Malware Analysis Report

2024-11-15 05:22

Sample ID 240621-w6nnfayhqg
Target $RAGT9PA.exe
SHA256 2a90929580395d5f6155f09fc76682bd036ee72d72573c83763e4a7ef4510d4e
Tags
risepro discovery persistence stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

2a90929580395d5f6155f09fc76682bd036ee72d72573c83763e4a7ef4510d4e

Threat Level: Known bad

The file $RAGT9PA.exe was found to be: Known bad.

Malicious Activity Summary

risepro discovery persistence stealer

RisePro

Downloads MZ/PE file

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Adds Run key to start application

Checks installed software on the system

Drops file in Windows directory

Unsigned PE

Enumerates physical storage devices

Program crash

Suspicious behavior: MapViewOfSection

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Checks SCSI registry key(s)

Suspicious use of FindShellTrayWindow

Suspicious use of AdjustPrivilegeToken

Enumerates system info in registry

Modifies Internet Explorer settings

Suspicious use of SetWindowsHookEx

NTFS ADS

Modifies data under HKEY_USERS

Modifies registry class

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-21 18:32

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-21 18:32

Reported

2024-06-21 18:34

Platform

win10-20240404-en

Max time kernel

135s

Max time network

137s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\inetc.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4144 wrote to memory of 4644 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 4144 wrote to memory of 4644 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 4144 wrote to memory of 4644 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\inetc.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\inetc.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4644 -s 628

Network

Country Destination Domain Proto
US 8.8.8.8:53 66.43.201.23.in-addr.arpa udp
US 8.8.8.8:53 171.117.168.52.in-addr.arpa udp
US 8.8.8.8:53 100.58.20.217.in-addr.arpa udp

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-06-21 18:32

Reported

2024-06-21 18:34

Platform

win10-20240404-en

Max time kernel

133s

Max time network

135s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsDialogs.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4920 wrote to memory of 3244 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 4920 wrote to memory of 3244 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 4920 wrote to memory of 3244 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsDialogs.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsDialogs.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3244 -s 648

Network

Country Destination Domain Proto
US 8.8.8.8:53 64.43.201.23.in-addr.arpa udp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 95.16.208.104.in-addr.arpa udp

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-06-21 18:32

Reported

2024-06-21 18:34

Platform

win10-20240404-en

Max time kernel

78s

Max time network

80s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsJSON.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4864 wrote to memory of 4376 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 4864 wrote to memory of 4376 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 4864 wrote to memory of 4376 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsJSON.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsJSON.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4376 -s 624

Network

Country Destination Domain Proto
US 8.8.8.8:53 66.43.201.23.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-21 18:32

Reported

2024-06-21 18:35

Platform

win10-20240404-en

Max time kernel

209s

Max time network

211s

Command Line

"C:\Users\Admin\AppData\Local\Temp\$RAGT9PA.exe"

Signatures

RisePro

stealer risepro

Downloads MZ/PE file

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\$RAGT9PA.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Control Panel\International\Geo\Nation C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Control Panel\International\Geo\Nation C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Control Panel\International\Geo\Nation C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\$RAGT9PA.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\$RAGT9PA.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\$RAGT9PA.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\$RAGT9PA.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\$RAGT9PA.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\$RAGT9PA.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\$RAGT9PA.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\$RAGT9PA.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\$RAGT9PA.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\$RAGT9PA.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nsl6FC3.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nsl6FC3.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nsl6FC3.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nsl6FC3.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nsl6FC3.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nsl6FC3.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nsl6FC3.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nsl6FC3.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nsl6FC3.tmp N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Windows\CurrentVersion\Run\PCAppStore = "\"C:\\Users\\Admin\\PCAppStore\\PCAppStore.exe\" /init default" C:\Users\Admin\AppData\Local\Temp\nsl6FC3.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Windows\CurrentVersion\Run\PcAppStoreUpdater = "\"C:\\Users\\Admin\\PCAppStore\\AutoUpdater.exe\" /i" C:\Users\Admin\AppData\Local\Temp\nsl6FC3.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Windows\CurrentVersion\Run\PcAppStoreWatchdog = "\"C:\\Users\\Admin\\PCAppStore\\PcAppStoreWatchdog.exe\" /guid=98F325B1-1085-43B7-8E27-43D9CDB6EA3FX /rid=20240621183256.298240640468 /ver=fa.1091o" C:\Users\Admin\AppData\Local\Temp\nsl6FC3.tmp N/A

Checks installed software on the system

discovery

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File opened for modification C:\Windows\Debug\ESE.TXT C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\system32\browser_broker.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133634683940978873" C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Key created \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\NGC\SoftLockoutVolatileKey \??\c:\windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 37bc035e09c4da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$http://www.typepad.com/ C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BingPageData C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{A8A88C49-5EB2-4990-A1A2-08760 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BingPageData\RulesFileNextUpdateDate = "425156855" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\OneTimeCleanup = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OnlineHistory C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$WordPress C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\CTLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath\dummySetting = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\LowMic C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\IETld\LowMic C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI\IsSignedIn = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Revision = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DeviceId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionHigh = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = a8f7df5d09c4da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History\CacheLimit = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListDOSTime = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VendorId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History\CacheLimit = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\FileNames C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA\CTLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionHigh = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\LastCleanup = 74227c6309c4da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\TreeView = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 0b07ea7109c4da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\PrivacyAdvanced = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modif = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\NextUpdateDate = "425759720" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$blogger C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$Telligent C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\FileVersion = "2016061511" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust\Certificates C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\DisallowDefaultBrowserPrompt = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

NTFS ADS

Description Indicator Process Target
File created C:\Users\Admin\PCAppStore\assets\images\css2?family=Inter:wght@400;500;600;700&family=Open+Sans:wght@400;600;700&family=Roboto:wght@400;500;700&display=swap C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\$RAGT9PA.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\$RAGT9PA.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\$RAGT9PA.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\$RAGT9PA.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\$RAGT9PA.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\$RAGT9PA.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\$RAGT9PA.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\$RAGT9PA.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nsl6FC3.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nsl6FC3.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nsl6FC3.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nsl6FC3.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nsl6FC3.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nsl6FC3.tmp N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStoreWatchdog.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStoreWatchdog.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStoreWatchdog.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStoreWatchdog.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4816 wrote to memory of 4732 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4816 wrote to memory of 4732 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4816 wrote to memory of 4732 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4816 wrote to memory of 4732 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4816 wrote to memory of 4732 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4816 wrote to memory of 4732 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4816 wrote to memory of 4732 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4816 wrote to memory of 4732 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4816 wrote to memory of 4732 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4816 wrote to memory of 4732 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3896 wrote to memory of 4564 N/A C:\Users\Admin\AppData\Local\Temp\$RAGT9PA.exe C:\Users\Admin\AppData\Local\Temp\nsl6FC3.tmp
PID 3896 wrote to memory of 4564 N/A C:\Users\Admin\AppData\Local\Temp\$RAGT9PA.exe C:\Users\Admin\AppData\Local\Temp\nsl6FC3.tmp
PID 3896 wrote to memory of 4564 N/A C:\Users\Admin\AppData\Local\Temp\$RAGT9PA.exe C:\Users\Admin\AppData\Local\Temp\nsl6FC3.tmp
PID 4564 wrote to memory of 2752 N/A C:\Users\Admin\AppData\Local\Temp\nsl6FC3.tmp C:\Users\Admin\PCAppStore\PcAppStore.exe
PID 4564 wrote to memory of 2752 N/A C:\Users\Admin\AppData\Local\Temp\nsl6FC3.tmp C:\Users\Admin\PCAppStore\PcAppStore.exe
PID 4564 wrote to memory of 2752 N/A C:\Users\Admin\AppData\Local\Temp\nsl6FC3.tmp C:\Users\Admin\PCAppStore\PcAppStore.exe
PID 4564 wrote to memory of 316 N/A C:\Users\Admin\AppData\Local\Temp\nsl6FC3.tmp C:\Users\Admin\PCAppStore\PcAppStoreWatchdog.exe
PID 4564 wrote to memory of 316 N/A C:\Users\Admin\AppData\Local\Temp\nsl6FC3.tmp C:\Users\Admin\PCAppStore\PcAppStoreWatchdog.exe
PID 2752 wrote to memory of 4316 N/A C:\Users\Admin\PCAppStore\PcAppStore.exe C:\Users\Admin\PCAppStore\nwjs\NW_store.exe
PID 2752 wrote to memory of 4316 N/A C:\Users\Admin\PCAppStore\PcAppStore.exe C:\Users\Admin\PCAppStore\nwjs\NW_store.exe
PID 4316 wrote to memory of 4740 N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe C:\Users\Admin\PCAppStore\nwjs\NW_store.exe
PID 4316 wrote to memory of 4740 N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe C:\Users\Admin\PCAppStore\nwjs\NW_store.exe
PID 4740 wrote to memory of 4160 N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe C:\Users\Admin\PCAppStore\nwjs\NW_store.exe
PID 4740 wrote to memory of 4160 N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe C:\Users\Admin\PCAppStore\nwjs\NW_store.exe
PID 4316 wrote to memory of 4672 N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe C:\Users\Admin\PCAppStore\nwjs\NW_store.exe
PID 4316 wrote to memory of 4672 N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe C:\Users\Admin\PCAppStore\nwjs\NW_store.exe
PID 4316 wrote to memory of 4856 N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe C:\Users\Admin\PCAppStore\nwjs\NW_store.exe
PID 4316 wrote to memory of 4856 N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe C:\Users\Admin\PCAppStore\nwjs\NW_store.exe
PID 4316 wrote to memory of 4980 N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe C:\Users\Admin\PCAppStore\nwjs\NW_store.exe
PID 4316 wrote to memory of 4980 N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe C:\Users\Admin\PCAppStore\nwjs\NW_store.exe
PID 4316 wrote to memory of 5276 N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe C:\Users\Admin\PCAppStore\nwjs\NW_store.exe
PID 4316 wrote to memory of 5276 N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe C:\Users\Admin\PCAppStore\nwjs\NW_store.exe
PID 4316 wrote to memory of 5448 N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe C:\Users\Admin\PCAppStore\nwjs\NW_store.exe
PID 4316 wrote to memory of 5448 N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe C:\Users\Admin\PCAppStore\nwjs\NW_store.exe
PID 4316 wrote to memory of 5472 N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe C:\Users\Admin\PCAppStore\nwjs\NW_store.exe
PID 4316 wrote to memory of 5472 N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe C:\Users\Admin\PCAppStore\nwjs\NW_store.exe
PID 4816 wrote to memory of 4732 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4816 wrote to memory of 4732 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4816 wrote to memory of 4732 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4816 wrote to memory of 4732 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4816 wrote to memory of 4732 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4816 wrote to memory of 4732 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4816 wrote to memory of 4732 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4816 wrote to memory of 4732 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4816 wrote to memory of 4732 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4816 wrote to memory of 4732 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4816 wrote to memory of 4732 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4816 wrote to memory of 4732 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4816 wrote to memory of 4732 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4816 wrote to memory of 4732 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4816 wrote to memory of 4732 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4816 wrote to memory of 4732 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4816 wrote to memory of 4732 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4816 wrote to memory of 4732 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4816 wrote to memory of 4732 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4816 wrote to memory of 4732 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4816 wrote to memory of 4732 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4816 wrote to memory of 4732 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4816 wrote to memory of 4732 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4816 wrote to memory of 4732 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4816 wrote to memory of 4732 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4816 wrote to memory of 4732 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3376 wrote to memory of 5820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3376 wrote to memory of 5820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Users\Admin\AppData\Local\Temp\$RAGT9PA.exe

"C:\Users\Admin\AppData\Local\Temp\$RAGT9PA.exe"

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x40c

C:\Users\Admin\AppData\Local\Temp\nsl6FC3.tmp

"C:\Users\Admin\AppData\Local\Temp\nsl6FC3.tmp" /internal 1718922877654342 /force

C:\Users\Admin\PCAppStore\PcAppStore.exe

"C:\Users\Admin\PCAppStore\PcAppStore.exe" /init default

C:\Users\Admin\PCAppStore\PcAppStoreWatchdog.exe

"C:\Users\Admin\PCAppStore\PcAppStoreWatchdog.exe" /guid=98F325B1-1085-43B7-8E27-43D9CDB6EA3FX /rid=20240621183256.298240640468 /ver=fa.1091o

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Users\Admin\PCAppStore\nwjs\NW_store.exe

.\nwjs\NW_store.exe .\ui\.

C:\Users\Admin\PCAppStore\nwjs\NW_store.exe

C:\Users\Admin\PCAppStore\nwjs\NW_store.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\pc_app_store\User Data" /prefetch:4 --monitor-self --monitor-self-argument=--type=crashpad-handler "--monitor-self-argument=--user-data-dir=C:\Users\Admin\AppData\Local\pc_app_store\User Data" --monitor-self-argument=/prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\pc_app_store\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\pc_app_store\User Data" --annotation=plat=Win64 --annotation=prod=pc_app_store --annotation=ver=0.1.0 --initial-client-data=0x284,0x288,0x28c,0x280,0x290,0x7ffa2180a960,0x7ffa2180a970,0x7ffa2180a980

C:\Users\Admin\PCAppStore\nwjs\NW_store.exe

C:\Users\Admin\PCAppStore\nwjs\NW_store.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\pc_app_store\User Data" /prefetch:4 --no-periodic-tasks --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\pc_app_store\User Data\Crashpad" --annotation=plat=Win64 --annotation=prod=pc_app_store --annotation=ver=0.1.0 --initial-client-data=0x168,0x16c,0x170,0x130,0x174,0x7ff6d9e58a60,0x7ff6d9e58a70,0x7ff6d9e58a80

C:\Users\Admin\PCAppStore\nwjs\NW_store.exe

"C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=gpu-process --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --no-appcompat-clear --start-stack-profiler --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1924 --field-trial-handle=1928,i,3246967641921967596,218835699009061578,262144 --variations-seed-version /prefetch:2

C:\Users\Admin\PCAppStore\nwjs\NW_store.exe

"C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --no-appcompat-clear --start-stack-profiler --mojo-platform-channel-handle=1932 --field-trial-handle=1928,i,3246967641921967596,218835699009061578,262144 --variations-seed-version /prefetch:3

C:\Users\Admin\PCAppStore\nwjs\NW_store.exe

"C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --no-appcompat-clear --mojo-platform-channel-handle=2056 --field-trial-handle=1928,i,3246967641921967596,218835699009061578,262144 --variations-seed-version /prefetch:8

C:\Users\Admin\PCAppStore\nwjs\NW_store.exe

"C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --nwjs --extension-process --no-appcompat-clear --no-sandbox --file-url-path-alias="/gen=C:\Users\Admin\PCAppStore\nwjs\gen" --no-zygote --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2980 --field-trial-handle=1928,i,3246967641921967596,218835699009061578,262144 --variations-seed-version /prefetch:2

C:\Users\Admin\PCAppStore\nwjs\NW_store.exe

"C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --no-appcompat-clear --mojo-platform-channel-handle=4204 --field-trial-handle=1928,i,3246967641921967596,218835699009061578,262144 --variations-seed-version /prefetch:8

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Users\Admin\PCAppStore\nwjs\NW_store.exe

"C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --no-appcompat-clear --mojo-platform-channel-handle=4304 --field-trial-handle=1928,i,3246967641921967596,218835699009061578,262144 --variations-seed-version /prefetch:8

\??\c:\windows\system32\svchost.exe

c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s NgcSvc

\??\c:\windows\system32\svchost.exe

c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s DeviceAssociationService

\??\c:\windows\system32\svchost.exe

c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s NgcCtnrSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffa0c869758,0x7ffa0c869768,0x7ffa0c869778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1636 --field-trial-handle=1784,i,12899513882329150784,17491032592219954965,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2012 --field-trial-handle=1784,i,12899513882329150784,17491032592219954965,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2076 --field-trial-handle=1784,i,12899513882329150784,17491032592219954965,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2880 --field-trial-handle=1784,i,12899513882329150784,17491032592219954965,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2888 --field-trial-handle=1784,i,12899513882329150784,17491032592219954965,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4460 --field-trial-handle=1784,i,12899513882329150784,17491032592219954965,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4600 --field-trial-handle=1784,i,12899513882329150784,17491032592219954965,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4784 --field-trial-handle=1784,i,12899513882329150784,17491032592219954965,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4824 --field-trial-handle=1784,i,12899513882329150784,17491032592219954965,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4960 --field-trial-handle=1784,i,12899513882329150784,17491032592219954965,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4964 --field-trial-handle=1784,i,12899513882329150784,17491032592219954965,131072 /prefetch:8

C:\Users\Admin\PCAppStore\nwjs\NW_store.exe

"C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --no-appcompat-clear --mojo-platform-channel-handle=3508 --field-trial-handle=1928,i,3246967641921967596,218835699009061578,262144 --variations-seed-version /prefetch:8

C:\Users\Admin\PCAppStore\nwjs\NW_store.exe

"C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --no-appcompat-clear --mojo-platform-channel-handle=4476 --field-trial-handle=1928,i,3246967641921967596,218835699009061578,262144 --variations-seed-version /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5320 --field-trial-handle=1784,i,12899513882329150784,17491032592219954965,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3720 --field-trial-handle=1784,i,12899513882329150784,17491032592219954965,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5536 --field-trial-handle=1784,i,12899513882329150784,17491032592219954965,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5412 --field-trial-handle=1784,i,12899513882329150784,17491032592219954965,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5752 --field-trial-handle=1784,i,12899513882329150784,17491032592219954965,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5356 --field-trial-handle=1784,i,12899513882329150784,17491032592219954965,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=6040 --field-trial-handle=1784,i,12899513882329150784,17491032592219954965,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5436 --field-trial-handle=1784,i,12899513882329150784,17491032592219954965,131072 /prefetch:1

C:\Users\Admin\PCAppStore\nwjs\NW_store.exe

"C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --no-appcompat-clear --start-stack-profiler --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=4344 --field-trial-handle=1928,i,3246967641921967596,218835699009061578,262144 --variations-seed-version /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=1712 --field-trial-handle=1784,i,12899513882329150784,17491032592219954965,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=6020 --field-trial-handle=1784,i,12899513882329150784,17491032592219954965,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5292 --field-trial-handle=1784,i,12899513882329150784,17491032592219954965,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5132 --field-trial-handle=1784,i,12899513882329150784,17491032592219954965,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=4800 --field-trial-handle=1784,i,12899513882329150784,17491032592219954965,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=4672 --field-trial-handle=1784,i,12899513882329150784,17491032592219954965,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=2888 --field-trial-handle=1784,i,12899513882329150784,17491032592219954965,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5968 --field-trial-handle=1784,i,12899513882329150784,17491032592219954965,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5844 --field-trial-handle=1784,i,12899513882329150784,17491032592219954965,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5368 --field-trial-handle=1784,i,12899513882329150784,17491032592219954965,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5232 --field-trial-handle=1784,i,12899513882329150784,17491032592219954965,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5092 --field-trial-handle=1784,i,12899513882329150784,17491032592219954965,131072 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 pcapp.store udp
US 209.222.21.115:443 pcapp.store tcp
US 8.8.8.8:53 25.24.18.2.in-addr.arpa udp
US 8.8.8.8:53 115.21.222.209.in-addr.arpa udp
US 8.8.8.8:53 delivery.pcapp.store udp
GB 89.187.167.4:443 delivery.pcapp.store tcp
US 209.222.21.115:443 pcapp.store tcp
US 209.222.21.115:443 pcapp.store tcp
US 8.8.8.8:53 4.167.187.89.in-addr.arpa udp
US 8.8.8.8:53 11.97.55.23.in-addr.arpa udp
US 8.8.8.8:53 repository.pcapp.store udp
GB 195.181.164.19:443 repository.pcapp.store tcp
GB 195.181.164.19:443 repository.pcapp.store tcp
US 8.8.8.8:53 c.pki.goog udp
GB 172.217.169.67:80 c.pki.goog tcp
US 8.8.8.8:53 o.pki.goog udp
GB 172.217.169.67:80 o.pki.goog tcp
GB 172.217.169.67:80 o.pki.goog tcp
US 209.222.21.115:443 pcapp.store tcp
US 209.222.21.115:443 pcapp.store tcp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 104.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 19.164.181.195.in-addr.arpa udp
US 8.8.8.8:53 67.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 google.com udp
GB 142.250.179.226:443 googleads.g.doubleclick.net tcp
GB 142.250.179.226:443 googleads.g.doubleclick.net tcp
GB 142.250.179.226:443 googleads.g.doubleclick.net tcp
GB 142.250.178.14:443 google.com tcp
GB 142.250.178.14:443 google.com tcp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 www.google.co.uk udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
BE 64.233.166.156:443 stats.g.doubleclick.net tcp
BE 64.233.166.156:443 stats.g.doubleclick.net tcp
US 216.239.34.36:443 region1.analytics.google.com tcp
US 216.239.34.36:443 region1.analytics.google.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 226.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 14.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 156.166.233.64.in-addr.arpa udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 36.34.239.216.in-addr.arpa udp
GB 142.250.200.3:443 www.google.co.uk tcp
GB 142.250.200.3:443 www.google.co.uk tcp
GB 142.250.200.3:443 www.google.co.uk tcp
GB 142.250.200.3:443 www.google.co.uk tcp
US 8.8.8.8:53 3.200.250.142.in-addr.arpa udp
US 209.222.21.115:443 pcapp.store tcp
US 209.222.21.115:443 pcapp.store tcp
US 8.8.8.8:53 d74queuslupub.cloudfront.net udp
GB 18.244.114.121:443 d74queuslupub.cloudfront.net tcp
US 8.8.8.8:53 121.114.244.18.in-addr.arpa udp
US 8.8.8.8:53 145.178.204.143.in-addr.arpa udp
US 8.8.8.8:53 113.216.138.108.in-addr.arpa udp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
US 209.222.21.115:443 pcapp.store tcp
US 8.8.8.8:53 pcapp.store udp
US 8.8.8.8:53 pcapp.store udp
US 45.32.1.23:443 pcapp.store tcp
US 8.8.8.8:53 23.1.32.45.in-addr.arpa udp
US 209.222.21.115:80 pcapp.store tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 209.222.21.115:443 pcapp.store tcp
US 209.222.21.115:443 pcapp.store tcp
US 209.222.21.115:443 pcapp.store tcp
US 209.222.21.115:443 pcapp.store tcp
GB 142.250.187.196:443 www.google.com udp
US 209.222.21.115:443 pcapp.store tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 209.222.21.115:443 pcapp.store tcp
US 209.222.21.115:443 pcapp.store tcp
US 8.8.4.4:443 dns.google udp
US 8.8.8.8:53 repcdn.pcapp.store udp
US 209.222.21.115:443 pcapp.store tcp
US 209.222.21.115:443 pcapp.store tcp
US 209.222.21.115:443 pcapp.store tcp
US 209.222.21.115:443 pcapp.store tcp
US 209.222.21.115:443 pcapp.store tcp
US 209.222.21.115:443 pcapp.store tcp
US 209.222.21.115:443 pcapp.store tcp
US 209.222.21.115:443 pcapp.store tcp
US 209.222.21.115:443 pcapp.store tcp
US 209.222.21.115:443 pcapp.store tcp
US 209.222.21.115:443 pcapp.store tcp
GB 195.181.164.15:443 tcp
GB 195.181.164.15:443 tcp
GB 195.181.164.15:443 tcp
GB 195.181.164.15:443 tcp
GB 195.181.164.15:443 tcp
GB 195.181.164.15:443 tcp
GB 195.181.164.14:443 tcp
GB 195.181.164.14:443 tcp
GB 195.181.164.14:443 tcp
GB 195.181.164.14:443 tcp
GB 195.181.164.14:443 tcp
GB 195.181.164.14:443 tcp
GB 195.181.164.19:443 repcdn.pcapp.store tcp
GB 195.181.164.19:443 repcdn.pcapp.store tcp
GB 195.181.164.19:443 repcdn.pcapp.store tcp
US 8.8.8.8:53 repository.pcapp.store udp
GB 89.187.167.7:443 repository.pcapp.store tcp
GB 89.187.167.7:443 repository.pcapp.store tcp
GB 89.187.167.7:443 repository.pcapp.store tcp
GB 89.187.167.7:443 repository.pcapp.store tcp
GB 89.187.167.7:443 repository.pcapp.store tcp
GB 89.187.167.7:443 repository.pcapp.store tcp
GB 89.187.167.7:443 repository.pcapp.store tcp
US 8.8.8.8:53 4.4.8.8.in-addr.arpa udp
US 8.8.8.8:53 15.164.181.195.in-addr.arpa udp
US 8.8.8.8:53 14.164.181.195.in-addr.arpa udp
US 8.8.8.8:53 7.167.187.89.in-addr.arpa udp
GB 89.187.167.7:443 repository.pcapp.store tcp
GB 89.187.167.7:443 repository.pcapp.store tcp
US 8.8.8.8:53 ev.pcapp.store udp
US 147.182.211.77:443 ev.pcapp.store tcp
US 8.8.8.8:53 77.211.182.147.in-addr.arpa udp
US 8.8.8.8:53 evcs-ocsp.ws.symantec.com udp
US 152.199.19.74:80 evcs-ocsp.ws.symantec.com tcp
US 8.8.8.8:53 74.19.199.152.in-addr.arpa udp
GB 216.58.212.234:443 tcp
US 8.8.8.8:53 234.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 apis.google.com udp
GB 142.250.200.14:443 apis.google.com tcp
US 8.8.8.8:53 195.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.179.238:443 play.google.com tcp
US 8.8.8.8:53 clients2.google.com udp
GB 142.250.187.238:443 clients2.google.com tcp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 76.234.34.23.in-addr.arpa udp
BE 88.221.83.200:443 www.bing.com tcp
BE 88.221.83.200:443 www.bing.com tcp
US 8.8.8.8:53 128.233.34.23.in-addr.arpa udp
US 8.8.8.8:53 200.83.221.88.in-addr.arpa udp
GB 142.250.187.196:443 www.google.com udp
GB 142.250.179.238:443 play.google.com udp
US 147.182.211.77:443 ev.pcapp.store tcp
US 8.8.8.8:53 consent.google.com udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 142.250.180.10:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 10.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 id.google.com udp
GB 142.250.180.3:443 id.google.com tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 216.58.204.86:443 i.ytimg.com tcp
GB 216.58.204.86:443 i.ytimg.com tcp
GB 216.58.204.86:443 i.ytimg.com tcp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 86.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 www.youtube.com udp
GB 216.58.204.86:443 i.ytimg.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 216.58.213.6:443 static.doubleclick.net tcp
GB 172.217.169.74:443 jnn-pa.googleapis.com udp
GB 142.250.179.238:443 www.youtube.com udp
US 8.8.8.8:53 fluxus-team.net udp
US 172.67.222.110:443 fluxus-team.net tcp
US 172.67.222.110:443 fluxus-team.net tcp
GB 142.250.180.2:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 stats.wp.com udp
US 172.67.222.110:443 fluxus-team.net udp
US 8.8.8.8:53 6.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 74.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 110.222.67.172.in-addr.arpa udp
US 192.0.76.3:443 stats.wp.com tcp
GB 142.250.180.2:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 pixel.wp.com udp
US 8.8.8.8:53 magictag.digislots.in udp
GB 154.49.138.246:443 magictag.digislots.in tcp
US 8.8.8.8:53 generat-script.digislots.in udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
DE 77.37.66.8:443 generat-script.digislots.in tcp
GB 142.250.200.34:443 securepubads.g.doubleclick.net tcp
GB 142.250.200.34:443 securepubads.g.doubleclick.net tcp
DE 77.37.66.8:443 generat-script.digislots.in tcp
US 8.8.8.8:53 2.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 2.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 3.76.0.192.in-addr.arpa udp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 246.138.49.154.in-addr.arpa udp
US 8.8.8.8:53 34.200.250.142.in-addr.arpa udp
GB 142.250.200.34:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 b99f274b8fdd5cbe9040c23a41e271a6.safeframe.googlesyndication.com udp
US 8.8.8.8:53 syndicatedsearch.goog udp
GB 172.217.169.65:443 b99f274b8fdd5cbe9040c23a41e271a6.safeframe.googlesyndication.com tcp
US 8.8.8.8:53 partner.googleadservices.com udp
US 8.8.8.8:53 cdn.ampproject.org udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 172.217.16.225:443 tpc.googlesyndication.com tcp
GB 142.250.187.193:443 cdn.ampproject.org tcp
GB 142.250.187.193:443 cdn.ampproject.org tcp
GB 142.250.187.193:443 cdn.ampproject.org tcp
GB 142.250.187.193:443 cdn.ampproject.org tcp
GB 142.250.187.193:443 cdn.ampproject.org tcp
US 8.8.8.8:53 8.66.37.77.in-addr.arpa udp
US 8.8.8.8:53 65.169.217.172.in-addr.arpa udp
DE 77.37.66.8:443 generat-script.digislots.in udp
GB 172.217.16.238:443 syndicatedsearch.goog tcp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
GB 172.217.16.238:443 syndicatedsearch.goog udp
US 8.8.8.8:53 www.adsensecustomsearchads.com udp
US 8.8.8.8:53 afs.googleusercontent.com udp
GB 172.217.16.225:443 afs.googleusercontent.com tcp
GB 172.217.16.225:443 afs.googleusercontent.com tcp
US 8.8.8.8:53 193.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 225.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 cse.google.com udp
US 8.8.8.8:53 reports.magicbid.ai udp
GB 172.217.169.46:443 cse.google.com tcp
IN 217.21.82.103:443 reports.magicbid.ai tcp
GB 172.217.169.46:443 cse.google.com udp
US 8.8.8.8:53 clients1.google.com udp
GB 142.250.187.238:443 clients1.google.com tcp
US 8.8.8.8:53 46.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 103.82.21.217.in-addr.arpa udp
US 8.8.4.4:443 dns.google udp
GB 142.250.187.196:443 www.google.com udp
GB 154.49.138.246:443 magictag.digislots.in udp
US 216.239.32.36:443 region1.google-analytics.com udp
US 192.0.76.3:443 pixel.wp.com udp
US 8.8.8.8:53 88ae84a82c40a693507e6678edef04a3.safeframe.googlesyndication.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
FR 216.58.215.35:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 e2c8.gcp.gvt2.com udp
SG 34.87.124.238:443 e2c8.gcp.gvt2.com tcp
SG 34.87.124.238:443 e2c8.gcp.gvt2.com tcp
US 8.8.8.8:53 35.215.58.216.in-addr.arpa udp
US 8.8.8.8:53 238.124.87.34.in-addr.arpa udp
US 8.8.8.8:53 beacons.gvt2.com udp
GB 172.217.169.3:443 beacons.gvt2.com tcp
GB 172.217.169.3:443 beacons.gvt2.com tcp
FR 216.58.215.35:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 3.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 215.143.182.52.in-addr.arpa udp
US 8.8.8.8:53 google.com udp
GB 142.250.178.14:443 google.com tcp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 e2c68.gcp.gvt2.com udp
ZA 34.35.20.64:443 e2c68.gcp.gvt2.com tcp
ZA 34.35.20.64:443 e2c68.gcp.gvt2.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 64.20.35.34.in-addr.arpa udp
GB 142.250.179.238:443 www.youtube.com udp
GB 172.217.169.3:443 beacons.gvt2.com udp
US 8.8.8.8:53 e2c13.gcp.gvt2.com udp
FI 35.228.141.16:443 e2c13.gcp.gvt2.com tcp
US 8.8.8.8:53 16.141.228.35.in-addr.arpa udp
GB 142.250.180.3:443 id.google.com udp
US 8.8.8.8:53 beacons2.gvt2.com udp
US 142.251.182.94:443 beacons2.gvt2.com tcp
GB 216.58.204.86:443 i.ytimg.com udp
US 8.8.8.8:53 94.182.251.142.in-addr.arpa udp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.180.2:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.187.202:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
GB 142.250.180.2:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 accounts.google.com udp
BE 74.125.206.84:443 accounts.google.com tcp
BE 74.125.206.84:443 accounts.google.com udp
US 8.8.8.8:53 84.206.125.74.in-addr.arpa udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 142.250.179.238:443 www.youtube.com udp
US 8.8.8.8:53 consent.youtube.com udp
GB 216.58.212.206:443 consent.youtube.com tcp
US 8.8.8.8:53 206.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 rr5---sn-q4fzen7r.googlevideo.com udp
US 173.194.141.74:443 rr5---sn-q4fzen7r.googlevideo.com tcp
US 173.194.141.74:443 rr5---sn-q4fzen7r.googlevideo.com tcp
US 173.194.141.74:443 rr5---sn-q4fzen7r.googlevideo.com tcp
US 173.194.141.74:443 rr5---sn-q4fzen7r.googlevideo.com tcp
GB 216.58.213.6:443 static.doubleclick.net udp
US 8.8.8.8:53 74.141.194.173.in-addr.arpa udp
US 173.194.141.74:443 rr5---sn-q4fzen7r.googlevideo.com tcp
US 173.194.141.74:443 rr5---sn-q4fzen7r.googlevideo.com tcp
US 8.8.8.8:53 suggestqueries-clients6.youtube.com udp
GB 172.217.16.238:443 suggestqueries-clients6.youtube.com tcp
GB 172.217.16.238:443 suggestqueries-clients6.youtube.com udp
GB 172.217.16.238:443 suggestqueries-clients6.youtube.com tcp
GB 172.217.16.238:443 suggestqueries-clients6.youtube.com udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.200.46:443 youtube.com tcp
US 8.8.8.8:53 46.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 yt3.ggpht.com udp
GB 142.250.180.1:443 yt3.ggpht.com tcp
GB 142.250.180.1:443 yt3.ggpht.com tcp
US 8.8.8.8:53 1.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 6.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 lh5.googleusercontent.com udp
GB 172.217.16.225:443 lh5.googleusercontent.com udp
US 8.8.8.8:53 rr1---sn-aigl6nek.googlevideo.com udp
GB 173.194.183.102:443 rr1---sn-aigl6nek.googlevideo.com tcp
US 8.8.8.8:53 102.183.194.173.in-addr.arpa udp
GB 173.194.183.102:443 rr1---sn-aigl6nek.googlevideo.com udp
GB 142.250.180.1:443 yt3.ggpht.com udp
US 8.8.8.8:53 beacons4.gvt2.com udp
US 216.239.32.116:443 beacons4.gvt2.com tcp
US 216.239.32.116:443 beacons4.gvt2.com tcp
US 216.239.32.116:443 beacons4.gvt2.com udp
US 8.8.8.8:53 116.32.239.216.in-addr.arpa udp

Files

\Users\Admin\AppData\Local\Temp\nst5C98.tmp\System.dll

MD5 cff85c549d536f651d4fb8387f1976f2
SHA1 d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e
SHA256 8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8
SHA512 531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

\Users\Admin\AppData\Local\Temp\nst5C98.tmp\nsJSON.dll

MD5 f4d89d9a2a3e2f164aea3e93864905c9
SHA1 4d4e05ee5e4e77a0631a3dd064c171ba2e227d4a
SHA256 64b3efdf3de54e338d4db96b549a7bdb7237bb88a82a0a63aef570327a78a6fb
SHA512 dbda3fe7ca22c23d2d0f2a5d9d415a96112e2965081582c7a42c139a55c5d861a27f0bd919504de4f82c59cf7d1b97f95ed5a55e87d574635afdb7eb2d8cadf2

\Users\Admin\AppData\Local\Temp\nst5C98.tmp\nsDialogs.dll

MD5 6c3f8c94d0727894d706940a8a980543
SHA1 0d1bcad901be377f38d579aafc0c41c0ef8dcefd
SHA256 56b96add1978b1abba286f7f8982b0efbe007d4a48b3ded6a4d408e01d753fe2
SHA512 2094f0e4bb7c806a5ff27f83a1d572a5512d979eefda3345baff27d2c89e828f68466d08c3ca250da11b01fc0407a21743037c25e94fbe688566dd7deaebd355

\Users\Admin\AppData\Local\Temp\nst5C98.tmp\inetc.dll

MD5 a35cdc9cf1d17216c0ab8c5282488ead
SHA1 ed8e8091a924343ad8791d85e2733c14839f0d36
SHA256 a793929232afb78b1c5b2f45d82094098bcf01523159fad1032147d8d5f9c4df
SHA512 0f15b00d0bf2aabd194302e599d69962147b4b3ef99e5a5f8d5797a7a56fd75dd9db0a667cfba9c758e6f0dab9ced126a9b43948935fe37fc31d96278a842bdf

memory/4340-30-0x000002AB37020000-0x000002AB37030000-memory.dmp

memory/4340-46-0x000002AB37120000-0x000002AB37130000-memory.dmp

memory/4340-65-0x000002AB362A0000-0x000002AB362A2000-memory.dmp

memory/2280-84-0x0000018573BC0000-0x0000018573CC0000-memory.dmp

memory/2280-86-0x0000018573BC0000-0x0000018573CC0000-memory.dmp

memory/4732-99-0x000001F71BB00000-0x000001F71BC00000-memory.dmp

memory/4732-119-0x000001F72C320000-0x000001F72C322000-memory.dmp

memory/4732-121-0x000001F72C7F0000-0x000001F72C7F2000-memory.dmp

memory/4732-125-0x000001F72C8B0000-0x000001F72C8B2000-memory.dmp

memory/4732-123-0x000001F72C890000-0x000001F72C892000-memory.dmp

memory/4732-133-0x000001F72CBD0000-0x000001F72CBD2000-memory.dmp

memory/4732-131-0x000001F72CBB0000-0x000001F72CBB2000-memory.dmp

memory/4732-129-0x000001F72C8F0000-0x000001F72C8F2000-memory.dmp

memory/4732-127-0x000001F72C8D0000-0x000001F72C8D2000-memory.dmp

memory/4732-138-0x000001F72D820000-0x000001F72D840000-memory.dmp

memory/4732-326-0x000001F72C0A0000-0x000001F72C0B0000-memory.dmp

memory/4732-328-0x000001F72C0A0000-0x000001F72C0B0000-memory.dmp

memory/4732-324-0x000001F72C0A0000-0x000001F72C0B0000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\JB9AW8HL\favicon[1].ico

MD5 b71c63af25f44a21143174e24791fbfb
SHA1 ea7f0627f790ff60a65ea35b59f2641bb8ce8476
SHA256 7942b4ce85d40498753ec1c9ac369b1f01b2bd4c9614061f6153bc8c15f8c7ba
SHA512 b6b75d19fb7de0d473d2d65d5ed1befdc99f2b89b4568fa363da793a042f27a9ca8e79da62a263f76089e0ecf2b5a0a891e786868a60b77d9193a8c267bb22d2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_C39E9DBC666D19C07EEE7CD1E11AF8BE

MD5 1e8ca4a7f1031ac3667fd3f218ea6099
SHA1 05251f2cde67a3e2ee64e1bd41ee4cdfc4f55049
SHA256 727bc3d2f5694964aa5b4f05980f814393009fc7524c76030b0c3038f14515cd
SHA512 a20934e6f062cca61ef72b136119d0b628bb34ad89879ccfedd63f039fd8c47a34cbf7ad3738ca85dd6fe68c0e31a2e0ee569d2fa6a8d944e4f7acd4de14f4bb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_C39E9DBC666D19C07EEE7CD1E11AF8BE

MD5 b756d81fb2f1590a041558a17c491f2d
SHA1 ff0f48f90d20069b9fe796942aea9c380b2ccc4d
SHA256 326c25195d4f2feec347b7f9f7c941f1aa7119b14226a7af489a60f980a854c2
SHA512 bebeeac2dbeffd9dbdbe271be09db929bff5388fb1ff4ab82f3e347b20563fbcd27b876c0a8d963adb2fbe6cad6dce389b475b3a3a68d0e84b15dc169f35332b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\773CFF2C7835D48C4E76FE153DBA9F81_15174A80589B8DAF9768E9131F4845C0

MD5 2aa74d4897a9541cd9cefcb7f4d0851f
SHA1 534e4df389c72c1fce6b28fd7ad6003131d9e02b
SHA256 0fd49e11930612d6f3fcca10d6dba52e63b5b6b60b9fdc6998e613aa3e533360
SHA512 6cedc58db0999368792b60f825de4cd8f77d158541995019ada1cb42b194be88b76e65e8d06a43a61136f392fb0a4a5827745e28dc44ec3f233d91369c70fcfb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\773CFF2C7835D48C4E76FE153DBA9F81_15174A80589B8DAF9768E9131F4845C0

MD5 eabfcd373b61cbf70361733b6af2cf75
SHA1 eeee6654519abc4645d8943d726e3fdda86a26e0
SHA256 71e04e7a72f81ba6e4a20fe297bb39c6d2a84b11d06fa5de83a304c46b2306e7
SHA512 a5de99360954c498bffd75ae258b67327a4e189b57b3b3adc7741e528e30642dcc78b12245eeab22a272b7b75478eff1b1d5a4e8b03235f5b7b0f083c0b18b03

C:\Users\Admin\PCAppStore\nwjs\locales\bg.pak.info

MD5 82d7ab0ff6c34db264fd6778818f42b1
SHA1 eb508bd01721ba67f7daad55ba8e7acdb0a096eb
SHA256 e84331e84cd61d8bdacc574d5186fb259c00467513aa3f2090406330f68a45db
SHA512 176458b03cc2b2d3711965cd277531e002ae55d284b6c9178d2353e268f882430235468e5a1e9e45c8427864d109cf30a024a993b4763a75fa2744f6e0a6ae2a

\Users\Admin\AppData\Local\Temp\nskB930.tmp\Math.dll

MD5 85428cf1f140e5023f4c9d179b704702
SHA1 1b51213ddbaedfffb7e7f098f172f1d4e5c9efba
SHA256 8d9a23dd2004b68c0d2e64e6c6ad330d0c648bffe2b9f619a1e9760ef978207a
SHA512 dfe7f9f3030485caf30ec631424120030c3985df778993342a371bf1724fa84aa885b4e466c6f6b356d99cc24e564b9c702c7bcdd33052172e0794c2fdecce59

C:\Users\Admin\PCAppStore\PcAppStore.exe

MD5 fcefc6099c1265e7f7b703c7a0154c5a
SHA1 84f13c7724e24a4416f3d65c143f013d9e9dfcfc
SHA256 4a223cf0623913c903cfc2c0a1a8450405244d8b86c1020e970cbdf8e7a30184
SHA512 d4d1a0d781ca851c9738c5981f13eb023092ce71e0cd04b3ed8dcc942a8ece54b9a031230e300bbdaa4486792f75af768fdbb882b430f5915bec85bcc66cf3f5

C:\Users\Admin\PCAppStore\PcAppStoreWatchdog.exe

MD5 5e28dd3006a64174ff0f82469540712e
SHA1 803b328a407aa6799a86b3555c55b5b29c0b01f1
SHA256 d3ed2cd4c44b76cfef67934280f5952cca28a66e096f87f05b6ea1a64ee3f7ac
SHA512 fcc3b6a708fb0acf083da0ca853b3560d62ee2f23238b1d1d7bb9b93e4ee5dcdba29d41b9043af55c8168c3ac865b4a747b79c1fd5ea573169ec155e376a0aa9

C:\Users\Admin\PCAppStore\Temp\tempPOSTData

MD5 fb87c0ca2eabaa43dca5d302e956a6bd
SHA1 7f4a06790e1ed2fd49f3c55d6154a80554b61bc5
SHA256 09baa5d5f10d724a950191b6002860fc2a5e0ffb6399cdd0b43e65503f6c3c57
SHA512 932746deb03de7c7f5f41deae793afac615f14632f5274e023e586375e0f52bb166b6cb3a4395b4b0e8dc607717068edde3e1a14bfcfe73fc16026e329545960

C:\Users\Admin\PCAppStore\Temp\tempPOSTResponse

MD5 3024a54e0c352abe5eb5f753ca4828da
SHA1 df0206851654405c8e5c2d3bc96fb536b8c2dcbf
SHA256 3cd0a703506c7394d6115d9ff721516560894358aef07459f30d8930df6c3b61
SHA512 d9d44051df56b29aa596ee38463b781dbe27f917f7dae1b2420122616da108520429dda58c75c7e6b2d41093f83c5a4bae96024885af3956f23a3ce5bd3f9358

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\CRDFDX20\edgecompatviewlist[1].xml

MD5 d4fc49dc14f63895d997fa4940f24378
SHA1 3efb1437a7c5e46034147cbbc8db017c69d02c31
SHA256 853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1
SHA512 cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

C:\Users\Admin\PCAppStore\nwjs\NW_store.exe

MD5 e472e46bdfd736351d4b086b4c4ca134
SHA1 1aa886f0cb23b3d322a43be797d411fca84d82a7
SHA256 e825a252b5c5c9c2de8a6a6ade12a7f9cd0040f6a20e6ee44ba659034e6d5223
SHA512 173f5a7abdfea01c9c21ec716cba14eec4539da45e5734b3fd1e0688e1c22e4718bd701c25c8040d20cf48867e2a67ef2aba46380bab9ab1f7a42bd66fd33afb

\Users\Admin\PCAppStore\nwjs\nw_elf.dll

MD5 364f839ca8de4d942270d9097d48ef15
SHA1 82c8040dc2a733eb3ea3e051513c84f992bb17f1
SHA256 a4e521c12fe47816f2d9e2dfed9fd074e370ec587d0a0f3a03b5aebb76c06560
SHA512 baf1ed5e558dc0ae037fe0dff036792cfbd338915c8af99d10f0202b92ca820298657a86a0f3e8c1387326fda34de3ee08649c34af2417159a24aed9ced02df3

C:\Users\Admin\PCAppStore\nwjs\ffmpeg.dll

MD5 5fff6f0423a38bfaf174cb670650f4f9
SHA1 13ecd1c4784a5a178a998e9fc0dc08f556121712
SHA256 d4e6fc4e1bc6cb5b3ef7010e61d3a65e97804fb20346cee657688339075b2727
SHA512 e6ff0ea9f6196470f6e094d0ab655fb527c28fc2b2a5d126a10c1f4185c0dff5ed4f19e7ed717d67df324562b7aa56ed87aa0bd396a6ba722d3141b9f30fc41b

C:\Users\Admin\PCAppStore\ui\package.json

MD5 ba0268049bd46633f0423f58b70a6766
SHA1 b5ace19636832d4c9f4234a041a2399d10b1688c
SHA256 dc5928240fa75562c9de99e07584bb878b5f1697f6fa7876dddbc53409cd22ce
SHA512 e6e8e0d889c54ff57141e4c7515d9ffc8b1f9951ab65754d805150a67e1bd43d3894277792416ea76d36525ef2301af088a47e552b1a954e9b3afc9274407ec7

C:\Users\Admin\PCAppStore\nwjs\icudtl.dat

MD5 e0f1ad85c0933ecce2e003a2c59ae726
SHA1 a8539fc5a233558edfa264a34f7af6187c3f0d4f
SHA256 f5170aa2b388d23bebf98784dd488a9bcb741470384a6a9a8d7a2638d768defb
SHA512 714ed5ae44dfa4812081b8de42401197c235a4fa05206597f4c7b4170dd37e8360cc75d176399b735c9aec200f5b7d5c81c07b9ab58cbca8dc08861c6814fb28

C:\Users\Admin\PCAppStore\nwjs\resources.pak

MD5 0f1d45867b591d67b0301ee8c4ad5f7b
SHA1 f5fb6378c13912df079efee44476fc1b4666ef24
SHA256 a2434429fea5b3344426e388f9a2191e10449103e933ef7f0cdbf4638f22380d
SHA512 1db79c82e67547a76d3d479168ee12899e7e03d8c065239976e0a490804182290b76829e483e8f18f7feafe7e819d2784c507d7abcdab917b62d78696059ee80

C:\Users\Admin\PCAppStore\nwjs\locales\en-US.pak

MD5 4b6300c27e7575c32888c1f3364d5346
SHA1 c5f5e1d3524acc96fb4e18c08b02f54abf83c3d4
SHA256 0945c89b16d4feba346e85e14792b772dcc6278f7dca7fb099a6100c93e79740
SHA512 3f21b6f4a3e18755b355ce5f20384d549b3f723104a67c67ae521d2c4544aa3095fada8855a0cc1a10e7c5bf3e8f55d061ab2dcec210f76101a61d9484d4ee6f

C:\Users\Admin\PCAppStore\nwjs\nw_200_percent.pak

MD5 f666b710da2bed9ac0252c1fa1d00c4a
SHA1 0d8288fde82c2f3b7bd006fcf4cb92246aefaf6d
SHA256 f1ab589cfd40fb17a7c390b45ffad8fcf90c133fff1d14ca5bfc7053a21dc241
SHA512 982bb5ea2c14170d47e150dc8692ebe316ec5d6b584377020c1f58ae0632748cb631182a6bfad2f909ef6b818b012527367a36d8681b5b56dc735b8ccaf7b52f

C:\Users\Admin\PCAppStore\nwjs\nw_100_percent.pak

MD5 9b46f4c8dfc0a55bfafac55f17d7659b
SHA1 d25f27df176aadb67bc56a42262bccafd14af4f4
SHA256 b637ae345b830649b4027f39f6ee48f92484a2acb65de498e4fdd84ec1010336
SHA512 de5f500afe381a16e3ff7ddcb5c8aa538362e55222f7915276bb4c9261e41cbc2403ca1663a7dbf0706d8d51abc420e26804f67cfd646d7986130a20a659f345

C:\Users\Admin\PCAppStore\nwjs\v8_context_snapshot.bin

MD5 e68978443ddafd40434c87818c90d338
SHA1 c38fc19a469e6c9af4699abfe00c5ffe39501726
SHA256 7ac9fb58f00e735e266730fefc25d1b3c4b58ec789d5540f0424e746712cd9dc
SHA512 d9a7998a70e63ed8375052329033e83eebdb6f856ffde3c1077a450f985e379d04778eb30ad29cdaaabd33f4ed4437f8c18c73153b58375a8cd8ab26d8a64d54

C:\Users\Admin\PCAppStore\nwjs\libglesv2.dll

MD5 6cd8726beefcfa69b48eab1362a5cad5
SHA1 f4249179b86c0a870c55e6c5a263180c77017e81
SHA256 2636da528edcaec9834255a92411bd5da921d793825d74ceb997e336a0dbd393
SHA512 0f6600315b0e1b5371bb39290e5417ebaa0f3c7fb47eef32d73afce299722a426dd244fd3775d88fceb6f170f16b23b099244ee825f7f8185d58f1bf28583515

\Users\Admin\PCAppStore\nwjs\d3dcompiler_47.dll

MD5 2191e768cc2e19009dad20dc999135a3
SHA1 f49a46ba0e954e657aaed1c9019a53d194272b6a
SHA256 7353f25dc5cf84d09894e3e0461cef0e56799adbc617fce37620ca67240b547d
SHA512 5adcb00162f284c16ec78016d301fc11559dd0a781ffbeff822db22efbed168b11d7e5586ea82388e9503b0c7d3740cf2a08e243877f5319202491c8a641c970

\??\pipe\crashpad_4316_FGLORCUXDLUQLKPU

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Sync Data\LevelDB\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Google Profile.ico

MD5 728fe78292f104659fea5fc90570cc75
SHA1 11b623f76f31ec773b79cdb74869acb08c4052cb
SHA256 d98e226bea7a9c56bfdfab3c484a8e6a0fb173519c43216d3a1115415b166d20
SHA512 91e81b91b29d613fdde24b010b1724be74f3bae1d2fb4faa2c015178248ed6a0405e2b222f4a557a6b895663c159f0bf0dc6d64d21259299e36f53d95d7067aa

C:\Users\Admin\AppData\Local\pc_app_store\User Data\GraphiteDawnCache\data_0

MD5 cf89d16bb9107c631daabf0c0ee58efb
SHA1 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256 d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA512 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Sync Data\LevelDB\000001.dbtmp

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\pc_app_store\User Data\GraphiteDawnCache\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Users\Admin\AppData\Local\pc_app_store\User Data\GraphiteDawnCache\data_3

MD5 41876349cb12d6db992f1309f22df3f0
SHA1 5cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256 e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512 e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

C:\Users\Admin\AppData\Local\pc_app_store\User Data\GraphiteDawnCache\data_1

MD5 d0d388f3865d0523e451d6ba0be34cc4
SHA1 8571c6a52aacc2747c048e3419e5657b74612995
SHA256 902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b
SHA512 376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Web Applications\_nwjs_pcapp.store\pc_app_store.ico.md5

MD5 03e9f614a008075733c76883156b568b
SHA1 5f9cb1b06928487c4b836e9dedc688e8a9650b0b
SHA256 b1a6a6fb45ad1e13054c40dc7c09e3098ee830bcf1ebaec27f640ae4c64b8416
SHA512 7e6969c8908a6bf57bd2cb4457a7c78360468383acee589278e49829617e2f3b872dd8213e57a2ed8f512d444c67a2e619deabdc1394d1c39c7759ed3c744f94

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Cache\Cache_Data\f_00000b

MD5 15edbb4d85cf503917a877d894fa0a18
SHA1 45b9165e1a659c3aabecaaf3ef8672f10541ee17
SHA256 6b99a2c0c946d59d80a1d56f795c61059cec833c904aaf6397eebd21d8129d8a
SHA512 4dc82a722cedbb945177fde76aa5f5990f81aa6cc09988949340ffc1c7ece507508b6b5f239c22388c39716cbe4bdb48d88b2fde257b8f40cdfed695a060326f

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Cache\Cache_Data\f_00001a

MD5 238ce2fe896357b1e43d0f8bb6953470
SHA1 c2b5f823d4a4f62bcec509f0dc78c9921b0db09b
SHA256 d5cd953b92fee3f5eb31ee381145c5f522749f9b18fa8fb3c9fda401beef8005
SHA512 b08d7e1e090715b09f0a8827256478a833916d5d4d28443ec0d7ae22de376fad1ba38f4dc2f1be6cf74395e632a34de7590cc93fc468a919a51f6658b6c308a5

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Local State

MD5 d2cc9f79f881cb8b5863d003fe19b798
SHA1 957f207ae72474517109602acf5a6a51d405d1bd
SHA256 c97352073ab8b17aa0348552a3cb8ff37cab899335ef9d6aa7aba3fa88e3effe
SHA512 3a854cb002922f7ce7f2fb4ca737e37f5a951aa92324f360ecda8fd70feb4e8b25f505857db0893288c2b09b15b4a13d5ab44012acb29999a845c9506ab0a7d8

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Local State~RFe5823bf.TMP

MD5 b994a9c420a344bbef096da75d38a8d3
SHA1 4dadbf1b2bfb1d04e751746f25318d0c9f7ddf64
SHA256 001a7a00e99e3b89e5121f30172f70d3bfd3f08c34a9303b7861933f96a5a658
SHA512 99979a15d2fcc1871522c3188f163a5ec215ee324b99ddaea1b0146bc8ba9f698690201b4cf970a275e73883b2d2a22adf06507369320083a0a4595f0cb6a9ec

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

MD5 78011dcb371343b4b7e95325b0b951c6
SHA1 8a37aeb2f5830197fb5937bc95c4ee79a7b6c530
SHA256 36bf86cb1998e583c17d40b5e8830b608ecb25823a24ba819268583b2ac0e590
SHA512 a1b9fa81a1b03b1c19503fddcd80cda7dffee6d6c8d6f6a86d573c32efabb9361e84fac58e13cbcb07cce96f464957cc5ca2e06b288c132805102b3223a04b17

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences~RFe584b9a.TMP

MD5 3b0958518335661f2f0f8a724796ba53
SHA1 37300c3cdc0a4bd8b0fe2d5caf5b37e73a01e71e
SHA256 2035d5b7ec9a336d72863ec4b9037c6d3b1db35ac55f91f390c6c745fbc6af1c
SHA512 021a8ed08d6b9af20bc34b67db4a51337148b54f5f914e7803ab72fd3739dbe5fa49b5aba949e43ef3b8ea7c4bdd0742ba7c19f366f598dc3a4706fbfc9904b9

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe585b0c.TMP

MD5 4d282260cb0d569c02998dbf980826b3
SHA1 c2fe2e4a513d4e69ba86a6b4b59a8255810458bb
SHA256 a4734deb076afd0e87d862e2a31a9678cb118842e536706d1dd394dc54c469ca
SHA512 1b565b518dd03362fb40e8232cad1f2cd1fedd88b4bc4506c48337a8d2cb6c7064d2f0e861bf09603e446ef3c014483db541198888125a7e5be1426974100d57

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 7808622afbb5a1b4ad5d492c856054ef
SHA1 6d49315b793c4849898b18742a8eb963d3c957fb
SHA256 20d134be0e6c4df15449e1563fb2d42385b929dea58254c868e7e175a8ba6630
SHA512 4e744706e2c232e3483c760219a780b50ccb991675922f9c58eb99c74ceb6b0ea99e4c0592fcd61b8be1728cad7b430c79b010e3df6add11a4b98ba97cf9c0cf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\JB9AW8HL\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

MD5 a7954be1eba571cce457c2204ba3fe42
SHA1 220c41a2591a98066c0e2ef83863cede31b8f979
SHA256 b7972cc89968a98cf1755e2038da78e00bd3a75747cd70d2279683a16050f259
SHA512 8779a53e8dfef0a1d53db7d5badc83c4ca875383fc1d8a31dc4968faad49d9317811fa7e53cf3a3036d2b6f60d351155e20808b8beb32952d511592b3118c19f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\a0d3e5fb-6a34-4c35-b89a-7610863f1df1.tmp

MD5 24e20f8e3aa1aaa859ba8e7a24c3f98d
SHA1 c10163ad7a36b63ba74cf0e672ec3dc20d92f997
SHA256 eaeb7f9d3a997852c346fa2b6fe7c3458c3b6416f0e19bc460bf21eaffd475c2
SHA512 912d286b76ec21a9b8f642d9c0ab565cf53934cbbf3a5f532a0c6794bdfc9b36d8a24b153eebf9b5d03d6b101ab6702ee64c7fe7d4402330f53416802f74f478

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ab562f3138d2b501a517d9cf7b5da7a7
SHA1 78d59e97dbc71ae6318e071aa367c14aae7b47cf
SHA256 d132a1791bbed8dc9a4d1bfc97922755ea96530c2dd4b2ac7f2c12cfee034b59
SHA512 540c43f8faced42f21c326518dcb41b4ee58e43e97ce0580407ec465053fdb6fde9482f48a862ec7b999c31b2084bc87aee1a321d16fad2b63a31ef58fabe62b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 2c4c319057f1b7c93c5e3f5f2fffc43d
SHA1 c39f00c00873b45faae6fbab6059043a34f06d40
SHA256 f338d49a3ad2f878efb97eb8b752e33dd96fa8c0dd60fb415f116acfa9c6eb22
SHA512 e4135acd5066c79f29f5366abbf232650f2e9f8d99bd6222a53055e0561942e5a786fd0a47abc8fd1a091511f8b835d1c684d9b8cff7badaabc14b508ab17f55

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 01c48d287222c019527c884a6c5e31f4
SHA1 d11c68ec58f86fc5dbc33d97b25348c3edd2dbb2
SHA256 8386b381790f68cb3ec30cfae8e7fcf2d3140a1afd801f7ea966314cd1d675e1
SHA512 94581fce6f43e78aa4079e966f662ad97bfb1e10c57c34ae2b2c7e1d86944ffe80de9227723cb2393ba2d56e9321849cbd28a2a341b2a1e888370b0d102ca51b

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

MD5 b0783382f5667b0b38ec7a6cf44e29b8
SHA1 3d3fd28967fd6a3ac4c1eab99edba1cd33c1c005
SHA256 66f029ca2344e4caf7cb62c791aeb90dd39e3f04a03f22c52420baf94666f394
SHA512 6d4b4114d79af253e740491de21bdc4cfd799d573785f1f1a13c108a778b8210244bffa9e7f0d4e162440b62f1847807dbf20a1eca376779eb9decbf24e47fd9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 ebe70f1a0907618866d6de6020c3e2c7
SHA1 d2f67ee4ee372ca874eb44f4b4220e5a0a24ec85
SHA256 0192e11ec553ef44a6dfa23d7702d3a11b141a1d909c3b165045240c6129f5e7
SHA512 be4042b883f59b61ac5836c52225dd3472bc264c41affd399b95c77d69355eeb44add529b76968626779cc3cc63aaae88bb184408cf4c8bb483067cc6e9857fc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1ac0a60247c929fc5cf419978eaffe92
SHA1 9fd16353bff936d8502c3e10f74c5d0796591b5c
SHA256 1183c9d3bd803c8c9d64eb61ffad7d92615c1cd0490fcd6c56aab6bb6111b140
SHA512 e20d3f5180c4ff8567e519c1eb744f2a8e391ef084be62bbc970c09eb9ceb03b50c937a001f2729ceef8aaa09a43af1334cfcdf29d56d70f15d25835130c7639

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe58bc08.TMP

MD5 90d2ebff1ff1eb456304bbd184e27b2f
SHA1 6ce2436a88d77bf497f83fe6d53941f62483a5f1
SHA256 1021ea11b9beda3a4e5220a88dca7db3160ef508cc4640d1954af5277db731dc
SHA512 bf3004cf32a8eaa3aa69d375cabf2599e288c52c2e3a8aae1c6d78402e4dbfb5e5f558fd68083333729d4856dd0c39edf28737398f6ed2a10aabea2cb2daed98

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt.tmp

MD5 ae1bccd6831ebfe5ad03b482ee266e4f
SHA1 01f4179f48f1af383b275d7ee338dd160b6f558a
SHA256 1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649
SHA512 baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

MD5 052117027b2ef555d9287c4ad4dfb48e
SHA1 30fb55861823942e6779cfefb4aaaea8d6ea22ab
SHA256 3c2d933a184557df37ac979578e5764558cff0df5c5ea8568baaef3323bc6f6f
SHA512 693de5056f0b4b46482d5d2be3430036f986ff23556a16fa13ed20b0a5621c0d366cb1a98a9f9895217d6ae324c97a16e18bec8ac9d3e5516f6df5f49104e26b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 707ab839ea2d2aa97a739a123b3dc7b2
SHA1 81b645bf2aa4bbda785e2c10cbc1ed3f9eafe2d5
SHA256 287122854121704b55e8c0b8fbcc076605b92b2031f1495eca258a36f9f77b7d
SHA512 a5be56f1252f30738567bc3196e491aa8e91e6ac20cc7917b6e47e8644df68d6947fdf60342d9556851aa8c8a06e630fd0180a5396532b034b23fe91f927a147

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4e3b87dfde20367dbf933daddd907a9b
SHA1 609b4e6a3275ae7c7fb7e97dc4c0ca858ef66353
SHA256 1ab1271c13857ab1eb9e12519914d0a3482561d4a6ffd455e232b73fda63d83c
SHA512 32c67e5e3a9f4d129d8f001f0738ad6b56ee3783e01653bd9cbf1cfed609071eb0f66563e2323dc0bb84ec4fb0efc64e2b29039fa04bbefaf25091feb9311e96

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

MD5 d0f835c27ea71f858f8bb0a3b2172d86
SHA1 9f33a4348fb780a2151820c8739ddf449ebbf9eb
SHA256 1619cdbe527da5bae25bfaf310086c297815d947d74032fbacbb42de44112227
SHA512 50db73d8ffb49eb827ab692ed1f29d7632c9a0e6493f7d22c307d999dfd762a97a61f30e6d460c91267e215564eee4b84ce1f777631f45ad6ff51b384da61493

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 9e5238eaa95b80debbcfc8dc8734585d
SHA1 190f5c250b30bcb57b8e38c3925eb13e919c28f5
SHA256 a3192c96d5b23ac4592343ad869b975113a667a779a03f265b836d632c2cbdd9
SHA512 d87627a11a257766d7d15ff18280f26afc9ff1530e6ff09edfd3a0fb9e1c09b67759a8d39d151e1aae6a35443599feba73a793a0ffe54ea1dc329e1edab4624c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58f6de.TMP

MD5 77388ec8486146048cc95c0e9277388c
SHA1 3b15e3b3527f4a0b7bbfb9cfee054d56417b99a2
SHA256 5201654be7959c6bc175e311f6558c0a80c1da3dd52b3cad7044bb685e09cb54
SHA512 933ddc82238ac9ff05c42b3bf78729e1e6e630268a25ced24c10251cb4a178610592b420a322d69af8358e64a9c027250d05679735544bb2a5f40d0f2a31b99a

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

MD5 86ee37355db975d8510c02ababdfb8f0
SHA1 e7987b16866c02d825424e561bb282008b35c566
SHA256 06e3e7c0cbde141f4d54f6162e75948b0bde621b39d970a1195663dd73fde033
SHA512 04f2dd5662f026aebcb6d1ffe53554d14c98413f54b50ca0d5e96bb136839087ec0c0e4c018c3d3ea3dc2678019ebfc97e7e3e68b146da912c96cce6ef4fce54

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\Network Persistent State

MD5 615affaea2f109385fa74320eb174293
SHA1 cfbe052f89e5cf5ce95529e2f407260db6744980
SHA256 f570ce4388e01d480bbb1fca8188772c40c545eb71596c07cb49ef841ca5e339
SHA512 410e41d5dbdd7bb18a6a885310ba556a49991f52614c19d50b0f2d805360ddc22b471eb1a96ce3ad5d6cbea10060568e71eeda3f6da65506e1db8157b4ada9bf

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\Network Persistent State~RFe5913cc.TMP

MD5 2800881c775077e1c4b6e06bf4676de4
SHA1 2873631068c8b3b9495638c865915be822442c8b
SHA256 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512 e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 12c8fdfba2f4584015c08b4decc95bd3
SHA1 f81fe23515eaea5a62ea0f3637c8b10932ea9565
SHA256 f427ebb10ca0ab0a62739c2cd2fddf2750547d0a872ee993a8e733258c6671da
SHA512 514c239ec07cb6afad80827ddcba1f4b53b2a37e3c9af2fae855c2243662f4578d71711ad0abe414e502d5271ce396e57cb77cd3561b87ee2b580ccef151ded8

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\TransportSecurity~RFe592263.TMP

MD5 95f40bb3d3f9b3eacb4d360a79d6c05e
SHA1 d934f403941e35f1099a09eddf432578f7d39557
SHA256 011b5f8aef4fb3a7b890417cffdef5b1dbe56ce4c6fad85eaf68b2e965e48926
SHA512 35962660dbf3bbbae4e863eb3a3f45c9fd4748417c2cbe5a75b20c91bfd0e56c6dbb5b32f4701a4c30f08a1a4a26d204d1f722e3ec9d82c8fc4bc70c0c7dac3f

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\TransportSecurity

MD5 42488c2e1d9efcd9cd4bff489d836a8d
SHA1 62730dcb5e626d8edf21e4952698db22087f052b
SHA256 92a825508872ee8ed4f9d6eb27108b30e67feae743892623f67c464d24b195a6
SHA512 67bb956a16057a774a7bfa0652a72c97875a43f8cf8a29f7c1af88ab6257754f0aad0458d642771dcd0f190b5b92db5dcd0184bb216475ba70d3697732e5bf58

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

MD5 0f083110842595bcd77bfc28a100cd1e
SHA1 32bedde8ada79d9ee73231475e22d7b92c76b3c6
SHA256 f12ec7c4ee631ab779f1310350c28c447c583d3b6c391d57824347a1a2f7ede8
SHA512 db1fb6053cc5e02926d301e3dedab66730fd15b11d63a786b90f110819970914eff42cad75272678ee769cfdfc3bbb3782089744c7aec0cbce744c2780af9cc3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b

MD5 441fb98cd7fccf87b5f910ea0c11fcb2
SHA1 b7046d79ed690ee42d41dcdcd7ab4937bfe24b4d
SHA256 e6e7c532af7bbba5df36e773b51cb2a6be8f90f015c2d432e2efa82df74a7553
SHA512 41996d8a6e63c7640d3b2751bc4f7d6493f267282898a45e42c6ecf01c9045b3b686dc46077c09bde997b1bbe9e473a10d8851a46bc4db99a2e4c48a4074ee8d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c

MD5 897b3993b57764f779410c03a4dc55ec
SHA1 18530c2df29ff79436d0052e87e48c7e5ff4fe89
SHA256 4ecc6fe9ce9029838102d554666a97ab6921aee9d106bc83f912126a87a13c2f
SHA512 5e643236e568776a026946d906e618a8e5876276fe0313b64f11e156a95bbefbc45ce64a79dbd9044b4f309fc1ed79277f4efb5d819c30d46116cda5d73d24bb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000029

MD5 e78f9f9e3c27e7c593b4355a84d7f65a
SHA1 562ce4ba516712d05ed293f34385d18f7138c904
SHA256 75488ac5677083f252c43009f026c2ec023ac4da3e65c5d7a084742e32abce3d
SHA512 05f9fbbd59c286024b3ad49961c4e0eaa1abcf36ed29a1d07ea73d2b057075d46fbfdda56f135145f942bd0c3d48246c73be1771c21861eec4ddf8bbc365a286

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 91e99850bcd58f45086b00447c26da29
SHA1 d99ec34c57e9c9840965f0838b05b0fed29e757f
SHA256 5b543dfe1636733f95f855ca06f6169973ee3bceb4ea2abb9dc78718916e5253
SHA512 0f0fc90696bc434079c40e4bf51eeea026b62830912b85b09afdf1612db14e8c99380d17ad6bb5e43a8f674ae9a51a829d9636f9e9f5357bd8c5957d2bcd22c9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 989f55367f598330cc2a2b55b74e6261
SHA1 b76541933ed3dd718f295d987a41179f9318ed8e
SHA256 625f6fc627bb35b5414b1159ea1941fe9cde192e272626fb60dadf8dd7a0b9e4
SHA512 53de89f3c3a1c4877850a5aaa83f05e1642ce0ead79950cc1d15c6fcb5d802985f1a56d12a9c3373b8f40b0648a1f203407843a17facc2033d4c5cb70e53db0c

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

MD5 729fc923b26d59d53124434e8541dcb3
SHA1 9735838463c709b90833ae221f3bc441275d9c82
SHA256 2bcfeb0c55f00668d2150816340597a18c1529bda3ecab4f2dfa626a5f9bad8c
SHA512 c493ec94c594adc171892c263cf611efd57ddba76e9f568e9c8810e1223472d0d100dd277f55784b682ced7c0719c7595a966b8b9079f4ce9411eeb7b5427af7

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\TransportSecurity

MD5 6ef645e68bac825b26f3f50a2d8b3cb1
SHA1 142599bcd1dad993c70ee956d74323476057d36d
SHA256 759213f24292a37886f069c34be9f7aa56da2749b5d1ba6f82b4f9cc78915dde
SHA512 d6cb8788b327a351e3bed11c842558959a75a03f5ab5d3dd2cd6fb1e0931dd2f527327a0851f58744a6dd7ed7e8d4811b7faf31702dfa417f4d487d51112df82

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 524bc518c3c45778bf3fce5ab7393e2e
SHA1 772d66bcbfdb6e4a472ffd618620051442d53e81
SHA256 11e702b7ecacc12dba09fd4aaf609f1d3a9390baac85e1f77fefd6daf90e68a2
SHA512 b45d402e56057e6948be3bb7151e6350aa86438b3119fa2625fb6aaa493568bcbc01b29525cc80fc0268132dd953d4f35ad6479d87b51b433d6ac2b3a1ddb8e7

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

MD5 c8f342d93564117864927cf28b10ad8d
SHA1 8d1715af8a25e4093a7ec5a0ebcf0fd416323e1c
SHA256 650494db94f16f837e5cab73dd70bc40d7f4f3d165f40a52e1b45d346491b140
SHA512 1a0e59caef4a9aeb142e7f716e1b8c17f08343155ebe0b3d88bd2048f9fbd3f3797a5108e8ba1ef60d4448e6db48976fa962007624294ac42fbfac1f5fb6602f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 fb23bfc2b7bf23bf817a9e21d0ca8bcf
SHA1 eafd3ccb4743de1b9417f70cc0a2ccca3a769a02
SHA256 dc53299c7883123434cd12a5a4226956bf8f5b159c33a75ac64304e60169917b
SHA512 c05320fda8ccb84d3dbf32cfdf2b0d6a44c46179f3cc19cf197716c2271419d6007f1134bf6a4888e606677d76f2de6f7844d7a69559496f70aa9e57c29b61c8

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

MD5 69df99fb8f2440a432411ae9378953d3
SHA1 0015a0969b1e9fdf8e9fc0081660e340aac1a260
SHA256 8212a06977bc62b9347567146f36bdab810cb91d2e137701d6207c481d687130
SHA512 c8b9c9f9d48575c98e8ee560aec94afb11f09aa3a996ab7fbd0d6800b8dc93790f498f0db48e67a9a682bfd6fbceaca18f351afeaee1d1b043806d1babb71a28

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

MD5 1442c94dce3da4a8c22df1aeb66cf122
SHA1 67675eed2e2c6999a679f1bd69d600ec363f1ada
SHA256 6fde3912b647b9fce592ee5ec89d3eb4a438c11a8fbfd41d8f45a2e06193ef5d
SHA512 c5a3b573574c73d4e99394be276607b963f3a601fbe98ff0b538ea5344a15b3aef43cbdadf492e79e73ed58252464a968a10b2e28e263f7b25c7f150f0b6de57

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

MD5 7cc9a0e897da37565cfe42529e4fc690
SHA1 d34366001a5af31ca8f3fe6388d961b3e86101f1
SHA256 bcd90e5b9ad7d8f60a447ec54b4f5353ce048c3f49aedd2774faf00140cd1e8c
SHA512 e762b28508a09588c57712e5d63e3ffeb2335156d34b4b5755eebe1b7ad255bbe3b011bd0292c4eb99075a83c9793f5ff408e17db2839e29ac591c3b33d1b106

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

MD5 921df38cecd4019512bbc90523bd5df5
SHA1 5bf380ffb3a385b734b70486afcfc493462eceec
SHA256 83289571497cbf2f2859d8308982493a9c92baa23bebfb41ceed584e3a6f8f3f
SHA512 35fa5f8559570af719f8a56854d6184daa7ef218d38c257e1ad71209272d37355e9ad93aaa9fbe7e3b0a9b8b46dfc9085879b01ce7bb86dd9308d4a6f35f09e5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

MD5 15b07d0834be5ce9e1fa1265079859a1
SHA1 9aae71abb06cd4554a594f88b09f52f6629ffdc8
SHA256 870ca3db53a1372427fe59c45385d6ab7916ce1cfe21ddd48bc6631e45318f73
SHA512 36d2fddbcc3c5322ed37e5c8c8292b9a52c96ac2c301776b5dad08eb8e4c80f5f565c850cb5cb70498565903c3828c0ff1f4620f33540fe645e58ce258579449

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

MD5 98a3ad25ba6bbb1c3a2771f571477292
SHA1 80bd1832f49b7222a63ef05b664acca8183ce1e9
SHA256 9bb58278c69600273d233c9461cafa3a65de1eea361f1333a1ad00dd41078328
SHA512 df350e0e0c3ac2c6ac7f3b714ae6340e52c2c962131b7f22eda866ea5e941b89f37e2ff99d54b01f03d73d4996b2edc27051aec49afb24d3c3ea1c9f5d3fe1ba

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 2a04c325c7503e9bda1f90f679029130
SHA1 5b6b2957959c0251383dee7f753ba558abffe2f4
SHA256 6b1bb98f1d156c986728a873b853ce7b449188edd453a69e7c28145c84d9a282
SHA512 852e3363d0169fa0aeba984f6ac4bbfa371a7f361f00c3238f8a6536ad68e6d9dae232c7da9b3e9a214976d091c6d4aa1ee47a98f4625298ce5007e8c6f8b4c8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\25227aca-88f3-43bf-8210-feb652d88a56\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

MD5 22cd4aeb59aaf5a529c90352b40db591
SHA1 7968f0cf7ec6bd396c85df7a62d229afc56e04a6
SHA256 d4e159160dd30d968eece354e622b98784ceda160b223d774593762e88378056
SHA512 d40ba6d02badff2622bb3731b35edda2009fde01dc519ec5b4295556dba5f82336651b851ef1d36b52a11f231f0253f81579ea70ef1805daa92c70b3d1042a33

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 c1bd14178cd36d2f6661d47932a523c1
SHA1 b08d862812e744f9f8e0c6436aaee136fb3d28b2
SHA256 e0c7a09bcadb5b33d8676ded1791616bd06263258284ce06b97675f048fff93e
SHA512 9205b2b0826cce77c23bc94df1656449344c03a79f5b5d33452aa2e7dc69b7b4c23ac50d75fcc7f58c90ccc26d9a6c01a07c9560438a0732444e356ecc60f094

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 7c04ca88a35d0022331c8abf69fb7641
SHA1 9f2e5be5b210e9aa8b2e45e120d4e7e7f26db257
SHA256 68c418e52113b0036bd43b5a8027a6c3caceaffaf3cf73d72cbbbe12ff30cf19
SHA512 ea5d3bd53b61825a5100ec57b7949a2453f05954f997d002b62e3c3b4c162e23f4d5b602b65bb0ab2ee8abc0c543a3b963994491a45481c975a7aa4ee55302ff

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 3876ca42096196f8c71faf3ae1d03e00
SHA1 9427260037190b5ddd655256a190a782e6c98565
SHA256 a2b7c273501e495786cb9ba80e39eb8dc2033f5bec8a5d7f5b14c394d9b4c15f
SHA512 c698f3e3511812d86dd3c9cd7f494d0e999c78355678f8581578510d9fe9b506bf4c6e24432a7721e96aa3c4bd5ff5445d88aaf32b63b6d0b2d4f0dfee8a8f5b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 688c4f963b78a9e4e43acde97d93fbec
SHA1 23df28d88e116c7aef6cb42906e32419152e5b86
SHA256 6d088822ba459657c39e5380421622c3aedfb4dbc27c14d5d91ccfba60cf439e
SHA512 7df975aba45a322cedeb6d74035e085ae679a3d65a65f84c6470b41093e3b13a37249faa73cadb3a941d8e50628e4326064ce63a567aab1a69bf9887b0e02606

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003d

MD5 3dda883b89b1f31dd1e8e0be2d4250e9
SHA1 ff69000e8307afcb2b4db7d6117b47975f9de06a
SHA256 e60268695e6c66a62ad318850e45954bb22d21f2ae62fe9f0c5490dcb1e69f9b
SHA512 25176c5acc9cf658129508ccc1b7fc8e93777cc59a404caf06a0e0eeb7c10b5276923aa51d56a99ebfd45d9f05b16f598794fb31ea0aa39565770b3c3b8c8c43

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir3376_458500762\Icons Monochrome\16.png

MD5 a4fd4f5953721f7f3a5b4bfd58922efe
SHA1 f3abed41d764efbd26bacf84c42bd8098a14c5cb
SHA256 c659d57841bb33d63f7b1334200548f207340d95e8e2ae25aac7a798a08071a3
SHA512 7fcc1ca4d6d97335e76faa65b7cfb381fb722210041bdcd3b31b0f94e15dc226eec4639547af86ae71f311f52a956dc83294c2d23f345e63b5e45e25956b2691

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 ec8829faa729ab37b685fd587c5d755e
SHA1 652ada3b340e0bca144a965d8004bc9f740e6871
SHA256 3cc929842d149bfdcd4bd753200cc41b3c085a428384acb805454d67bde4717a
SHA512 a02533821e0368048961b10a5b328ed84fb9cda34a1cef3745d38ccc12646b426d70f99d3b41da2b1d1f16a23a39133d2e02ff338ecdbe99e86311890c227865

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003e

MD5 296107fd9e4b08da2a5eb5381e62e59c
SHA1 0fab647f77db64c6284dd6335f6f01696217fb88
SHA256 9a75f06abaf3c4db9cb4110d32c18ba80356efafd79e6f6255aefc31054ff133
SHA512 519f5c12f414e6321e63c5c2992b4eb89131334543310513ffefcb9b4cfdc9cbf9adc48854dd40daa8475b238ec4a1b1d6f31d666e5edb773f433582777bea43

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 e7d83301ebc948a28e35bc82a000fcb5
SHA1 910ed79021a19b1ce97dedd220dcb3d87412adf2
SHA256 4435f3a61e513ccbb2ae6dc2b794bb7873fb4b30a29aec8749bd69915f902d70
SHA512 a8f06c5205bbd850d1f480d4cde6ff0b25ffb92dc5fde4e201796b5fda6cfd48e20f4bd170b4b21bb0ee51c57a9d505fdac85d059d955881719a10a57fe92d19

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000040

MD5 20adea22eec53811cc6bb3e6fb9648a1
SHA1 89ccfb989609bb343bff0f260fbc28e78b0ae16a
SHA256 d1b7f4208210049da4739648765e40bb8d8f0a7fd4e942df1d736e803739f5ea
SHA512 24342b4e909b88faa4b028aba8428bf4b3fac6203a61e74890a4c3439817444826c6d4785f0cef484b73c6116a9913c2980be3c59abaf2b3711942e1e53e6b55

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\781c75fb-9895-4a99-9ada-2bc22ea76f7d\index-dir\the-real-index

MD5 5050b9e5a1db262b0d8bb1448ca27b1d
SHA1 2592f9708f5a700c5aa510ec4d5e48f083fa3365
SHA256 cb2f6195f37f9a879b63c1193f2d2c46e1926d65bf9547148f71bdaec8301ca9
SHA512 af0cc9ac940b1a866631fb59a31261e5f77fffffe76d4d7682131566c2c36fc873d0c562b6184727a440c95cef406242a71c69230268e00656f47b2338ead149

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\781c75fb-9895-4a99-9ada-2bc22ea76f7d\index-dir\the-real-index~RFe5a3f8b.TMP

MD5 a6aacf1634a3a20ef546493022f861a7
SHA1 ec9262dc03eb85175d61b55701fc4440039a9581
SHA256 4234dc0322c93e7da04cef5f0cec514b10bbde80f5197fc90e6ee19a1ed4a1e7
SHA512 1b737429dc9705fe0328e375b64c4d71a74cdd5d7e660e145207707d731ac1244200bff82c4c92a25b0422d6cf3b62f81672030b0c1c5d87915f74ce1ac72f8e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 54f8363d80348a9f8c6216c0bd21e2a1
SHA1 92c5e70a930b495bfc15ed7004fca45f23fa849e
SHA256 e1e89f9fe0d48419e65d0d2434b01738a66b22b5cc9c15048b19cbd9b858ec7f
SHA512 164842d3af7c961362b0e66a0e4ea5a84f9242b9a13c33c7d2adc396aa43dbe38df6f14c3c319995a8dda1b14bd5ecd37013be16dedbcd15a89573a5303c4f8f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 391893d41387927760ef3bc299e59cc4
SHA1 93ef5d4a94edf19532789caa57996c2cc4ab4fca
SHA256 b29b1f2b703eb0657e6e9d85d72f23d705bfeb35885d0a3d8f277d0b94e0e98f
SHA512 4236c3cd82c231d2fe053d92094a2887a9485f4af9191862c8810ccf2739f357dde970a12f58df2e1667e40ec88603c1e3573bfc248cd396903cbb782d82d68f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 3f163d798153c6816f275645c26dc898
SHA1 f937fd7a88183770041afad04a828b877d4656c5
SHA256 2ae6c4bd527fee5ac7e10d776dc9a3a1a970bc6fdba4054ad96f7b9302d03824
SHA512 ecb610421847d7f5fe2334796fbc801e0b1b9d8083ce2b269c5339c1bfcd4fd87cb9879fd722d2572183c82badd3e1413e5a1e8f088204b793a6a528cc0e272a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000039

MD5 12a946fafe430a89d3e7ee3ff37934a3
SHA1 cf46d69bf283d22c9d9d8cb980cbf50cd45f6bcc
SHA256 8fb8fe3aa67a7b73063fce39c0c40d90b7c078764c1c5a587ac0834222ad540c
SHA512 8ef266ec0bb300112865d9f01b7b418df0afa75bd301c8453ba30b879b18714b5683c61b1db519f56df496106cdd9720fd07c855a354ff3f94e0e18ce13de1db

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003f

MD5 fc48cf248229ad8686eb77300a78daec
SHA1 296a0ca8f11e043acf0b005e8ade51656fb2af6e
SHA256 63bd216b1612653bcbd661cee187b56f2ec2f3587cba7e638793ffe6d48a1429
SHA512 3fa41693e2824711e981cbb0945ae7b99299689946bfe30b722bbc2a6e14701743dbd3801c1edd9a5f83da2f23a01b5f4c4de30e8b2f08cdad0d9d0ca666cf4e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 06a70c7c2817cb0d9938c15b63491a02
SHA1 c3bcd430ea1f24ebef1385aaa6b72c597d1c0b3e
SHA256 ad51c45739ccb530a1e420662b8374113ff053901eafe965f3509301f80114cc
SHA512 1d7080d389124e76e7c6dddbbffc4b1cb4620169d4ffa70086f6eb62bd730230e62f4c336d5bafd0b8621a750f162d951344316c47b56e2632c8a79809c9b026

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

MD5 d94daf8e06ca899675c1144bbb8089b1
SHA1 dabc80f586f5487c4fa57fdcca26ae360ce06042
SHA256 d151b4f3990aedc5844e84125415a904a2fd71af56df4a78cd13bab0903e59fb
SHA512 5b8e0d028002290097ec0dee48c179f4bbd6a25f8d175c0a46b3751f01fffa0c216fd1049796d7ff7f699fef51bcf86aa7412980662cac2150beabfe23844cee

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 0ea7b91e99f576fa23a03ac810ecf1a6
SHA1 d994e6cebd8310ada93a87f329cc9306a8859bec
SHA256 5a3172ab7f53f62675a4cf4d02483590b92c24d0792becb4518752cf9aa0419c
SHA512 a457a77ce3faae598b26dc843726007d2c481676866b7f1099a39479ffd31fc9fa8d85c611a2255a21b780edb7fbc450e5ffcc712b738a121e0b9661ee320801

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 96a4975617c1109973e69b0daf02a825
SHA1 895e4829fb86ef2246c013ba0e3fee5d70345237
SHA256 989d7071f81c76ef1f25d1374ef8240674f25d51460a56b577485e72856e24c0
SHA512 dfd349b0aa5d11c1752ce79216ad03fa2fbf984f83c7cb47639bf2c0f65c92daf9eb852b3ccbb74a5466676d4f4e152e0ab1fa607071bc8ee4acd6ef3b5360af

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

MD5 c41121ebac5c87499b6e7d780ec566de
SHA1 5251b41db2880fc5a18881c28534ab587264adbb
SHA256 0f049e7c5ce94b70d1bfd403ee2b6efda5c987eead1cae7fa3864ba67abe9a55
SHA512 3d83525ecf834d7624f44171cc2d428e5191c3e78bf8988a67321e8c69107be4560664614e66aecf3d8965ad36c97bf8d69df1d22871ac8fe2cc22c9ece9bc2e

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\Network Persistent State

MD5 aab9b362e942a25027d4e3820814569e
SHA1 7b7cf5b3fa6bc07d3cf3b2454c3e1bf8db47055a
SHA256 2cd0a46b0e9269b3ed3505261b9e2480c7b8ba9c28209ad5ecff7cfeac0374f2
SHA512 fc08cb2d8011d44f91877126cf0d2155f07b499fe14bb59684f52b36b48a55474b8ad08ddd7f007cd7374e6a91569e9751842376cee6fc25ef8a3074a14d74c0

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-21 18:32

Reported

2024-06-21 18:34

Platform

win10-20240404-en

Max time kernel

134s

Max time network

135s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 512 wrote to memory of 1160 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 512 wrote to memory of 1160 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 512 wrote to memory of 1160 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1160 -s 628

Network

Country Destination Domain Proto
US 8.8.8.8:53 64.43.201.23.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 95.16.208.104.in-addr.arpa udp

Files

N/A