risepro | e2fe410f8b5c9a9326173d51346f5da649991624d4cf6cb1f1ba832877740ded

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
22-06-2024 03:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

RALibretro.exe
Size

2.0MB
MD5

1c60ab41e8c4af6527b7060607b6d4bd
SHA1

97cf0c5c4a2af0b8d8128b940a93e0ae3d87608e
SHA256

e2fe410f8b5c9a9326173d51346f5da649991624d4cf6cb1f1ba832877740ded
SHA512

9b5a20dbb683e311fccb32535b26059a2a46a7095b08754f9f8a8d12b5fd6b7eaed0d44f7269b21f4e2d27fe787d824a6acf9817be54e91d2845229305ef4e0c
SSDEEP

12288:1wm9iy4agcuke6fninnDJB8wCq+TaI0Y60tcFhn9q6aQNwh+rjfmOP8JUQ5ofzG:f9iy4agufnMFBJClaI0Y6vDq2fz2I

Score

10^/10

risepro discovery persistence stealer

Malware Config

Signatures

RisePro
RisePro stealer is an infostealer distributed by PrivateLoader.
stealer risepro
Downloads MZ/PE file

Checks computer location settings 2 TTPs 4 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\Control Panel\International\Geo\Nation	Setup.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\Control Panel\International\Geo\Nation	NW_store.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\Control Panel\International\Geo\Nation	NW_store.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\Control Panel\International\Geo\Nation	NW_store.exe

Executes dropped EXE 11 IoCs

pid	Process
4908	Setup.exe
968	nsl5B5.tmp
5100	PcAppStore.exe
1620	PcAppStoreWatchdog.exe
2944	NW_store.exe
3208	NW_store.exe
4268	NW_store.exe
2808	NW_store.exe
2916	NW_store.exe
5200	NW_store.exe
5232	NW_store.exe

Loads dropped DLL 43 IoCs

pid	Process
4908	Setup.exe
4908	Setup.exe
4908	Setup.exe
4908	Setup.exe
4908	Setup.exe
4908	Setup.exe
4908	Setup.exe
4908	Setup.exe
4908	Setup.exe
4908	Setup.exe
968	nsl5B5.tmp
968	nsl5B5.tmp
968	nsl5B5.tmp
968	nsl5B5.tmp
968	nsl5B5.tmp
968	nsl5B5.tmp
968	nsl5B5.tmp
968	nsl5B5.tmp
968	nsl5B5.tmp
2944	NW_store.exe
2944	NW_store.exe
2944	NW_store.exe
3208	NW_store.exe
4268	NW_store.exe
2808	NW_store.exe
4268	NW_store.exe
2808	NW_store.exe
4268	NW_store.exe
2808	NW_store.exe
2808	NW_store.exe
2808	NW_store.exe
2808	NW_store.exe
2808	NW_store.exe
2916	NW_store.exe
2916	NW_store.exe
2916	NW_store.exe
5200	NW_store.exe
5200	NW_store.exe
5200	NW_store.exe
5200	NW_store.exe
5232	NW_store.exe
5232	NW_store.exe
5232	NW_store.exe

Adds Run key to start application 2 TTPs 3 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\PCAppStore = "\"C:\\Users\\Admin\\PCAppStore\\PCAppStore.exe\" /init default"	nsl5B5.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\PcAppStoreUpdater = "\"C:\\Users\\Admin\\PCAppStore\\AutoUpdater.exe\" /i"	nsl5B5.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\PcAppStoreWatchdog = "\"C:\\Users\\Admin\\PCAppStore\\PcAppStoreWatchdog.exe\" /guid=6B8FED25-7AF2-4FAA-8715-FE0B598BA931X /rid=20240622033426.93240741656 /ver=fa.1091o"	nsl5B5.tmp

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks system information in the registry 2 TTPs 2 IoCs

System information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	NW_store.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	NW_store.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	NW_store.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	NW_store.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	NW_store.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133635007680401622"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2447855248-390457009-3660902674-1000\{E2336C3E-AC49-4EBA-A24A-CE32079788F3}	chrome.exe

Suspicious behavior: EnumeratesProcesses 32 IoCs

pid	Process
2032	chrome.exe
2032	chrome.exe
4908	Setup.exe
4908	Setup.exe
4908	Setup.exe
4908	Setup.exe
4908	Setup.exe
4908	Setup.exe
4908	Setup.exe
4908	Setup.exe
968	nsl5B5.tmp
968	nsl5B5.tmp
968	nsl5B5.tmp
968	nsl5B5.tmp
968	nsl5B5.tmp
968	nsl5B5.tmp
5100	PcAppStore.exe
5100	PcAppStore.exe
5100	PcAppStore.exe
5100	PcAppStore.exe
1620	PcAppStoreWatchdog.exe
1620	PcAppStoreWatchdog.exe
1620	PcAppStoreWatchdog.exe
1620	PcAppStoreWatchdog.exe
5100	PcAppStore.exe
5100	PcAppStore.exe
3208	NW_store.exe
3208	NW_store.exe
3208	NW_store.exe
3208	NW_store.exe
2944	NW_store.exe
2944	NW_store.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeCreatePagefilePrivilege	2032	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe

Suspicious use of SendNotifyMessage 27 IoCs

pid	Process
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
5100	PcAppStore.exe
5100	PcAppStore.exe
5100	PcAppStore.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
5100	PcAppStore.exe
5100	PcAppStore.exe
5100	PcAppStore.exe
5100	PcAppStore.exe
5100	PcAppStore.exe
5100	PcAppStore.exe
5100	PcAppStore.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2032 wrote to memory of 1508	2032	chrome.exe	102
PID 2032 wrote to memory of 1508	2032	chrome.exe	102
PID 2032 wrote to memory of 1948	2032	chrome.exe	103
PID 2032 wrote to memory of 1948	2032	chrome.exe	103
PID 2032 wrote to memory of 1948	2032	chrome.exe	103
PID 2032 wrote to memory of 1948	2032	chrome.exe	103
PID 2032 wrote to memory of 1948	2032	chrome.exe	103
PID 2032 wrote to memory of 1948	2032	chrome.exe	103
PID 2032 wrote to memory of 1948	2032	chrome.exe	103
PID 2032 wrote to memory of 1948	2032	chrome.exe	103
PID 2032 wrote to memory of 1948	2032	chrome.exe	103
PID 2032 wrote to memory of 1948	2032	chrome.exe	103
PID 2032 wrote to memory of 1948	2032	chrome.exe	103
PID 2032 wrote to memory of 1948	2032	chrome.exe	103
PID 2032 wrote to memory of 1948	2032	chrome.exe	103
PID 2032 wrote to memory of 1948	2032	chrome.exe	103
PID 2032 wrote to memory of 1948	2032	chrome.exe	103
PID 2032 wrote to memory of 1948	2032	chrome.exe	103
PID 2032 wrote to memory of 1948	2032	chrome.exe	103
PID 2032 wrote to memory of 1948	2032	chrome.exe	103
PID 2032 wrote to memory of 1948	2032	chrome.exe	103
PID 2032 wrote to memory of 1948	2032	chrome.exe	103
PID 2032 wrote to memory of 1948	2032	chrome.exe	103
PID 2032 wrote to memory of 1948	2032	chrome.exe	103
PID 2032 wrote to memory of 1948	2032	chrome.exe	103
PID 2032 wrote to memory of 1948	2032	chrome.exe	103
PID 2032 wrote to memory of 1948	2032	chrome.exe	103
PID 2032 wrote to memory of 1948	2032	chrome.exe	103
PID 2032 wrote to memory of 1948	2032	chrome.exe	103
PID 2032 wrote to memory of 1948	2032	chrome.exe	103
PID 2032 wrote to memory of 1948	2032	chrome.exe	103
PID 2032 wrote to memory of 1948	2032	chrome.exe	103
PID 2032 wrote to memory of 1948	2032	chrome.exe	103
PID 2032 wrote to memory of 556	2032	chrome.exe	104
PID 2032 wrote to memory of 556	2032	chrome.exe	104
PID 2032 wrote to memory of 2404	2032	chrome.exe	105
PID 2032 wrote to memory of 2404	2032	chrome.exe	105
PID 2032 wrote to memory of 2404	2032	chrome.exe	105
PID 2032 wrote to memory of 2404	2032	chrome.exe	105
PID 2032 wrote to memory of 2404	2032	chrome.exe	105
PID 2032 wrote to memory of 2404	2032	chrome.exe	105
PID 2032 wrote to memory of 2404	2032	chrome.exe	105
PID 2032 wrote to memory of 2404	2032	chrome.exe	105
PID 2032 wrote to memory of 2404	2032	chrome.exe	105
PID 2032 wrote to memory of 2404	2032	chrome.exe	105
PID 2032 wrote to memory of 2404	2032	chrome.exe	105
PID 2032 wrote to memory of 2404	2032	chrome.exe	105
PID 2032 wrote to memory of 2404	2032	chrome.exe	105
PID 2032 wrote to memory of 2404	2032	chrome.exe	105
PID 2032 wrote to memory of 2404	2032	chrome.exe	105
PID 2032 wrote to memory of 2404	2032	chrome.exe	105
PID 2032 wrote to memory of 2404	2032	chrome.exe	105
PID 2032 wrote to memory of 2404	2032	chrome.exe	105
PID 2032 wrote to memory of 2404	2032	chrome.exe	105
PID 2032 wrote to memory of 2404	2032	chrome.exe	105
PID 2032 wrote to memory of 2404	2032	chrome.exe	105
PID 2032 wrote to memory of 2404	2032	chrome.exe	105
PID 2032 wrote to memory of 2404	2032	chrome.exe	105
PID 2032 wrote to memory of 2404	2032	chrome.exe	105
PID 2032 wrote to memory of 2404	2032	chrome.exe	105
PID 2032 wrote to memory of 2404	2032	chrome.exe	105
PID 2032 wrote to memory of 2404	2032	chrome.exe	105
PID 2032 wrote to memory of 2404	2032	chrome.exe	105
PID 2032 wrote to memory of 2404	2032	chrome.exe	105

C:\Users\Admin\AppData\Local\Temp\RALibretro.exe
"C:\Users\Admin\AppData\Local\Temp\RALibretro.exe"
1⤵
PID:1772

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3904

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\UnprotectEdit.vbe"
1⤵
PID:2940

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffe8270ab58,0x7ffe8270ab68,0x7ffe8270ab78
  2⤵
  PID:1508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1740 --field-trial-handle=1944,i,10139031958873110198,9338391097826763904,131072 /prefetch:2
  2⤵
  PID:1948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 --field-trial-handle=1944,i,10139031958873110198,9338391097826763904,131072 /prefetch:8
  2⤵
  PID:556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2140 --field-trial-handle=1944,i,10139031958873110198,9338391097826763904,131072 /prefetch:8
  2⤵
  PID:2404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3028 --field-trial-handle=1944,i,10139031958873110198,9338391097826763904,131072 /prefetch:1
  2⤵
  PID:4236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3032 --field-trial-handle=1944,i,10139031958873110198,9338391097826763904,131072 /prefetch:1
  2⤵
  PID:1576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4332 --field-trial-handle=1944,i,10139031958873110198,9338391097826763904,131072 /prefetch:1
  2⤵
  PID:2276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4376 --field-trial-handle=1944,i,10139031958873110198,9338391097826763904,131072 /prefetch:8
  2⤵
  PID:4300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4612 --field-trial-handle=1944,i,10139031958873110198,9338391097826763904,131072 /prefetch:8
  2⤵
  PID:1424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4536 --field-trial-handle=1944,i,10139031958873110198,9338391097826763904,131072 /prefetch:8
  2⤵
  PID:3368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4336 --field-trial-handle=1944,i,10139031958873110198,9338391097826763904,131072 /prefetch:8
  2⤵
  PID:5012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4768 --field-trial-handle=1944,i,10139031958873110198,9338391097826763904,131072 /prefetch:8
  2⤵
  PID:3556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4956 --field-trial-handle=1944,i,10139031958873110198,9338391097826763904,131072 /prefetch:1
  2⤵
  PID:2248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4860 --field-trial-handle=1944,i,10139031958873110198,9338391097826763904,131072 /prefetch:1
  2⤵
  PID:3148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4084 --field-trial-handle=1944,i,10139031958873110198,9338391097826763904,131072 /prefetch:1
  2⤵
  PID:5004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3348 --field-trial-handle=1944,i,10139031958873110198,9338391097826763904,131072 /prefetch:1
  2⤵
  PID:1688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3032 --field-trial-handle=1944,i,10139031958873110198,9338391097826763904,131072 /prefetch:1
  2⤵
  PID:940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3432 --field-trial-handle=1944,i,10139031958873110198,9338391097826763904,131072 /prefetch:1
  2⤵
  PID:2416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5236 --field-trial-handle=1944,i,10139031958873110198,9338391097826763904,131072 /prefetch:1
  2⤵
  PID:1200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5340 --field-trial-handle=1944,i,10139031958873110198,9338391097826763904,131072 /prefetch:8
  2⤵
  PID:312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5352 --field-trial-handle=1944,i,10139031958873110198,9338391097826763904,131072 /prefetch:8
  2⤵
  - Modifies registry class
  PID:3784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5228 --field-trial-handle=1944,i,10139031958873110198,9338391097826763904,131072 /prefetch:8
  2⤵
  PID:1740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5912 --field-trial-handle=1944,i,10139031958873110198,9338391097826763904,131072 /prefetch:1
  2⤵
  PID:1796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5220 --field-trial-handle=1944,i,10139031958873110198,9338391097826763904,131072 /prefetch:8
  2⤵
  PID:2472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5964 --field-trial-handle=1944,i,10139031958873110198,9338391097826763904,131072 /prefetch:8
  2⤵
  PID:2156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5772 --field-trial-handle=1944,i,10139031958873110198,9338391097826763904,131072 /prefetch:8
  2⤵
  PID:1080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=5188 --field-trial-handle=1944,i,10139031958873110198,9338391097826763904,131072 /prefetch:1
  2⤵
  PID:4216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5180 --field-trial-handle=1944,i,10139031958873110198,9338391097826763904,131072 /prefetch:8
  2⤵
  PID:4004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4992 --field-trial-handle=1944,i,10139031958873110198,9338391097826763904,131072 /prefetch:8
  2⤵
  PID:4092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4584 --field-trial-handle=1944,i,10139031958873110198,9338391097826763904,131072 /prefetch:8
  2⤵
  PID:4608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6560 --field-trial-handle=1944,i,10139031958873110198,9338391097826763904,131072 /prefetch:8
  2⤵
  PID:3608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6524 --field-trial-handle=1944,i,10139031958873110198,9338391097826763904,131072 /prefetch:8
  2⤵
  PID:3140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6724 --field-trial-handle=1944,i,10139031958873110198,9338391097826763904,131072 /prefetch:8
  2⤵
  PID:5044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4976 --field-trial-handle=1944,i,10139031958873110198,9338391097826763904,131072 /prefetch:8
  2⤵
  PID:3960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6728 --field-trial-handle=1944,i,10139031958873110198,9338391097826763904,131072 /prefetch:8
  2⤵
  PID:456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6844 --field-trial-handle=1944,i,10139031958873110198,9338391097826763904,131072 /prefetch:8
  2⤵
  PID:5088
- C:\Users\Admin\Downloads\Setup.exe
  "C:\Users\Admin\Downloads\Setup.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:4908
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" https://pcapp.store/installing.php?guid=6B8FED25-7AF2-4FAA-8715-FE0B598BA931X&winver=19041&version=fa.1091o&nocache=20240622033359.317&_fcid=1719027209302340
    3⤵
    PID:4516
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x128,0x12c,0x130,0xf8,0x134,0x7ffe8270ab58,0x7ffe8270ab68,0x7ffe8270ab78
      4⤵
      PID:412
- - C:\Users\Admin\AppData\Local\Temp\nsl5B5.tmp
    "C:\Users\Admin\AppData\Local\Temp\nsl5B5.tmp" /internal 1719027209302340 /force
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Adds Run key to start application
    - Suspicious behavior: EnumeratesProcesses
    PID:968
  - - C:\Users\Admin\PCAppStore\PcAppStore.exe
      "C:\Users\Admin\PCAppStore\PcAppStore.exe" /init default
      4⤵
      Executes dropped EXE
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of SendNotifyMessage
      Suspicious use of SetWindowsHookEx
      PID:5100
    - - C:\Users\Admin\PCAppStore\nwjs\NW_store.exe
        
        .\nwjs\NW_store.exe .\ui\.
        5⤵
        Checks computer location settings
        Executes dropped EXE
        Loads dropped DLL
        Checks system information in the registry
        Enumerates system info in registry
        Suspicious behavior: EnumeratesProcesses
        
        PID:2944
      - C:\Users\Admin\PCAppStore\nwjs\NW_store.exe
        
        C:\Users\Admin\PCAppStore\nwjs\NW_store.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\pc_app_store\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\pc_app_store\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\pc_app_store\User Data" --annotation=plat=Win64 --annotation=prod=pc_app_store --annotation=ver=0.1.0 --initial-client-data=0x2ac,0x2b0,0x2b4,0x2a8,0x2b8,0x7ffe91c5a960,0x7ffe91c5a970,0x7ffe91c5a980
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        
        PID:3208
      - C:\Users\Admin\PCAppStore\nwjs\NW_store.exe
        
        "C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=gpu-process --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --no-appcompat-clear --start-stack-profiler --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1852 --field-trial-handle=1856,i,8079705952103759565,17291124146149701483,262144 --variations-seed-version /prefetch:2
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2808
      - C:\Users\Admin\PCAppStore\nwjs\NW_store.exe
        
        "C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --no-appcompat-clear --start-stack-profiler --mojo-platform-channel-handle=2024 --field-trial-handle=1856,i,8079705952103759565,17291124146149701483,262144 --variations-seed-version /prefetch:3
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:4268
      - C:\Users\Admin\PCAppStore\nwjs\NW_store.exe
        
        "C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --no-appcompat-clear --mojo-platform-channel-handle=2192 --field-trial-handle=1856,i,8079705952103759565,17291124146149701483,262144 --variations-seed-version /prefetch:8
        6⤵
        Checks computer location settings
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2916
      - C:\Users\Admin\PCAppStore\nwjs\NW_store.exe
        
        "C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --nwjs --extension-process --no-appcompat-clear --no-sandbox --file-url-path-alias="/gen=C:\Users\Admin\PCAppStore\nwjs\gen" --no-zygote --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3028 --field-trial-handle=1856,i,8079705952103759565,17291124146149701483,262144 --variations-seed-version /prefetch:2
        6⤵
        Checks computer location settings
        Executes dropped EXE
        Loads dropped DLL
        
        PID:5200
      - C:\Users\Admin\PCAppStore\nwjs\NW_store.exe
        
        "C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --no-appcompat-clear --mojo-platform-channel-handle=4320 --field-trial-handle=1856,i,8079705952103759565,17291124146149701483,262144 --variations-seed-version /prefetch:8
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:5232
  - - C:\Users\Admin\PCAppStore\PcAppStoreWatchdog.exe
      "C:\Users\Admin\PCAppStore\PcAppStoreWatchdog.exe" /guid=6B8FED25-7AF2-4FAA-8715-FE0B598BA931X /rid=20240622033426.93240741656 /ver=fa.1091o
      4⤵
      Executes dropped EXE
      Suspicious behavior: EnumeratesProcesses
      PID:1620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=6636 --field-trial-handle=1944,i,10139031958873110198,9338391097826763904,131072 /prefetch:1
  2⤵
  PID:4276

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4836

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5476

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
1⤵
PID:5548

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
PID:5616

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\773CFF2C7835D48C4E76FE153DBA9F81_15174A80589B8DAF9768E9131F4845C0

Filesize
471B

MD5
2aa74d4897a9541cd9cefcb7f4d0851f

SHA1
534e4df389c72c1fce6b28fd7ad6003131d9e02b

SHA256
0fd49e11930612d6f3fcca10d6dba52e63b5b6b60b9fdc6998e613aa3e533360

SHA512
6cedc58db0999368792b60f825de4cd8f77d158541995019ada1cb42b194be88b76e65e8d06a43a61136f392fb0a4a5827745e28dc44ec3f233d91369c70fcfb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_C39E9DBC666D19C07EEE7CD1E11AF8BE

Filesize
471B

MD5
8bf70f988dd06124256b940947ad1cac

SHA1
c4da6acc10cd709f435aaeb89ca5b27e4300072f

SHA256
8f04094254633f4dd5878fce228a45ce1c32e127e232d57576a3eba897b4f0dd

SHA512
9d7dfc8482b89d3f3d5a422cd5ede26f036d53f4ac751560d3b45ae679d42ca6a0672c4db95cc90e273ebd58c197e946e0867baf6ebd3b2cbdc925c13da4d343

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\773CFF2C7835D48C4E76FE153DBA9F81_15174A80589B8DAF9768E9131F4845C0

Filesize
404B

MD5
37cd5ff495f285ad5c7c614c95da8822

SHA1
f644d42e5b9624fb652cbcb3f4427b3b58b3b3ff

SHA256
695e218f87e63d39465021489f4c3504e578d5f687616f0a299fd271c5836116

SHA512
503d1905f7a477e2a2e63d6843be640218cee9bd5d2e9d91d102fb119e9cce9b377d9b0e94604be1a65450e2e96c555ceff56f7d9afcfd4f866977f1cb3acb85

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_C39E9DBC666D19C07EEE7CD1E11AF8BE

Filesize
412B

MD5
7a7d5073bb57a7e3da8001347d232ab9

SHA1
99ca16bfa22522d49e38db4cc746ff7d0cd145cb

SHA256
599c0657846db91cf948adcfd414a13a9b5363b24e6383abace6cf041003c3b3

SHA512
a08d19b2c2d67a502aac5d39b77d5a63bfdeef3a5cd40f635cc14e18d79c762cd0432876e1ae35e5a4d2e60a339272107cd45738a935953997a3a2c70b037a93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
3ea070e60e7d429e1e61c8db38c29e6c

SHA1
5e299ee911c837db884fb5fef2f5abfe4e9e8863

SHA256
b2a5745d6bc2caf9e182d87fe017e223f6237fdd3768705f02a67a10b4cc2d66

SHA512
bd55194313210c91259cdfbe4e6cbef7eb74adf00b7bb292cf8bdeb109eab962f8253ed0277461b94fe7eacc644648318baed002cca9af07b27b00e584fb7cbc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000035

Filesize
19KB

MD5
e78f9f9e3c27e7c593b4355a84d7f65a

SHA1
562ce4ba516712d05ed293f34385d18f7138c904

SHA256
75488ac5677083f252c43009f026c2ec023ac4da3e65c5d7a084742e32abce3d

SHA512
05f9fbbd59c286024b3ad49961c4e0eaa1abcf36ed29a1d07ea73d2b057075d46fbfdda56f135145f942bd0c3d48246c73be1771c21861eec4ddf8bbc365a286

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
b41a9dc43acbb0ca7882ed7c4e7c3570

SHA1
4848194f4edd67dd8c58d34a351340074cc9cc4d

SHA256
07ff156bd0ffe894262029b7f1b14a27407a81de1413bb70acc802d0c946c2c4

SHA512
c28d9e748f7228faa7f5415b2b8dc89d4bee64f7a864cbe7933cb9654f95b0f17048aa85dc0bdd1e1212d9e47d92f26992c2d5fca27775994ccddfbf6f047e08

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
6ace4b82744331f5b78b31e76b30170c

SHA1
923df804402d181c40c24415b3336e72a86477e3

SHA256
2f2550205473adc6428d98bb5735260c1f9ecccdfc39fd015f823feaf9fbde22

SHA512
75bec5d9717928469098e0d7969060f779d42f93495541c46fd20546c1979e7d03563cdb2e91eaf92cbb3953afb1cfada4cee6ef82c5c55377fe6e3c3bd022db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
50727bdb44b64b05b5d010eab465d7bc

SHA1
8fcb0708d13ed4d94546d6265b6883876a89234c

SHA256
2773a5e33b0c2a515868faa0a61724fbdc523831df601fd34e27c51944018c73

SHA512
2709300646df6e48967f8facfba3f7f63c15ccb3813250323be79a8178f6e02685047af6dfb7e56a1e462c97d2e35e8c404767371e2c6ad8136c1df5b7cd1834

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
c52f27504e10966b25f2e20bffe225c3

SHA1
8009940d3a04a4cebaf3b2e1adcadbeb4fd60583

SHA256
2fe81f21742002a3c3be4afa9fb227f52bf57b87ca6e68dea9feed17597796ca

SHA512
1bd7e734aaf35f7dfa1dc17d7aa68d1d6cef98566033dd47887b31b1f774e89d87c4ad1e478a85e919ea1ba5b4f3418d0e92440766a33c170743664554e0e5ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
f7db2ac18e6deff00a853ac80ac2e21a

SHA1
68754c6e372ea99d94c4d1c096a826de2de01e1e

SHA256
d918f1168eb891d7aebfdbdcdd8eecd5353a06c7822d62f6a8e4175caab7bbf5

SHA512
2d187e1b1b95e7502ee63ca91be9a9040cf5efeb1f489ea989d95603cbb80f23cdd7b255657043528ecb338b7feb0b367099992c1f387b77323e82115d7d7ee8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
e98310e33d205c09f9efc252c89564a2

SHA1
af757468b1a177eb0430fb04b8bc4a778955c10d

SHA256
7cc3f8f4a178d435802bf708e6d99445a15472cc10eafa9050cc8cc6c81a35ce

SHA512
ba500fd1770f2d254136068b7514a20548a60ff9f0da1019ad2947f6a0aceac96c92151bba2510509d3a9df32a56851a5fad36e1a98820a43e8407d1265c6ac8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a9ac2a516c6c3b9be1dfb8235aa9b65b

SHA1
177fdefec95a53913aae98d582a7e74877216283

SHA256
015bee2278a160a4456493bf2a6c4bb1fc5d6ba6a3530ca1b01759ff24085ee4

SHA512
d6fdc80df6ed5681848d7edb16b571bf330f090329024ac96d2490c92fe77aecdeec6f0902b466430b43555ff791b66be1704c4dd09050211308794b0f846088

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
9ed52469bea11fe9273e090df1863942

SHA1
fcdb5f059ecce41355a4a11b92e851b363ce76d7

SHA256
f12ec39a3a214e5d450955820d8f68741fdadf82b96c6897e55ac41b8ce5cf1d

SHA512
0cbd4d26e61a43cddb75482449547b525a1788a2a96da3368f6b2a56be3a0b3857f90a3a69fdfe105064a54e09c4462695ba7eb35a93b2c2bd732809c2ab2eee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
3a1b9cd57a0b39711ac6a2ded582a91d

SHA1
3713a6eda76d4db25615fb14821bc440450f7e30

SHA256
bdbbe5125ab989e47714b8ab832ee6642cc8f3c659e50d1b564f853f95662a4c

SHA512
201ae4b0a36a7f1a4bfb00385db93eae14e4e77d3bd06937576452c95ae9375e3ff5160226d69d9cede9730ed00a4bf0ed306fe289f126111b2c62f319a3dec2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
493fe8b5bce0c780f0beb80123ccdc85

SHA1
de9c42175e550a042ec4ee7212990765102bc3b2

SHA256
520f4cf62a8550915469b59f8bf8adce747e77634abb61748b64f967cdf53f49

SHA512
9a4249b537351de6850b043a3e6c4b7ed949db6dcd91928604369658d0dcfc181e49e5e199867fefe76ba8a523b7244b364d0097fdb50457e2a5b8e734e0e6b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
4c065f8517a366d7c83a70132658668b

SHA1
a1f40153b757195a69122fc04c7ad8f13079abf3

SHA256
243a7c977f7380568cfd31644f74c8c92f1ed7cef511be5f97be93d7f6cc53c9

SHA512
fa2dd0df461944c07525878ee52c4c6a435c0702c64d877833c8905bf66a549396123d96efce3a67dabbc9e033bb745b9a74463e20783ead1d00331dde948c9f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
e053a774ab7ffd186f1b5b02810c80b3

SHA1
dc94452303cb4c5998fbfafd7e7fdf61fea2937f

SHA256
7918191b0bc5317c304e4102dbae2dd3d96f07eb3b3232fbfb64612a3edd8369

SHA512
53826f602d8d32f9c2b4fe5c59f08baf3d3e669fe8f2b5e060405253ca1c78a654bade82287d18da05ac33a99e8e1787a49c540a989b6225f8dcf8e78d82cb51

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
94275bde03760c160b707ba8806ef545

SHA1
aad8d87b0796de7baca00ab000b2b12a26427859

SHA256
c58cb79fa4a9ade48ed821dd9f98957b0adfda7c2d267e3d07951c2d371aa968

SHA512
2aabd49bc9f0ed3a5c690773f48a92dbbbd60264090a0db2fe0f166f8c20c767a74d1e1d7cc6a46c34cfbd1587ddb565e791d494cd0d2ca375ab8cc11cd8f930

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
120B

MD5
b24a2bb55f3fd1bdf5a318cdd1fc3bc0

SHA1
373671708f900889bdb3f20a5fdb96c27f5be222

SHA256
d8f9bc39dbb9f2e32a8b819ad6c798693f7876e97b2f7ae4570a09db487e25ac

SHA512
09cbc5929ead5ff90138f80db2f8129a88e4c07f4d3d39dda6bdfe427d1399e28ca8719faca0512c604a81ed022fb7d6fac253cf0248c1319f26a1d012efacf9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe58534b.TMP

Filesize
120B

MD5
cb81c0d80bee4e692d58438e129db684

SHA1
2da739d9aa0717d28bc4e2bcda63230329d9ba2a

SHA256
576aa490acad93cd163798211167c9de029071835e91e9a24d07372f237b3f32

SHA512
5c09dd421fd24eedf969504aba2f963a0348bcfc575e38634ce69dd7e8ef350e9877deaa4739a55ec268032f15f2122048223b9a7fda8a67280d88219cb78ae2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
279KB

MD5
886f49556b1dd9ed57643780c1fcb484

SHA1
24a205e06457a7f55c2c4246981b3d85a1e9935c

SHA256
e69ad54d05ecd1a8122e20dcfcc1c9d7644bec0fead63aacac7bfdf16989317f

SHA512
4fde34dfc44b0c27761b5f1143a205833711f3e0d9a2567aae58462e789e3e5d96c27ebeceb13d166e121c3e7c9cc24e9216c96f1a50b4d8e10cb6955ccae9c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
279KB

MD5
523bea6277b6dc0e8932583678811c92

SHA1
e49e891c6e3b9a577c7b75737eff06ba2a2fdcaf

SHA256
4b008f9ebdf03d536af0a0cb1004d036fae30fe7708c76c1f643e3f2ed1a1349

SHA512
326bfd26259e6810c06aa0f256ea23cae3dbc14a702354994ecd978c5efd37b46f77db9e5459f84aedd495df4e054b9bab256464edd84803cf94d813ecea4966

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
96KB

MD5
b835475103b7208f158e8224e1f711d4

SHA1
6d9e7b2858c14957f69c3ca07d0bb54470bf00db

SHA256
b8bd9529db2913267122ca6934bab8b57c29e14cd05d7c6ebccde494ad502f7a

SHA512
6815a16c8b4df36e49a862530be4b9f91587923ab76600ab9e425d83a302d05e6d5f8cef2b909e182386072bbb76ad98a814c541bc613db4bfb1cfae521ea4ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
103KB

MD5
e3e745fa5e5535dbcb901497800797bd

SHA1
57bad3ac0001e0bab473482159e64f74ad54dbf8

SHA256
8ed0633b860f07aba8d0881c0fa81b98d3800e66ae4143fe8837b6026e40de53

SHA512
aa21db8b07629f8544a3ed0298e960bbe31fa00c7cb2ca25fc549a82a168c100db25ac88e7c7d1d631e0ce0d3bc57d23583673c20762193213f08097cafc1cd1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58a515.TMP

Filesize
88KB

MD5
73e267112874811f38f3ca0f2af3fde4

SHA1
51bb65f707fca698f269b7161f03b1272fbe3da5

SHA256
3ba02babfc8154f5743f58193f928365e831961f2559ed638d407ae462f566a4

SHA512
38860d053cdddb1d26bba202133d196cf5b5f0557d856f5aac5d8e0ed7836c4bfbb6cb75ab46ee033e471bf2d9051431f1ea62a2a3520c598c8d30884afb7910

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseDB87.tmp\System.dll

Filesize
12KB

MD5
cff85c549d536f651d4fb8387f1976f2

SHA1
d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e

SHA256
8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8

SHA512
531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseDB87.tmp\inetc.dll

Filesize
38KB

MD5
a35cdc9cf1d17216c0ab8c5282488ead

SHA1
ed8e8091a924343ad8791d85e2733c14839f0d36

SHA256
a793929232afb78b1c5b2f45d82094098bcf01523159fad1032147d8d5f9c4df

SHA512
0f15b00d0bf2aabd194302e599d69962147b4b3ef99e5a5f8d5797a7a56fd75dd9db0a667cfba9c758e6f0dab9ced126a9b43948935fe37fc31d96278a842bdf

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseDB87.tmp\nsDialogs.dll

Filesize
9KB

MD5
6c3f8c94d0727894d706940a8a980543

SHA1
0d1bcad901be377f38d579aafc0c41c0ef8dcefd

SHA256
56b96add1978b1abba286f7f8982b0efbe007d4a48b3ded6a4d408e01d753fe2

SHA512
2094f0e4bb7c806a5ff27f83a1d572a5512d979eefda3345baff27d2c89e828f68466d08c3ca250da11b01fc0407a21743037c25e94fbe688566dd7deaebd355

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseDB87.tmp\nsJSON.dll

Filesize
23KB

MD5
f4d89d9a2a3e2f164aea3e93864905c9

SHA1
4d4e05ee5e4e77a0631a3dd064c171ba2e227d4a

SHA256
64b3efdf3de54e338d4db96b549a7bdb7237bb88a82a0a63aef570327a78a6fb

SHA512
dbda3fe7ca22c23d2d0f2a5d9d415a96112e2965081582c7a42c139a55c5d861a27f0bd919504de4f82c59cf7d1b97f95ed5a55e87d574635afdb7eb2d8cadf2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsx3B7B.tmp\Math.dll

Filesize
67KB

MD5
85428cf1f140e5023f4c9d179b704702

SHA1
1b51213ddbaedfffb7e7f098f172f1d4e5c9efba

SHA256
8d9a23dd2004b68c0d2e64e6c6ad330d0c648bffe2b9f619a1e9760ef978207a

SHA512
dfe7f9f3030485caf30ec631424120030c3985df778993342a371bf1724fa84aa885b4e466c6f6b356d99cc24e564b9c702c7bcdd33052172e0794c2fdecce59

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\7a317389-e4e2-4974-b5a6-dfd94d1ddf9d.tmp

Filesize
148KB

MD5
728fe78292f104659fea5fc90570cc75

SHA1
11b623f76f31ec773b79cdb74869acb08c4052cb

SHA256
d98e226bea7a9c56bfdfab3c484a8e6a0fb173519c43216d3a1115415b166d20

SHA512
91e81b91b29d613fdde24b010b1724be74f3bae1d2fb4faa2c015178248ed6a0405e2b222f4a557a6b895663c159f0bf0dc6d64d21259299e36f53d95d7067aa

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Code Cache\js\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Sync Data\LevelDB\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Web Applications\_nwjs_pcapp.store\pc_app_store.ico.md5

Filesize
16B

MD5
03e9f614a008075733c76883156b568b

SHA1
5f9cb1b06928487c4b836e9dedc688e8a9650b0b

SHA256
b1a6a6fb45ad1e13054c40dc7c09e3098ee830bcf1ebaec27f640ae4c64b8416

SHA512
7e6969c8908a6bf57bd2cb4457a7c78360468383acee589278e49829617e2f3b872dd8213e57a2ed8f512d444c67a2e619deabdc1394d1c39c7759ed3c744f94

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\shared_proto_db\metadata\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\GraphiteDawnCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\GraphiteDawnCache\data_1

Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\GraphiteDawnCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\GraphiteDawnCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\Downloads\Setup.exe

Filesize
117KB

MD5
c0cae20baf62025ad2c0c603de8f465f

SHA1
97802d826180b089a5fc58d78a294e899ab3a05f

SHA256
bb0225b6953c83e1b55c9eafa4c4639cbc963aa0fc643d620c2872e02250a0de

SHA512
16d6b3f0a5f58aa7b8c9637cee810021a0288c5a42047b48db048491db17169484105cd6454d6f048410211b91f9cb7c5eddbd4f2c6f383433836301b67892f7

Download Submit
C:\Users\Admin\PCAppStore\PcAppStore.exe

Filesize
2.0MB

MD5
fcefc6099c1265e7f7b703c7a0154c5a

SHA1
84f13c7724e24a4416f3d65c143f013d9e9dfcfc

SHA256
4a223cf0623913c903cfc2c0a1a8450405244d8b86c1020e970cbdf8e7a30184

SHA512
d4d1a0d781ca851c9738c5981f13eb023092ce71e0cd04b3ed8dcc942a8ece54b9a031230e300bbdaa4486792f75af768fdbb882b430f5915bec85bcc66cf3f5

Download Submit
C:\Users\Admin\PCAppStore\nwjs\locales\bg.pak.info

Filesize
1.0MB

MD5
82d7ab0ff6c34db264fd6778818f42b1

SHA1
eb508bd01721ba67f7daad55ba8e7acdb0a096eb

SHA256
e84331e84cd61d8bdacc574d5186fb259c00467513aa3f2090406330f68a45db

SHA512
176458b03cc2b2d3711965cd277531e002ae55d284b6c9178d2353e268f882430235468e5a1e9e45c8427864d109cf30a024a993b4763a75fa2744f6e0a6ae2a

Download Submit