Malware Analysis Report

2025-01-22 08:56

Sample ID 241027-rg93xsyarb
Target b1c1d393e8771dc10bf7f22fa364a5e2cea6b33b01625c951e1a84635f98dd3cN
SHA256 b1c1d393e8771dc10bf7f22fa364a5e2cea6b33b01625c951e1a84635f98dd3c
Tags
discovery execution persistence spyware stealer
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

b1c1d393e8771dc10bf7f22fa364a5e2cea6b33b01625c951e1a84635f98dd3c

Threat Level: Likely malicious

The file b1c1d393e8771dc10bf7f22fa364a5e2cea6b33b01625c951e1a84635f98dd3cN was found to be: Likely malicious.

Malicious Activity Summary

discovery execution persistence spyware stealer

Downloads MZ/PE file

Loads dropped DLL

Reads user/profile data of web browsers

Executes dropped EXE

Checks computer location settings

Enumerates connected drives

Checks installed software on the system

Command and Scripting Interpreter: PowerShell

Adds Run key to start application

Checks system information in the registry

Drops file in Program Files directory

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Program crash

Unsigned PE

Browser Information Discovery

Suspicious use of WriteProcessMemory

Suspicious use of SetWindowsHookEx

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of FindShellTrayWindow

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies registry class

Modifies data under HKEY_USERS

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-27 14:11

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-27 14:11

Reported

2024-10-27 14:13

Platform

win10v2004-20241007-en

Max time kernel

120s

Max time network

121s

Command Line

"C:\Users\Admin\AppData\Local\Temp\b1c1d393e8771dc10bf7f22fa364a5e2cea6b33b01625c951e1a84635f98dd3cN.exe"

Signatures

Downloads MZ/PE file

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Fast!\fast!.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Fast!\nwjs\nw.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Fast!\nwjs\nw.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Fast!\nwjs\nw.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Control Panel\International\Geo\Nation C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Control Panel\International\Geo\Nation C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Control Panel\International\Geo\Nation C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Control Panel\International\Geo\Nation C:\Users\Admin\PCAppStore\PcAppStore.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\nsn9A1F.tmp N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\Watchdog.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\download\SetupEngine.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\FAST!\Temp\diskspd.exe N/A
N/A N/A C:\Program Files (x86)\Fast!\FastSRV.exe N/A
N/A N/A C:\Program Files (x86)\Fast!\fast!.exe N/A
N/A N/A C:\Program Files (x86)\Fast!\Fast!.exe N/A
N/A N/A C:\Program Files (x86)\Fast!\nwjs\nw.exe N/A
N/A N/A C:\Program Files (x86)\Fast!\nwjs\nw.exe N/A
N/A N/A C:\Program Files (x86)\Fast!\nwjs\nw.exe N/A
N/A N/A C:\Program Files (x86)\Fast!\nwjs\nw.exe N/A
N/A N/A C:\Program Files (x86)\Fast!\nwjs\nw.exe N/A
N/A N/A C:\Program Files (x86)\Fast!\nwjs\nw.exe N/A
N/A N/A C:\Program Files (x86)\Fast!\nwjs\nw.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\b1c1d393e8771dc10bf7f22fa364a5e2cea6b33b01625c951e1a84635f98dd3cN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b1c1d393e8771dc10bf7f22fa364a5e2cea6b33b01625c951e1a84635f98dd3cN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b1c1d393e8771dc10bf7f22fa364a5e2cea6b33b01625c951e1a84635f98dd3cN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b1c1d393e8771dc10bf7f22fa364a5e2cea6b33b01625c951e1a84635f98dd3cN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b1c1d393e8771dc10bf7f22fa364a5e2cea6b33b01625c951e1a84635f98dd3cN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b1c1d393e8771dc10bf7f22fa364a5e2cea6b33b01625c951e1a84635f98dd3cN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b1c1d393e8771dc10bf7f22fa364a5e2cea6b33b01625c951e1a84635f98dd3cN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b1c1d393e8771dc10bf7f22fa364a5e2cea6b33b01625c951e1a84635f98dd3cN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b1c1d393e8771dc10bf7f22fa364a5e2cea6b33b01625c951e1a84635f98dd3cN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b1c1d393e8771dc10bf7f22fa364a5e2cea6b33b01625c951e1a84635f98dd3cN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nsn9A1F.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nsn9A1F.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nsn9A1F.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nsn9A1F.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nsn9A1F.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nsn9A1F.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nsn9A1F.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nsn9A1F.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nsn9A1F.tmp N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\download\SetupEngine.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\download\SetupEngine.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\download\SetupEngine.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\download\SetupEngine.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\download\SetupEngine.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\download\SetupEngine.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\download\SetupEngine.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\download\SetupEngine.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\download\SetupEngine.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\download\SetupEngine.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\download\SetupEngine.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\download\SetupEngine.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\PCAppStore = "\"C:\\Users\\Admin\\PCAppStore\\PCAppStore.exe\" /init default" C:\Users\Admin\AppData\Local\Temp\nsn9A1F.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\PcAppStoreUpdater = "\"C:\\Users\\Admin\\PCAppStore\\AutoUpdater.exe\" /i" C:\Users\Admin\AppData\Local\Temp\nsn9A1F.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Watchdog = "\"C:\\Users\\Admin\\PCAppStore\\Watchdog.exe\" /guid=5AB270F5-F3A9-47D1-97D7-BBD50ACF9955X /rid=20241027141142.811240649906 /ver=fa.1091x" C:\Users\Admin\AppData\Local\Temp\nsn9A1F.tmp N/A

Checks installed software on the system

discovery

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\P: C:\Program Files (x86)\Fast!\fast!.exe N/A
File opened (read-only) \??\W: C:\Program Files (x86)\Fast!\fast!.exe N/A
File opened (read-only) \??\Y: C:\Program Files (x86)\Fast!\fast!.exe N/A
File opened (read-only) \??\F: C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
File opened (read-only) \??\E: C:\Program Files (x86)\Fast!\fast!.exe N/A
File opened (read-only) \??\I: C:\Program Files (x86)\Fast!\fast!.exe N/A
File opened (read-only) \??\K: C:\Program Files (x86)\Fast!\fast!.exe N/A
File opened (read-only) \??\M: C:\Program Files (x86)\Fast!\fast!.exe N/A
File opened (read-only) \??\R: C:\Program Files (x86)\Fast!\fast!.exe N/A
File opened (read-only) \??\S: C:\Program Files (x86)\Fast!\fast!.exe N/A
File opened (read-only) \??\T: C:\Program Files (x86)\Fast!\fast!.exe N/A
File opened (read-only) \??\V: C:\Program Files (x86)\Fast!\fast!.exe N/A
File opened (read-only) \??\Z: C:\Program Files (x86)\Fast!\fast!.exe N/A
File opened (read-only) \??\X: C:\Program Files (x86)\Fast!\fast!.exe N/A
File opened (read-only) \??\B: C:\Program Files (x86)\Fast!\fast!.exe N/A
File opened (read-only) \??\G: C:\Program Files (x86)\Fast!\fast!.exe N/A
File opened (read-only) \??\J: C:\Program Files (x86)\Fast!\fast!.exe N/A
File opened (read-only) \??\L: C:\Program Files (x86)\Fast!\fast!.exe N/A
File opened (read-only) \??\O: C:\Program Files (x86)\Fast!\fast!.exe N/A
File opened (read-only) \??\A: C:\Program Files (x86)\Fast!\fast!.exe N/A
File opened (read-only) \??\H: C:\Program Files (x86)\Fast!\fast!.exe N/A
File opened (read-only) \??\N: C:\Program Files (x86)\Fast!\fast!.exe N/A
File opened (read-only) \??\Q: C:\Program Files (x86)\Fast!\fast!.exe N/A
File opened (read-only) \??\U: C:\Program Files (x86)\Fast!\fast!.exe N/A

Checks system information in the registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Fast!\nwjs\nw.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Fast!\nwjs\nw.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Fast!\nwjs\locales\tr.pak.info C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\locales\ur.pak.info C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\ui\index.html C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\snapshot_blob.bin C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\locales\es-419.pak.info C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\locales\hu.pak.info C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\ui\images\prediction-engine-bg.png C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\locales\bg.pak C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\locales\lv.pak.info C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\locales\th.pak.info C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\ui\images\fast.png C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\locales\bg.pak.info C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\locales\et.pak.info C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\ui\css\style.css C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\locales\fr.pak C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\ui\images\header-bg.png C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\ffmpeg.dll C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\v8_context_snapshot.bin C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\locales\fi.pak.info C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\locales\lt.pak.info C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\locales\sl.pak C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\ui\icons\checkbox-hovered.svg C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\locales\fa.pak C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\locales\gu.pak.info C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\locales\kn.pak C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\ui\icons\back-arrow.svg C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\ui\images\contacts-bg.png C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\locales\af.pak C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\locales\sv.pak.info C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\locales\sw.pak.info C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\locales\ml.pak.info C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\locales\pt-PT.pak.info C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\ui\images\all-circles-bg-mask.png C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\nw.exe C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\locales\am.pak C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\locales\he.pak.info C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\locales\lv.pak C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\locales\mr.pak C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\locales\nl.pak.info C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\locales\pt-PT.pak C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\locales\zh-TW.pak.info C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\locales\gu.pak C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\locales\ja.pak C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\locales\lt.pak C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\ui\css\normalize.css C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\ui\images\exit-popup-bg.png C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\ui\js\notify.js C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\locales\de.pak.info C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\locales\en-US.pak C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\locales\et.pak C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\locales\ru.pak C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\node.dll C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\vk_swiftshader_icd.json C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\locales\da.pak C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\locales\es.pak C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\locales\kn.pak.info C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\locales\zh-TW.pak C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\libGLESv2.dll C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\locales\ca.pak C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\locales\da.pak.info C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\ui\images\notification-bg.png C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\locales\pl.pak C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\locales\ta.pak.info C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\ui\images\network-error-popup-bg.png C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\PCAppStore\download\SetupEngine.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Fast!\FastSRV.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\b1c1d393e8771dc10bf7f22fa364a5e2cea6b33b01625c951e1a84635f98dd3cN.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\nsn9A1F.tmp N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Fast!\fast!.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Fast!\Fast!.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\FAST!\Temp\diskspd.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Fast!\nwjs\nw.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Fast!\nwjs\nw.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Fast!\nwjs\nw.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files (x86)\Fast!\nwjs\nw.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133745119191470279" C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3442511616-637977696-3186306149-1000\{E866433F-E539-407B-9C0C-80CD555AD16B} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5AB270F5-F3A9-47D1-97D7-BBD50ACF9955X} C:\Program Files (x86)\Fast!\fast!.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\b1c1d393e8771dc10bf7f22fa364a5e2cea6b33b01625c951e1a84635f98dd3cN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b1c1d393e8771dc10bf7f22fa364a5e2cea6b33b01625c951e1a84635f98dd3cN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b1c1d393e8771dc10bf7f22fa364a5e2cea6b33b01625c951e1a84635f98dd3cN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b1c1d393e8771dc10bf7f22fa364a5e2cea6b33b01625c951e1a84635f98dd3cN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b1c1d393e8771dc10bf7f22fa364a5e2cea6b33b01625c951e1a84635f98dd3cN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b1c1d393e8771dc10bf7f22fa364a5e2cea6b33b01625c951e1a84635f98dd3cN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b1c1d393e8771dc10bf7f22fa364a5e2cea6b33b01625c951e1a84635f98dd3cN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b1c1d393e8771dc10bf7f22fa364a5e2cea6b33b01625c951e1a84635f98dd3cN.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nsn9A1F.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nsn9A1F.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nsn9A1F.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nsn9A1F.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nsn9A1F.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nsn9A1F.tmp N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\Watchdog.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\Watchdog.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\Watchdog.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\Watchdog.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\download\SetupEngine.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\download\SetupEngine.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\download\SetupEngine.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\download\SetupEngine.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
N/A N/A C:\Program Files (x86)\Fast!\FastSRV.exe N/A
N/A N/A C:\Program Files (x86)\Fast!\FastSRV.exe N/A
N/A N/A C:\Program Files (x86)\Fast!\fast!.exe N/A
N/A N/A C:\Program Files (x86)\Fast!\fast!.exe N/A
N/A N/A C:\Program Files (x86)\Fast!\fast!.exe N/A
N/A N/A C:\Program Files (x86)\Fast!\fast!.exe N/A
N/A N/A C:\Program Files (x86)\Fast!\fast!.exe N/A
N/A N/A C:\Program Files (x86)\Fast!\fast!.exe N/A
N/A N/A C:\Program Files (x86)\Fast!\fast!.exe N/A
N/A N/A C:\Program Files (x86)\Fast!\fast!.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Program Files (x86)\Fast!\fast!.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Program Files (x86)\Fast!\nwjs\nw.exe N/A
N/A N/A C:\Program Files (x86)\Fast!\nwjs\nw.exe N/A
N/A N/A C:\Program Files (x86)\Fast!\nwjs\nw.exe N/A
N/A N/A C:\Program Files (x86)\Fast!\nwjs\nw.exe N/A
N/A N/A C:\Program Files (x86)\Fast!\nwjs\nw.exe N/A
N/A N/A C:\Program Files (x86)\Fast!\nwjs\nw.exe N/A
N/A N/A C:\Program Files (x86)\Fast!\nwjs\nw.exe N/A
N/A N/A C:\Program Files (x86)\Fast!\nwjs\nw.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Program Files (x86)\Fast!\nwjs\nw.exe N/A
N/A N/A C:\Program Files (x86)\Fast!\nwjs\nw.exe N/A
N/A N/A C:\Program Files (x86)\Fast!\nwjs\nw.exe N/A
N/A N/A C:\Program Files (x86)\Fast!\nwjs\nw.exe N/A
N/A N/A C:\Program Files (x86)\Fast!\nwjs\nw.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1124 wrote to memory of 1616 N/A C:\Users\Admin\AppData\Local\Temp\b1c1d393e8771dc10bf7f22fa364a5e2cea6b33b01625c951e1a84635f98dd3cN.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1124 wrote to memory of 1616 N/A C:\Users\Admin\AppData\Local\Temp\b1c1d393e8771dc10bf7f22fa364a5e2cea6b33b01625c951e1a84635f98dd3cN.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1616 wrote to memory of 3664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1616 wrote to memory of 3664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1616 wrote to memory of 624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1616 wrote to memory of 624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1616 wrote to memory of 624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1616 wrote to memory of 624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1616 wrote to memory of 624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1616 wrote to memory of 624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1616 wrote to memory of 624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1616 wrote to memory of 624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1616 wrote to memory of 624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1616 wrote to memory of 624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1616 wrote to memory of 624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1616 wrote to memory of 624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1616 wrote to memory of 624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1616 wrote to memory of 624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1616 wrote to memory of 624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1616 wrote to memory of 624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1616 wrote to memory of 624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1616 wrote to memory of 624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1616 wrote to memory of 624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1616 wrote to memory of 624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1616 wrote to memory of 624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1616 wrote to memory of 624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1616 wrote to memory of 624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1616 wrote to memory of 624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1616 wrote to memory of 624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1616 wrote to memory of 624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1616 wrote to memory of 624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1616 wrote to memory of 624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1616 wrote to memory of 624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1616 wrote to memory of 624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1616 wrote to memory of 624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1616 wrote to memory of 624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1616 wrote to memory of 624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1616 wrote to memory of 624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1616 wrote to memory of 624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1616 wrote to memory of 624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1616 wrote to memory of 624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1616 wrote to memory of 624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1616 wrote to memory of 624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1616 wrote to memory of 624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1616 wrote to memory of 4668 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1616 wrote to memory of 4668 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1616 wrote to memory of 1544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1616 wrote to memory of 1544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1616 wrote to memory of 1544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1616 wrote to memory of 1544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1616 wrote to memory of 1544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1616 wrote to memory of 1544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1616 wrote to memory of 1544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1616 wrote to memory of 1544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1616 wrote to memory of 1544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1616 wrote to memory of 1544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1616 wrote to memory of 1544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1616 wrote to memory of 1544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1616 wrote to memory of 1544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1616 wrote to memory of 1544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1616 wrote to memory of 1544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1616 wrote to memory of 1544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1616 wrote to memory of 1544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1616 wrote to memory of 1544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\b1c1d393e8771dc10bf7f22fa364a5e2cea6b33b01625c951e1a84635f98dd3cN.exe

"C:\Users\Admin\AppData\Local\Temp\b1c1d393e8771dc10bf7f22fa364a5e2cea6b33b01625c951e1a84635f98dd3cN.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pcapp.store/installing.php?guid=5AB270F5-F3A9-47D1-97D7-BBD50ACF9955X&winver=19041&version=fa.1091x&nocache=20241027141114.586&_fcid=1729735473104910

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffec23546f8,0x7ffec2354708,0x7ffec2354718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,16657357965316014559,14610504145649829927,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2176,16657357965316014559,14610504145649829927,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2176,16657357965316014559,14610504145649829927,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2860 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,16657357965316014559,14610504145649829927,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,16657357965316014559,14610504145649829927,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2176,16657357965316014559,14610504145649829927,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5056 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2176,16657357965316014559,14610504145649829927,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5068 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,16657357965316014559,14610504145649829927,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,16657357965316014559,14610504145649829927,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5604 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,16657357965316014559,14610504145649829927,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5604 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,16657357965316014559,14610504145649829927,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,16657357965316014559,14610504145649829927,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,16657357965316014559,14610504145649829927,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6004 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,16657357965316014559,14610504145649829927,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5956 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\nsn9A1F.tmp

"C:\Users\Admin\AppData\Local\Temp\nsn9A1F.tmp" /internal 1729735473104910 /force

C:\Users\Admin\PCAppStore\PcAppStore.exe

"C:\Users\Admin\PCAppStore\PcAppStore.exe" /init default

C:\Users\Admin\PCAppStore\Watchdog.exe

"C:\Users\Admin\PCAppStore\Watchdog.exe" /guid=5AB270F5-F3A9-47D1-97D7-BBD50ACF9955X /rid=20241027141142.811240649906 /ver=fa.1091x

C:\Users\Admin\PCAppStore\nwjs\NW_store.exe

.\nwjs\NW_store.exe .\ui\.

C:\Users\Admin\PCAppStore\nwjs\NW_store.exe

C:\Users\Admin\PCAppStore\nwjs\NW_store.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\pc_app_store\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\pc_app_store\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\pc_app_store\User Data" --annotation=plat=Win64 --annotation=prod=pc_app_store --annotation=ver=0.1.0 --initial-client-data=0x290,0x294,0x298,0x28c,0x29c,0x7ffebef5a960,0x7ffebef5a970,0x7ffebef5a980

C:\Users\Admin\PCAppStore\nwjs\NW_store.exe

"C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=gpu-process --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --no-appcompat-clear --start-stack-profiler --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2028 --field-trial-handle=2024,i,1516058346926254100,6431679559427706278,262144 --variations-seed-version /prefetch:2

C:\Users\Admin\PCAppStore\nwjs\NW_store.exe

"C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --no-appcompat-clear --start-stack-profiler --mojo-platform-channel-handle=2056 --field-trial-handle=2024,i,1516058346926254100,6431679559427706278,262144 --variations-seed-version /prefetch:3

C:\Users\Admin\PCAppStore\nwjs\NW_store.exe

"C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --no-appcompat-clear --mojo-platform-channel-handle=2100 --field-trial-handle=2024,i,1516058346926254100,6431679559427706278,262144 --variations-seed-version /prefetch:8

C:\Users\Admin\PCAppStore\nwjs\NW_store.exe

"C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --nwjs --extension-process --no-appcompat-clear --no-sandbox --file-url-path-alias="/gen=C:\Users\Admin\PCAppStore\nwjs\gen" --no-zygote --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2548 --field-trial-handle=2024,i,1516058346926254100,6431679559427706278,262144 --variations-seed-version /prefetch:2

C:\Users\Admin\PCAppStore\nwjs\NW_store.exe

"C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --no-appcompat-clear --mojo-platform-channel-handle=4260 --field-trial-handle=2024,i,1516058346926254100,6431679559427706278,262144 --variations-seed-version /prefetch:8

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Users\Admin\PCAppStore\nwjs\NW_store.exe

"C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --no-appcompat-clear --mojo-platform-channel-handle=4664 --field-trial-handle=2024,i,1516058346926254100,6431679559427706278,262144 --variations-seed-version /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x4c0 0x328

C:\Users\Admin\PCAppStore\download\SetupEngine.exe

"C:\Users\Admin\PCAppStore\download\SetupEngine.exe"

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://veryfast.io/installing.html?guid=5AB270F5-F3A9-47D1-97D7-BBD50ACF9955X&_fcid=

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffec23546f8,0x7ffec2354708,0x7ffec2354718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,16657357965316014559,14610504145649829927,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2160 /prefetch:1

C:\Users\Admin\PCAppStore\nwjs\NW_store.exe

"C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --no-appcompat-clear --mojo-platform-channel-handle=648 --field-trial-handle=2024,i,1516058346926254100,6431679559427706278,262144 --variations-seed-version /prefetch:8

C:\Users\Admin\PCAppStore\nwjs\NW_store.exe

"C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --no-appcompat-clear --mojo-platform-channel-handle=4260 --field-trial-handle=2024,i,1516058346926254100,6431679559427706278,262144 --variations-seed-version /prefetch:8

C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe

"C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe" /fcid /instdir C:\Program Files (x86)\Fast! /startup 1

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Register-ScheduledTask fast_task -InputObject (New-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Program Files (x86)\Fast!\fast!.exe') -Principal (New-ScheduledTaskPrincipal -UserId ($Env:UserDomain + '\' + $Env:UserName) -RunLevel Highest) -Trigger (New-ScheduledTaskTrigger -AtLogon) -Settings (New-ScheduledTaskSettingsSet -MultipleInstances Queue -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries)) -Force"

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\FAST!\Temp\diskspd.exe -c100M -b4K -t1 -r -o32 -d10 -ag -h -Rxml C:\Users\Admin\AppData\Local\FAST!\Temp\testfile.temp" > C:\Users\Admin\AppData\Local\FAST!\Temp\dskres.xml

C:\Users\Admin\AppData\Local\FAST!\Temp\diskspd.exe

C:\Users\Admin\AppData\Local\FAST!\Temp\diskspd.exe -c100M -b4K -t1 -r -o32 -d10 -ag -h -Rxml C:\Users\Admin\AppData\Local\FAST!\Temp\testfile.temp

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://veryfast.io/installed.php?guid=5AB270F5-F3A9-47D1-97D7-BBD50ACF9955X&_fcid=

C:\Program Files (x86)\Fast!\FastSRV.exe

"C:\Program Files (x86)\Fast!\FastSRV.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffec23546f8,0x7ffec2354708,0x7ffec2354718

C:\Program Files (x86)\Fast!\fast!.exe

"C:\Program Files (x86)\Fast!\fast!.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,16657357965316014559,14610504145649829927,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1416 /prefetch:1

C:\Program Files (x86)\Fast!\Fast!.exe

"C:\Program Files (x86)\Fast!\Fast!.exe"

C:\Program Files (x86)\Fast!\nwjs\nw.exe

"C:\Program Files (x86)\Fast!\nwjs\nw.exe" ui\.

C:\Program Files (x86)\Fast!\nwjs\nw.exe

"C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\FAST!\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\FAST!\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\FAST!\User Data" --annotation=plat=Win64 --annotation=prod=FAST! --annotation=ver= --initial-client-data=0x2a0,0x2a4,0x2a8,0x29c,0x2ac,0x7ffed0a2a970,0x7ffed0a2a980,0x7ffed0a2a990

C:\Program Files (x86)\Fast!\nwjs\nw.exe

"C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=gpu-process --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --start-stack-profiler --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2296 --field-trial-handle=2300,i,14562966632398013314,8103549525353990766,262144 /prefetch:2

C:\Program Files (x86)\Fast!\nwjs\nw.exe

"C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --start-stack-profiler --mojo-platform-channel-handle=2736 --field-trial-handle=2300,i,14562966632398013314,8103549525353990766,262144 /prefetch:8

C:\Program Files (x86)\Fast!\nwjs\nw.exe

"C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --mojo-platform-channel-handle=3172 --field-trial-handle=2300,i,14562966632398013314,8103549525353990766,262144 /prefetch:8

C:\Program Files (x86)\Fast!\nwjs\nw.exe

"C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --nwjs --extension-process --first-renderer-process --no-sandbox --file-url-path-alias="/gen=C:\Program Files (x86)\Fast!\nwjs\gen" --no-zygote --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3212 --field-trial-handle=2300,i,14562966632398013314,8103549525353990766,262144 /prefetch:1

C:\Program Files (x86)\Fast!\nwjs\nw.exe

"C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --mojo-platform-channel-handle=3980 --field-trial-handle=2300,i,14562966632398013314,8103549525353990766,262144 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 pcapp.store udp
US 159.223.126.41:443 pcapp.store tcp
US 8.8.8.8:53 79.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 41.126.223.159.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 delivery.pcapp.store udp
NL 195.181.172.6:443 delivery.pcapp.store tcp
US 8.8.8.8:53 pcapp.store udp
US 104.248.126.225:443 pcapp.store tcp
US 8.8.8.8:53 e6.o.lencr.org udp
US 8.8.8.8:53 6.172.181.195.in-addr.arpa udp
US 8.8.8.8:53 61.45.26.184.in-addr.arpa udp
US 8.8.8.8:53 96.242.123.52.in-addr.arpa udp
US 8.8.8.8:53 225.126.248.104.in-addr.arpa udp
US 8.8.8.8:53 repository.pcapp.store udp
NL 195.181.172.5:443 repository.pcapp.store tcp
GB 2.18.190.80:80 e6.o.lencr.org tcp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 232.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 5.172.181.195.in-addr.arpa udp
US 8.8.8.8:53 10.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.179.226:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 region1.analytics.google.com udp
GB 142.250.179.226:443 googleads.g.doubleclick.net tcp
GB 142.250.179.226:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 www.google.co.uk udp
BE 74.125.133.156:443 stats.g.doubleclick.net tcp
US 216.239.32.36:443 region1.analytics.google.com tcp
GB 172.217.16.238:443 google.com tcp
GB 172.217.16.238:443 google.com tcp
GB 142.250.200.3:443 www.google.co.uk tcp
GB 142.250.200.3:443 www.google.co.uk tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.200.3:443 www.google.co.uk tcp
GB 142.250.200.3:443 www.google.co.uk tcp
GB 172.217.169.36:443 www.google.com tcp
GB 172.217.169.36:443 www.google.com tcp
GB 172.217.169.36:443 www.google.com tcp
US 8.8.8.8:53 80.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 226.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 156.133.125.74.in-addr.arpa udp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 3.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 36.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 216.239.32.36:443 region1.analytics.google.com udp
US 159.223.126.41:443 pcapp.store tcp
US 159.223.126.41:443 pcapp.store tcp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 69.190.18.2.in-addr.arpa udp
US 159.223.126.41:443 pcapp.store tcp
US 8.8.8.8:53 d74queuslupub.cloudfront.net udp
NL 18.239.94.126:443 d74queuslupub.cloudfront.net tcp
US 8.8.8.8:53 126.94.239.18.in-addr.arpa udp
US 8.8.8.8:53 192.15.239.18.in-addr.arpa udp
US 8.8.8.8:53 80.41.65.18.in-addr.arpa udp
US 8.8.8.8:53 pcapp.store udp
US 8.8.8.8:53 pcapp.store udp
US 64.176.203.93:443 pcapp.store tcp
US 8.8.8.8:53 227.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 93.203.176.64.in-addr.arpa udp
US 159.223.126.41:80 pcapp.store tcp
US 159.223.126.41:443 pcapp.store tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 172.217.169.36:443 www.google.com udp
US 159.223.126.41:443 pcapp.store tcp
US 159.223.126.41:443 pcapp.store tcp
US 159.223.126.41:443 pcapp.store tcp
US 159.223.126.41:443 pcapp.store tcp
US 8.8.8.8:53 repcdn.pcapp.store udp
US 8.8.8.8:53 repcdn.pcapp.store udp
US 8.8.8.8:53 repcdn.pcapp.store udp
US 159.223.126.41:443 pcapp.store tcp
NL 195.181.172.3:443 repcdn.pcapp.store tcp
NL 195.181.172.3:443 repcdn.pcapp.store tcp
NL 195.181.172.3:443 repcdn.pcapp.store tcp
NL 195.181.172.3:443 repcdn.pcapp.store tcp
NL 195.181.172.3:443 repcdn.pcapp.store tcp
NL 195.181.172.3:443 repcdn.pcapp.store tcp
US 8.8.8.8:53 repository.pcapp.store udp
US 8.8.8.8:53 repository.pcapp.store udp
NL 195.181.172.2:443 repository.pcapp.store tcp
NL 195.181.172.2:443 repository.pcapp.store tcp
US 159.223.126.41:443 pcapp.store tcp
US 159.223.126.41:443 pcapp.store tcp
NL 195.181.172.2:443 repository.pcapp.store tcp
NL 195.181.172.5:443 repository.pcapp.store tcp
NL 195.181.172.5:443 repository.pcapp.store tcp
NL 195.181.172.5:443 repository.pcapp.store tcp
NL 195.181.172.5:443 repository.pcapp.store tcp
US 8.8.8.8:53 repository.pcapp.store udp
NL 195.181.172.5:443 repository.pcapp.store tcp
NL 195.181.172.5:443 repository.pcapp.store tcp
NL 195.181.172.2:443 repository.pcapp.store tcp
NL 195.181.172.2:443 repository.pcapp.store tcp
NL 195.181.172.2:443 repository.pcapp.store tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:53 ev.pcapp.store udp
US 147.182.211.77:443 ev.pcapp.store tcp
US 8.8.8.8:53 3.172.181.195.in-addr.arpa udp
US 8.8.8.8:53 2.172.181.195.in-addr.arpa udp
US 8.8.8.8:53 4.4.8.8.in-addr.arpa udp
US 8.8.8.8:443 dns.google udp
US 8.8.8.8:53 77.211.182.147.in-addr.arpa udp
US 8.8.8.8:53 veryfast.io udp
US 161.35.127.181:80 veryfast.io tcp
US 161.35.127.181:443 veryfast.io tcp
US 8.8.8.8:53 181.127.35.161.in-addr.arpa udp
US 8.8.8.8:53 repcdn.veryfast.io udp
NL 195.181.172.6:443 repcdn.veryfast.io tcp
US 8.8.8.8:53 evcs-ocsp.ws.symantec.com udp
DE 152.199.19.74:80 evcs-ocsp.ws.symantec.com tcp
US 161.35.127.181:443 veryfast.io tcp
US 8.8.8.8:53 evcs-crl.ws.symantec.com udp
SE 192.229.221.95:80 evcs-crl.ws.symantec.com tcp
US 8.8.8.8:53 74.19.199.152.in-addr.arpa udp
SE 192.229.221.95:80 evcs-crl.ws.symantec.com tcp
SE 192.229.221.95:80 evcs-crl.ws.symantec.com tcp
US 8.8.8.8:53 veryfast.io udp
US 161.35.127.181:443 veryfast.io tcp
US 161.35.127.181:443 veryfast.io tcp
NL 195.181.172.6:443 repcdn.veryfast.io tcp
US 8.8.8.8:53 e5.o.lencr.org udp
GB 2.18.190.80:80 e5.o.lencr.org tcp
US 8.8.8.8:53 71.209.201.84.in-addr.arpa udp
US 161.35.127.181:443 veryfast.io tcp
US 159.223.126.41:443 pcapp.store tcp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 connect.facebook.net udp
GB 163.70.151.21:443 connect.facebook.net tcp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.151.35:443 www.facebook.com tcp
US 8.8.8.8:53 21.151.70.163.in-addr.arpa udp
US 161.35.127.181:443 veryfast.io tcp
US 161.35.127.181:443 veryfast.io tcp
US 8.8.8.8:53 35.151.70.163.in-addr.arpa udp
US 8.8.8.8:443 dns.google udp
GB 172.217.169.36:443 www.google.com udp
US 8.8.8.8:53 veryfast.io udp
US 8.8.8.8:53 veryfast.io udp
US 161.35.127.181:443 veryfast.io tcp
US 161.35.127.181:443 veryfast.io tcp
US 161.35.127.181:443 veryfast.io tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 172.217.169.36:443 www.google.com udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:53 70.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
SE 192.229.221.95:80 evcs-crl.ws.symantec.com tcp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\nsb7D20.tmp\System.dll

MD5 cff85c549d536f651d4fb8387f1976f2
SHA1 d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e
SHA256 8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8
SHA512 531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

C:\Users\Admin\AppData\Local\Temp\nsb7D20.tmp\nsJSON.dll

MD5 f4d89d9a2a3e2f164aea3e93864905c9
SHA1 4d4e05ee5e4e77a0631a3dd064c171ba2e227d4a
SHA256 64b3efdf3de54e338d4db96b549a7bdb7237bb88a82a0a63aef570327a78a6fb
SHA512 dbda3fe7ca22c23d2d0f2a5d9d415a96112e2965081582c7a42c139a55c5d861a27f0bd919504de4f82c59cf7d1b97f95ed5a55e87d574635afdb7eb2d8cadf2

C:\Users\Admin\AppData\Local\Temp\nsb7D20.tmp\nsDialogs.dll

MD5 6c3f8c94d0727894d706940a8a980543
SHA1 0d1bcad901be377f38d579aafc0c41c0ef8dcefd
SHA256 56b96add1978b1abba286f7f8982b0efbe007d4a48b3ded6a4d408e01d753fe2
SHA512 2094f0e4bb7c806a5ff27f83a1d572a5512d979eefda3345baff27d2c89e828f68466d08c3ca250da11b01fc0407a21743037c25e94fbe688566dd7deaebd355

C:\Users\Admin\AppData\Local\Temp\nsb7D20.tmp\inetc.dll

MD5 a35cdc9cf1d17216c0ab8c5282488ead
SHA1 ed8e8091a924343ad8791d85e2733c14839f0d36
SHA256 a793929232afb78b1c5b2f45d82094098bcf01523159fad1032147d8d5f9c4df
SHA512 0f15b00d0bf2aabd194302e599d69962147b4b3ef99e5a5f8d5797a7a56fd75dd9db0a667cfba9c758e6f0dab9ced126a9b43948935fe37fc31d96278a842bdf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ba6ef346187b40694d493da98d5da979
SHA1 643c15bec043f8673943885199bb06cd1652ee37
SHA256 d86eec91f295dfda8ed1c5fa99de426f2fe359282c7ebf67e3a40be739475d73
SHA512 2e6cc97330be8868d4b9c53be7e12c558f6eb1ac2c4080a611ba6c43561d0c5bb4791b8a11a8c2371599f0ba73ed1d9a7a2ea6dee2ae6a080f1912e0cb1f656c

\??\pipe\LOCAL\crashpad_1616_UFDCKZNSCBZJXVWX

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 b8880802fc2bb880a7a869faa01315b0
SHA1 51d1a3fa2c272f094515675d82150bfce08ee8d3
SHA256 467b8cd4aacac66557712f9843023dcedefcc26efc746f3e44157bc8dac73812
SHA512 e1c6dba2579357ba70de58968b167d2c529534d24bff70568144270c48ac18a48ee2af2d58d78ae741e5a36958fa78a57955bd2456f1df00b781fc1002e123d2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e76210aa72deaa7938e5401d752926a4
SHA1 9871a3bf5f96910c9d6cdde36d6a5b5e25d936ce
SHA256 0a947664311ae8a1336fef3b5a9f26bcd25586da0a0aef9795008bcc75cc3cfb
SHA512 eca95f876918a53e606a6bc8bb96615540571cf71238c2195bb8da7b5d2ff82c6110b46218f4d7cc5da4f59f95ed1c695639e200343534e8908eee030454765b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\773CFF2C7835D48C4E76FE153DBA9F81_15174A80589B8DAF9768E9131F4845C0

MD5 220694d3acc7c2093811d7aec3f51bea
SHA1 2a8525170e719a0a53f67bd593267c52b09b42b3
SHA256 ec201403cfd24431b7ce52d080c7d095c4ac69bffe11bf6cbc95849512ccc68c
SHA512 4f9c4593037069953fada53634c7b33ec4de31c484136d4b9c3b015bd6556ea8587e59414cd2bb20ecfff168132385ccbd39097799cf92e8ff06b67afff81d20

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\773CFF2C7835D48C4E76FE153DBA9F81_15174A80589B8DAF9768E9131F4845C0

MD5 1471a4815508149a30d08041a4e0a5cd
SHA1 2b302dc8d1e6f062d949f048a99554da68576875
SHA256 23b30c934ba5be30a6f48d2c9a470cb70d471cf1a8efedc807d366f4f4be5966
SHA512 cab23ccb715a5226bd894c927edc8fc62607ade25aca5d1b8da393a759ef2d6ffe1354fc40f42c1ac27bc61e6ccc61b87fed15d6ac7209111a91477cf5f5ba53

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_C39E9DBC666D19C07EEE7CD1E11AF8BE

MD5 9fa74727e591b0483a3be81ebbff35be
SHA1 27e632e8dfa3b0ff66c7934462f3524277dd65a9
SHA256 e8ebedfce0fcf0a4067ec146ebab178119595729a4f3702bfe114e1a06022732
SHA512 8f2667297d8112cbd99e15265e0e948c4d8e76a150a8b4c9f97449923c0da22e74bdf7906e8bb13f05a4b62e6cdb089590973a4aaccab3db9dc6d88176e2b737

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_C39E9DBC666D19C07EEE7CD1E11AF8BE

MD5 cda9731ff521a8507428be2d1c1b70d9
SHA1 99f923a77b911a42af111121a00e1e69adf7ef20
SHA256 70425dc7814c4c84054252a18f097756b68c8c9671e9044014db915c69b93f3b
SHA512 70d0bd6dce492e99543ed079978efa116f4a59cec94b370a837506789759144887257b7d6646aa52fc13d57c43b2fd7baf4239baf465fee3aa77d892a6d79934

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 e02612b9b7e51d7efe3e19834602796d
SHA1 eacc02d5ea2669ffaeae59f1abf7da8a26cc834d
SHA256 b82dda00f69cbae5f84d5a155250c567ab00a7887221415d9217c9a9b0ca7a15
SHA512 87a16b0ad085dd8463998a03037ce536586b6ccab268a9b538a577eae241ba28e9795f408e03d8d721701de9660eeedccb7d3f6588c2e10538bbb75fd6cc2bbf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b43cbfd8a23efb5a8969ca29547a7c94
SHA1 0e22cfb6a9db472675b001ae63e787793d7d6262
SHA256 9da80f1469af1d7d5d142fb7ce37d95cd51d0027efa417324908ff0cf38b19b3
SHA512 725b975203c160e63055f85079f29a812efaf076c5fae96bc0eae88c7a2b494b34ad5b4444025017229e9cc799e82d1e175dfcfd003cca99393d3518bb680cc8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 978591ef1d6b1d1dd6a6c65a8fee32ef
SHA1 33c8be7bd27c6a194fdd122b71757d5649dc1afb
SHA256 c40dd808c023b7d4f3eea68d6a39d4168d0f8403287cca467832bccc604bb282
SHA512 02a9ad8389fd2e3e25415c2a6cbdb065dee7e5cbbce0ce4adb94a6358388fcf9cff57360f0cc32c7cb3291556eff852765695a3f6b62cba07aff578d141f4e6d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57f1a3.TMP

MD5 2d01e185d15ae949c0d1f26e3673dbb5
SHA1 17baad43f5553a30fa442fc511a2eed324da658e
SHA256 b1711c2b499af34aa2e5d15a5eb7d492f5b5a20d3fe5f9b9fd1b39111d9a0183
SHA512 84eb1e34a38641775e38effabe276769feb2df6e4cbda5bfbf0d00a8ac82a668d5e171439858b2c748b39d0592f70efab3cf08c605d1eed8834ac15bec4225c4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 7fedf11ac28edc75efaec460408e0cdf
SHA1 794c5fc92b4fb1b31f1f3775ba49d1922263a158
SHA256 a10063443b168f8794c2507f5856561f7516b45f9cbdeea72ce344b71dd9c79c
SHA512 d09c23e07b08a5d0e6d197e08a43bfd73797ff47dd44d71151ef4fba91ab84ea8c266784ef7efb1341fdc2bc2ff408b1a914e8a63baf3242fa3f235ff68588ce

C:\Users\Admin\PCAppStore\nwjs\locales\bg.pak.info

MD5 82d7ab0ff6c34db264fd6778818f42b1
SHA1 eb508bd01721ba67f7daad55ba8e7acdb0a096eb
SHA256 e84331e84cd61d8bdacc574d5186fb259c00467513aa3f2090406330f68a45db
SHA512 176458b03cc2b2d3711965cd277531e002ae55d284b6c9178d2353e268f882430235468e5a1e9e45c8427864d109cf30a024a993b4763a75fa2744f6e0a6ae2a

C:\Users\Admin\AppData\Local\Temp\nsdDAE1.tmp\Math.dll

MD5 85428cf1f140e5023f4c9d179b704702
SHA1 1b51213ddbaedfffb7e7f098f172f1d4e5c9efba
SHA256 8d9a23dd2004b68c0d2e64e6c6ad330d0c648bffe2b9f619a1e9760ef978207a
SHA512 dfe7f9f3030485caf30ec631424120030c3985df778993342a371bf1724fa84aa885b4e466c6f6b356d99cc24e564b9c702c7bcdd33052172e0794c2fdecce59

C:\Users\Admin\PCAppStore\PcAppStore.exe

MD5 b9769675ab9aa29b4d54c8140a1e218e
SHA1 2782e8e15a29f043249ae137b11cb654f7e5a66f
SHA256 5a8aa541eee8d85abe483bd2976b6b291aeca2377fe8fc2aae2eb1a1c6a3926a
SHA512 bc3745a87d236df7a7846114707fba161e9cf9618bf41824135ee7cb803756c665f2b2655a5bd575627f36c4b7827176018f1f4c7b76e5912298aa502c58b0eb

C:\Users\Admin\PCAppStore\Watchdog.exe

MD5 c8c3ac12ef71e9ce0c7911250b85154c
SHA1 2ed91d55c0061527d2bcc49d7aac3d30a090bacb
SHA256 38169acbeafe4a6b8c893d57bd5dcb622ab7d2a1e87ffc625c690b4348461df7
SHA512 c3922912629bf1b1b885169549002113245fb36890be476e468796a153ec4edac00916364f36aa95aad38b65afea4b5937b5dfbf1312245070cb2181531efefe

C:\Users\Admin\PCAppStore\Temp\tempPOSTResponse

MD5 3024a54e0c352abe5eb5f753ca4828da
SHA1 df0206851654405c8e5c2d3bc96fb536b8c2dcbf
SHA256 3cd0a703506c7394d6115d9ff721516560894358aef07459f30d8930df6c3b61
SHA512 d9d44051df56b29aa596ee38463b781dbe27f917f7dae1b2420122616da108520429dda58c75c7e6b2d41093f83c5a4bae96024885af3956f23a3ce5bd3f9358

C:\Users\Admin\PCAppStore\Temp\tempPOSTData

MD5 4ea9413cdb0e42f1f121d444bb744fe3
SHA1 1cef11707b8b6a64a4e9ad6d723b14d1b4065325
SHA256 5816a546d30521da41c1a43d53ec187be1ab372defe82a95403341f44e27a1ab
SHA512 12d501865ba9960a900c7ea1b231f639354bec28dedf9454ad1acad90db0e593a2bbced7df45aa36272113f02ff23d36d6f8a40c696dfea7113479bc97ae3f5f

C:\Users\Admin\PCAppStore\nwjs\NW_store.exe

MD5 e472e46bdfd736351d4b086b4c4ca134
SHA1 1aa886f0cb23b3d322a43be797d411fca84d82a7
SHA256 e825a252b5c5c9c2de8a6a6ade12a7f9cd0040f6a20e6ee44ba659034e6d5223
SHA512 173f5a7abdfea01c9c21ec716cba14eec4539da45e5734b3fd1e0688e1c22e4718bd701c25c8040d20cf48867e2a67ef2aba46380bab9ab1f7a42bd66fd33afb

C:\Users\Admin\PCAppStore\nwjs\nw_elf.dll

MD5 364f839ca8de4d942270d9097d48ef15
SHA1 82c8040dc2a733eb3ea3e051513c84f992bb17f1
SHA256 a4e521c12fe47816f2d9e2dfed9fd074e370ec587d0a0f3a03b5aebb76c06560
SHA512 baf1ed5e558dc0ae037fe0dff036792cfbd338915c8af99d10f0202b92ca820298657a86a0f3e8c1387326fda34de3ee08649c34af2417159a24aed9ced02df3

C:\Users\Admin\PCAppStore\nwjs\ffmpeg.dll

MD5 5fff6f0423a38bfaf174cb670650f4f9
SHA1 13ecd1c4784a5a178a998e9fc0dc08f556121712
SHA256 d4e6fc4e1bc6cb5b3ef7010e61d3a65e97804fb20346cee657688339075b2727
SHA512 e6ff0ea9f6196470f6e094d0ab655fb527c28fc2b2a5d126a10c1f4185c0dff5ed4f19e7ed717d67df324562b7aa56ed87aa0bd396a6ba722d3141b9f30fc41b

C:\Users\Admin\PCAppStore\ui\package.json

MD5 ba0268049bd46633f0423f58b70a6766
SHA1 b5ace19636832d4c9f4234a041a2399d10b1688c
SHA256 dc5928240fa75562c9de99e07584bb878b5f1697f6fa7876dddbc53409cd22ce
SHA512 e6e8e0d889c54ff57141e4c7515d9ffc8b1f9951ab65754d805150a67e1bd43d3894277792416ea76d36525ef2301af088a47e552b1a954e9b3afc9274407ec7

C:\Users\Admin\PCAppStore\nwjs\icudtl.dat

MD5 e0f1ad85c0933ecce2e003a2c59ae726
SHA1 a8539fc5a233558edfa264a34f7af6187c3f0d4f
SHA256 f5170aa2b388d23bebf98784dd488a9bcb741470384a6a9a8d7a2638d768defb
SHA512 714ed5ae44dfa4812081b8de42401197c235a4fa05206597f4c7b4170dd37e8360cc75d176399b735c9aec200f5b7d5c81c07b9ab58cbca8dc08861c6814fb28

C:\Users\Admin\PCAppStore\nwjs\resources.pak

MD5 0f1d45867b591d67b0301ee8c4ad5f7b
SHA1 f5fb6378c13912df079efee44476fc1b4666ef24
SHA256 a2434429fea5b3344426e388f9a2191e10449103e933ef7f0cdbf4638f22380d
SHA512 1db79c82e67547a76d3d479168ee12899e7e03d8c065239976e0a490804182290b76829e483e8f18f7feafe7e819d2784c507d7abcdab917b62d78696059ee80

C:\Users\Admin\PCAppStore\nwjs\locales\en-US.pak

MD5 4b6300c27e7575c32888c1f3364d5346
SHA1 c5f5e1d3524acc96fb4e18c08b02f54abf83c3d4
SHA256 0945c89b16d4feba346e85e14792b772dcc6278f7dca7fb099a6100c93e79740
SHA512 3f21b6f4a3e18755b355ce5f20384d549b3f723104a67c67ae521d2c4544aa3095fada8855a0cc1a10e7c5bf3e8f55d061ab2dcec210f76101a61d9484d4ee6f

C:\Users\Admin\PCAppStore\nwjs\nw_200_percent.pak

MD5 f666b710da2bed9ac0252c1fa1d00c4a
SHA1 0d8288fde82c2f3b7bd006fcf4cb92246aefaf6d
SHA256 f1ab589cfd40fb17a7c390b45ffad8fcf90c133fff1d14ca5bfc7053a21dc241
SHA512 982bb5ea2c14170d47e150dc8692ebe316ec5d6b584377020c1f58ae0632748cb631182a6bfad2f909ef6b818b012527367a36d8681b5b56dc735b8ccaf7b52f

C:\Users\Admin\PCAppStore\nwjs\nw_100_percent.pak

MD5 9b46f4c8dfc0a55bfafac55f17d7659b
SHA1 d25f27df176aadb67bc56a42262bccafd14af4f4
SHA256 b637ae345b830649b4027f39f6ee48f92484a2acb65de498e4fdd84ec1010336
SHA512 de5f500afe381a16e3ff7ddcb5c8aa538362e55222f7915276bb4c9261e41cbc2403ca1663a7dbf0706d8d51abc420e26804f67cfd646d7986130a20a659f345

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Crashpad\reports\1c552b6e-5b9b-40c7-86ed-3eb5649f3813.dmp

MD5 7a5ad9da5d791576b10de9f6761bb1d6
SHA1 088bf6845efbbdb3433805dd96d00577f7fd21bb
SHA256 e12bd64c7f4f986b80f0c83bdb9884ad80b18e090c2e8641116963bce6d67930
SHA512 9e7707c7211ef1a96cf2e2830aa827765214c1ec1d4e078a47eea33eda9496a2244960984bd193c7d7a02544c7fef88011274167310101e511e069bb5750605d

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Site Characteristics Database\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\b8f45522-d926-4481-91d1-3d3fcbe7a5cf.tmp

MD5 728fe78292f104659fea5fc90570cc75
SHA1 11b623f76f31ec773b79cdb74869acb08c4052cb
SHA256 d98e226bea7a9c56bfdfab3c484a8e6a0fb173519c43216d3a1115415b166d20
SHA512 91e81b91b29d613fdde24b010b1724be74f3bae1d2fb4faa2c015178248ed6a0405e2b222f4a557a6b895663c159f0bf0dc6d64d21259299e36f53d95d7067aa

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\DawnCache\data_3

MD5 41876349cb12d6db992f1309f22df3f0
SHA1 5cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256 e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512 e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\DawnCache\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\DawnCache\data_0

MD5 cf89d16bb9107c631daabf0c0ee58efb
SHA1 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256 d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA512 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Web Applications\_nwjs_pcapp.store\pc_app_store.ico.md5

MD5 03e9f614a008075733c76883156b568b
SHA1 5f9cb1b06928487c4b836e9dedc688e8a9650b0b
SHA256 b1a6a6fb45ad1e13054c40dc7c09e3098ee830bcf1ebaec27f640ae4c64b8416
SHA512 7e6969c8908a6bf57bd2cb4457a7c78360468383acee589278e49829617e2f3b872dd8213e57a2ed8f512d444c67a2e619deabdc1394d1c39c7759ed3c744f94

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Cache\Cache_Data\f_00000b

MD5 cca340197220e96581d6aca8f94927e0
SHA1 f31cbc430ed7661698a5b0e2ef63c2e0716193ea
SHA256 26f2cce66aedc8daee96aa03a5f980ccffdbc216d2e7e5bad81d3a5b5d8e5c5f
SHA512 8091dd259e2fa23877d0341bedb3afb9a25f94669309e2c913bf2b9a4e769c35759bfdb6b0e4ac8591231f95e1187e86b15e60db6220f9e7d8a11a370325b0c0

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Cache\Cache_Data\f_000012

MD5 15edbb4d85cf503917a877d894fa0a18
SHA1 45b9165e1a659c3aabecaaf3ef8672f10541ee17
SHA256 6b99a2c0c946d59d80a1d56f795c61059cec833c904aaf6397eebd21d8129d8a
SHA512 4dc82a722cedbb945177fde76aa5f5990f81aa6cc09988949340ffc1c7ece507508b6b5f239c22388c39716cbe4bdb48d88b2fde257b8f40cdfed695a060326f

C:\Users\Admin\PCAppStore\download\SetupEngine.exe

MD5 85f2849f25944fc15e58521a52b800ff
SHA1 718d11673de4743835523983ab5e06f88785a03d
SHA256 c4942bad2eaaca0bb5ed7e6900d6c85f12f0db6de790072838ce3f854b9ad677
SHA512 f5723f93695e84fc41f48f0153f024249e9abc9fd03d788af1c31d6084acfbe4c85a76de55ab8be4f68d16807bc0381c269cc3834510d538e9710f528b04beb7

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Local State

MD5 25a8acf1c5ef6e2a9cd15279bc1e68e6
SHA1 d1d7bd86539b808993e8f2ccee40b0726182c294
SHA256 a9e7aa48a847ab2520d4a7ac009859a8ead8de968d8d5596a8da55d7acc586de
SHA512 e39bfb6bb0fa0acd8ffaad0e62d2367d427c97ae4a443211eab02ff743269269dcabb25f750c17df80f7a3dcc22cb73b439d13e261417470443c2d1039414cd6

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Local State

MD5 c30e5841bdf35c3a93c375d95b59fe28
SHA1 d9257aaa08cebe29be9eea24d2784940eceb1448
SHA256 27e8a08c2ea3d2e5e3a93591bca8a2fc799964e881faecb2adf0bf7d602c22b6
SHA512 000aa26780d092115923631116cc439c07c53f727b50b587ed5520777f769d9e14b789557b5160c44581942f5b15f552a5f15caf80b77fd8cee7a733d6b3e11c

C:\Users\Admin\AppData\Local\Temp\nsd345A.tmp\modern-wizard.bmp

MD5 cbe40fd2b1ec96daedc65da172d90022
SHA1 366c216220aa4329dff6c485fd0e9b0f4f0a7944
SHA256 3ad2dc318056d0a2024af1804ea741146cfc18cc404649a44610cbf8b2056cf2
SHA512 62990cb16e37b6b4eff6ab03571c3a82dcaa21a1d393c3cb01d81f62287777fb0b4b27f8852b5fa71bc975feab5baa486d33f2c58660210e115de7e2bd34ea63

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

MD5 f2a570c7228e8019bd82f759d19f2fd7
SHA1 404d99161de885f60a4c5c87d3a3229d4e268fbc
SHA256 2cc475324f2ab65637bcb07383aa6c77b55975db04feec67a54bf8c165ae6d41
SHA512 0fdc7a7807de58c3fdce43d17047b8a9a928d71dded933faff8c75c3545ad7d6d9d5a02b86535712b1074349eefc8a9fd851f0ab680b715daaca98608c08d2fe

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences~RFe5862cc.TMP

MD5 bb9c47f50e8fabd5a4f25509b9d0bd52
SHA1 7f11ef01c35b7254c82fc8dd52ab9ff78a60fa78
SHA256 261bf9e5fa716a05cb091e3a83d8c86b498cc3725084e036d331bd55f33c3d9b
SHA512 bfef002bbe596b6626e5b3a67b84fa752a03242fd947c20f4484f7c50e3229ba4b67b3f432618acf60d2952930666dfde4c062fe51f411c3802ddde9d8c57ebe

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 8d9ab40289f4d022e0f16129ad5c47c2
SHA1 fd34397b2120681aa371121411b5242fb3d43866
SHA256 43fa27b6815ff6434e9e0fab054ae04e0b9e07c3e55253bdf65c3b04d571174e
SHA512 e6520ca6eafca398c1393817a2c8e2ecef03450e80d45efc2b68afe6fe20e35045534b6cf55de9e47724d030c87f4653892a652d1f0caa010c9ef30d4a3ef0c7

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe586db9.TMP

MD5 91bfaee41a4b8091a45f844a0cb6f0f9
SHA1 23b13be41d4c899ac97654e831aa2608c0c170d2
SHA256 71943920e169b4463b25d577d3aa6a514f2a7552a754d993fa52b572cf76e38e
SHA512 46a3f8809fbc46721de6377050fa76ec6bece97e4f32276bc187039bd34c73648045fbef0a07c2d2c2b6fe2e838a3589045a38a40c8e6334f6e371eef015ba06

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8999173e6d7f91528964d9839d9ab630
SHA1 18bb1964dadced474ab65b1a1ac615b79e90e2a4
SHA256 9a4797754a8aaa69c4b9d8a47aa422339b871d89b369fcb99ab1144e8dee7226
SHA512 c7af175930399ea1a3b35e42842c5bd7ceb62f706c48b4ada0bab40f7d5f9d203d03e9d80f5b85fa3ffefd25a942a9c642c79dbc33dc365922e9332e9e75975a

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\TransportSecurity~RFe587aa9.TMP

MD5 a676dbf5821914342b1140c6d875b4d5
SHA1 3b893bb8d192dcd9db9067a8ea7928b17616c215
SHA256 12f77c6cac72a49d2216a64cd8b840dde4b888d2a1ce7cdb28028544efe4facb
SHA512 505a67866ce23fb3226f68f9348acc9ffcb5750642933059c0ad48f4cabc24b7be1dfaf498419f101b296b7cd265413672568891d644df3f11c276c2d5e420e3

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\TransportSecurity

MD5 33ca2ed0a4fc4f37879c309f2b4cb7d2
SHA1 96cac85d1c9ac0c768ecee4eb3ba5a7ffafc7f6f
SHA256 6ec5ddce68fd1204b30e6c1af3600ccca8653f9794a1316e97ec4295b00c359c
SHA512 9551e0440f7c45b16f22926ee2103e613219ac3ba3615fcfdde556a86d0384f2422a18796ca7d7813df488bd87773659cee73a1306043ba4ce624941917aaea9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 2aab6bb60e7371b759ddafd06f8e7478
SHA1 a0fe4ae4a99e17cde4ce3a13a8aae7bcd4c9481a
SHA256 37dde07a79ad7e7775dd258b7b19c9d2886d7a2c7a7503b1fe4881d12f807bd5
SHA512 045cf321b0ecbee12f940adf60028d7e55f8abff94b1a26fa71d621d346493ae881bc9b548d0e56074cd86eb354231d25050bd32a807a78ecbee06df2dff16af

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe587ad8.TMP

MD5 22052e3483c9c1e3f40a2cc4a86f4858
SHA1 b816e53b690376848e495b93ef68ffca4ce4d2ae
SHA256 2ca30716a723a16ce9051e3c67aeaa2e67120e8cb1d11372aaececde8786cf21
SHA512 65d4dffd37b68101f28fdf0c90ae3dc58ca1a8397e070eccca205c3eb3c8a85dfeb7fb0581f9fa96d008e91c85bee69b74ba25a2d5c20ac65d6f7254410eb4c5

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

MD5 570c869f6eb2f20d9c06509afb1ca983
SHA1 fdfecd2027e0f38660e64ff81d6d3a0f9e5e5324
SHA256 51a51b1bd1252bed204a97bcf272ea8a3cc09682403252ab641ff26e42a4f1d1
SHA512 9094c26e15fdbf858a7d41238d908e151685b37d9e9f9c971c187d8a89151423b1ee04aaf90e6138c5be6635e813a210eb337ef3dfdf773accf33179204b207a

C:\Users\Admin\AppData\Local\Temp\nsd345A.tmp\Banner.dll

MD5 a1b9bdee9fc87d11676605bd79037646
SHA1 8d6879f63048eb93b9657d0b78f534869d1fff64
SHA256 39e3108e0a4ccfb9fe4d8caf4fb40baa39bdd797f3a4c1fa886086226e00f465
SHA512 cd65d18eca885807c7c810286cebef75555d13889a4847bb30dc1a08d8948893899cc411728097641a8c07a8dcc59e1c1efa0e860e93dada871d5b7acc61b1e5

memory/6424-917-0x0000000003360000-0x0000000003396000-memory.dmp

memory/6424-918-0x0000000005A10000-0x0000000006038000-memory.dmp

memory/6424-919-0x00000000060A0000-0x00000000060C2000-memory.dmp

memory/6424-920-0x0000000006240000-0x00000000062A6000-memory.dmp

memory/6424-921-0x00000000062B0000-0x0000000006316000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_21jckzoy.gst.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/6424-931-0x0000000006320000-0x0000000006674000-memory.dmp

memory/6424-932-0x0000000006910000-0x000000000692E000-memory.dmp

memory/6424-933-0x0000000006950000-0x000000000699C000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 f4dde7a35f5d51495c52d9c646f7b5c7
SHA1 6bfa3f73e153fef0f9df18962949cfd4adc208db
SHA256 9d7777cd718df4b73bb307742bf3b04fc5ee7bdee73944db156adb898445b299
SHA512 c8a0de1b2f43ce0bdc930c8d48489b4c30ff2fb717bc672e102840c3de60b1856f1d058a07f983623303f4ab4eb064d7c4dba1b1a0718500de8990dcb05a0cd6

memory/6424-943-0x0000000006EF0000-0x0000000006F22000-memory.dmp

memory/6424-944-0x0000000073870000-0x00000000738BC000-memory.dmp

memory/6424-954-0x0000000007AF0000-0x0000000007B0E000-memory.dmp

memory/6424-955-0x0000000007B10000-0x0000000007BB3000-memory.dmp

memory/6424-956-0x00000000082B0000-0x000000000892A000-memory.dmp

memory/6424-957-0x0000000007C60000-0x0000000007C7A000-memory.dmp

memory/6424-958-0x0000000007CB0000-0x0000000007CBA000-memory.dmp

memory/6424-959-0x0000000007F00000-0x0000000007F96000-memory.dmp

memory/6424-960-0x0000000007E60000-0x0000000007E71000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\nsy9A67.tmp\nsExec.dll

MD5 675c4948e1efc929edcabfe67148eddd
SHA1 f5bdd2c4329ed2732ecfe3423c3cc482606eb28e
SHA256 1076ca39c449ed1a968021b76ef31f22a5692dfafeea29460e8d970a63c59906
SHA512 61737021f86f54279d0a4e35db0d0808e9a55d89784a31d597f2e4b65b7bbeec99aa6c79d65258259130eeda2e5b2820f4f1247777a3010f2dc53e30c612a683

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 c8fba012e2d79c5b55f178cf0ee402be
SHA1 15a4872209f795e71655d7761a747852693bb1c5
SHA256 81195ab4ebadd187427ef7294969ab3d4c3cc004218f6b83448c87ab5f99383c
SHA512 e462463120d260155a5c76c323167aba3a2cb7fb510797ebb9a904d5c68d135bda41adb0d6db7deef70df9d034cd0fa2de18bca93cd5ae5459d4a1a327124a09

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

MD5 98add6fdd00d46abc1e8edcf8e10d6d1
SHA1 916630fb35d0204034d16934ac3186156d7b3b39
SHA256 0a2e88b60fa2c005c38b779b2d614b965e419cad8aacfc531a2ff9c93dab4c62
SHA512 fa6b11d0fd95ac03b609fb5ce00a4fa788029cdc87da9d31e5e61b48beb64c1b51de30c5b6708f11f34acac5cd5be35d21ffcf9405ba4729e7b51f8384bfdb60

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

MD5 c08c3b000c583bf96fefc35ad5843a5c
SHA1 aea02ed81b890edcf63d254d4a215b926580bc04
SHA256 ab7a9b7a81ab372df646733b73feb359e1983f81487d87e980a7a805c4f6c48e
SHA512 40bee5215b3791d5ae1f49eb8bc9a827fe197b573bbeee25bdd3f00ece74ac5ead6a82254cb8220e88163bee9072b64f7bc19eded1478a6c740e000cb2692fb8

memory/6864-1018-0x00000000031A0000-0x00000000032BC000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\nsy9A67.tmp\SimpleSC.dll

MD5 7b89329c6d8693fb2f6a4330100490a0
SHA1 851b605cdc1c390c4244db56659b6b9aa8abd22c
SHA256 1620cdf739f459d1d83411f93648f29dcf947a910cc761e85ac79a69639d127d
SHA512 ac07972987ee610a677ea049a8ec521a720f7352d8b93411a95fd4b35ec29bfd1d6ccf55b48f32cc84c3dceef05855f723a88708eb4cf23caec77e7f6596786a

C:\Program Files (x86)\Fast!\uninstaller.exe

MD5 7b84320c38dec82dd5dd432f2bd40b93
SHA1 9d0050434cf6f3b71bd404eafc77fa9a3e3e1924
SHA256 301d71a9350673254bb2c7e0f2954217b46b876d9af393029bbbfe5f852a41e7
SHA512 8569263ea8e405f11bd0d2d99949ec5f84f593d8a2210c2a82aabad5b98969dd79414f0072cf3b79d6ffd0703dcb73fbf72a2c56a75315fa4d89b50c024fdc28

memory/6864-1208-0x0000000004A50000-0x0000000004B6C000-memory.dmp

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

MD5 6b735aa85a5df8df9dc059f4541d098e
SHA1 36b5563f01b41aaec27475b23e385ecaf03d3381
SHA256 962d1f3916abc24b8dfa2725b65d678c26da28eff1d8aa883e653a17d2cc8abe
SHA512 bf8e0c03aeb6528caf34eca20702703578eddd244ac07cf5085c53c91f48281d7f81ed4631f33922d1ba829576426665430fd9ced0d8d1dd6666083dbc24040e

C:\Program Files (x86)\Fast!\BigTestFile

MD5 3d65a9cdd94723050889be67cdde7139
SHA1 38b3fb90b5000f60e0b751b945f8bbd3f88724e4
SHA256 44b904aa4ba3cf36cc471208d8da62d2dd9266949f63cb9d3548fc38d5492bfb
SHA512 3fc78ccd03f6ff3ebe5041fae61822eee1469d997e91c90e1f06857bffb11cacde01e18ca248458c399ca3a0f492d5e1739cb29f0f935548dea0bb2d65b5e52e

C:\Users\Admin\AppData\Local\FAST!\User Data\Default\Code Cache\js\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\FAST!\User Data\ShaderCache\data_1

MD5 d0d388f3865d0523e451d6ba0be34cc4
SHA1 8571c6a52aacc2747c048e3419e5657b74612995
SHA256 902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b
SHA512 376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

C:\Users\Admin\AppData\Local\FAST!\User Data\Default\a3ffc22e-9c22-4d06-a134-3a6e9da47dea.tmp

MD5 5058f1af8388633f609cadb75a75dc9d
SHA1 3a52ce780950d4d969792a2559cd519d7ee8c727
SHA256 cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA512 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

C:\Program Files (x86)\Fast!\BigTestFile

MD5 338baced2a80f736b2fd27bb51128a5d
SHA1 be90bfe9ee5ebf5e5bfda5259a07cce09b876e22
SHA256 eaef22e4b451485cd1e76d8db23e9cbf908c85918f4e18fc2d2fede8834670f6
SHA512 e3c4ea753a5e366fbbd88dfe8e277374e2536071df79c891e11bfd16ce729bbe0725ee048699d0d63877309545c17df90616ade3b402f7179778c8582df4c95e

C:\Users\Admin\AppData\Local\FAST!\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\FAST!\User Data\Default\Cache\Cache_Data\data_1

MD5 259e7ed5fb3c6c90533b963da5b2fc1b
SHA1 df90eabda434ca50828abb039b4f80b7f051ec77
SHA256 35bb2f189c643dcf52ecf037603d104035ecdc490bf059b7736e58ef7d821a09
SHA512 9d401053ac21a73863b461b0361df1a17850f42fd5fc7a77763a124aa33f2e9493fad018c78cdff63ca10f6710e53255ce891ad6ec56ec77d770c4630f274933

C:\Users\Admin\AppData\Local\FAST!\User Data\Default\Cache\Cache_Data\f_000001

MD5 8e433c0592f77beb6dc527d7b90be120
SHA1 d7402416753ae1bb4cbd4b10d33a0c10517838bd
SHA256 f052ee44c3728dfd23aba8a4567150bc314d23903026fbb6ad089422c2df56af
SHA512 5e90f48b923bb95aeb49691d03dade8825c119b2fa28977ea170c41548900f4e0165e2869f97c7a9380d7ff8ff331a1da855500e5f7b0dfd2b9abd77a386bbf3

C:\Program Files (x86)\Fast!\BigTestFile

MD5 745ae49251e939b6ab20a9d586c70ec8
SHA1 f15a8b9acad64c0230ce227a9176e8c39f7ce58a
SHA256 3b32a7697339c35954fa8f3da4e846d6bf207637de0532cbe58eb0405fafb30e
SHA512 7caf8427f86b8fb871a99589007558ad9ea6f82dd56838253d5309d5dca688cf8f9ec698a4b7e13112e926104d6fd2ab117de4a75db47c195401db2ca03d91d5

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\Network Persistent State

MD5 6da53586fc6a6675667568e9debc8875
SHA1 c49e6d733fab942bc5a1667f3412ad1c9b203c88
SHA256 0ae268674a3be6c985a2356350f0aafc7ce1a8a0baef6013cbffae5a3fce9a84
SHA512 9f58cece77be71d1218b9030c9fd1385a1a8f97578426e4809439b44e289d57b7bfe3b500a825b0f843407236a54848c56d947920aebea7f3d66e681d9daf803

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\Network Persistent State~RFe5927b2.TMP

MD5 2800881c775077e1c4b6e06bf4676de4
SHA1 2873631068c8b3b9495638c865915be822442c8b
SHA256 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512 e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d1adf58ebcd63440bce5e3cff4a22edc
SHA1 e142630c120e829a0a2508cc9112562dee039494
SHA256 9e0c99d19abbd74874bcd21bdf176869041719216c15a677acba0a8668262021
SHA512 b7835ac3e239631e08c9e2a3ffe1df35c480efa46d55a031baa47d2a6c6feac60720ab3065da58891ce4148d081d9a3b96a0bb4080493f3eab6b905a31b56511

C:\Program Files (x86)\Fast!\BigTestFile

MD5 229d3b84d7816d2f40b345c302e46ad9
SHA1 a8ec90954fe54bf9fee3066ee7e26b0e08831df8
SHA256 0460195933da64bf90928c02f8bd2d3316942be6e0b763a869eae242a1cf2284
SHA512 fac2ded52293be78c01b58ef53b1f0b898d805326295ae709f4cd702b6dd0a0ca3e1e7cb213e958eb646d2b31351c5802adb47aaab50f1336564f01ff783d6c2

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

MD5 d7faddb57385985d4ce3007b90ddcf7b
SHA1 4fc7c368ceef2d7018468453702080af925991cd
SHA256 cce1afcf283a02b3dfc7c613dd49d2fb0d95149139b9972db849116866182f7b
SHA512 2aed1e7218079ec79f63b637eac4e375d5fe7f9b4191efba31ae230648d8326d1c9d36a836f831bf858280563196f4d98ce64ee1b4d2fb4747881707dd4e13b7

C:\Program Files (x86)\Fast!\BigTestFile

MD5 b0e4a09d8c267d35a65f3379d2c79fbc
SHA1 fa62e465e9b8f8a25f02afa3e4d50e91feecb93c
SHA256 24d7ffedae2c4f40595b62aeaba194aa09f04a9e7725549d7a3031aac2b1c283
SHA512 c6896e3ed1a2aa4879850d4975dc601853afb11cea19516deea8eda131fb3b89875d6bea44ecf016d0e764e4211d44d8b3d403def8a7b1828e20b266375172aa

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\TransportSecurity

MD5 5f805369c3ce4b518bce8d5154574860
SHA1 09a4d2afad81cc76a42f434fcc5848c432e1697c
SHA256 6de4feaf32fb7971f3abe9b1e20dcb9fb3cff2be9fb4d4575929559980118f45
SHA512 d04def17b7d15036040b43bad7ed3445f564702f9fe6a299464e0dae7707ab0434d8e71222ae738ed41addeb0bce7635d562682ef926e1dc289e28c96631de8d

C:\Program Files (x86)\Fast!\BigTestFile

MD5 b0e8b739bfe3bcda380e853296304b88
SHA1 2eac36913c28ffb5aa8838be3716ae56dcf96f05
SHA256 e89f173dbc11d3214209475c4fa040d98b4b932279355b2641bd3921e13f99eb
SHA512 2d18d49e290c6158464f489c770539b9ba1658e0f42d9f29fc0b6a144557245cfe42438deba605063944e2a6e5f7a8270e3a47b266e01b81708d319c7a4c6463

C:\Users\Admin\AppData\Local\FAST!\User Data\Local State

MD5 edb548ca3bec794c78618b7d6c70c578
SHA1 4b00e85427567a56c072f6d211057b8323266a5f
SHA256 0b1452438162d07239a3f1ddf09b286b001bdf276af08b1475d2270f24a083ba
SHA512 ae3aff29f3f6c92c31da7690481162090324660db4fd6a1dd60f00deeb89c27abfa41e36fe3f275ab36360f456ddf91e5d8725de3f8f9c37f2609e84b0b6eb0f

C:\Users\Admin\AppData\Local\FAST!\User Data\Local State~RFe593d0f.TMP

MD5 b27fb6b00a278a33a7e69f6e1ebf71b0
SHA1 3510790a3d4d2f178eab51eb4827394ea40ae51a
SHA256 26bad6c69030066b56fbed8487bb2899d1a3ed12371d47c75fd776761935acd3
SHA512 e67d30dbdc84703d9b41b8db55784ce81deb4afdb07d0aa59fb41f1f7470ba13aed72ed7e33eee041178f704519ce4cb9b7759db85143cc68e9d7531ce961edb

C:\Program Files (x86)\Fast!\BigTestFile

MD5 66d86562455fb3c57262d46ef81db5b7
SHA1 9dc67122a8b0b43d0ed908eee09fd30b719deb4d
SHA256 7b6f52b4255518d9df10ea3f78a317dd3d0dbbaace97de3b73e9c396684df0dc
SHA512 bc45b5861ca2b2be327b838ed221b1f8a948edf40398659666b9c889215e0645165c7eb61a8dfccb10d66be0f547bab82d9cc4a7e73a73ea50ddbdcd6f981263

Analysis: behavioral3

Detonation Overview

Submitted

2024-10-27 14:11

Reported

2024-10-27 14:13

Platform

win7-20241010-en

Max time kernel

119s

Max time network

19s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\rundll32.exe N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2736 -s 224

Network

N/A

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-10-27 14:11

Reported

2024-10-27 14:13

Platform

win10v2004-20241007-en

Max time kernel

105s

Max time network

106s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\rundll32.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 5060 wrote to memory of 400 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 5060 wrote to memory of 400 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 5060 wrote to memory of 400 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 368 -p 400 -ip 400

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 400 -s 612

Network

Country Destination Domain Proto
US 8.8.8.8:53 136.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 73.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-10-27 14:11

Reported

2024-10-27 14:13

Platform

win7-20241010-en

Max time kernel

117s

Max time network

118s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\inetc.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\rundll32.exe N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\inetc.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\inetc.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2476 -s 232

Network

N/A

Files

N/A

Analysis: behavioral6

Detonation Overview

Submitted

2024-10-27 14:11

Reported

2024-10-27 14:13

Platform

win10v2004-20241007-en

Max time kernel

102s

Max time network

103s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\inetc.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\rundll32.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1036 wrote to memory of 3928 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 1036 wrote to memory of 3928 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 1036 wrote to memory of 3928 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\inetc.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\inetc.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 3928 -ip 3928

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3928 -s 624

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 150.171.28.10:443 g.bing.com tcp
US 8.8.8.8:53 104.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 69.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 73.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp

Files

N/A

Analysis: behavioral8

Detonation Overview

Submitted

2024-10-27 14:11

Reported

2024-10-27 14:13

Platform

win10v2004-20241007-en

Max time kernel

99s

Max time network

100s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsDialogs.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\rundll32.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3340 wrote to memory of 3120 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 3340 wrote to memory of 3120 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 3340 wrote to memory of 3120 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsDialogs.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsDialogs.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 360 -p 3120 -ip 3120

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3120 -s 636

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 150.171.28.10:443 g.bing.com tcp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 77.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 2.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 100.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 66.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp

Files

N/A

Analysis: behavioral9

Detonation Overview

Submitted

2024-10-27 14:11

Reported

2024-10-27 14:13

Platform

win7-20240903-en

Max time kernel

26s

Max time network

17s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsJSON.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\rundll32.exe N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsJSON.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsJSON.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2824 -s 228

Network

N/A

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-27 14:11

Reported

2024-10-27 14:13

Platform

win7-20241010-en

Max time kernel

14s

Max time network

19s

Command Line

"C:\Users\Admin\AppData\Local\Temp\b1c1d393e8771dc10bf7f22fa364a5e2cea6b33b01625c951e1a84635f98dd3cN.exe"

Signatures

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\b1c1d393e8771dc10bf7f22fa364a5e2cea6b33b01625c951e1a84635f98dd3cN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\b1c1d393e8771dc10bf7f22fa364a5e2cea6b33b01625c951e1a84635f98dd3cN.exe

"C:\Users\Admin\AppData\Local\Temp\b1c1d393e8771dc10bf7f22fa364a5e2cea6b33b01625c951e1a84635f98dd3cN.exe"

Network

N/A

Files

N/A

Analysis: behavioral7

Detonation Overview

Submitted

2024-10-27 14:11

Reported

2024-10-27 14:13

Platform

win7-20241023-en

Max time kernel

117s

Max time network

118s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsDialogs.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\rundll32.exe N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsDialogs.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsDialogs.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2556 -s 240

Network

N/A

Files

N/A

Analysis: behavioral10

Detonation Overview

Submitted

2024-10-27 14:11

Reported

2024-10-27 14:13

Platform

win10v2004-20241007-en

Max time kernel

102s

Max time network

103s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsJSON.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\rundll32.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3908 wrote to memory of 4796 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 3908 wrote to memory of 4796 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 3908 wrote to memory of 4796 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsJSON.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsJSON.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4796 -ip 4796

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4796 -s 608

Network

Country Destination Domain Proto
US 8.8.8.8:53 69.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 69.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp

Files

N/A