Analysis Overview
SHA256
2a90929580395d5f6155f09fc76682bd036ee72d72573c83763e4a7ef4510d4e
Threat Level: Known bad
The file $RAGT9PA.exe was found to be: Known bad.
Malicious Activity Summary
RisePro
Downloads MZ/PE file
Checks computer location settings
Executes dropped EXE
Loads dropped DLL
Adds Run key to start application
Checks installed software on the system
Drops file in Windows directory
Unsigned PE
Enumerates physical storage devices
Program crash
Suspicious behavior: MapViewOfSection
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Checks SCSI registry key(s)
Suspicious use of FindShellTrayWindow
Suspicious use of AdjustPrivilegeToken
Enumerates system info in registry
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
NTFS ADS
Modifies data under HKEY_USERS
Modifies registry class
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-21 18:32
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-21 18:32
Reported
2024-06-21 18:34
Platform
win10-20240404-en
Max time kernel
135s
Max time network
137s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 4144 wrote to memory of 4644 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 4144 wrote to memory of 4644 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 4144 wrote to memory of 4644 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\inetc.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\inetc.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4644 -s 628
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 66.43.201.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.117.168.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.58.20.217.in-addr.arpa | udp |
Files
Analysis: behavioral4
Detonation Overview
Submitted
2024-06-21 18:32
Reported
2024-06-21 18:34
Platform
win10-20240404-en
Max time kernel
133s
Max time network
135s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 4920 wrote to memory of 3244 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 4920 wrote to memory of 3244 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 4920 wrote to memory of 3244 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsDialogs.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsDialogs.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3244 -s 648
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 64.43.201.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.16.208.104.in-addr.arpa | udp |
Files
Analysis: behavioral5
Detonation Overview
Submitted
2024-06-21 18:32
Reported
2024-06-21 18:34
Platform
win10-20240404-en
Max time kernel
78s
Max time network
80s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 4864 wrote to memory of 4376 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 4864 wrote to memory of 4376 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 4864 wrote to memory of 4376 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsJSON.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsJSON.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4376 -s 624
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 66.43.201.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-21 18:32
Reported
2024-06-21 18:35
Platform
win10-20240404-en
Max time kernel
209s
Max time network
211s
Command Line
Signatures
RisePro
Downloads MZ/PE file
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\$RAGT9PA.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\PCAppStore\nwjs\NW_store.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\PCAppStore\nwjs\NW_store.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\PCAppStore\nwjs\NW_store.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\nsl6FC3.tmp | N/A |
| N/A | N/A | C:\Users\Admin\PCAppStore\PcAppStore.exe | N/A |
| N/A | N/A | C:\Users\Admin\PCAppStore\PcAppStoreWatchdog.exe | N/A |
| N/A | N/A | C:\Users\Admin\PCAppStore\nwjs\NW_store.exe | N/A |
| N/A | N/A | C:\Users\Admin\PCAppStore\nwjs\NW_store.exe | N/A |
| N/A | N/A | C:\Users\Admin\PCAppStore\nwjs\NW_store.exe | N/A |
| N/A | N/A | C:\Users\Admin\PCAppStore\nwjs\NW_store.exe | N/A |
| N/A | N/A | C:\Users\Admin\PCAppStore\nwjs\NW_store.exe | N/A |
| N/A | N/A | C:\Users\Admin\PCAppStore\nwjs\NW_store.exe | N/A |
| N/A | N/A | C:\Users\Admin\PCAppStore\nwjs\NW_store.exe | N/A |
| N/A | N/A | C:\Users\Admin\PCAppStore\nwjs\NW_store.exe | N/A |
| N/A | N/A | C:\Users\Admin\PCAppStore\nwjs\NW_store.exe | N/A |
| N/A | N/A | C:\Users\Admin\PCAppStore\nwjs\NW_store.exe | N/A |
| N/A | N/A | C:\Users\Admin\PCAppStore\nwjs\NW_store.exe | N/A |
| N/A | N/A | C:\Users\Admin\PCAppStore\nwjs\NW_store.exe | N/A |
Loads dropped DLL
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Windows\CurrentVersion\Run\PCAppStore = "\"C:\\Users\\Admin\\PCAppStore\\PCAppStore.exe\" /init default" | C:\Users\Admin\AppData\Local\Temp\nsl6FC3.tmp | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Windows\CurrentVersion\Run\PcAppStoreUpdater = "\"C:\\Users\\Admin\\PCAppStore\\AutoUpdater.exe\" /i" | C:\Users\Admin\AppData\Local\Temp\nsl6FC3.tmp | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Windows\CurrentVersion\Run\PcAppStoreWatchdog = "\"C:\\Users\\Admin\\PCAppStore\\PcAppStoreWatchdog.exe\" /guid=98F325B1-1085-43B7-8E27-43D9CDB6EA3FX /rid=20240621183256.298240640468 /ver=fa.1091o" | C:\Users\Admin\AppData\Local\Temp\nsl6FC3.tmp | N/A |
Checks installed software on the system
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| File opened for modification | C:\Windows\Debug\ESE.TXT | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
Enumerates physical storage devices
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Users\Admin\PCAppStore\nwjs\NW_store.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Users\Admin\PCAppStore\nwjs\NW_store.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Users\Admin\PCAppStore\nwjs\NW_store.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Internet Explorer\Main | C:\Windows\system32\browser_broker.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Internet Explorer\Main | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Users\Admin\PCAppStore\nwjs\NW_store.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133634683940978873" | C:\Users\Admin\PCAppStore\nwjs\NW_store.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\NGC\SoftLockoutVolatileKey | \??\c:\windows\system32\svchost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Explorer\Main | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 37bc035e09c4da01 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$http://www.typepad.com/ | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BingPageData | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{A8A88C49-5EB2-4990-A1A2-08760 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BingPageData\RulesFileNextUpdateDate = "425156855" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\OneTimeCleanup = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OnlineHistory | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$WordPress | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\CTLs | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath\dummySetting = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\LowMic | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\IETld\LowMic | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI\IsSignedIn = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Revision = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DeviceId = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionHigh = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = a8f7df5d09c4da01 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History\CacheLimit = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListDOSTime = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VendorId = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History\CacheLimit = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\FileNames | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA\CTLs | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionHigh = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus\CIPolicyState = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\"" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\LastCleanup = 74227c6309c4da01 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\TreeView = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 0b07ea7109c4da01 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\PrivacyAdvanced = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\SignaturePolicy = 06000000 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus\DynamicCodePolicy = 05000000 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modif = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\NextUpdateDate = "425759720" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$blogger | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$Telligent | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\FileVersion = "2016061511" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust\Certificates | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\CIPolicyState = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\DisallowDefaultBrowserPrompt = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Content\CachePrefix | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\PCAppStore\assets\images\css2?family=Inter:wght@400;500;600;700&family=Open+Sans:wght@400;600;700&family=Roboto:wght@400;500;700&display=swap | C:\Users\Admin\PCAppStore\nwjs\NW_store.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: MapViewOfSection
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\$RAGT9PA.exe
"C:\Users\Admin\AppData\Local\Temp\$RAGT9PA.exe"
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x40c
C:\Users\Admin\AppData\Local\Temp\nsl6FC3.tmp
"C:\Users\Admin\AppData\Local\Temp\nsl6FC3.tmp" /internal 1718922877654342 /force
C:\Users\Admin\PCAppStore\PcAppStore.exe
"C:\Users\Admin\PCAppStore\PcAppStore.exe" /init default
C:\Users\Admin\PCAppStore\PcAppStoreWatchdog.exe
"C:\Users\Admin\PCAppStore\PcAppStoreWatchdog.exe" /guid=98F325B1-1085-43B7-8E27-43D9CDB6EA3FX /rid=20240621183256.298240640468 /ver=fa.1091o
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Users\Admin\PCAppStore\nwjs\NW_store.exe
.\nwjs\NW_store.exe .\ui\.
C:\Users\Admin\PCAppStore\nwjs\NW_store.exe
C:\Users\Admin\PCAppStore\nwjs\NW_store.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\pc_app_store\User Data" /prefetch:4 --monitor-self --monitor-self-argument=--type=crashpad-handler "--monitor-self-argument=--user-data-dir=C:\Users\Admin\AppData\Local\pc_app_store\User Data" --monitor-self-argument=/prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\pc_app_store\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\pc_app_store\User Data" --annotation=plat=Win64 --annotation=prod=pc_app_store --annotation=ver=0.1.0 --initial-client-data=0x284,0x288,0x28c,0x280,0x290,0x7ffa2180a960,0x7ffa2180a970,0x7ffa2180a980
C:\Users\Admin\PCAppStore\nwjs\NW_store.exe
C:\Users\Admin\PCAppStore\nwjs\NW_store.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\pc_app_store\User Data" /prefetch:4 --no-periodic-tasks --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\pc_app_store\User Data\Crashpad" --annotation=plat=Win64 --annotation=prod=pc_app_store --annotation=ver=0.1.0 --initial-client-data=0x168,0x16c,0x170,0x130,0x174,0x7ff6d9e58a60,0x7ff6d9e58a70,0x7ff6d9e58a80
C:\Users\Admin\PCAppStore\nwjs\NW_store.exe
"C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=gpu-process --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --no-appcompat-clear --start-stack-profiler --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1924 --field-trial-handle=1928,i,3246967641921967596,218835699009061578,262144 --variations-seed-version /prefetch:2
C:\Users\Admin\PCAppStore\nwjs\NW_store.exe
"C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --no-appcompat-clear --start-stack-profiler --mojo-platform-channel-handle=1932 --field-trial-handle=1928,i,3246967641921967596,218835699009061578,262144 --variations-seed-version /prefetch:3
C:\Users\Admin\PCAppStore\nwjs\NW_store.exe
"C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --no-appcompat-clear --mojo-platform-channel-handle=2056 --field-trial-handle=1928,i,3246967641921967596,218835699009061578,262144 --variations-seed-version /prefetch:8
C:\Users\Admin\PCAppStore\nwjs\NW_store.exe
"C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --nwjs --extension-process --no-appcompat-clear --no-sandbox --file-url-path-alias="/gen=C:\Users\Admin\PCAppStore\nwjs\gen" --no-zygote --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2980 --field-trial-handle=1928,i,3246967641921967596,218835699009061578,262144 --variations-seed-version /prefetch:2
C:\Users\Admin\PCAppStore\nwjs\NW_store.exe
"C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --no-appcompat-clear --mojo-platform-channel-handle=4204 --field-trial-handle=1928,i,3246967641921967596,218835699009061578,262144 --variations-seed-version /prefetch:8
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Users\Admin\PCAppStore\nwjs\NW_store.exe
"C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --no-appcompat-clear --mojo-platform-channel-handle=4304 --field-trial-handle=1928,i,3246967641921967596,218835699009061578,262144 --variations-seed-version /prefetch:8
\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s NgcSvc
\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s DeviceAssociationService
\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s NgcCtnrSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffa0c869758,0x7ffa0c869768,0x7ffa0c869778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1636 --field-trial-handle=1784,i,12899513882329150784,17491032592219954965,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2012 --field-trial-handle=1784,i,12899513882329150784,17491032592219954965,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2076 --field-trial-handle=1784,i,12899513882329150784,17491032592219954965,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2880 --field-trial-handle=1784,i,12899513882329150784,17491032592219954965,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2888 --field-trial-handle=1784,i,12899513882329150784,17491032592219954965,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4460 --field-trial-handle=1784,i,12899513882329150784,17491032592219954965,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4600 --field-trial-handle=1784,i,12899513882329150784,17491032592219954965,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4784 --field-trial-handle=1784,i,12899513882329150784,17491032592219954965,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4824 --field-trial-handle=1784,i,12899513882329150784,17491032592219954965,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4960 --field-trial-handle=1784,i,12899513882329150784,17491032592219954965,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4964 --field-trial-handle=1784,i,12899513882329150784,17491032592219954965,131072 /prefetch:8
C:\Users\Admin\PCAppStore\nwjs\NW_store.exe
"C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --no-appcompat-clear --mojo-platform-channel-handle=3508 --field-trial-handle=1928,i,3246967641921967596,218835699009061578,262144 --variations-seed-version /prefetch:8
C:\Users\Admin\PCAppStore\nwjs\NW_store.exe
"C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --no-appcompat-clear --mojo-platform-channel-handle=4476 --field-trial-handle=1928,i,3246967641921967596,218835699009061578,262144 --variations-seed-version /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5320 --field-trial-handle=1784,i,12899513882329150784,17491032592219954965,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3720 --field-trial-handle=1784,i,12899513882329150784,17491032592219954965,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5536 --field-trial-handle=1784,i,12899513882329150784,17491032592219954965,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5412 --field-trial-handle=1784,i,12899513882329150784,17491032592219954965,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5752 --field-trial-handle=1784,i,12899513882329150784,17491032592219954965,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5356 --field-trial-handle=1784,i,12899513882329150784,17491032592219954965,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=6040 --field-trial-handle=1784,i,12899513882329150784,17491032592219954965,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5436 --field-trial-handle=1784,i,12899513882329150784,17491032592219954965,131072 /prefetch:1
C:\Users\Admin\PCAppStore\nwjs\NW_store.exe
"C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --no-appcompat-clear --start-stack-profiler --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=4344 --field-trial-handle=1928,i,3246967641921967596,218835699009061578,262144 --variations-seed-version /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=1712 --field-trial-handle=1784,i,12899513882329150784,17491032592219954965,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=6020 --field-trial-handle=1784,i,12899513882329150784,17491032592219954965,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5292 --field-trial-handle=1784,i,12899513882329150784,17491032592219954965,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5132 --field-trial-handle=1784,i,12899513882329150784,17491032592219954965,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=4800 --field-trial-handle=1784,i,12899513882329150784,17491032592219954965,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=4672 --field-trial-handle=1784,i,12899513882329150784,17491032592219954965,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=2888 --field-trial-handle=1784,i,12899513882329150784,17491032592219954965,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5968 --field-trial-handle=1784,i,12899513882329150784,17491032592219954965,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5844 --field-trial-handle=1784,i,12899513882329150784,17491032592219954965,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5368 --field-trial-handle=1784,i,12899513882329150784,17491032592219954965,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5232 --field-trial-handle=1784,i,12899513882329150784,17491032592219954965,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5092 --field-trial-handle=1784,i,12899513882329150784,17491032592219954965,131072 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | pcapp.store | udp |
| US | 209.222.21.115:443 | pcapp.store | tcp |
| US | 8.8.8.8:53 | 25.24.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 115.21.222.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | delivery.pcapp.store | udp |
| GB | 89.187.167.4:443 | delivery.pcapp.store | tcp |
| US | 209.222.21.115:443 | pcapp.store | tcp |
| US | 209.222.21.115:443 | pcapp.store | tcp |
| US | 8.8.8.8:53 | 4.167.187.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.97.55.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | repository.pcapp.store | udp |
| GB | 195.181.164.19:443 | repository.pcapp.store | tcp |
| GB | 195.181.164.19:443 | repository.pcapp.store | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 172.217.169.67:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| GB | 172.217.169.67:80 | o.pki.goog | tcp |
| GB | 172.217.169.67:80 | o.pki.goog | tcp |
| US | 209.222.21.115:443 | pcapp.store | tcp |
| US | 209.222.21.115:443 | pcapp.store | tcp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.164.181.195.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | google.com | udp |
| GB | 142.250.179.226:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.179.226:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.179.226:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.178.14:443 | google.com | tcp |
| GB | 142.250.178.14:443 | google.com | tcp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| BE | 64.233.166.156:443 | stats.g.doubleclick.net | tcp |
| BE | 64.233.166.156:443 | stats.g.doubleclick.net | tcp |
| US | 216.239.34.36:443 | region1.analytics.google.com | tcp |
| US | 216.239.34.36:443 | region1.analytics.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 226.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.166.233.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| GB | 142.250.200.3:443 | www.google.co.uk | tcp |
| GB | 142.250.200.3:443 | www.google.co.uk | tcp |
| GB | 142.250.200.3:443 | www.google.co.uk | tcp |
| GB | 142.250.200.3:443 | www.google.co.uk | tcp |
| US | 8.8.8.8:53 | 3.200.250.142.in-addr.arpa | udp |
| US | 209.222.21.115:443 | pcapp.store | tcp |
| US | 209.222.21.115:443 | pcapp.store | tcp |
| US | 8.8.8.8:53 | d74queuslupub.cloudfront.net | udp |
| GB | 18.244.114.121:443 | d74queuslupub.cloudfront.net | tcp |
| US | 8.8.8.8:53 | 121.114.244.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.178.204.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.216.138.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.19.199.152.in-addr.arpa | udp |
| US | 209.222.21.115:443 | pcapp.store | tcp |
| US | 8.8.8.8:53 | pcapp.store | udp |
| US | 8.8.8.8:53 | pcapp.store | udp |
| US | 45.32.1.23:443 | pcapp.store | tcp |
| US | 8.8.8.8:53 | 23.1.32.45.in-addr.arpa | udp |
| US | 209.222.21.115:80 | pcapp.store | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 209.222.21.115:443 | pcapp.store | tcp |
| US | 209.222.21.115:443 | pcapp.store | tcp |
| US | 209.222.21.115:443 | pcapp.store | tcp |
| US | 209.222.21.115:443 | pcapp.store | tcp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 209.222.21.115:443 | pcapp.store | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 209.222.21.115:443 | pcapp.store | tcp |
| US | 209.222.21.115:443 | pcapp.store | tcp |
| US | 8.8.4.4:443 | dns.google | udp |
| US | 8.8.8.8:53 | repcdn.pcapp.store | udp |
| US | 209.222.21.115:443 | pcapp.store | tcp |
| US | 209.222.21.115:443 | pcapp.store | tcp |
| US | 209.222.21.115:443 | pcapp.store | tcp |
| US | 209.222.21.115:443 | pcapp.store | tcp |
| US | 209.222.21.115:443 | pcapp.store | tcp |
| US | 209.222.21.115:443 | pcapp.store | tcp |
| US | 209.222.21.115:443 | pcapp.store | tcp |
| US | 209.222.21.115:443 | pcapp.store | tcp |
| US | 209.222.21.115:443 | pcapp.store | tcp |
| US | 209.222.21.115:443 | pcapp.store | tcp |
| US | 209.222.21.115:443 | pcapp.store | tcp |
| GB | 195.181.164.15:443 | tcp | |
| GB | 195.181.164.15:443 | tcp | |
| GB | 195.181.164.15:443 | tcp | |
| GB | 195.181.164.15:443 | tcp | |
| GB | 195.181.164.15:443 | tcp | |
| GB | 195.181.164.15:443 | tcp | |
| GB | 195.181.164.14:443 | tcp | |
| GB | 195.181.164.14:443 | tcp | |
| GB | 195.181.164.14:443 | tcp | |
| GB | 195.181.164.14:443 | tcp | |
| GB | 195.181.164.14:443 | tcp | |
| GB | 195.181.164.14:443 | tcp | |
| GB | 195.181.164.19:443 | repcdn.pcapp.store | tcp |
| GB | 195.181.164.19:443 | repcdn.pcapp.store | tcp |
| GB | 195.181.164.19:443 | repcdn.pcapp.store | tcp |
| US | 8.8.8.8:53 | repository.pcapp.store | udp |
| GB | 89.187.167.7:443 | repository.pcapp.store | tcp |
| GB | 89.187.167.7:443 | repository.pcapp.store | tcp |
| GB | 89.187.167.7:443 | repository.pcapp.store | tcp |
| GB | 89.187.167.7:443 | repository.pcapp.store | tcp |
| GB | 89.187.167.7:443 | repository.pcapp.store | tcp |
| GB | 89.187.167.7:443 | repository.pcapp.store | tcp |
| GB | 89.187.167.7:443 | repository.pcapp.store | tcp |
| US | 8.8.8.8:53 | 4.4.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.181.195.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.164.181.195.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.167.187.89.in-addr.arpa | udp |
| GB | 89.187.167.7:443 | repository.pcapp.store | tcp |
| GB | 89.187.167.7:443 | repository.pcapp.store | tcp |
| US | 8.8.8.8:53 | ev.pcapp.store | udp |
| US | 147.182.211.77:443 | ev.pcapp.store | tcp |
| US | 8.8.8.8:53 | 77.211.182.147.in-addr.arpa | udp |
| US | 8.8.8.8:53 | evcs-ocsp.ws.symantec.com | udp |
| US | 152.199.19.74:80 | evcs-ocsp.ws.symantec.com | tcp |
| US | 8.8.8.8:53 | 74.19.199.152.in-addr.arpa | udp |
| GB | 216.58.212.234:443 | tcp | |
| US | 8.8.8.8:53 | 234.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | 195.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 142.250.187.238:443 | clients2.google.com | tcp |
| US | 8.8.8.8:53 | 238.179.250.142.in-addr.arpa | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | 76.234.34.23.in-addr.arpa | udp |
| BE | 88.221.83.200:443 | www.bing.com | tcp |
| BE | 88.221.83.200:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 128.233.34.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.83.221.88.in-addr.arpa | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| US | 147.182.211.77:443 | ev.pcapp.store | tcp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 142.250.180.10:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | 10.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | id.google.com | udp |
| GB | 142.250.180.3:443 | id.google.com | tcp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| GB | 216.58.204.86:443 | i.ytimg.com | tcp |
| GB | 216.58.204.86:443 | i.ytimg.com | tcp |
| GB | 216.58.204.86:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | 3.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 216.58.204.86:443 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| GB | 216.58.213.6:443 | static.doubleclick.net | tcp |
| GB | 172.217.169.74:443 | jnn-pa.googleapis.com | udp |
| GB | 142.250.179.238:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | fluxus-team.net | udp |
| US | 172.67.222.110:443 | fluxus-team.net | tcp |
| US | 172.67.222.110:443 | fluxus-team.net | tcp |
| GB | 142.250.180.2:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | stats.wp.com | udp |
| US | 172.67.222.110:443 | fluxus-team.net | udp |
| US | 8.8.8.8:53 | 6.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.222.67.172.in-addr.arpa | udp |
| US | 192.0.76.3:443 | stats.wp.com | tcp |
| GB | 142.250.180.2:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | pixel.wp.com | udp |
| US | 8.8.8.8:53 | magictag.digislots.in | udp |
| GB | 154.49.138.246:443 | magictag.digislots.in | tcp |
| US | 8.8.8.8:53 | generat-script.digislots.in | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| DE | 77.37.66.8:443 | generat-script.digislots.in | tcp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | tcp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | tcp |
| DE | 77.37.66.8:443 | generat-script.digislots.in | tcp |
| US | 8.8.8.8:53 | 2.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.76.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 246.138.49.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.200.250.142.in-addr.arpa | udp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | b99f274b8fdd5cbe9040c23a41e271a6.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | syndicatedsearch.goog | udp |
| GB | 172.217.169.65:443 | b99f274b8fdd5cbe9040c23a41e271a6.safeframe.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | partner.googleadservices.com | udp |
| US | 8.8.8.8:53 | cdn.ampproject.org | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.187.193:443 | cdn.ampproject.org | tcp |
| GB | 142.250.187.193:443 | cdn.ampproject.org | tcp |
| GB | 142.250.187.193:443 | cdn.ampproject.org | tcp |
| GB | 142.250.187.193:443 | cdn.ampproject.org | tcp |
| GB | 142.250.187.193:443 | cdn.ampproject.org | tcp |
| US | 8.8.8.8:53 | 8.66.37.77.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.169.217.172.in-addr.arpa | udp |
| DE | 77.37.66.8:443 | generat-script.digislots.in | udp |
| GB | 172.217.16.238:443 | syndicatedsearch.goog | tcp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | udp |
| GB | 172.217.16.238:443 | syndicatedsearch.goog | udp |
| US | 8.8.8.8:53 | www.adsensecustomsearchads.com | udp |
| US | 8.8.8.8:53 | afs.googleusercontent.com | udp |
| GB | 172.217.16.225:443 | afs.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | afs.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | 193.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cse.google.com | udp |
| US | 8.8.8.8:53 | reports.magicbid.ai | udp |
| GB | 172.217.169.46:443 | cse.google.com | tcp |
| IN | 217.21.82.103:443 | reports.magicbid.ai | tcp |
| GB | 172.217.169.46:443 | cse.google.com | udp |
| US | 8.8.8.8:53 | clients1.google.com | udp |
| GB | 142.250.187.238:443 | clients1.google.com | tcp |
| US | 8.8.8.8:53 | 46.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.82.21.217.in-addr.arpa | udp |
| US | 8.8.4.4:443 | dns.google | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 154.49.138.246:443 | magictag.digislots.in | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| US | 192.0.76.3:443 | pixel.wp.com | udp |
| US | 8.8.8.8:53 | 88ae84a82c40a693507e6678edef04a3.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| FR | 216.58.215.35:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | e2c8.gcp.gvt2.com | udp |
| SG | 34.87.124.238:443 | e2c8.gcp.gvt2.com | tcp |
| SG | 34.87.124.238:443 | e2c8.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 35.215.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.124.87.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| GB | 172.217.169.3:443 | beacons.gvt2.com | tcp |
| GB | 172.217.169.3:443 | beacons.gvt2.com | tcp |
| FR | 216.58.215.35:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | 3.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.143.182.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | google.com | udp |
| GB | 142.250.178.14:443 | google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | e2c68.gcp.gvt2.com | udp |
| ZA | 34.35.20.64:443 | e2c68.gcp.gvt2.com | tcp |
| ZA | 34.35.20.64:443 | e2c68.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 64.20.35.34.in-addr.arpa | udp |
| GB | 142.250.179.238:443 | www.youtube.com | udp |
| GB | 172.217.169.3:443 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | e2c13.gcp.gvt2.com | udp |
| FI | 35.228.141.16:443 | e2c13.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 16.141.228.35.in-addr.arpa | udp |
| GB | 142.250.180.3:443 | id.google.com | udp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| US | 142.251.182.94:443 | beacons2.gvt2.com | tcp |
| GB | 216.58.204.86:443 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | 94.182.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 142.250.180.2:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| GB | 142.250.187.202:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| GB | 142.250.180.2:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| BE | 74.125.206.84:443 | accounts.google.com | tcp |
| BE | 74.125.206.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 84.206.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 142.250.179.238:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | consent.youtube.com | udp |
| GB | 216.58.212.206:443 | consent.youtube.com | tcp |
| US | 8.8.8.8:53 | 206.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | rr5---sn-q4fzen7r.googlevideo.com | udp |
| US | 173.194.141.74:443 | rr5---sn-q4fzen7r.googlevideo.com | tcp |
| US | 173.194.141.74:443 | rr5---sn-q4fzen7r.googlevideo.com | tcp |
| US | 173.194.141.74:443 | rr5---sn-q4fzen7r.googlevideo.com | tcp |
| US | 173.194.141.74:443 | rr5---sn-q4fzen7r.googlevideo.com | tcp |
| GB | 216.58.213.6:443 | static.doubleclick.net | udp |
| US | 8.8.8.8:53 | 74.141.194.173.in-addr.arpa | udp |
| US | 173.194.141.74:443 | rr5---sn-q4fzen7r.googlevideo.com | tcp |
| US | 173.194.141.74:443 | rr5---sn-q4fzen7r.googlevideo.com | tcp |
| US | 8.8.8.8:53 | suggestqueries-clients6.youtube.com | udp |
| GB | 172.217.16.238:443 | suggestqueries-clients6.youtube.com | tcp |
| GB | 172.217.16.238:443 | suggestqueries-clients6.youtube.com | udp |
| GB | 172.217.16.238:443 | suggestqueries-clients6.youtube.com | tcp |
| GB | 172.217.16.238:443 | suggestqueries-clients6.youtube.com | udp |
| US | 8.8.8.8:53 | youtube.com | udp |
| GB | 142.250.200.46:443 | youtube.com | tcp |
| US | 8.8.8.8:53 | 46.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | yt3.ggpht.com | udp |
| GB | 142.250.180.1:443 | yt3.ggpht.com | tcp |
| GB | 142.250.180.1:443 | yt3.ggpht.com | tcp |
| US | 8.8.8.8:53 | 1.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | lh5.googleusercontent.com | udp |
| GB | 172.217.16.225:443 | lh5.googleusercontent.com | udp |
| US | 8.8.8.8:53 | rr1---sn-aigl6nek.googlevideo.com | udp |
| GB | 173.194.183.102:443 | rr1---sn-aigl6nek.googlevideo.com | tcp |
| US | 8.8.8.8:53 | 102.183.194.173.in-addr.arpa | udp |
| GB | 173.194.183.102:443 | rr1---sn-aigl6nek.googlevideo.com | udp |
| GB | 142.250.180.1:443 | yt3.ggpht.com | udp |
| US | 8.8.8.8:53 | beacons4.gvt2.com | udp |
| US | 216.239.32.116:443 | beacons4.gvt2.com | tcp |
| US | 216.239.32.116:443 | beacons4.gvt2.com | tcp |
| US | 216.239.32.116:443 | beacons4.gvt2.com | udp |
| US | 8.8.8.8:53 | 116.32.239.216.in-addr.arpa | udp |
Files
\Users\Admin\AppData\Local\Temp\nst5C98.tmp\System.dll
| MD5 | cff85c549d536f651d4fb8387f1976f2 |
| SHA1 | d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e |
| SHA256 | 8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8 |
| SHA512 | 531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88 |
\Users\Admin\AppData\Local\Temp\nst5C98.tmp\nsJSON.dll
| MD5 | f4d89d9a2a3e2f164aea3e93864905c9 |
| SHA1 | 4d4e05ee5e4e77a0631a3dd064c171ba2e227d4a |
| SHA256 | 64b3efdf3de54e338d4db96b549a7bdb7237bb88a82a0a63aef570327a78a6fb |
| SHA512 | dbda3fe7ca22c23d2d0f2a5d9d415a96112e2965081582c7a42c139a55c5d861a27f0bd919504de4f82c59cf7d1b97f95ed5a55e87d574635afdb7eb2d8cadf2 |
\Users\Admin\AppData\Local\Temp\nst5C98.tmp\nsDialogs.dll
| MD5 | 6c3f8c94d0727894d706940a8a980543 |
| SHA1 | 0d1bcad901be377f38d579aafc0c41c0ef8dcefd |
| SHA256 | 56b96add1978b1abba286f7f8982b0efbe007d4a48b3ded6a4d408e01d753fe2 |
| SHA512 | 2094f0e4bb7c806a5ff27f83a1d572a5512d979eefda3345baff27d2c89e828f68466d08c3ca250da11b01fc0407a21743037c25e94fbe688566dd7deaebd355 |
\Users\Admin\AppData\Local\Temp\nst5C98.tmp\inetc.dll
| MD5 | a35cdc9cf1d17216c0ab8c5282488ead |
| SHA1 | ed8e8091a924343ad8791d85e2733c14839f0d36 |
| SHA256 | a793929232afb78b1c5b2f45d82094098bcf01523159fad1032147d8d5f9c4df |
| SHA512 | 0f15b00d0bf2aabd194302e599d69962147b4b3ef99e5a5f8d5797a7a56fd75dd9db0a667cfba9c758e6f0dab9ced126a9b43948935fe37fc31d96278a842bdf |
memory/4340-30-0x000002AB37020000-0x000002AB37030000-memory.dmp
memory/4340-46-0x000002AB37120000-0x000002AB37130000-memory.dmp
memory/4340-65-0x000002AB362A0000-0x000002AB362A2000-memory.dmp
memory/2280-84-0x0000018573BC0000-0x0000018573CC0000-memory.dmp
memory/2280-86-0x0000018573BC0000-0x0000018573CC0000-memory.dmp
memory/4732-99-0x000001F71BB00000-0x000001F71BC00000-memory.dmp
memory/4732-119-0x000001F72C320000-0x000001F72C322000-memory.dmp
memory/4732-121-0x000001F72C7F0000-0x000001F72C7F2000-memory.dmp
memory/4732-125-0x000001F72C8B0000-0x000001F72C8B2000-memory.dmp
memory/4732-123-0x000001F72C890000-0x000001F72C892000-memory.dmp
memory/4732-133-0x000001F72CBD0000-0x000001F72CBD2000-memory.dmp
memory/4732-131-0x000001F72CBB0000-0x000001F72CBB2000-memory.dmp
memory/4732-129-0x000001F72C8F0000-0x000001F72C8F2000-memory.dmp
memory/4732-127-0x000001F72C8D0000-0x000001F72C8D2000-memory.dmp
memory/4732-138-0x000001F72D820000-0x000001F72D840000-memory.dmp
memory/4732-326-0x000001F72C0A0000-0x000001F72C0B0000-memory.dmp
memory/4732-328-0x000001F72C0A0000-0x000001F72C0B0000-memory.dmp
memory/4732-324-0x000001F72C0A0000-0x000001F72C0B0000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\JB9AW8HL\favicon[1].ico
| MD5 | b71c63af25f44a21143174e24791fbfb |
| SHA1 | ea7f0627f790ff60a65ea35b59f2641bb8ce8476 |
| SHA256 | 7942b4ce85d40498753ec1c9ac369b1f01b2bd4c9614061f6153bc8c15f8c7ba |
| SHA512 | b6b75d19fb7de0d473d2d65d5ed1befdc99f2b89b4568fa363da793a042f27a9ca8e79da62a263f76089e0ecf2b5a0a891e786868a60b77d9193a8c267bb22d2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_C39E9DBC666D19C07EEE7CD1E11AF8BE
| MD5 | 1e8ca4a7f1031ac3667fd3f218ea6099 |
| SHA1 | 05251f2cde67a3e2ee64e1bd41ee4cdfc4f55049 |
| SHA256 | 727bc3d2f5694964aa5b4f05980f814393009fc7524c76030b0c3038f14515cd |
| SHA512 | a20934e6f062cca61ef72b136119d0b628bb34ad89879ccfedd63f039fd8c47a34cbf7ad3738ca85dd6fe68c0e31a2e0ee569d2fa6a8d944e4f7acd4de14f4bb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_C39E9DBC666D19C07EEE7CD1E11AF8BE
| MD5 | b756d81fb2f1590a041558a17c491f2d |
| SHA1 | ff0f48f90d20069b9fe796942aea9c380b2ccc4d |
| SHA256 | 326c25195d4f2feec347b7f9f7c941f1aa7119b14226a7af489a60f980a854c2 |
| SHA512 | bebeeac2dbeffd9dbdbe271be09db929bff5388fb1ff4ab82f3e347b20563fbcd27b876c0a8d963adb2fbe6cad6dce389b475b3a3a68d0e84b15dc169f35332b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\773CFF2C7835D48C4E76FE153DBA9F81_15174A80589B8DAF9768E9131F4845C0
| MD5 | 2aa74d4897a9541cd9cefcb7f4d0851f |
| SHA1 | 534e4df389c72c1fce6b28fd7ad6003131d9e02b |
| SHA256 | 0fd49e11930612d6f3fcca10d6dba52e63b5b6b60b9fdc6998e613aa3e533360 |
| SHA512 | 6cedc58db0999368792b60f825de4cd8f77d158541995019ada1cb42b194be88b76e65e8d06a43a61136f392fb0a4a5827745e28dc44ec3f233d91369c70fcfb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\773CFF2C7835D48C4E76FE153DBA9F81_15174A80589B8DAF9768E9131F4845C0
| MD5 | eabfcd373b61cbf70361733b6af2cf75 |
| SHA1 | eeee6654519abc4645d8943d726e3fdda86a26e0 |
| SHA256 | 71e04e7a72f81ba6e4a20fe297bb39c6d2a84b11d06fa5de83a304c46b2306e7 |
| SHA512 | a5de99360954c498bffd75ae258b67327a4e189b57b3b3adc7741e528e30642dcc78b12245eeab22a272b7b75478eff1b1d5a4e8b03235f5b7b0f083c0b18b03 |
C:\Users\Admin\PCAppStore\nwjs\locales\bg.pak.info
| MD5 | 82d7ab0ff6c34db264fd6778818f42b1 |
| SHA1 | eb508bd01721ba67f7daad55ba8e7acdb0a096eb |
| SHA256 | e84331e84cd61d8bdacc574d5186fb259c00467513aa3f2090406330f68a45db |
| SHA512 | 176458b03cc2b2d3711965cd277531e002ae55d284b6c9178d2353e268f882430235468e5a1e9e45c8427864d109cf30a024a993b4763a75fa2744f6e0a6ae2a |
\Users\Admin\AppData\Local\Temp\nskB930.tmp\Math.dll
| MD5 | 85428cf1f140e5023f4c9d179b704702 |
| SHA1 | 1b51213ddbaedfffb7e7f098f172f1d4e5c9efba |
| SHA256 | 8d9a23dd2004b68c0d2e64e6c6ad330d0c648bffe2b9f619a1e9760ef978207a |
| SHA512 | dfe7f9f3030485caf30ec631424120030c3985df778993342a371bf1724fa84aa885b4e466c6f6b356d99cc24e564b9c702c7bcdd33052172e0794c2fdecce59 |
C:\Users\Admin\PCAppStore\PcAppStore.exe
| MD5 | fcefc6099c1265e7f7b703c7a0154c5a |
| SHA1 | 84f13c7724e24a4416f3d65c143f013d9e9dfcfc |
| SHA256 | 4a223cf0623913c903cfc2c0a1a8450405244d8b86c1020e970cbdf8e7a30184 |
| SHA512 | d4d1a0d781ca851c9738c5981f13eb023092ce71e0cd04b3ed8dcc942a8ece54b9a031230e300bbdaa4486792f75af768fdbb882b430f5915bec85bcc66cf3f5 |
C:\Users\Admin\PCAppStore\PcAppStoreWatchdog.exe
| MD5 | 5e28dd3006a64174ff0f82469540712e |
| SHA1 | 803b328a407aa6799a86b3555c55b5b29c0b01f1 |
| SHA256 | d3ed2cd4c44b76cfef67934280f5952cca28a66e096f87f05b6ea1a64ee3f7ac |
| SHA512 | fcc3b6a708fb0acf083da0ca853b3560d62ee2f23238b1d1d7bb9b93e4ee5dcdba29d41b9043af55c8168c3ac865b4a747b79c1fd5ea573169ec155e376a0aa9 |
C:\Users\Admin\PCAppStore\Temp\tempPOSTData
| MD5 | fb87c0ca2eabaa43dca5d302e956a6bd |
| SHA1 | 7f4a06790e1ed2fd49f3c55d6154a80554b61bc5 |
| SHA256 | 09baa5d5f10d724a950191b6002860fc2a5e0ffb6399cdd0b43e65503f6c3c57 |
| SHA512 | 932746deb03de7c7f5f41deae793afac615f14632f5274e023e586375e0f52bb166b6cb3a4395b4b0e8dc607717068edde3e1a14bfcfe73fc16026e329545960 |
C:\Users\Admin\PCAppStore\Temp\tempPOSTResponse
| MD5 | 3024a54e0c352abe5eb5f753ca4828da |
| SHA1 | df0206851654405c8e5c2d3bc96fb536b8c2dcbf |
| SHA256 | 3cd0a703506c7394d6115d9ff721516560894358aef07459f30d8930df6c3b61 |
| SHA512 | d9d44051df56b29aa596ee38463b781dbe27f917f7dae1b2420122616da108520429dda58c75c7e6b2d41093f83c5a4bae96024885af3956f23a3ce5bd3f9358 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\CRDFDX20\edgecompatviewlist[1].xml
| MD5 | d4fc49dc14f63895d997fa4940f24378 |
| SHA1 | 3efb1437a7c5e46034147cbbc8db017c69d02c31 |
| SHA256 | 853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1 |
| SHA512 | cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a |
C:\Users\Admin\PCAppStore\nwjs\NW_store.exe
| MD5 | e472e46bdfd736351d4b086b4c4ca134 |
| SHA1 | 1aa886f0cb23b3d322a43be797d411fca84d82a7 |
| SHA256 | e825a252b5c5c9c2de8a6a6ade12a7f9cd0040f6a20e6ee44ba659034e6d5223 |
| SHA512 | 173f5a7abdfea01c9c21ec716cba14eec4539da45e5734b3fd1e0688e1c22e4718bd701c25c8040d20cf48867e2a67ef2aba46380bab9ab1f7a42bd66fd33afb |
\Users\Admin\PCAppStore\nwjs\nw_elf.dll
| MD5 | 364f839ca8de4d942270d9097d48ef15 |
| SHA1 | 82c8040dc2a733eb3ea3e051513c84f992bb17f1 |
| SHA256 | a4e521c12fe47816f2d9e2dfed9fd074e370ec587d0a0f3a03b5aebb76c06560 |
| SHA512 | baf1ed5e558dc0ae037fe0dff036792cfbd338915c8af99d10f0202b92ca820298657a86a0f3e8c1387326fda34de3ee08649c34af2417159a24aed9ced02df3 |
C:\Users\Admin\PCAppStore\nwjs\ffmpeg.dll
| MD5 | 5fff6f0423a38bfaf174cb670650f4f9 |
| SHA1 | 13ecd1c4784a5a178a998e9fc0dc08f556121712 |
| SHA256 | d4e6fc4e1bc6cb5b3ef7010e61d3a65e97804fb20346cee657688339075b2727 |
| SHA512 | e6ff0ea9f6196470f6e094d0ab655fb527c28fc2b2a5d126a10c1f4185c0dff5ed4f19e7ed717d67df324562b7aa56ed87aa0bd396a6ba722d3141b9f30fc41b |
C:\Users\Admin\PCAppStore\ui\package.json
| MD5 | ba0268049bd46633f0423f58b70a6766 |
| SHA1 | b5ace19636832d4c9f4234a041a2399d10b1688c |
| SHA256 | dc5928240fa75562c9de99e07584bb878b5f1697f6fa7876dddbc53409cd22ce |
| SHA512 | e6e8e0d889c54ff57141e4c7515d9ffc8b1f9951ab65754d805150a67e1bd43d3894277792416ea76d36525ef2301af088a47e552b1a954e9b3afc9274407ec7 |
C:\Users\Admin\PCAppStore\nwjs\icudtl.dat
| MD5 | e0f1ad85c0933ecce2e003a2c59ae726 |
| SHA1 | a8539fc5a233558edfa264a34f7af6187c3f0d4f |
| SHA256 | f5170aa2b388d23bebf98784dd488a9bcb741470384a6a9a8d7a2638d768defb |
| SHA512 | 714ed5ae44dfa4812081b8de42401197c235a4fa05206597f4c7b4170dd37e8360cc75d176399b735c9aec200f5b7d5c81c07b9ab58cbca8dc08861c6814fb28 |
C:\Users\Admin\PCAppStore\nwjs\resources.pak
| MD5 | 0f1d45867b591d67b0301ee8c4ad5f7b |
| SHA1 | f5fb6378c13912df079efee44476fc1b4666ef24 |
| SHA256 | a2434429fea5b3344426e388f9a2191e10449103e933ef7f0cdbf4638f22380d |
| SHA512 | 1db79c82e67547a76d3d479168ee12899e7e03d8c065239976e0a490804182290b76829e483e8f18f7feafe7e819d2784c507d7abcdab917b62d78696059ee80 |
C:\Users\Admin\PCAppStore\nwjs\locales\en-US.pak
| MD5 | 4b6300c27e7575c32888c1f3364d5346 |
| SHA1 | c5f5e1d3524acc96fb4e18c08b02f54abf83c3d4 |
| SHA256 | 0945c89b16d4feba346e85e14792b772dcc6278f7dca7fb099a6100c93e79740 |
| SHA512 | 3f21b6f4a3e18755b355ce5f20384d549b3f723104a67c67ae521d2c4544aa3095fada8855a0cc1a10e7c5bf3e8f55d061ab2dcec210f76101a61d9484d4ee6f |
C:\Users\Admin\PCAppStore\nwjs\nw_200_percent.pak
| MD5 | f666b710da2bed9ac0252c1fa1d00c4a |
| SHA1 | 0d8288fde82c2f3b7bd006fcf4cb92246aefaf6d |
| SHA256 | f1ab589cfd40fb17a7c390b45ffad8fcf90c133fff1d14ca5bfc7053a21dc241 |
| SHA512 | 982bb5ea2c14170d47e150dc8692ebe316ec5d6b584377020c1f58ae0632748cb631182a6bfad2f909ef6b818b012527367a36d8681b5b56dc735b8ccaf7b52f |
C:\Users\Admin\PCAppStore\nwjs\nw_100_percent.pak
| MD5 | 9b46f4c8dfc0a55bfafac55f17d7659b |
| SHA1 | d25f27df176aadb67bc56a42262bccafd14af4f4 |
| SHA256 | b637ae345b830649b4027f39f6ee48f92484a2acb65de498e4fdd84ec1010336 |
| SHA512 | de5f500afe381a16e3ff7ddcb5c8aa538362e55222f7915276bb4c9261e41cbc2403ca1663a7dbf0706d8d51abc420e26804f67cfd646d7986130a20a659f345 |
C:\Users\Admin\PCAppStore\nwjs\v8_context_snapshot.bin
| MD5 | e68978443ddafd40434c87818c90d338 |
| SHA1 | c38fc19a469e6c9af4699abfe00c5ffe39501726 |
| SHA256 | 7ac9fb58f00e735e266730fefc25d1b3c4b58ec789d5540f0424e746712cd9dc |
| SHA512 | d9a7998a70e63ed8375052329033e83eebdb6f856ffde3c1077a450f985e379d04778eb30ad29cdaaabd33f4ed4437f8c18c73153b58375a8cd8ab26d8a64d54 |
C:\Users\Admin\PCAppStore\nwjs\libglesv2.dll
| MD5 | 6cd8726beefcfa69b48eab1362a5cad5 |
| SHA1 | f4249179b86c0a870c55e6c5a263180c77017e81 |
| SHA256 | 2636da528edcaec9834255a92411bd5da921d793825d74ceb997e336a0dbd393 |
| SHA512 | 0f6600315b0e1b5371bb39290e5417ebaa0f3c7fb47eef32d73afce299722a426dd244fd3775d88fceb6f170f16b23b099244ee825f7f8185d58f1bf28583515 |
\Users\Admin\PCAppStore\nwjs\d3dcompiler_47.dll
| MD5 | 2191e768cc2e19009dad20dc999135a3 |
| SHA1 | f49a46ba0e954e657aaed1c9019a53d194272b6a |
| SHA256 | 7353f25dc5cf84d09894e3e0461cef0e56799adbc617fce37620ca67240b547d |
| SHA512 | 5adcb00162f284c16ec78016d301fc11559dd0a781ffbeff822db22efbed168b11d7e5586ea82388e9503b0c7d3740cf2a08e243877f5319202491c8a641c970 |
\??\pipe\crashpad_4316_FGLORCUXDLUQLKPU
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Sync Data\LevelDB\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Google Profile.ico
| MD5 | 728fe78292f104659fea5fc90570cc75 |
| SHA1 | 11b623f76f31ec773b79cdb74869acb08c4052cb |
| SHA256 | d98e226bea7a9c56bfdfab3c484a8e6a0fb173519c43216d3a1115415b166d20 |
| SHA512 | 91e81b91b29d613fdde24b010b1724be74f3bae1d2fb4faa2c015178248ed6a0405e2b222f4a557a6b895663c159f0bf0dc6d64d21259299e36f53d95d7067aa |
C:\Users\Admin\AppData\Local\pc_app_store\User Data\GraphiteDawnCache\data_0
| MD5 | cf89d16bb9107c631daabf0c0ee58efb |
| SHA1 | 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b |
| SHA256 | d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e |
| SHA512 | 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0 |
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Sync Data\LevelDB\000001.dbtmp
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\pc_app_store\User Data\GraphiteDawnCache\data_2
| MD5 | 0962291d6d367570bee5454721c17e11 |
| SHA1 | 59d10a893ef321a706a9255176761366115bedcb |
| SHA256 | ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7 |
| SHA512 | f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed |
C:\Users\Admin\AppData\Local\pc_app_store\User Data\GraphiteDawnCache\data_3
| MD5 | 41876349cb12d6db992f1309f22df3f0 |
| SHA1 | 5cf26b3420fc0302cd0a71e8d029739b8765be27 |
| SHA256 | e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c |
| SHA512 | e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e |
C:\Users\Admin\AppData\Local\pc_app_store\User Data\GraphiteDawnCache\data_1
| MD5 | d0d388f3865d0523e451d6ba0be34cc4 |
| SHA1 | 8571c6a52aacc2747c048e3419e5657b74612995 |
| SHA256 | 902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b |
| SHA512 | 376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17 |
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Web Applications\_nwjs_pcapp.store\pc_app_store.ico.md5
| MD5 | 03e9f614a008075733c76883156b568b |
| SHA1 | 5f9cb1b06928487c4b836e9dedc688e8a9650b0b |
| SHA256 | b1a6a6fb45ad1e13054c40dc7c09e3098ee830bcf1ebaec27f640ae4c64b8416 |
| SHA512 | 7e6969c8908a6bf57bd2cb4457a7c78360468383acee589278e49829617e2f3b872dd8213e57a2ed8f512d444c67a2e619deabdc1394d1c39c7759ed3c744f94 |
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Cache\Cache_Data\f_00000b
| MD5 | 15edbb4d85cf503917a877d894fa0a18 |
| SHA1 | 45b9165e1a659c3aabecaaf3ef8672f10541ee17 |
| SHA256 | 6b99a2c0c946d59d80a1d56f795c61059cec833c904aaf6397eebd21d8129d8a |
| SHA512 | 4dc82a722cedbb945177fde76aa5f5990f81aa6cc09988949340ffc1c7ece507508b6b5f239c22388c39716cbe4bdb48d88b2fde257b8f40cdfed695a060326f |
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Cache\Cache_Data\f_00001a
| MD5 | 238ce2fe896357b1e43d0f8bb6953470 |
| SHA1 | c2b5f823d4a4f62bcec509f0dc78c9921b0db09b |
| SHA256 | d5cd953b92fee3f5eb31ee381145c5f522749f9b18fa8fb3c9fda401beef8005 |
| SHA512 | b08d7e1e090715b09f0a8827256478a833916d5d4d28443ec0d7ae22de376fad1ba38f4dc2f1be6cf74395e632a34de7590cc93fc468a919a51f6658b6c308a5 |
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Local State
| MD5 | d2cc9f79f881cb8b5863d003fe19b798 |
| SHA1 | 957f207ae72474517109602acf5a6a51d405d1bd |
| SHA256 | c97352073ab8b17aa0348552a3cb8ff37cab899335ef9d6aa7aba3fa88e3effe |
| SHA512 | 3a854cb002922f7ce7f2fb4ca737e37f5a951aa92324f360ecda8fd70feb4e8b25f505857db0893288c2b09b15b4a13d5ab44012acb29999a845c9506ab0a7d8 |
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Local State~RFe5823bf.TMP
| MD5 | b994a9c420a344bbef096da75d38a8d3 |
| SHA1 | 4dadbf1b2bfb1d04e751746f25318d0c9f7ddf64 |
| SHA256 | 001a7a00e99e3b89e5121f30172f70d3bfd3f08c34a9303b7861933f96a5a658 |
| SHA512 | 99979a15d2fcc1871522c3188f163a5ec215ee324b99ddaea1b0146bc8ba9f698690201b4cf970a275e73883b2d2a22adf06507369320083a0a4595f0cb6a9ec |
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences
| MD5 | 78011dcb371343b4b7e95325b0b951c6 |
| SHA1 | 8a37aeb2f5830197fb5937bc95c4ee79a7b6c530 |
| SHA256 | 36bf86cb1998e583c17d40b5e8830b608ecb25823a24ba819268583b2ac0e590 |
| SHA512 | a1b9fa81a1b03b1c19503fddcd80cda7dffee6d6c8d6f6a86d573c32efabb9361e84fac58e13cbcb07cce96f464957cc5ca2e06b288c132805102b3223a04b17 |
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences~RFe584b9a.TMP
| MD5 | 3b0958518335661f2f0f8a724796ba53 |
| SHA1 | 37300c3cdc0a4bd8b0fe2d5caf5b37e73a01e71e |
| SHA256 | 2035d5b7ec9a336d72863ec4b9037c6d3b1db35ac55f91f390c6c745fbc6af1c |
| SHA512 | 021a8ed08d6b9af20bc34b67db4a51337148b54f5f914e7803ab72fd3739dbe5fa49b5aba949e43ef3b8ea7c4bdd0742ba7c19f366f598dc3a4706fbfc9904b9 |
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe585b0c.TMP
| MD5 | 4d282260cb0d569c02998dbf980826b3 |
| SHA1 | c2fe2e4a513d4e69ba86a6b4b59a8255810458bb |
| SHA256 | a4734deb076afd0e87d862e2a31a9678cb118842e536706d1dd394dc54c469ca |
| SHA512 | 1b565b518dd03362fb40e8232cad1f2cd1fedd88b4bc4506c48337a8d2cb6c7064d2f0e861bf09603e446ef3c014483db541198888125a7e5be1426974100d57 |
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 7808622afbb5a1b4ad5d492c856054ef |
| SHA1 | 6d49315b793c4849898b18742a8eb963d3c957fb |
| SHA256 | 20d134be0e6c4df15449e1563fb2d42385b929dea58254c868e7e175a8ba6630 |
| SHA512 | 4e744706e2c232e3483c760219a780b50ccb991675922f9c58eb99c74ceb6b0ea99e4c0592fcd61b8be1728cad7b430c79b010e3df6add11a4b98ba97cf9c0cf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\JB9AW8HL\suggestions[1].en-US
| MD5 | 5a34cb996293fde2cb7a4ac89587393a |
| SHA1 | 3c96c993500690d1a77873cd62bc639b3a10653f |
| SHA256 | c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad |
| SHA512 | e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee |
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences
| MD5 | a7954be1eba571cce457c2204ba3fe42 |
| SHA1 | 220c41a2591a98066c0e2ef83863cede31b8f979 |
| SHA256 | b7972cc89968a98cf1755e2038da78e00bd3a75747cd70d2279683a16050f259 |
| SHA512 | 8779a53e8dfef0a1d53db7d5badc83c4ca875383fc1d8a31dc4968faad49d9317811fa7e53cf3a3036d2b6f60d351155e20808b8beb32952d511592b3118c19f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\a0d3e5fb-6a34-4c35-b89a-7610863f1df1.tmp
| MD5 | 24e20f8e3aa1aaa859ba8e7a24c3f98d |
| SHA1 | c10163ad7a36b63ba74cf0e672ec3dc20d92f997 |
| SHA256 | eaeb7f9d3a997852c346fa2b6fe7c3458c3b6416f0e19bc460bf21eaffd475c2 |
| SHA512 | 912d286b76ec21a9b8f642d9c0ab565cf53934cbbf3a5f532a0c6794bdfc9b36d8a24b153eebf9b5d03d6b101ab6702ee64c7fe7d4402330f53416802f74f478 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ab562f3138d2b501a517d9cf7b5da7a7 |
| SHA1 | 78d59e97dbc71ae6318e071aa367c14aae7b47cf |
| SHA256 | d132a1791bbed8dc9a4d1bfc97922755ea96530c2dd4b2ac7f2c12cfee034b59 |
| SHA512 | 540c43f8faced42f21c326518dcb41b4ee58e43e97ce0580407ec465053fdb6fde9482f48a862ec7b999c31b2084bc87aee1a321d16fad2b63a31ef58fabe62b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 2c4c319057f1b7c93c5e3f5f2fffc43d |
| SHA1 | c39f00c00873b45faae6fbab6059043a34f06d40 |
| SHA256 | f338d49a3ad2f878efb97eb8b752e33dd96fa8c0dd60fb415f116acfa9c6eb22 |
| SHA512 | e4135acd5066c79f29f5366abbf232650f2e9f8d99bd6222a53055e0561942e5a786fd0a47abc8fd1a091511f8b835d1c684d9b8cff7badaabc14b508ab17f55 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | 01c48d287222c019527c884a6c5e31f4 |
| SHA1 | d11c68ec58f86fc5dbc33d97b25348c3edd2dbb2 |
| SHA256 | 8386b381790f68cb3ec30cfae8e7fcf2d3140a1afd801f7ea966314cd1d675e1 |
| SHA512 | 94581fce6f43e78aa4079e966f662ad97bfb1e10c57c34ae2b2c7e1d86944ffe80de9227723cb2393ba2d56e9321849cbd28a2a341b2a1e888370b0d102ca51b |
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences
| MD5 | b0783382f5667b0b38ec7a6cf44e29b8 |
| SHA1 | 3d3fd28967fd6a3ac4c1eab99edba1cd33c1c005 |
| SHA256 | 66f029ca2344e4caf7cb62c791aeb90dd39e3f04a03f22c52420baf94666f394 |
| SHA512 | 6d4b4114d79af253e740491de21bdc4cfd799d573785f1f1a13c108a778b8210244bffa9e7f0d4e162440b62f1847807dbf20a1eca376779eb9decbf24e47fd9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | ebe70f1a0907618866d6de6020c3e2c7 |
| SHA1 | d2f67ee4ee372ca874eb44f4b4220e5a0a24ec85 |
| SHA256 | 0192e11ec553ef44a6dfa23d7702d3a11b141a1d909c3b165045240c6129f5e7 |
| SHA512 | be4042b883f59b61ac5836c52225dd3472bc264c41affd399b95c77d69355eeb44add529b76968626779cc3cc63aaae88bb184408cf4c8bb483067cc6e9857fc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 1ac0a60247c929fc5cf419978eaffe92 |
| SHA1 | 9fd16353bff936d8502c3e10f74c5d0796591b5c |
| SHA256 | 1183c9d3bd803c8c9d64eb61ffad7d92615c1cd0490fcd6c56aab6bb6111b140 |
| SHA512 | e20d3f5180c4ff8567e519c1eb744f2a8e391ef084be62bbc970c09eb9ceb03b50c937a001f2729ceef8aaa09a43af1334cfcdf29d56d70f15d25835130c7639 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe58bc08.TMP
| MD5 | 90d2ebff1ff1eb456304bbd184e27b2f |
| SHA1 | 6ce2436a88d77bf497f83fe6d53941f62483a5f1 |
| SHA256 | 1021ea11b9beda3a4e5220a88dca7db3160ef508cc4640d1954af5277db731dc |
| SHA512 | bf3004cf32a8eaa3aa69d375cabf2599e288c52c2e3a8aae1c6d78402e4dbfb5e5f558fd68083333729d4856dd0c39edf28737398f6ed2a10aabea2cb2daed98 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt.tmp
| MD5 | ae1bccd6831ebfe5ad03b482ee266e4f |
| SHA1 | 01f4179f48f1af383b275d7ee338dd160b6f558a |
| SHA256 | 1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649 |
| SHA512 | baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038 |
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences
| MD5 | 052117027b2ef555d9287c4ad4dfb48e |
| SHA1 | 30fb55861823942e6779cfefb4aaaea8d6ea22ab |
| SHA256 | 3c2d933a184557df37ac979578e5764558cff0df5c5ea8568baaef3323bc6f6f |
| SHA512 | 693de5056f0b4b46482d5d2be3430036f986ff23556a16fa13ed20b0a5621c0d366cb1a98a9f9895217d6ae324c97a16e18bec8ac9d3e5516f6df5f49104e26b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 707ab839ea2d2aa97a739a123b3dc7b2 |
| SHA1 | 81b645bf2aa4bbda785e2c10cbc1ed3f9eafe2d5 |
| SHA256 | 287122854121704b55e8c0b8fbcc076605b92b2031f1495eca258a36f9f77b7d |
| SHA512 | a5be56f1252f30738567bc3196e491aa8e91e6ac20cc7917b6e47e8644df68d6947fdf60342d9556851aa8c8a06e630fd0180a5396532b034b23fe91f927a147 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 4e3b87dfde20367dbf933daddd907a9b |
| SHA1 | 609b4e6a3275ae7c7fb7e97dc4c0ca858ef66353 |
| SHA256 | 1ab1271c13857ab1eb9e12519914d0a3482561d4a6ffd455e232b73fda63d83c |
| SHA512 | 32c67e5e3a9f4d129d8f001f0738ad6b56ee3783e01653bd9cbf1cfed609071eb0f66563e2323dc0bb84ec4fb0efc64e2b29039fa04bbefaf25091feb9311e96 |
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences
| MD5 | d0f835c27ea71f858f8bb0a3b2172d86 |
| SHA1 | 9f33a4348fb780a2151820c8739ddf449ebbf9eb |
| SHA256 | 1619cdbe527da5bae25bfaf310086c297815d947d74032fbacbb42de44112227 |
| SHA512 | 50db73d8ffb49eb827ab692ed1f29d7632c9a0e6493f7d22c307d999dfd762a97a61f30e6d460c91267e215564eee4b84ce1f777631f45ad6ff51b384da61493 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 9e5238eaa95b80debbcfc8dc8734585d |
| SHA1 | 190f5c250b30bcb57b8e38c3925eb13e919c28f5 |
| SHA256 | a3192c96d5b23ac4592343ad869b975113a667a779a03f265b836d632c2cbdd9 |
| SHA512 | d87627a11a257766d7d15ff18280f26afc9ff1530e6ff09edfd3a0fb9e1c09b67759a8d39d151e1aae6a35443599feba73a793a0ffe54ea1dc329e1edab4624c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58f6de.TMP
| MD5 | 77388ec8486146048cc95c0e9277388c |
| SHA1 | 3b15e3b3527f4a0b7bbfb9cfee054d56417b99a2 |
| SHA256 | 5201654be7959c6bc175e311f6558c0a80c1da3dd52b3cad7044bb685e09cb54 |
| SHA512 | 933ddc82238ac9ff05c42b3bf78729e1e6e630268a25ced24c10251cb4a178610592b420a322d69af8358e64a9c027250d05679735544bb2a5f40d0f2a31b99a |
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences
| MD5 | 86ee37355db975d8510c02ababdfb8f0 |
| SHA1 | e7987b16866c02d825424e561bb282008b35c566 |
| SHA256 | 06e3e7c0cbde141f4d54f6162e75948b0bde621b39d970a1195663dd73fde033 |
| SHA512 | 04f2dd5662f026aebcb6d1ffe53554d14c98413f54b50ca0d5e96bb136839087ec0c0e4c018c3d3ea3dc2678019ebfc97e7e3e68b146da912c96cce6ef4fce54 |
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\Network Persistent State
| MD5 | 615affaea2f109385fa74320eb174293 |
| SHA1 | cfbe052f89e5cf5ce95529e2f407260db6744980 |
| SHA256 | f570ce4388e01d480bbb1fca8188772c40c545eb71596c07cb49ef841ca5e339 |
| SHA512 | 410e41d5dbdd7bb18a6a885310ba556a49991f52614c19d50b0f2d805360ddc22b471eb1a96ce3ad5d6cbea10060568e71eeda3f6da65506e1db8157b4ada9bf |
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\Network Persistent State~RFe5913cc.TMP
| MD5 | 2800881c775077e1c4b6e06bf4676de4 |
| SHA1 | 2873631068c8b3b9495638c865915be822442c8b |
| SHA256 | 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974 |
| SHA512 | e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 12c8fdfba2f4584015c08b4decc95bd3 |
| SHA1 | f81fe23515eaea5a62ea0f3637c8b10932ea9565 |
| SHA256 | f427ebb10ca0ab0a62739c2cd2fddf2750547d0a872ee993a8e733258c6671da |
| SHA512 | 514c239ec07cb6afad80827ddcba1f4b53b2a37e3c9af2fae855c2243662f4578d71711ad0abe414e502d5271ce396e57cb77cd3561b87ee2b580ccef151ded8 |
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\TransportSecurity~RFe592263.TMP
| MD5 | 95f40bb3d3f9b3eacb4d360a79d6c05e |
| SHA1 | d934f403941e35f1099a09eddf432578f7d39557 |
| SHA256 | 011b5f8aef4fb3a7b890417cffdef5b1dbe56ce4c6fad85eaf68b2e965e48926 |
| SHA512 | 35962660dbf3bbbae4e863eb3a3f45c9fd4748417c2cbe5a75b20c91bfd0e56c6dbb5b32f4701a4c30f08a1a4a26d204d1f722e3ec9d82c8fc4bc70c0c7dac3f |
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\TransportSecurity
| MD5 | 42488c2e1d9efcd9cd4bff489d836a8d |
| SHA1 | 62730dcb5e626d8edf21e4952698db22087f052b |
| SHA256 | 92a825508872ee8ed4f9d6eb27108b30e67feae743892623f67c464d24b195a6 |
| SHA512 | 67bb956a16057a774a7bfa0652a72c97875a43f8cf8a29f7c1af88ab6257754f0aad0458d642771dcd0f190b5b92db5dcd0184bb216475ba70d3697732e5bf58 |
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences
| MD5 | 0f083110842595bcd77bfc28a100cd1e |
| SHA1 | 32bedde8ada79d9ee73231475e22d7b92c76b3c6 |
| SHA256 | f12ec7c4ee631ab779f1310350c28c447c583d3b6c391d57824347a1a2f7ede8 |
| SHA512 | db1fb6053cc5e02926d301e3dedab66730fd15b11d63a786b90f110819970914eff42cad75272678ee769cfdfc3bbb3782089744c7aec0cbce744c2780af9cc3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b
| MD5 | 441fb98cd7fccf87b5f910ea0c11fcb2 |
| SHA1 | b7046d79ed690ee42d41dcdcd7ab4937bfe24b4d |
| SHA256 | e6e7c532af7bbba5df36e773b51cb2a6be8f90f015c2d432e2efa82df74a7553 |
| SHA512 | 41996d8a6e63c7640d3b2751bc4f7d6493f267282898a45e42c6ecf01c9045b3b686dc46077c09bde997b1bbe9e473a10d8851a46bc4db99a2e4c48a4074ee8d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c
| MD5 | 897b3993b57764f779410c03a4dc55ec |
| SHA1 | 18530c2df29ff79436d0052e87e48c7e5ff4fe89 |
| SHA256 | 4ecc6fe9ce9029838102d554666a97ab6921aee9d106bc83f912126a87a13c2f |
| SHA512 | 5e643236e568776a026946d906e618a8e5876276fe0313b64f11e156a95bbefbc45ce64a79dbd9044b4f309fc1ed79277f4efb5d819c30d46116cda5d73d24bb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000029
| MD5 | e78f9f9e3c27e7c593b4355a84d7f65a |
| SHA1 | 562ce4ba516712d05ed293f34385d18f7138c904 |
| SHA256 | 75488ac5677083f252c43009f026c2ec023ac4da3e65c5d7a084742e32abce3d |
| SHA512 | 05f9fbbd59c286024b3ad49961c4e0eaa1abcf36ed29a1d07ea73d2b057075d46fbfdda56f135145f942bd0c3d48246c73be1771c21861eec4ddf8bbc365a286 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 91e99850bcd58f45086b00447c26da29 |
| SHA1 | d99ec34c57e9c9840965f0838b05b0fed29e757f |
| SHA256 | 5b543dfe1636733f95f855ca06f6169973ee3bceb4ea2abb9dc78718916e5253 |
| SHA512 | 0f0fc90696bc434079c40e4bf51eeea026b62830912b85b09afdf1612db14e8c99380d17ad6bb5e43a8f674ae9a51a829d9636f9e9f5357bd8c5957d2bcd22c9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 989f55367f598330cc2a2b55b74e6261 |
| SHA1 | b76541933ed3dd718f295d987a41179f9318ed8e |
| SHA256 | 625f6fc627bb35b5414b1159ea1941fe9cde192e272626fb60dadf8dd7a0b9e4 |
| SHA512 | 53de89f3c3a1c4877850a5aaa83f05e1642ce0ead79950cc1d15c6fcb5d802985f1a56d12a9c3373b8f40b0648a1f203407843a17facc2033d4c5cb70e53db0c |
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences
| MD5 | 729fc923b26d59d53124434e8541dcb3 |
| SHA1 | 9735838463c709b90833ae221f3bc441275d9c82 |
| SHA256 | 2bcfeb0c55f00668d2150816340597a18c1529bda3ecab4f2dfa626a5f9bad8c |
| SHA512 | c493ec94c594adc171892c263cf611efd57ddba76e9f568e9c8810e1223472d0d100dd277f55784b682ced7c0719c7595a966b8b9079f4ce9411eeb7b5427af7 |
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\TransportSecurity
| MD5 | 6ef645e68bac825b26f3f50a2d8b3cb1 |
| SHA1 | 142599bcd1dad993c70ee956d74323476057d36d |
| SHA256 | 759213f24292a37886f069c34be9f7aa56da2749b5d1ba6f82b4f9cc78915dde |
| SHA512 | d6cb8788b327a351e3bed11c842558959a75a03f5ab5d3dd2cd6fb1e0931dd2f527327a0851f58744a6dd7ed7e8d4811b7faf31702dfa417f4d487d51112df82 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 524bc518c3c45778bf3fce5ab7393e2e |
| SHA1 | 772d66bcbfdb6e4a472ffd618620051442d53e81 |
| SHA256 | 11e702b7ecacc12dba09fd4aaf609f1d3a9390baac85e1f77fefd6daf90e68a2 |
| SHA512 | b45d402e56057e6948be3bb7151e6350aa86438b3119fa2625fb6aaa493568bcbc01b29525cc80fc0268132dd953d4f35ad6479d87b51b433d6ac2b3a1ddb8e7 |
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences
| MD5 | c8f342d93564117864927cf28b10ad8d |
| SHA1 | 8d1715af8a25e4093a7ec5a0ebcf0fd416323e1c |
| SHA256 | 650494db94f16f837e5cab73dd70bc40d7f4f3d165f40a52e1b45d346491b140 |
| SHA512 | 1a0e59caef4a9aeb142e7f716e1b8c17f08343155ebe0b3d88bd2048f9fbd3f3797a5108e8ba1ef60d4448e6db48976fa962007624294ac42fbfac1f5fb6602f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | fb23bfc2b7bf23bf817a9e21d0ca8bcf |
| SHA1 | eafd3ccb4743de1b9417f70cc0a2ccca3a769a02 |
| SHA256 | dc53299c7883123434cd12a5a4226956bf8f5b159c33a75ac64304e60169917b |
| SHA512 | c05320fda8ccb84d3dbf32cfdf2b0d6a44c46179f3cc19cf197716c2271419d6007f1134bf6a4888e606677d76f2de6f7844d7a69559496f70aa9e57c29b61c8 |
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences
| MD5 | 69df99fb8f2440a432411ae9378953d3 |
| SHA1 | 0015a0969b1e9fdf8e9fc0081660e340aac1a260 |
| SHA256 | 8212a06977bc62b9347567146f36bdab810cb91d2e137701d6207c481d687130 |
| SHA512 | c8b9c9f9d48575c98e8ee560aec94afb11f09aa3a996ab7fbd0d6800b8dc93790f498f0db48e67a9a682bfd6fbceaca18f351afeaee1d1b043806d1babb71a28 |
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences
| MD5 | 1442c94dce3da4a8c22df1aeb66cf122 |
| SHA1 | 67675eed2e2c6999a679f1bd69d600ec363f1ada |
| SHA256 | 6fde3912b647b9fce592ee5ec89d3eb4a438c11a8fbfd41d8f45a2e06193ef5d |
| SHA512 | c5a3b573574c73d4e99394be276607b963f3a601fbe98ff0b538ea5344a15b3aef43cbdadf492e79e73ed58252464a968a10b2e28e263f7b25c7f150f0b6de57 |
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences
| MD5 | 7cc9a0e897da37565cfe42529e4fc690 |
| SHA1 | d34366001a5af31ca8f3fe6388d961b3e86101f1 |
| SHA256 | bcd90e5b9ad7d8f60a447ec54b4f5353ce048c3f49aedd2774faf00140cd1e8c |
| SHA512 | e762b28508a09588c57712e5d63e3ffeb2335156d34b4b5755eebe1b7ad255bbe3b011bd0292c4eb99075a83c9793f5ff408e17db2839e29ac591c3b33d1b106 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006
| MD5 | 921df38cecd4019512bbc90523bd5df5 |
| SHA1 | 5bf380ffb3a385b734b70486afcfc493462eceec |
| SHA256 | 83289571497cbf2f2859d8308982493a9c92baa23bebfb41ceed584e3a6f8f3f |
| SHA512 | 35fa5f8559570af719f8a56854d6184daa7ef218d38c257e1ad71209272d37355e9ad93aaa9fbe7e3b0a9b8b46dfc9085879b01ce7bb86dd9308d4a6f35f09e5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007
| MD5 | 15b07d0834be5ce9e1fa1265079859a1 |
| SHA1 | 9aae71abb06cd4554a594f88b09f52f6629ffdc8 |
| SHA256 | 870ca3db53a1372427fe59c45385d6ab7916ce1cfe21ddd48bc6631e45318f73 |
| SHA512 | 36d2fddbcc3c5322ed37e5c8c8292b9a52c96ac2c301776b5dad08eb8e4c80f5f565c850cb5cb70498565903c3828c0ff1f4620f33540fe645e58ce258579449 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008
| MD5 | 98a3ad25ba6bbb1c3a2771f571477292 |
| SHA1 | 80bd1832f49b7222a63ef05b664acca8183ce1e9 |
| SHA256 | 9bb58278c69600273d233c9461cafa3a65de1eea361f1333a1ad00dd41078328 |
| SHA512 | df350e0e0c3ac2c6ac7f3b714ae6340e52c2c962131b7f22eda866ea5e941b89f37e2ff99d54b01f03d73d4996b2edc27051aec49afb24d3c3ea1c9f5d3fe1ba |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 2a04c325c7503e9bda1f90f679029130 |
| SHA1 | 5b6b2957959c0251383dee7f753ba558abffe2f4 |
| SHA256 | 6b1bb98f1d156c986728a873b853ce7b449188edd453a69e7c28145c84d9a282 |
| SHA512 | 852e3363d0169fa0aeba984f6ac4bbfa371a7f361f00c3238f8a6536ad68e6d9dae232c7da9b3e9a214976d091c6d4aa1ee47a98f4625298ce5007e8c6f8b4c8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\25227aca-88f3-43bf-8210-feb652d88a56\index
| MD5 | 54cb446f628b2ea4a5bce5769910512e |
| SHA1 | c27ca848427fe87f5cf4d0e0e3cd57151b0d820d |
| SHA256 | fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d |
| SHA512 | 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0 |
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences
| MD5 | 22cd4aeb59aaf5a529c90352b40db591 |
| SHA1 | 7968f0cf7ec6bd396c85df7a62d229afc56e04a6 |
| SHA256 | d4e159160dd30d968eece354e622b98784ceda160b223d774593762e88378056 |
| SHA512 | d40ba6d02badff2622bb3731b35edda2009fde01dc519ec5b4295556dba5f82336651b851ef1d36b52a11f231f0253f81579ea70ef1805daa92c70b3d1042a33 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | c1bd14178cd36d2f6661d47932a523c1 |
| SHA1 | b08d862812e744f9f8e0c6436aaee136fb3d28b2 |
| SHA256 | e0c7a09bcadb5b33d8676ded1791616bd06263258284ce06b97675f048fff93e |
| SHA512 | 9205b2b0826cce77c23bc94df1656449344c03a79f5b5d33452aa2e7dc69b7b4c23ac50d75fcc7f58c90ccc26d9a6c01a07c9560438a0732444e356ecc60f094 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 7c04ca88a35d0022331c8abf69fb7641 |
| SHA1 | 9f2e5be5b210e9aa8b2e45e120d4e7e7f26db257 |
| SHA256 | 68c418e52113b0036bd43b5a8027a6c3caceaffaf3cf73d72cbbbe12ff30cf19 |
| SHA512 | ea5d3bd53b61825a5100ec57b7949a2453f05954f997d002b62e3c3b4c162e23f4d5b602b65bb0ab2ee8abc0c543a3b963994491a45481c975a7aa4ee55302ff |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 3876ca42096196f8c71faf3ae1d03e00 |
| SHA1 | 9427260037190b5ddd655256a190a782e6c98565 |
| SHA256 | a2b7c273501e495786cb9ba80e39eb8dc2033f5bec8a5d7f5b14c394d9b4c15f |
| SHA512 | c698f3e3511812d86dd3c9cd7f494d0e999c78355678f8581578510d9fe9b506bf4c6e24432a7721e96aa3c4bd5ff5445d88aaf32b63b6d0b2d4f0dfee8a8f5b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 688c4f963b78a9e4e43acde97d93fbec |
| SHA1 | 23df28d88e116c7aef6cb42906e32419152e5b86 |
| SHA256 | 6d088822ba459657c39e5380421622c3aedfb4dbc27c14d5d91ccfba60cf439e |
| SHA512 | 7df975aba45a322cedeb6d74035e085ae679a3d65a65f84c6470b41093e3b13a37249faa73cadb3a941d8e50628e4326064ce63a567aab1a69bf9887b0e02606 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003d
| MD5 | 3dda883b89b1f31dd1e8e0be2d4250e9 |
| SHA1 | ff69000e8307afcb2b4db7d6117b47975f9de06a |
| SHA256 | e60268695e6c66a62ad318850e45954bb22d21f2ae62fe9f0c5490dcb1e69f9b |
| SHA512 | 25176c5acc9cf658129508ccc1b7fc8e93777cc59a404caf06a0e0eeb7c10b5276923aa51d56a99ebfd45d9f05b16f598794fb31ea0aa39565770b3c3b8c8c43 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir3376_458500762\Icons Monochrome\16.png
| MD5 | a4fd4f5953721f7f3a5b4bfd58922efe |
| SHA1 | f3abed41d764efbd26bacf84c42bd8098a14c5cb |
| SHA256 | c659d57841bb33d63f7b1334200548f207340d95e8e2ae25aac7a798a08071a3 |
| SHA512 | 7fcc1ca4d6d97335e76faa65b7cfb381fb722210041bdcd3b31b0f94e15dc226eec4639547af86ae71f311f52a956dc83294c2d23f345e63b5e45e25956b2691 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | ec8829faa729ab37b685fd587c5d755e |
| SHA1 | 652ada3b340e0bca144a965d8004bc9f740e6871 |
| SHA256 | 3cc929842d149bfdcd4bd753200cc41b3c085a428384acb805454d67bde4717a |
| SHA512 | a02533821e0368048961b10a5b328ed84fb9cda34a1cef3745d38ccc12646b426d70f99d3b41da2b1d1f16a23a39133d2e02ff338ecdbe99e86311890c227865 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003e
| MD5 | 296107fd9e4b08da2a5eb5381e62e59c |
| SHA1 | 0fab647f77db64c6284dd6335f6f01696217fb88 |
| SHA256 | 9a75f06abaf3c4db9cb4110d32c18ba80356efafd79e6f6255aefc31054ff133 |
| SHA512 | 519f5c12f414e6321e63c5c2992b4eb89131334543310513ffefcb9b4cfdc9cbf9adc48854dd40daa8475b238ec4a1b1d6f31d666e5edb773f433582777bea43 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | e7d83301ebc948a28e35bc82a000fcb5 |
| SHA1 | 910ed79021a19b1ce97dedd220dcb3d87412adf2 |
| SHA256 | 4435f3a61e513ccbb2ae6dc2b794bb7873fb4b30a29aec8749bd69915f902d70 |
| SHA512 | a8f06c5205bbd850d1f480d4cde6ff0b25ffb92dc5fde4e201796b5fda6cfd48e20f4bd170b4b21bb0ee51c57a9d505fdac85d059d955881719a10a57fe92d19 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000040
| MD5 | 20adea22eec53811cc6bb3e6fb9648a1 |
| SHA1 | 89ccfb989609bb343bff0f260fbc28e78b0ae16a |
| SHA256 | d1b7f4208210049da4739648765e40bb8d8f0a7fd4e942df1d736e803739f5ea |
| SHA512 | 24342b4e909b88faa4b028aba8428bf4b3fac6203a61e74890a4c3439817444826c6d4785f0cef484b73c6116a9913c2980be3c59abaf2b3711942e1e53e6b55 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\781c75fb-9895-4a99-9ada-2bc22ea76f7d\index-dir\the-real-index
| MD5 | 5050b9e5a1db262b0d8bb1448ca27b1d |
| SHA1 | 2592f9708f5a700c5aa510ec4d5e48f083fa3365 |
| SHA256 | cb2f6195f37f9a879b63c1193f2d2c46e1926d65bf9547148f71bdaec8301ca9 |
| SHA512 | af0cc9ac940b1a866631fb59a31261e5f77fffffe76d4d7682131566c2c36fc873d0c562b6184727a440c95cef406242a71c69230268e00656f47b2338ead149 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\781c75fb-9895-4a99-9ada-2bc22ea76f7d\index-dir\the-real-index~RFe5a3f8b.TMP
| MD5 | a6aacf1634a3a20ef546493022f861a7 |
| SHA1 | ec9262dc03eb85175d61b55701fc4440039a9581 |
| SHA256 | 4234dc0322c93e7da04cef5f0cec514b10bbde80f5197fc90e6ee19a1ed4a1e7 |
| SHA512 | 1b737429dc9705fe0328e375b64c4d71a74cdd5d7e660e145207707d731ac1244200bff82c4c92a25b0422d6cf3b62f81672030b0c1c5d87915f74ce1ac72f8e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 54f8363d80348a9f8c6216c0bd21e2a1 |
| SHA1 | 92c5e70a930b495bfc15ed7004fca45f23fa849e |
| SHA256 | e1e89f9fe0d48419e65d0d2434b01738a66b22b5cc9c15048b19cbd9b858ec7f |
| SHA512 | 164842d3af7c961362b0e66a0e4ea5a84f9242b9a13c33c7d2adc396aa43dbe38df6f14c3c319995a8dda1b14bd5ecd37013be16dedbcd15a89573a5303c4f8f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 391893d41387927760ef3bc299e59cc4 |
| SHA1 | 93ef5d4a94edf19532789caa57996c2cc4ab4fca |
| SHA256 | b29b1f2b703eb0657e6e9d85d72f23d705bfeb35885d0a3d8f277d0b94e0e98f |
| SHA512 | 4236c3cd82c231d2fe053d92094a2887a9485f4af9191862c8810ccf2739f357dde970a12f58df2e1667e40ec88603c1e3573bfc248cd396903cbb782d82d68f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 3f163d798153c6816f275645c26dc898 |
| SHA1 | f937fd7a88183770041afad04a828b877d4656c5 |
| SHA256 | 2ae6c4bd527fee5ac7e10d776dc9a3a1a970bc6fdba4054ad96f7b9302d03824 |
| SHA512 | ecb610421847d7f5fe2334796fbc801e0b1b9d8083ce2b269c5339c1bfcd4fd87cb9879fd722d2572183c82badd3e1413e5a1e8f088204b793a6a528cc0e272a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000039
| MD5 | 12a946fafe430a89d3e7ee3ff37934a3 |
| SHA1 | cf46d69bf283d22c9d9d8cb980cbf50cd45f6bcc |
| SHA256 | 8fb8fe3aa67a7b73063fce39c0c40d90b7c078764c1c5a587ac0834222ad540c |
| SHA512 | 8ef266ec0bb300112865d9f01b7b418df0afa75bd301c8453ba30b879b18714b5683c61b1db519f56df496106cdd9720fd07c855a354ff3f94e0e18ce13de1db |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003f
| MD5 | fc48cf248229ad8686eb77300a78daec |
| SHA1 | 296a0ca8f11e043acf0b005e8ade51656fb2af6e |
| SHA256 | 63bd216b1612653bcbd661cee187b56f2ec2f3587cba7e638793ffe6d48a1429 |
| SHA512 | 3fa41693e2824711e981cbb0945ae7b99299689946bfe30b722bbc2a6e14701743dbd3801c1edd9a5f83da2f23a01b5f4c4de30e8b2f08cdad0d9d0ca666cf4e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 06a70c7c2817cb0d9938c15b63491a02 |
| SHA1 | c3bcd430ea1f24ebef1385aaa6b72c597d1c0b3e |
| SHA256 | ad51c45739ccb530a1e420662b8374113ff053901eafe965f3509301f80114cc |
| SHA512 | 1d7080d389124e76e7c6dddbbffc4b1cb4620169d4ffa70086f6eb62bd730230e62f4c336d5bafd0b8621a750f162d951344316c47b56e2632c8a79809c9b026 |
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences
| MD5 | d94daf8e06ca899675c1144bbb8089b1 |
| SHA1 | dabc80f586f5487c4fa57fdcca26ae360ce06042 |
| SHA256 | d151b4f3990aedc5844e84125415a904a2fd71af56df4a78cd13bab0903e59fb |
| SHA512 | 5b8e0d028002290097ec0dee48c179f4bbd6a25f8d175c0a46b3751f01fffa0c216fd1049796d7ff7f699fef51bcf86aa7412980662cac2150beabfe23844cee |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 0ea7b91e99f576fa23a03ac810ecf1a6 |
| SHA1 | d994e6cebd8310ada93a87f329cc9306a8859bec |
| SHA256 | 5a3172ab7f53f62675a4cf4d02483590b92c24d0792becb4518752cf9aa0419c |
| SHA512 | a457a77ce3faae598b26dc843726007d2c481676866b7f1099a39479ffd31fc9fa8d85c611a2255a21b780edb7fbc450e5ffcc712b738a121e0b9661ee320801 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 96a4975617c1109973e69b0daf02a825 |
| SHA1 | 895e4829fb86ef2246c013ba0e3fee5d70345237 |
| SHA256 | 989d7071f81c76ef1f25d1374ef8240674f25d51460a56b577485e72856e24c0 |
| SHA512 | dfd349b0aa5d11c1752ce79216ad03fa2fbf984f83c7cb47639bf2c0f65c92daf9eb852b3ccbb74a5466676d4f4e152e0ab1fa607071bc8ee4acd6ef3b5360af |
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences
| MD5 | c41121ebac5c87499b6e7d780ec566de |
| SHA1 | 5251b41db2880fc5a18881c28534ab587264adbb |
| SHA256 | 0f049e7c5ce94b70d1bfd403ee2b6efda5c987eead1cae7fa3864ba67abe9a55 |
| SHA512 | 3d83525ecf834d7624f44171cc2d428e5191c3e78bf8988a67321e8c69107be4560664614e66aecf3d8965ad36c97bf8d69df1d22871ac8fe2cc22c9ece9bc2e |
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\Network Persistent State
| MD5 | aab9b362e942a25027d4e3820814569e |
| SHA1 | 7b7cf5b3fa6bc07d3cf3b2454c3e1bf8db47055a |
| SHA256 | 2cd0a46b0e9269b3ed3505261b9e2480c7b8ba9c28209ad5ecff7cfeac0374f2 |
| SHA512 | fc08cb2d8011d44f91877126cf0d2155f07b499fe14bb59684f52b36b48a55474b8ad08ddd7f007cd7374e6a91569e9751842376cee6fc25ef8a3074a14d74c0 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-21 18:32
Reported
2024-06-21 18:34
Platform
win10-20240404-en
Max time kernel
134s
Max time network
135s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 512 wrote to memory of 1160 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 512 wrote to memory of 1160 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 512 wrote to memory of 1160 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1160 -s 628
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 64.43.201.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.16.208.104.in-addr.arpa | udp |