafd79e6f6255aefc31054ff133

SHA512
519f5c12f414e6321e63c5c2992b4eb89131334543310513ffefcb9b4cfdc9cbf9adc48854dd40daa8475b238ec4a1b1d6f31d666e5edb773f433582777bea43

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003f

Filesize
32KB

MD5
fc48cf248229ad8686eb77300a78daec

SHA1
296a0ca8f11e043acf0b005e8ade51656fb2af6e

SHA256
63bd216b1612653bcbd661cee187b56f2ec2f3587cba7e638793ffe6d48a1429

SHA512
3fa41693e2824711e981cbb0945ae7b99299689946bfe30b722bbc2a6e14701743dbd3801c1edd9a5f83da2f23a01b5f4c4de30e8b2f08cdad0d9d0ca666cf4e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000040

Filesize
32KB

MD5
20adea22eec53811cc6bb3e6fb9648a1

SHA1
89ccfb989609bb343bff0f260fbc28e78b0ae16a

SHA256
d1b7f4208210049da4739648765e40bb8d8f0a7fd4e942df1d736e803739f5ea

SHA512
24342b4e909b88faa4b028aba8428bf4b3fac6203a61e74890a4c3439817444826c6d4785f0cef484b73c6116a9913c2980be3c59abaf2b3711942e1e53e6b55

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
12c8fdfba2f4584015c08b4decc95bd3

SHA1
f81fe23515eaea5a62ea0f3637c8b10932ea9565

SHA256
f427ebb10ca0ab0a62739c2cd2fddf2750547d0a872ee993a8e733258c6671da

SHA512
514c239ec07cb6afad80827ddcba1f4b53b2a37e3c9af2fae855c2243662f4578d71711ad0abe414e502d5271ce396e57cb77cd3561b87ee2b580ccef151ded8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
fb23bfc2b7bf23bf817a9e21d0ca8bcf

SHA1
eafd3ccb4743de1b9417f70cc0a2ccca3a769a02

SHA256
dc53299c7883123434cd12a5a4226956bf8f5b159c33a75ac64304e60169917b

SHA512
c05320fda8ccb84d3dbf32cfdf2b0d6a44c46179f3cc19cf197716c2271419d6007f1134bf6a4888e606677d76f2de6f7844d7a69559496f70aa9e57c29b61c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
524bc518c3c45778bf3fce5ab7393e2e

SHA1
772d66bcbfdb6e4a472ffd618620051442d53e81

SHA256
11e702b7ecacc12dba09fd4aaf609f1d3a9390baac85e1f77fefd6daf90e68a2

SHA512
b45d402e56057e6948be3bb7151e6350aa86438b3119fa2625fb6aaa493568bcbc01b29525cc80fc0268132dd953d4f35ad6479d87b51b433d6ac2b3a1ddb8e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
06a70c7c2817cb0d9938c15b63491a02

SHA1
c3bcd430ea1f24ebef1385aaa6b72c597d1c0b3e

SHA256
ad51c45739ccb530a1e420662b8374113ff053901eafe965f3509301f80114cc

SHA512
1d7080d389124e76e7c6dddbbffc4b1cb4620169d4ffa70086f6eb62bd730230e62f4c336d5bafd0b8621a750f162d951344316c47b56e2632c8a79809c9b026

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
0ea7b91e99f576fa23a03ac810ecf1a6

SHA1
d994e6cebd8310ada93a87f329cc9306a8859bec

SHA256
5a3172ab7f53f62675a4cf4d02483590b92c24d0792becb4518752cf9aa0419c

SHA512
a457a77ce3faae598b26dc843726007d2c481676866b7f1099a39479ffd31fc9fa8d85c611a2255a21b780edb7fbc450e5ffcc712b738a121e0b9661ee320801

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
2c4c319057f1b7c93c5e3f5f2fffc43d

SHA1
c39f00c00873b45faae6fbab6059043a34f06d40

SHA256
f338d49a3ad2f878efb97eb8b752e33dd96fa8c0dd60fb415f116acfa9c6eb22

SHA512
e4135acd5066c79f29f5366abbf232650f2e9f8d99bd6222a53055e0561942e5a786fd0a47abc8fd1a091511f8b835d1c684d9b8cff7badaabc14b508ab17f55

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
ebe70f1a0907618866d6de6020c3e2c7

SHA1
d2f67ee4ee372ca874eb44f4b4220e5a0a24ec85

SHA256
0192e11ec553ef44a6dfa23d7702d3a11b141a1d909c3b165045240c6129f5e7

SHA512
be4042b883f59b61ac5836c52225dd3472bc264c41affd399b95c77d69355eeb44add529b76968626779cc3cc63aaae88bb184408cf4c8bb483067cc6e9857fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
707ab839ea2d2aa97a739a123b3dc7b2

SHA1
81b645bf2aa4bbda785e2c10cbc1ed3f9eafe2d5

SHA256
287122854121704b55e8c0b8fbcc076605b92b2031f1495eca258a36f9f77b7d

SHA512
a5be56f1252f30738567bc3196e491aa8e91e6ac20cc7917b6e47e8644df68d6947fdf60342d9556851aa8c8a06e630fd0180a5396532b034b23fe91f927a147

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
e7d83301ebc948a28e35bc82a000fcb5

SHA1
910ed79021a19b1ce97dedd220dcb3d87412adf2

SHA256
4435f3a61e513ccbb2ae6dc2b794bb7873fb4b30a29aec8749bd69915f902d70

SHA512
a8f06c5205bbd850d1f480d4cde6ff0b25ffb92dc5fde4e201796b5fda6cfd48e20f4bd170b4b21bb0ee51c57a9d505fdac85d059d955881719a10a57fe92d19

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
96a4975617c1109973e69b0daf02a825

SHA1
895e4829fb86ef2246c013ba0e3fee5d70345237

SHA256
989d7071f81c76ef1f25d1374ef8240674f25d51460a56b577485e72856e24c0

SHA512
dfd349b0aa5d11c1752ce79216ad03fa2fbf984f83c7cb47639bf2c0f65c92daf9eb852b3ccbb74a5466676d4f4e152e0ab1fa607071bc8ee4acd6ef3b5360af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
1ac0a60247c929fc5cf419978eaffe92

SHA1
9fd16353bff936d8502c3e10f74c5d0796591b5c

SHA256
1183c9d3bd803c8c9d64eb61ffad7d92615c1cd0490fcd6c56aab6bb6111b140

SHA512
e20d3f5180c4ff8567e519c1eb744f2a8e391ef084be62bbc970c09eb9ceb03b50c937a001f2729ceef8aaa09a43af1334cfcdf29d56d70f15d25835130c7639

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
ab562f3138d2b501a517d9cf7b5da7a7

SHA1
78d59e97dbc71ae6318e071aa367c14aae7b47cf

SHA256
d132a1791bbed8dc9a4d1bfc97922755ea96530c2dd4b2ac7f2c12cfee034b59

SHA512
540c43f8faced42f21c326518dcb41b4ee58e43e97ce0580407ec465053fdb6fde9482f48a862ec7b999c31b2084bc87aee1a321d16fad2b63a31ef58fabe62b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
989f55367f598330cc2a2b55b74e6261

SHA1
b76541933ed3dd718f295d987a41179f9318ed8e

SHA256
625f6fc627bb35b5414b1159ea1941fe9cde192e272626fb60dadf8dd7a0b9e4

SHA512
53de89f3c3a1c4877850a5aaa83f05e1642ce0ead79950cc1d15c6fcb5d802985f1a56d12a9c3373b8f40b0648a1f203407843a17facc2033d4c5cb70e53db0c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
4e3b87dfde20367dbf933daddd907a9b

SHA1
609b4e6a3275ae7c7fb7e97dc4c0ca858ef66353

SHA256
1ab1271c13857ab1eb9e12519914d0a3482561d4a6ffd455e232b73fda63d83c

SHA512
32c67e5e3a9f4d129d8f001f0738ad6b56ee3783e01653bd9cbf1cfed609071eb0f66563e2323dc0bb84ec4fb0efc64e2b29039fa04bbefaf25091feb9311e96

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
688c4f963b78a9e4e43acde97d93fbec

SHA1
23df28d88e116c7aef6cb42906e32419152e5b86

SHA256
6d088822ba459657c39e5380421622c3aedfb4dbc27c14d5d91ccfba60cf439e

SHA512
7df975aba45a322cedeb6d74035e085ae679a3d65a65f84c6470b41093e3b13a37249faa73cadb3a941d8e50628e4326064ce63a567aab1a69bf9887b0e02606

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
12KB

MD5
01c48d287222c019527c884a6c5e31f4

SHA1
d11c68ec58f86fc5dbc33d97b25348c3edd2dbb2

SHA256
8386b381790f68cb3ec30cfae8e7fcf2d3140a1afd801f7ea966314cd1d675e1

SHA512
94581fce6f43e78aa4079e966f662ad97bfb1e10c57c34ae2b2c7e1d86944ffe80de9227723cb2393ba2d56e9321849cbd28a2a341b2a1e888370b0d102ca51b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\25227aca-88f3-43bf-8210-feb652d88a56\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\781c75fb-9895-4a99-9ada-2bc22ea76f7d\index-dir\the-real-index

Filesize
2KB

MD5
5050b9e5a1db262b0d8bb1448ca27b1d

SHA1
2592f9708f5a700c5aa510ec4d5e48f083fa3365

SHA256
cb2f6195f37f9a879b63c1193f2d2c46e1926d65bf9547148f71bdaec8301ca9

SHA512
af0cc9ac940b1a866631fb59a31261e5f77fffffe76d4d7682131566c2c36fc873d0c562b6184727a440c95cef406242a71c69230268e00656f47b2338ead149

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\781c75fb-9895-4a99-9ada-2bc22ea76f7d\index-dir\the-real-index~RFe5a3f8b.TMP

Filesize
48B

MD5
a6aacf1634a3a20ef546493022f861a7

SHA1
ec9262dc03eb85175d61b55701fc4440039a9581

SHA256
4234dc0322c93e7da04cef5f0cec514b10bbde80f5197fc90e6ee19a1ed4a1e7

SHA512
1b737429dc9705fe0328e375b64c4d71a74cdd5d7e660e145207707d731ac1244200bff82c4c92a25b0422d6cf3b62f81672030b0c1c5d87915f74ce1ac72f8e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
120B

MD5
2a04c325c7503e9bda1f90f679029130

SHA1
5b6b2957959c0251383dee7f753ba558abffe2f4

SHA256
6b1bb98f1d156c986728a873b853ce7b449188edd453a69e7c28145c84d9a282

SHA512
852e3363d0169fa0aeba984f6ac4bbfa371a7f361f00c3238f8a6536ad68e6d9dae232c7da9b3e9a214976d091c6d4aa1ee47a98f4625298ce5007e8c6f8b4c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
119B

MD5
c1bd14178cd36d2f6661d47932a523c1

SHA1
b08d862812e744f9f8e0c6436aaee136fb3d28b2

SHA256
e0c7a09bcadb5b33d8676ded1791616bd06263258284ce06b97675f048fff93e

SHA512
9205b2b0826cce77c23bc94df1656449344c03a79f5b5d33452aa2e7dc69b7b4c23ac50d75fcc7f58c90ccc26d9a6c01a07c9560438a0732444e356ecc60f094

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
178B

MD5
54f8363d80348a9f8c6216c0bd21e2a1

SHA1
92c5e70a930b495bfc15ed7004fca45f23fa849e

SHA256
e1e89f9fe0d48419e65d0d2434b01738a66b22b5cc9c15048b19cbd9b858ec7f

SHA512
164842d3af7c961362b0e66a0e4ea5a84f9242b9a13c33c7d2adc396aa43dbe38df6f14c3c319995a8dda1b14bd5ecd37013be16dedbcd15a89573a5303c4f8f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
187B

MD5
3f163d798153c6816f275645c26dc898

SHA1
f937fd7a88183770041afad04a828b877d4656c5

SHA256
2ae6c4bd527fee5ac7e10d776dc9a3a1a970bc6fdba4054ad96f7b9302d03824

SHA512
ecb610421847d7f5fe2334796fbc801e0b1b9d8083ce2b269c5339c1bfcd4fd87cb9879fd722d2572183c82badd3e1413e5a1e8f088204b793a6a528cc0e272a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
112B

MD5
3876ca42096196f8c71faf3ae1d03e00

SHA1
9427260037190b5ddd655256a190a782e6c98565

SHA256
a2b7c273501e495786cb9ba80e39eb8dc2033f5bec8a5d7f5b14c394d9b4c15f

SHA512
c698f3e3511812d86dd3c9cd7f494d0e999c78355678f8581578510d9fe9b506bf4c6e24432a7721e96aa3c4bd5ff5445d88aaf32b63b6d0b2d4f0dfee8a8f5b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
176B

MD5
7c04ca88a35d0022331c8abf69fb7641

SHA1
9f2e5be5b210e9aa8b2e45e120d4e7e7f26db257

SHA256
68c418e52113b0036bd43b5a8027a6c3caceaffaf3cf73d72cbbbe12ff30cf19

SHA512
ea5d3bd53b61825a5100ec57b7949a2453f05954f997d002b62e3c3b4c162e23f4d5b602b65bb0ab2ee8abc0c543a3b963994491a45481c975a7aa4ee55302ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
114B

MD5
391893d41387927760ef3bc299e59cc4

SHA1
93ef5d4a94edf19532789caa57996c2cc4ab4fca

SHA256
b29b1f2b703eb0657e6e9d85d72f23d705bfeb35885d0a3d8f277d0b94e0e98f

SHA512
4236c3cd82c231d2fe053d92094a2887a9485f4af9191862c8810ccf2739f357dde970a12f58df2e1667e40ec88603c1e3573bfc248cd396903cbb782d82d68f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt.tmp

Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe58bc08.TMP

Filesize
120B

MD5
90d2ebff1ff1eb456304bbd184e27b2f

SHA1
6ce2436a88d77bf497f83fe6d53941f62483a5f1

SHA256
1021ea11b9beda3a4e5220a88dca7db3160ef508cc4640d1954af5277db731dc

SHA512
bf3004cf32a8eaa3aa69d375cabf2599e288c52c2e3a8aae1c6d78402e4dbfb5e5f558fd68083333729d4856dd0c39edf28737398f6ed2a10aabea2cb2daed98

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir3376_458500762\Icons Monochrome\16.png

Filesize
216B

MD5
a4fd4f5953721f7f3a5b4bfd58922efe

SHA1
f3abed41d764efbd26bacf84c42bd8098a14c5cb

SHA256
c659d57841bb33d63f7b1334200548f207340d95e8e2ae25aac7a798a08071a3

SHA512
7fcc1ca4d6d97335e76faa65b7cfb381fb722210041bdcd3b31b0f94e15dc226eec4639547af86ae71f311f52a956dc83294c2d23f345e63b5e45e25956b2691

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
287KB

MD5
91e99850bcd58f45086b00447c26da29

SHA1
d99ec34c57e9c9840965f0838b05b0fed29e757f

SHA256
5b543dfe1636733f95f855ca06f6169973ee3bceb4ea2abb9dc78718916e5253

SHA512
0f0fc90696bc434079c40e4bf51eeea026b62830912b85b09afdf1612db14e8c99380d17ad6bb5e43a8f674ae9a51a829d9636f9e9f5357bd8c5957d2bcd22c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
287KB

MD5
ec8829faa729ab37b685fd587c5d755e

SHA1
652ada3b340e0bca144a965d8004bc9f740e6871

SHA256
3cc929842d149bfdcd4bd753200cc41b3c085a428384acb805454d67bde4717a

SHA512
a02533821e0368048961b10a5b328ed84fb9cda34a1cef3745d38ccc12646b426d70f99d3b41da2b1d1f16a23a39133d2e02ff338ecdbe99e86311890c227865

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
95KB

MD5
9e5238eaa95b80debbcfc8dc8734585d

SHA1
190f5c250b30bcb57b8e38c3925eb13e919c28f5

SHA256
a3192c96d5b23ac4592343ad869b975113a667a779a03f265b836d632c2cbdd9

SHA512
d87627a11a257766d7d15ff18280f26afc9ff1530e6ff09edfd3a0fb9e1c09b67759a8d39d151e1aae6a35443599feba73a793a0ffe54ea1dc329e1edab4624c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58f6de.TMP

Filesize
92KB

MD5
77388ec8486146048cc95c0e9277388c

SHA1
3b15e3b3527f4a0b7bbfb9cfee054d56417b99a2

SHA256
5201654be7959c6bc175e311f6558c0a80c1da3dd52b3cad7044bb685e09cb54

SHA512
933ddc82238ac9ff05c42b3bf78729e1e6e630268a25ced24c10251cb4a178610592b420a322d69af8358e64a9c027250d05679735544bb2a5f40d0f2a31b99a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\a0d3e5fb-6a34-4c35-b89a-7610863f1df1.tmp

Filesize
287KB

MD5
24e20f8e3aa1aaa859ba8e7a24c3f98d

SHA1
c10163ad7a36b63ba74cf0e672ec3dc20d92f997

SHA256
eaeb7f9d3a997852c346fa2b6fe7c3458c3b6416f0e19bc460bf21eaffd475c2

SHA512
912d286b76ec21a9b8f642d9c0ab565cf53934cbbf3a5f532a0c6794bdfc9b36d8a24b153eebf9b5d03d6b101ab6702ee64c7fe7d4402330f53416802f74f478

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\CRDFDX20\edgecompatviewlist[1].xml

Filesize
74KB

MD5
d4fc49dc14f63895d997fa4940f24378

SHA1
3efb1437a7c5e46034147cbbc8db017c69d02c31

SHA256
853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

SHA512
cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\JB9AW8HL\favicon[1].ico

Filesize
4KB

MD5
b71c63af25f44a21143174e24791fbfb

SHA1
ea7f0627f790ff60a65ea35b59f2641bb8ce8476

SHA256
7942b4ce85d40498753ec1c9ac369b1f01b2bd4c9614061f6153bc8c15f8c7ba

SHA512
b6b75d19fb7de0d473d2d65d5ed1befdc99f2b89b4568fa363da793a042f27a9ca8e79da62a263f76089e0ecf2b5a0a891e786868a60b77d9193a8c267bb22d2

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\JB9AW8HL\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Cache\Cache_Data\f_00000b

Filesize
1024KB

MD5
15edbb4d85cf503917a877d894fa0a18

SHA1
45b9165e1a659c3aabecaaf3ef8672f10541ee17

SHA256
6b99a2c0c946d59d80a1d56f795c61059cec833c904aaf6397eebd21d8129d8a

SHA512
4dc82a722cedbb945177fde76aa5f5990f81aa6cc09988949340ffc1c7ece507508b6b5f239c22388c39716cbe4bdb48d88b2fde257b8f40cdfed695a060326f

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Cache\Cache_Data\f_00001a

Filesize
844KB

MD5
238ce2fe896357b1e43d0f8bb6953470

SHA1
c2b5f823d4a4f62bcec509f0dc78c9921b0db09b

SHA256
d5cd953b92fee3f5eb31ee381145c5f522749f9b18fa8fb3c9fda401beef8005

SHA512
b08d7e1e090715b09f0a8827256478a833916d5d4d28443ec0d7ae22de376fad1ba38f4dc2f1be6cf74395e632a34de7590cc93fc468a919a51f6658b6c308a5

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
7808622afbb5a1b4ad5d492c856054ef

SHA1
6d49315b793c4849898b18742a8eb963d3c957fb

SHA256
20d134be0e6c4df15449e1563fb2d42385b929dea58254c868e7e175a8ba6630

SHA512
4e744706e2c232e3483c760219a780b50ccb991675922f9c58eb99c74ceb6b0ea99e4c0592fcd61b8be1728cad7b430c79b010e3df6add11a4b98ba97cf9c0cf

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe585b0c.TMP

Filesize
48B

MD5
4d282260cb0d569c02998dbf980826b3

SHA1
c2fe2e4a513d4e69ba86a6b4b59a8255810458bb

SHA256
a4734deb076afd0e87d862e2a31a9678cb118842e536706d1dd394dc54c469ca

SHA512
1b565b518dd03362fb40e8232cad1f2cd1fedd88b4bc4506c48337a8d2cb6c7064d2f0e861bf09603e446ef3c014483db541198888125a7e5be1426974100d57

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Google Profile.ico

Filesize
148KB

MD5
728fe78292f104659fea5fc90570cc75

SHA1
11b623f76f31ec773b79cdb74869acb08c4052cb

SHA256
d98e226bea7a9c56bfdfab3c484a8e6a0fb173519c43216d3a1115415b166d20

SHA512
91e81b91b29d613fdde24b010b1724be74f3bae1d2fb4faa2c015178248ed6a0405e2b222f4a557a6b895663c159f0bf0dc6d64d21259299e36f53d95d7067aa

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
615affaea2f109385fa74320eb174293

SHA1
cfbe052f89e5cf5ce95529e2f407260db6744980

SHA256
f570ce4388e01d480bbb1fca8188772c40c545eb71596c07cb49ef841ca5e339

SHA512
410e41d5dbdd7bb18a6a885310ba556a49991f52614c19d50b0f2d805360ddc22b471eb1a96ce3ad5d6cbea10060568e71eeda3f6da65506e1db8157b4ada9bf

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
aab9b362e942a25027d4e3820814569e

SHA1
7b7cf5b3fa6bc07d3cf3b2454c3e1bf8db47055a

SHA256
2cd0a46b0e9269b3ed3505261b9e2480c7b8ba9c28209ad5ecff7cfeac0374f2

SHA512
fc08cb2d8011d44f91877126cf0d2155f07b499fe14bb59684f52b36b48a55474b8ad08ddd7f007cd7374e6a91569e9751842376cee6fc25ef8a3074a14d74c0

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\Network Persistent State~RFe5913cc.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
42488c2e1d9efcd9cd4bff489d836a8d

SHA1
62730dcb5e626d8edf21e4952698db22087f052b

SHA256
92a825508872ee8ed4f9d6eb27108b30e67feae743892623f67c464d24b195a6

SHA512
67bb956a16057a774a7bfa0652a72c97875a43f8cf8a29f7c1af88ab6257754f0aad0458d642771dcd0f190b5b92db5dcd0184bb216475ba70d3697732e5bf58

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
6ef645e68bac825b26f3f50a2d8b3cb1

SHA1
142599bcd1dad993c70ee956d74323476057d36d

SHA256
759213f24292a37886f069c34be9f7aa56da2749b5d1ba6f82b4f9cc78915dde

SHA512
d6cb8788b327a351e3bed11c842558959a75a03f5ab5d3dd2cd6fb1e0931dd2f527327a0851f58744a6dd7ed7e8d4811b7faf31702dfa417f4d487d51112df82

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\TransportSecurity~RFe592263.TMP

Filesize
523B

MD5
95f40bb3d3f9b3eacb4d360a79d6c05e

SHA1
d934f403941e35f1099a09eddf432578f7d39557

SHA256
011b5f8aef4fb3a7b890417cffdef5b1dbe56ce4c6fad85eaf68b2e965e48926

SHA512
35962660dbf3bbbae4e863eb3a3f45c9fd4748417c2cbe5a75b20c91bfd0e56c6dbb5b32f4701a4c30f08a1a4a26d204d1f722e3ec9d82c8fc4bc70c0c7dac3f

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
5KB

MD5
86ee37355db975d8510c02ababdfb8f0

SHA1
e7987b16866c02d825424e561bb282008b35c566

SHA256
06e3e7c0cbde141f4d54f6162e75948b0bde621b39d970a1195663dd73fde033

SHA512
04f2dd5662f026aebcb6d1ffe53554d14c98413f54b50ca0d5e96bb136839087ec0c0e4c018c3d3ea3dc2678019ebfc97e7e3e68b146da912c96cce6ef4fce54

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
5KB

MD5
d0f835c27ea71f858f8bb0a3b2172d86

SHA1
9f33a4348fb780a2151820c8739ddf449ebbf9eb

SHA256
1619cdbe527da5bae25bfaf310086c297815d947d74032fbacbb42de44112227

SHA512
50db73d8ffb49eb827ab692ed1f29d7632c9a0e6493f7d22c307d999dfd762a97a61f30e6d460c91267e215564eee4b84ce1f777631f45ad6ff51b384da61493

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
5KB

MD5
d94daf8e06ca899675c1144bbb8089b1

SHA1
dabc80f586f5487c4fa57fdcca26ae360ce06042

SHA256
d151b4f3990aedc5844e84125415a904a2fd71af56df4a78cd13bab0903e59fb

SHA512
5b8e0d028002290097ec0dee48c179f4bbd6a25f8d175c0a46b3751f01fffa0c216fd1049796d7ff7f699fef51bcf86aa7412980662cac2150beabfe23844cee

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
4KB

MD5
78011dcb371343b4b7e95325b0b951c6

SHA1
8a37aeb2f5830197fb5937bc95c4ee79a7b6c530

SHA256
36bf86cb1998e583c17d40b5e8830b608ecb25823a24ba819268583b2ac0e590

SHA512
a1b9fa81a1b03b1c19503fddcd80cda7dffee6d6c8d6f6a86d573c32efabb9361e84fac58e13cbcb07cce96f464957cc5ca2e06b288c132805102b3223a04b17

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
4KB

MD5
b0783382f5667b0b38ec7a6cf44e29b8

SHA1
3d3fd28967fd6a3ac4c1eab99edba1cd33c1c005

SHA256
66f029ca2344e4caf7cb62c791aeb90dd39e3f04a03f22c52420baf94666f394

SHA512
6d4b4114d79af253e740491de21bdc4cfd799d573785f1f1a13c108a778b8210244bffa9e7f0d4e162440b62f1847807dbf20a1eca376779eb9decbf24e47fd9

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
5KB

MD5
052117027b2ef555d9287c4ad4dfb48e

SHA1
30fb55861823942e6779cfefb4aaaea8d6ea22ab

SHA256
3c2d933a184557df37ac979578e5764558cff0df5c5ea8568baaef3323bc6f6f

SHA512
693de5056f0b4b46482d5d2be3430036f986ff23556a16fa13ed20b0a5621c0d366cb1a98a9f9895217d6ae324c97a16e18bec8ac9d3e5516f6df5f49104e26b

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
5KB

MD5
0f083110842595bcd77bfc28a100cd1e

SHA1
32bedde8ada79d9ee73231475e22d7b92c76b3c6

SHA256
f12ec7c4ee631ab779f1310350c28c447c583d3b6c391d57824347a1a2f7ede8

SHA512
db1fb6053cc5e02926d301e3dedab66730fd15b11d63a786b90f110819970914eff42cad75272678ee769cfdfc3bbb3782089744c7aec0cbce744c2780af9cc3

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
5KB

MD5
1442c94dce3da4a8c22df1aeb66cf122

SHA1
67675eed2e2c6999a679f1bd69d600ec363f1ada

SHA256
6fde3912b647b9fce592ee5ec89d3eb4a438c11a8fbfd41d8f45a2e06193ef5d

SHA512
c5a3b573574c73d4e99394be276607b963f3a601fbe98ff0b538ea5344a15b3aef43cbdadf492e79e73ed58252464a968a10b2e28e263f7b25c7f150f0b6de57

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
5KB

MD5
22cd4aeb59aaf5a529c90352b40db591

SHA1
7968f0cf7ec6bd396c85df7a62d229afc56e04a6

SHA256
d4e159160dd30d968eece354e622b98784ceda160b223d774593762e88378056

SHA512
d40ba6d02badff2622bb3731b35edda2009fde01dc519ec5b4295556dba5f82336651b851ef1d36b52a11f231f0253f81579ea70ef1805daa92c70b3d1042a33

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
5KB

MD5
c41121ebac5c87499b6e7d780ec566de

SHA1
5251b41db2880fc5a18881c28534ab587264adbb

SHA256
0f049e7c5ce94b70d1bfd403ee2b6efda5c987eead1cae7fa3864ba67abe9a55

SHA512
3d83525ecf834d7624f44171cc2d428e5191c3e78bf8988a67321e8c69107be4560664614e66aecf3d8965ad36c97bf8d69df1d22871ac8fe2cc22c9ece9bc2e

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
4KB

MD5
a7954be1eba571cce457c2204ba3fe42

SHA1
220c41a2591a98066c0e2ef83863cede31b8f979

SHA256
b7972cc89968a98cf1755e2038da78e00bd3a75747cd70d2279683a16050f259

SHA512
8779a53e8dfef0a1d53db7d5badc83c4ca875383fc1d8a31dc4968faad49d9317811fa7e53cf3a3036d2b6f60d351155e20808b8beb32952d511592b3118c19f

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
5KB

MD5
7cc9a0e897da37565cfe42529e4fc690

SHA1
d34366001a5af31ca8f3fe6388d961b3e86101f1

SHA256
bcd90e5b9ad7d8f60a447ec54b4f5353ce048c3f49aedd2774faf00140cd1e8c

SHA512
e762b28508a09588c57712e5d63e3ffeb2335156d34b4b5755eebe1b7ad255bbe3b011bd0292c4eb99075a83c9793f5ff408e17db2839e29ac591c3b33d1b106

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
5KB

MD5
69df99fb8f2440a432411ae9378953d3

SHA1
0015a0969b1e9fdf8e9fc0081660e340aac1a260

SHA256
8212a06977bc62b9347567146f36bdab810cb91d2e137701d6207c481d687130

SHA512
c8b9c9f9d48575c98e8ee560aec94afb11f09aa3a996ab7fbd0d6800b8dc93790f498f0db48e67a9a682bfd6fbceaca18f351afeaee1d1b043806d1babb71a28

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
5KB

MD5
c8f342d93564117864927cf28b10ad8d

SHA1
8d1715af8a25e4093a7ec5a0ebcf0fd416323e1c

SHA256
650494db94f16f837e5cab73dd70bc40d7f4f3d165f40a52e1b45d346491b140

SHA512
1a0e59caef4a9aeb142e7f716e1b8c17f08343155ebe0b3d88bd2048f9fbd3f3797a5108e8ba1ef60d4448e6db48976fa962007624294ac42fbfac1f5fb6602f

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
5KB

MD5
729fc923b26d59d53124434e8541dcb3

SHA1
9735838463c709b90833ae221f3bc441275d9c82

SHA256
2bcfeb0c55f00668d2150816340597a18c1529bda3ecab4f2dfa626a5f9bad8c

SHA512
c493ec94c594adc171892c263cf611efd57ddba76e9f568e9c8810e1223472d0d100dd277f55784b682ced7c0719c7595a966b8b9079f4ce9411eeb7b5427af7

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences~RFe584b9a.TMP

Filesize
4KB

MD5
3b0958518335661f2f0f8a724796ba53

SHA1
37300c3cdc0a4bd8b0fe2d5caf5b37e73a01e71e

SHA256
2035d5b7ec9a336d72863ec4b9037c6d3b1db35ac55f91f390c6c745fbc6af1c

SHA512
021a8ed08d6b9af20bc34b67db4a51337148b54f5f914e7803ab72fd3739dbe5fa49b5aba949e43ef3b8ea7c4bdd0742ba7c19f366f598dc3a4706fbfc9904b9

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Sync Data\LevelDB\000001.dbtmp

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Sync Data\LevelDB\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Web Applications\_nwjs_pcapp.store\pc_app_store.ico.md5

Filesize
16B

MD5
03e9f614a008075733c76883156b568b

SHA1
5f9cb1b06928487c4b836e9dedc688e8a9650b0b

SHA256
b1a6a6fb45ad1e13054c40dc7c09e3098ee830bcf1ebaec27f640ae4c64b8416

SHA512
7e6969c8908a6bf57bd2cb4457a7c78360468383acee589278e49829617e2f3b872dd8213e57a2ed8f512d444c67a2e619deabdc1394d1c39c7759ed3c744f94

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\GraphiteDawnCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\GraphiteDawnCache\data_1

Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\GraphiteDawnCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\GraphiteDawnCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Local State

Filesize
2KB

MD5
d2cc9f79f881cb8b5863d003fe19b798

SHA1
957f207ae72474517109602acf5a6a51d405d1bd

SHA256
c97352073ab8b17aa0348552a3cb8ff37cab899335ef9d6aa7aba3fa88e3effe

SHA512
3a854cb002922f7ce7f2fb4ca737e37f5a951aa92324f360ecda8fd70feb4e8b25f505857db0893288c2b09b15b4a13d5ab44012acb29999a845c9506ab0a7d8

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Local State~RFe5823bf.TMP

Filesize
922B

MD5
b994a9c420a344bbef096da75d38a8d3

SHA1
4dadbf1b2bfb1d04e751746f25318d0c9f7ddf64

SHA256
001a7a00e99e3b89e5121f30172f70d3bfd3f08c34a9303b7861933f96a5a658

SHA512
99979a15d2fcc1871522c3188f163a5ec215ee324b99ddaea1b0146bc8ba9f698690201b4cf970a275e73883b2d2a22adf06507369320083a0a4595f0cb6a9ec

Download Submit
C:\Users\Admin\PCAppStore\PcAppStore.exe

Filesize
2.0MB

MD5
fcefc6099c1265e7f7b703c7a0154c5a

SHA1
84f13c7724e24a4416f3d65c143f013d9e9dfcfc

SHA256
4a223cf0623913c903cfc2c0a1a8450405244d8b86c1020e970cbdf8e7a30184

SHA512
d4d1a0d781ca851c9738c5981f13eb023092ce71e0cd04b3ed8dcc942a8ece54b9a031230e300bbdaa4486792f75af768fdbb882b430f5915bec85bcc66cf3f5

Download Submit
C:\Users\Admin\PCAppStore\PcAppStoreWatchdog.exe

Filesize
270KB

MD5
5e28dd3006a64174ff0f82469540712e

SHA1
803b328a407aa6799a86b3555c55b5b29c0b01f1

SHA256
d3ed2cd4c44b76cfef67934280f5952cca28a66e096f87f05b6ea1a64ee3f7ac

SHA512
fcc3b6a708fb0acf083da0ca853b3560d62ee2f23238b1d1d7bb9b93e4ee5dcdba29d41b9043af55c8168c3ac865b4a747b79c1fd5ea573169ec155e376a0aa9

Download Submit
C:\Users\Admin\PCAppStore\Temp\tempPOSTData

Filesize
2KB

MD5
fb87c0ca2eabaa43dca5d302e956a6bd

SHA1
7f4a06790e1ed2fd49f3c55d6154a80554b61bc5

SHA256
09baa5d5f10d724a950191b6002860fc2a5e0ffb6399cdd0b43e65503f6c3c57

SHA512
932746deb03de7c7f5f41deae793afac615f14632f5274e023e586375e0f52bb166b6cb3a4395b4b0e8dc607717068edde3e1a14bfcfe73fc16026e329545960

Download Submit
C:\Users\Admin\PCAppStore\Temp\tempPOSTResponse

Filesize
73B

MD5
3024a54e0c352abe5eb5f753ca4828da

SHA1
df0206851654405c8e5c2d3bc96fb536b8c2dcbf

SHA256
3cd0a703506c7394d6115d9ff721516560894358aef07459f30d8930df6c3b61

SHA512
d9d44051df56b29aa596ee38463b781dbe27f917f7dae1b2420122616da108520429dda58c75c7e6b2d41093f83c5a4bae96024885af3956f23a3ce5bd3f9358

Download Submit
C:\Users\Admin\PCAppStore\nwjs\NW_store.exe

Filesize
2.2MB

MD5
e472e46bdfd736351d4b086b4c4ca134

SHA1
1aa886f0cb23b3d322a43be797d411fca84d82a7

SHA256
e825a252b5c5c9c2de8a6a6ade12a7f9cd0040f6a20e6ee44ba659034e6d5223

SHA512
173f5a7abdfea01c9c21ec716cba14eec4539da45e5734b3fd1e0688e1c22e4718bd701c25c8040d20cf48867e2a67ef2aba46380bab9ab1f7a42bd66fd33afb

Download Submit
C:\Users\Admin\PCAppStore\nwjs\ffmpeg.dll

Filesize
1.9MB

MD5
5fff6f0423a38bfaf174cb670650f4f9

SHA1
13ecd1c4784a5a178a998e9fc0dc08f556121712

SHA256
d4e6fc4e1bc6cb5b3ef7010e61d3a65e97804fb20346cee657688339075b2727

SHA512
e6ff0ea9f6196470f6e094d0ab655fb527c28fc2b2a5d126a10c1f4185c0dff5ed4f19e7ed717d67df324562b7aa56ed87aa0bd396a6ba722d3141b9f30fc41b

Download Submit
C:\Users\Admin\PCAppStore\nwjs\icudtl.dat

Filesize
10.2MB

MD5
e0f1ad85c0933ecce2e003a2c59ae726

SHA1
a8539fc5a233558edfa264a34f7af6187c3f0d4f

SHA256
f5170aa2b388d23bebf98784dd488a9bcb741470384a6a9a8d7a2638d768defb

SHA512
714ed5ae44dfa4812081b8de42401197c235a4fa05206597f4c7b4170dd37e8360cc75d176399b735c9aec200f5b7d5c81c07b9ab58cbca8dc08861c6814fb28

Download Submit
C:\Users\Admin\PCAppStore\nwjs\libglesv2.dll

Filesize
7.7MB

MD5
6cd8726beefcfa69b48eab1362a5cad5

SHA1
f4249179b86c0a870c55e6c5a263180c77017e81

SHA256
2636da528edcaec9834255a92411bd5da921d793825d74ceb997e336a0dbd393

SHA512
0f6600315b0e1b5371bb39290e5417ebaa0f3c7fb47eef32d73afce299722a426dd244fd3775d88fceb6f170f16b23b099244ee825f7f8185d58f1bf28583515

Download Submit
C:\Users\Admin\PCAppStore\nwjs\locales\bg.pak.info

Filesize
1.0MB

MD5
82d7ab0ff6c34db264fd6778818f42b1

SHA1
eb508bd01721ba67f7daad55ba8e7acdb0a096eb

SHA256
e84331e84cd61d8bdacc574d5186fb259c00467513aa3f2090406330f68a45db

SHA512
176458b03cc2b2d3711965cd277531e002ae55d284b6c9178d2353e268f882430235468e5a1e9e45c8427864d109cf30a024a993b4763a75fa2744f6e0a6ae2a

Download Submit
C:\Users\Admin\PCAppStore\nwjs\locales\en-US.pak

Filesize
453KB

MD5
4b6300c27e7575c32888c1f3364d5346

SHA1
c5f5e1d3524acc96fb4e18c08b02f54abf83c3d4

SHA256
0945c89b16d4feba346e85e14792b772dcc6278f7dca7fb099a6100c93e79740

SHA512
3f21b6f4a3e18755b355ce5f20384d549b3f723104a67c67ae521d2c4544aa3095fada8855a0cc1a10e7c5bf3e8f55d061ab2dcec210f76101a61d9484d4ee6f

Download Submit
C:\Users\Admin\PCAppStore\nwjs\nw_100_percent.pak

Filesize
669KB

MD5
9b46f4c8dfc0a55bfafac55f17d7659b

SHA1
d25f27df176aadb67bc56a42262bccafd14af4f4

SHA256
b637ae345b830649b4027f39f6ee48f92484a2acb65de498e4fdd84ec1010336

SHA512
de5f500afe381a16e3ff7ddcb5c8aa538362e55222f7915276bb4c9261e41cbc2403ca1663a7dbf0706d8d51abc420e26804f67cfd646d7986130a20a659f345

Download Submit
C:\Users\Admin\PCAppStore\nwjs\nw_200_percent.pak

Filesize
1.0MB

MD5
f666b710da2bed9ac0252c1fa1d00c4a

SHA1
0d8288fde82c2f3b7bd006fcf4cb92246aefaf6d

SHA256
f1ab589cfd40fb17a7c390b45ffad8fcf90c133fff1d14ca5bfc7053a21dc241

SHA512
982bb5ea2c14170d47e150dc8692ebe316ec5d6b584377020c1f58ae0632748cb631182a6bfad2f909ef6b818b012527367a36d8681b5b56dc735b8ccaf7b52f

Download Submit
C:\Users\Admin\PCAppStore\nwjs\resources.pak

Filesize
4.4MB

MD5
0f1d45867b591d67b0301ee8c4ad5f7b

SHA1
f5fb6378c13912df079efee44476fc1b4666ef24

SHA256
a2434429fea5b3344426e388f9a2191e10449103e933ef7f0cdbf4638f22380d

SHA512
1db79c82e67547a76d3d479168ee12899e7e03d8c065239976e0a490804182290b76829e483e8f18f7feafe7e819d2784c507d7abcdab917b62d78696059ee80

Download Submit
C:\Users\Admin\PCAppStore\nwjs\v8_context_snapshot.bin

Filesize
670KB

MD5
e68978443ddafd40434c87818c90d338

SHA1
c38fc19a469e6c9af4699abfe00c5ffe39501726

SHA256
7ac9fb58f00e735e266730fefc25d1b3c4b58ec789d5540f0424e746712cd9dc

SHA512
d9a7998a70e63ed8375052329033e83eebdb6f856ffde3c1077a450f985e379d04778eb30ad29cdaaabd33f4ed4437f8c18c73153b58375a8cd8ab26d8a64d54

Download Submit
C:\Users\Admin\PCAppStore\ui\package.json

Filesize
2KB

MD5
ba0268049bd46633f0423f58b70a6766

SHA1
b5ace19636832d4c9f4234a041a2399d10b1688c

SHA256
dc5928240fa75562c9de99e07584bb878b5f1697f6fa7876dddbc53409cd22ce

SHA512
e6e8e0d889c54ff57141e4c7515d9ffc8b1f9951ab65754d805150a67e1bd43d3894277792416ea76d36525ef2301af088a47e552b1a954e9b3afc9274407ec7

Download Submit
\Users\Admin\AppData\Local\Temp\nskB930.tmp\Math.dll

Filesize
67KB

MD5
85428cf1f140e5023f4c9d179b704702

SHA1
1b51213ddbaedfffb7e7f098f172f1d4e5c9efba

SHA256
8d9a23dd2004b68c0d2e64e6c6ad330d0c648bffe2b9f619a1e9760ef978207a

SHA512
dfe7f9f3030485caf30ec631424120030c3985df778993342a371bf1724fa84aa885b4e466c6f6b356d99cc24e564b9c702c7bcdd33052172e0794c2fdecce59

Download Submit
\Users\Admin\AppData\Local\Temp\nst5C98.tmp\System.dll

Filesize
12KB

MD5
cff85c549d536f651d4fb8387f1976f2

SHA1
d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e

SHA256
8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8

SHA512
531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

Download Submit
\Users\Admin\AppData\Local\Temp\nst5C98.tmp\inetc.dll

Filesize
38KB

MD5
a35cdc9cf1d17216c0ab8c5282488ead

SHA1
ed8e8091a924343ad8791d85e2733c14839f0d36

SHA256
a793929232afb78b1c5b2f45d82094098bcf01523159fad1032147d8d5f9c4df

SHA512
0f15b00d0bf2aabd194302e599d69962147b4b3ef99e5a5f8d5797a7a56fd75dd9db0a667cfba9c758e6f0dab9ced126a9b43948935fe37fc31d96278a842bdf

Download Submit
\Users\Admin\AppData\Local\Temp\nst5C98.tmp\nsDialogs.dll

Filesize
9KB

MD5
6c3f8c94d0727894d706940a8a980543

SHA1
0d1bcad901be377f38d579aafc0c41c0ef8dcefd

SHA256
56b96add1978b1abba286f7f8982b0efbe007d4a48b3ded6a4d408e01d753fe2

SHA512
2094f0e4bb7c806a5ff27f83a1d572a5512d979eefda3345baff27d2c89e828f68466d08c3ca250da11b01fc0407a21743037c25e94fbe688566dd7deaebd355

Download Submit
\Users\Admin\AppData\Local\Temp\nst5C98.tmp\nsJSON.dll

Filesize
23KB

MD5
f4d89d9a2a3e2f164aea3e93864905c9

SHA1
4d4e05ee5e4e77a0631a3dd064c171ba2e227d4a

SHA256
64b3efdf3de54e338d4db96b549a7bdb7237bb88a82a0a63aef570327a78a6fb

SHA512
dbda3fe7ca22c23d2d0f2a5d9d415a96112e2965081582c7a42c139a55c5d861a27f0bd919504de4f82c59cf7d1b97f95ed5a55e87d574635afdb7eb2d8cadf2

Download Submit
\Users\Admin\PCAppStore\nwjs\d3dcompiler_47.dll

Filesize
4.7MB

MD5
2191e768cc2e19009dad20dc999135a3

SHA1
f49a46ba0e954e657aaed1c9019a53d194272b6a

SHA256
7353f25dc5cf84d09894e3e0461cef0e56799adbc617fce37620ca67240b547d

SHA512
5adcb00162f284c16ec78016d301fc11559dd0a781ffbeff822db22efbed168b11d7e5586ea82388e9503b0c7d3740cf2a08e243877f5319202491c8a641c970

Download Submit
\Users\Admin\PCAppStore\nwjs\nw_elf.dll

Filesize
1.1MB

MD5
364f839ca8de4d942270d9097d48ef15

SHA1
82c8040dc2a733eb3ea3e051513c84f992bb17f1

SHA256
a4e521c12fe47816f2d9e2dfed9fd074e370ec587d0a0f3a03b5aebb76c06560

SHA512
baf1ed5e558dc0ae037fe0dff036792cfbd338915c8af99d10f0202b92ca820298657a86a0f3e8c1387326fda34de3ee08649c34af2417159a24aed9ced02df3

Download Submit
memory/2280-86-0x0000018573BC0000-0x0000018573CC0000-memory.dmp

Filesize
1024KB

Download
memory/2280-84-0x0000018573BC0000-0x0000018573CC0000-memory.dmp

Filesize
1024KB

Download
memory/4340-30-0x000002AB37020000-0x000002AB37030000-memory.dmp

Filesize
64KB

Download
memory/4340-46-0x000002AB37120000-0x000002AB37130000-memory.dmp

Filesize
64KB

Download
memory/4340-65-0x000002AB362A0000-0x000002AB362A2000-memory.dmp

Filesize
8KB

Download
memory/4732-129-0x000001F72C8F0000-0x000001F72C8F2000-memory.dmp

Filesize
8KB

Download
memory/4732-99-0x000001F71BB00000-0x000001F71BC00000-memory.dmp

Filesize
1024KB

Download
memory/4732-119-0x000001F72C320000-0x000001F72C322000-memory.dmp

Filesize
8KB

Download
memory/4732-121-0x000001F72C7F0000-0x000001F72C7F2000-memory.dmp

Filesize
8KB

Download
memory/4732-125-0x000001F72C8B0000-0x000001F72C8B2000-memory.dmp

Filesize
8KB

Download
memory/4732-123-0x000001F72C890000-0x000001F72C892000-memory.dmp

Filesize
8KB

Download
memory/4732-133-0x000001F72CBD0000-0x000001F72CBD2000-memory.dmp

Filesize
8KB

Download
memory/4732-131-0x000001F72CBB0000-0x000001F72CBB2000-memory.dmp

Filesize
8KB

Download
memory/4732-324-0x000001F72C0A0000-0x000001F72C0B0000-memory.dmp

Filesize
64KB

Download
memory/4732-127-0x000001F72C8D0000-0x000001F72C8D2000-memory.dmp

Filesize
8KB

Download
memory/4732-138-0x000001F72D820000-0x000001F72D840000-memory.dmp

Filesize
128KB

Download
memory/4732-326-0x000001F72C0A0000-0x000001F72C0B0000-memory.dmp

Filesize
64KB

Download
memory/4732-328-0x000001F72C0A0000-0x000001F72C0B0000-memory.dmp

Filesize
64KB

Download