Malware Analysis Report

2025-04-03 13:51

Sample ID 241109-2b5w5atenn
Target e52c61415e008c13a72045281458e9e8aa6fcb9d9a8d2934e08397b0f096dcaaN
SHA256 e52c61415e008c13a72045281458e9e8aa6fcb9d9a8d2934e08397b0f096dcaa
Tags
discovery execution persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

e52c61415e008c13a72045281458e9e8aa6fcb9d9a8d2934e08397b0f096dcaa

Threat Level: Likely malicious

The file e52c61415e008c13a72045281458e9e8aa6fcb9d9a8d2934e08397b0f096dcaaN was found to be: Likely malicious.

Malicious Activity Summary

discovery execution persistence

Downloads MZ/PE file

Executes dropped EXE

Checks computer location settings

Loads dropped DLL

Adds Run key to start application

Command and Scripting Interpreter: PowerShell

Checks installed software on the system

Enumerates connected drives

Checks system information in the registry

Drops file in Program Files directory

Enumerates physical storage devices

Browser Information Discovery

Program crash

Unsigned PE

System Location Discovery: System Language Discovery

Modifies registry class

Suspicious use of WriteProcessMemory

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of SendNotifyMessage

Suspicious behavior: EnumeratesProcesses

NTFS ADS

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

Enumerates system info in registry

Modifies data under HKEY_USERS

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-09 22:25

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral9

Detonation Overview

Submitted

2024-11-09 22:25

Reported

2024-11-09 22:27

Platform

win7-20240903-en

Max time kernel

117s

Max time network

120s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsJSON.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\rundll32.exe N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsJSON.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsJSON.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1884 -s 228

Network

N/A

Files

N/A

Analysis: behavioral10

Detonation Overview

Submitted

2024-11-09 22:25

Reported

2024-11-09 22:27

Platform

win10v2004-20241007-en

Max time kernel

95s

Max time network

96s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsJSON.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\rundll32.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4200 wrote to memory of 2468 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 4200 wrote to memory of 2468 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 4200 wrote to memory of 2468 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsJSON.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsJSON.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 2468 -ip 2468

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2468 -s 608

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 75.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 241.42.69.40.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-09 22:25

Reported

2024-11-09 22:27

Platform

win7-20240903-en

Max time kernel

15s

Max time network

17s

Command Line

"C:\Users\Admin\AppData\Local\Temp\e52c61415e008c13a72045281458e9e8aa6fcb9d9a8d2934e08397b0f096dcaaN.exe"

Signatures

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\e52c61415e008c13a72045281458e9e8aa6fcb9d9a8d2934e08397b0f096dcaaN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\e52c61415e008c13a72045281458e9e8aa6fcb9d9a8d2934e08397b0f096dcaaN.exe

"C:\Users\Admin\AppData\Local\Temp\e52c61415e008c13a72045281458e9e8aa6fcb9d9a8d2934e08397b0f096dcaaN.exe"

Network

N/A

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-09 22:25

Reported

2024-11-09 22:27

Platform

win10v2004-20241007-en

Max time kernel

120s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\e52c61415e008c13a72045281458e9e8aa6fcb9d9a8d2934e08397b0f096dcaaN.exe"

Signatures

Downloads MZ/PE file

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Fast!\nwjs\nw.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Fast!\Fast!.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Fast!\nwjs\nw.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Fast!\nwjs\nw.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\nseA9EE.tmp N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\Watchdog.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\download\SetupEngine.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\FAST!\Temp\diskspd.exe N/A
N/A N/A C:\Program Files (x86)\Fast!\FastSRV.exe N/A
N/A N/A C:\Program Files (x86)\Fast!\fast!.exe N/A
N/A N/A C:\Program Files (x86)\Fast!\Fast!.exe N/A
N/A N/A C:\Program Files (x86)\Fast!\nwjs\nw.exe N/A
N/A N/A C:\Program Files (x86)\Fast!\nwjs\nw.exe N/A
N/A N/A C:\Program Files (x86)\Fast!\nwjs\nw.exe N/A
N/A N/A C:\Program Files (x86)\Fast!\nwjs\nw.exe N/A
N/A N/A C:\Program Files (x86)\Fast!\nwjs\nw.exe N/A
N/A N/A C:\Program Files (x86)\Fast!\nwjs\nw.exe N/A
N/A N/A C:\Program Files (x86)\Fast!\nwjs\nw.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\e52c61415e008c13a72045281458e9e8aa6fcb9d9a8d2934e08397b0f096dcaaN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e52c61415e008c13a72045281458e9e8aa6fcb9d9a8d2934e08397b0f096dcaaN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e52c61415e008c13a72045281458e9e8aa6fcb9d9a8d2934e08397b0f096dcaaN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e52c61415e008c13a72045281458e9e8aa6fcb9d9a8d2934e08397b0f096dcaaN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e52c61415e008c13a72045281458e9e8aa6fcb9d9a8d2934e08397b0f096dcaaN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e52c61415e008c13a72045281458e9e8aa6fcb9d9a8d2934e08397b0f096dcaaN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e52c61415e008c13a72045281458e9e8aa6fcb9d9a8d2934e08397b0f096dcaaN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e52c61415e008c13a72045281458e9e8aa6fcb9d9a8d2934e08397b0f096dcaaN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e52c61415e008c13a72045281458e9e8aa6fcb9d9a8d2934e08397b0f096dcaaN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e52c61415e008c13a72045281458e9e8aa6fcb9d9a8d2934e08397b0f096dcaaN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nseA9EE.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nseA9EE.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nseA9EE.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nseA9EE.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nseA9EE.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nseA9EE.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nseA9EE.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nseA9EE.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nseA9EE.tmp N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\download\SetupEngine.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\download\SetupEngine.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\download\SetupEngine.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\download\SetupEngine.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\download\SetupEngine.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\download\SetupEngine.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\download\SetupEngine.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\download\SetupEngine.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\download\SetupEngine.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\download\SetupEngine.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\download\SetupEngine.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\download\SetupEngine.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Watchdog = "\"C:\\Users\\Admin\\PCAppStore\\Watchdog.exe\" /guid=F2CDB6FB-4AB8-4547-9F25-FAD1F7A44351X /rid=20241109222607.555240653593 /ver=fa.1091q" C:\Users\Admin\AppData\Local\Temp\nseA9EE.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\PCAppStore = "\"C:\\Users\\Admin\\PCAppStore\\PCAppStore.exe\" /init default" C:\Users\Admin\AppData\Local\Temp\nseA9EE.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\PcAppStoreUpdater = "\"C:\\Users\\Admin\\PCAppStore\\AutoUpdater.exe\" /i" C:\Users\Admin\AppData\Local\Temp\nseA9EE.tmp N/A

Checks installed software on the system

discovery

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\E: C:\Program Files (x86)\Fast!\Fast!.exe N/A
File opened (read-only) \??\P: C:\Program Files (x86)\Fast!\Fast!.exe N/A
File opened (read-only) \??\S: C:\Program Files (x86)\Fast!\Fast!.exe N/A
File opened (read-only) \??\X: C:\Program Files (x86)\Fast!\Fast!.exe N/A
File opened (read-only) \??\B: C:\Program Files (x86)\Fast!\Fast!.exe N/A
File opened (read-only) \??\Q: C:\Program Files (x86)\Fast!\Fast!.exe N/A
File opened (read-only) \??\V: C:\Program Files (x86)\Fast!\Fast!.exe N/A
File opened (read-only) \??\Y: C:\Program Files (x86)\Fast!\Fast!.exe N/A
File opened (read-only) \??\R: C:\Program Files (x86)\Fast!\Fast!.exe N/A
File opened (read-only) \??\G: C:\Program Files (x86)\Fast!\Fast!.exe N/A
File opened (read-only) \??\J: C:\Program Files (x86)\Fast!\Fast!.exe N/A
File opened (read-only) \??\K: C:\Program Files (x86)\Fast!\Fast!.exe N/A
File opened (read-only) \??\L: C:\Program Files (x86)\Fast!\Fast!.exe N/A
File opened (read-only) \??\M: C:\Program Files (x86)\Fast!\Fast!.exe N/A
File opened (read-only) \??\N: C:\Program Files (x86)\Fast!\Fast!.exe N/A
File opened (read-only) \??\O: C:\Program Files (x86)\Fast!\Fast!.exe N/A
File opened (read-only) \??\U: C:\Program Files (x86)\Fast!\Fast!.exe N/A
File opened (read-only) \??\F: C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
File opened (read-only) \??\A: C:\Program Files (x86)\Fast!\Fast!.exe N/A
File opened (read-only) \??\H: C:\Program Files (x86)\Fast!\Fast!.exe N/A
File opened (read-only) \??\I: C:\Program Files (x86)\Fast!\Fast!.exe N/A
File opened (read-only) \??\T: C:\Program Files (x86)\Fast!\Fast!.exe N/A
File opened (read-only) \??\W: C:\Program Files (x86)\Fast!\Fast!.exe N/A
File opened (read-only) \??\Z: C:\Program Files (x86)\Fast!\Fast!.exe N/A

Checks system information in the registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Fast!\nwjs\nw.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Fast!\nwjs\nw.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Fast!\nwjs\locales\pl.pak.info C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\locales\pt-PT.pak.info C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\ui\images\app-background.png C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\ui\images\prediction-engine-bg.png C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\natives_blob.bin C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\ui\icons\fast.svg C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\fast!.exe C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\credits.html C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\nw_100_percent.pak C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\resources.pak C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\locales\ca.pak.info C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\locales\et.pak C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\locales\fr.pak.info C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\locales\gu.pak.info C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\locales\ro.pak.info C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\locales\vi.pak C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\ui\images\exit-popup-bg.png C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File opened for modification C:\Program Files (x86)\Fast!\BigTestFile C:\Program Files (x86)\Fast!\Fast!.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\locales\ar.pak.info C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\locales\fa.pak C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\locales\hr.pak C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\locales\hu.pak C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\locales\sr.pak C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\locales\sv.pak.info C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\locales\uk.pak C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\libGLESv2.dll C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\snapshot_blob.bin C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\locales\am.pak C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\locales\am.pak.info C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\locales\fr.pak C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\locales\kn.pak.info C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\ffmpeg.dll C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\nw.dll C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\v8_context_snapshot.bin C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\locales\en-GB.pak.info C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\locales\es-419.pak C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\locales\ja.pak.info C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\locales\ms.pak C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\locales\ro.pak C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\locales\sk.pak.info C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\locales\te.pak C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\nw_elf.dll C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\locales\lv.pak.info C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\locales\ms.pak.info C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\locales\nb.pak.info C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\locales\ru.pak.info C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\locales\da.pak.info C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\locales\el.pak.info C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\locales\fi.pak C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\locales\ml.pak C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\locales\nl.pak C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\locales\sv.pak C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\locales\zh-CN.pak C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\locales\mr.pak C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\locales\sk.pak C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\ui\images\license-btn-bg.png C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\locales\af.pak C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\locales\bg.pak.info C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\locales\fi.pak.info C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\locales\id.pak.info C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\locales\sw.pak.info C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\locales\te.pak.info C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\ui\icons\icon-tray.svg C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\ui\images\survey-bg.png C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\FAST!\Temp\diskspd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Fast!\Fast!.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\PCAppStore\download\SetupEngine.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Fast!\FastSRV.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Fast!\fast!.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\e52c61415e008c13a72045281458e9e8aa6fcb9d9a8d2934e08397b0f096dcaaN.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\nseA9EE.tmp N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Fast!\nwjs\nw.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Fast!\nwjs\nw.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Fast!\nwjs\nw.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133756647828152559" C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files (x86)\Fast!\nwjs\nw.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-940901362-3608833189-1915618603-1000\{3CF75177-CD76-4E82-BC6A-2FF233607C1A} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F2CDB6FB-4AB8-4547-9F25-FAD1F7A44351X} C:\Program Files (x86)\Fast!\Fast!.exe N/A

NTFS ADS

Description Indicator Process Target
File created C:\Users\Admin\PCAppStore\assets\images\css2?family=Inter:wght@400;500;600;700&family=Open+Sans:wght@400;600;700&family=Roboto:wght@400;500;700&display=swap C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\e52c61415e008c13a72045281458e9e8aa6fcb9d9a8d2934e08397b0f096dcaaN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e52c61415e008c13a72045281458e9e8aa6fcb9d9a8d2934e08397b0f096dcaaN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e52c61415e008c13a72045281458e9e8aa6fcb9d9a8d2934e08397b0f096dcaaN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e52c61415e008c13a72045281458e9e8aa6fcb9d9a8d2934e08397b0f096dcaaN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e52c61415e008c13a72045281458e9e8aa6fcb9d9a8d2934e08397b0f096dcaaN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e52c61415e008c13a72045281458e9e8aa6fcb9d9a8d2934e08397b0f096dcaaN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e52c61415e008c13a72045281458e9e8aa6fcb9d9a8d2934e08397b0f096dcaaN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e52c61415e008c13a72045281458e9e8aa6fcb9d9a8d2934e08397b0f096dcaaN.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nseA9EE.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nseA9EE.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nseA9EE.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nseA9EE.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nseA9EE.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nseA9EE.tmp N/A
N/A N/A C:\Users\Admin\PCAppStore\Watchdog.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\Watchdog.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\Watchdog.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\Watchdog.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\download\SetupEngine.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\download\SetupEngine.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\download\SetupEngine.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\download\SetupEngine.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
N/A N/A C:\Program Files (x86)\Fast!\FastSRV.exe N/A
N/A N/A C:\Program Files (x86)\Fast!\FastSRV.exe N/A
N/A N/A C:\Program Files (x86)\Fast!\Fast!.exe N/A
N/A N/A C:\Program Files (x86)\Fast!\Fast!.exe N/A
N/A N/A C:\Program Files (x86)\Fast!\Fast!.exe N/A
N/A N/A C:\Program Files (x86)\Fast!\Fast!.exe N/A
N/A N/A C:\Program Files (x86)\Fast!\Fast!.exe N/A
N/A N/A C:\Program Files (x86)\Fast!\Fast!.exe N/A
N/A N/A C:\Program Files (x86)\Fast!\Fast!.exe N/A
N/A N/A C:\Program Files (x86)\Fast!\Fast!.exe N/A
N/A N/A C:\Program Files (x86)\Fast!\Fast!.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Program Files (x86)\Fast!\Fast!.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Program Files (x86)\Fast!\nwjs\nw.exe N/A
N/A N/A C:\Program Files (x86)\Fast!\nwjs\nw.exe N/A
N/A N/A C:\Program Files (x86)\Fast!\nwjs\nw.exe N/A
N/A N/A C:\Program Files (x86)\Fast!\nwjs\nw.exe N/A
N/A N/A C:\Program Files (x86)\Fast!\nwjs\nw.exe N/A
N/A N/A C:\Program Files (x86)\Fast!\nwjs\nw.exe N/A
N/A N/A C:\Program Files (x86)\Fast!\nwjs\nw.exe N/A
N/A N/A C:\Program Files (x86)\Fast!\nwjs\nw.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Program Files (x86)\Fast!\nwjs\nw.exe N/A
N/A N/A C:\Program Files (x86)\Fast!\nwjs\nw.exe N/A
N/A N/A C:\Program Files (x86)\Fast!\nwjs\nw.exe N/A
N/A N/A C:\Program Files (x86)\Fast!\nwjs\nw.exe N/A
N/A N/A C:\Program Files (x86)\Fast!\nwjs\nw.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1684 wrote to memory of 4080 N/A C:\Users\Admin\AppData\Local\Temp\e52c61415e008c13a72045281458e9e8aa6fcb9d9a8d2934e08397b0f096dcaaN.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1684 wrote to memory of 4080 N/A C:\Users\Admin\AppData\Local\Temp\e52c61415e008c13a72045281458e9e8aa6fcb9d9a8d2934e08397b0f096dcaaN.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4080 wrote to memory of 3776 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4080 wrote to memory of 3776 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4080 wrote to memory of 540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4080 wrote to memory of 540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4080 wrote to memory of 540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4080 wrote to memory of 540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4080 wrote to memory of 540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4080 wrote to memory of 540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4080 wrote to memory of 540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4080 wrote to memory of 540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4080 wrote to memory of 540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4080 wrote to memory of 540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4080 wrote to memory of 540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4080 wrote to memory of 540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4080 wrote to memory of 540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4080 wrote to memory of 540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4080 wrote to memory of 540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4080 wrote to memory of 540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4080 wrote to memory of 540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4080 wrote to memory of 540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4080 wrote to memory of 540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4080 wrote to memory of 540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4080 wrote to memory of 540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4080 wrote to memory of 540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4080 wrote to memory of 540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4080 wrote to memory of 540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4080 wrote to memory of 540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4080 wrote to memory of 540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4080 wrote to memory of 540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4080 wrote to memory of 540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4080 wrote to memory of 540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4080 wrote to memory of 540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4080 wrote to memory of 540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4080 wrote to memory of 540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4080 wrote to memory of 540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4080 wrote to memory of 540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4080 wrote to memory of 540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4080 wrote to memory of 540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4080 wrote to memory of 540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4080 wrote to memory of 540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4080 wrote to memory of 540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4080 wrote to memory of 540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4080 wrote to memory of 3236 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4080 wrote to memory of 3236 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4080 wrote to memory of 1528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4080 wrote to memory of 1528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4080 wrote to memory of 1528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4080 wrote to memory of 1528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4080 wrote to memory of 1528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4080 wrote to memory of 1528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4080 wrote to memory of 1528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4080 wrote to memory of 1528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4080 wrote to memory of 1528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4080 wrote to memory of 1528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4080 wrote to memory of 1528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4080 wrote to memory of 1528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4080 wrote to memory of 1528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4080 wrote to memory of 1528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4080 wrote to memory of 1528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4080 wrote to memory of 1528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4080 wrote to memory of 1528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4080 wrote to memory of 1528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\e52c61415e008c13a72045281458e9e8aa6fcb9d9a8d2934e08397b0f096dcaaN.exe

"C:\Users\Admin\AppData\Local\Temp\e52c61415e008c13a72045281458e9e8aa6fcb9d9a8d2934e08397b0f096dcaaN.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pcapp.store/installing.php?guid=F2CDB6FB-4AB8-4547-9F25-FAD1F7A44351X&winver=19041&version=fa.1091q&nocache=20241109222539.615&_fcid=1722895002607164

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa5cd146f8,0x7ffa5cd14708,0x7ffa5cd14718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,9329536243616843002,2857504013103580101,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,9329536243616843002,2857504013103580101,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,9329536243616843002,2857504013103580101,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2692 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9329536243616843002,2857504013103580101,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9329536243616843002,2857504013103580101,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3468 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2140,9329536243616843002,2857504013103580101,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4708 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2140,9329536243616843002,2857504013103580101,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4952 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9329536243616843002,2857504013103580101,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4172 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,9329536243616843002,2857504013103580101,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5564 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,9329536243616843002,2857504013103580101,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5564 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9329536243616843002,2857504013103580101,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9329536243616843002,2857504013103580101,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9329536243616843002,2857504013103580101,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9329536243616843002,2857504013103580101,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\nseA9EE.tmp

"C:\Users\Admin\AppData\Local\Temp\nseA9EE.tmp" /internal 1722895002607164 /force

C:\Users\Admin\PCAppStore\PcAppStore.exe

"C:\Users\Admin\PCAppStore\PcAppStore.exe" /init default

C:\Users\Admin\PCAppStore\Watchdog.exe

"C:\Users\Admin\PCAppStore\Watchdog.exe" /guid=F2CDB6FB-4AB8-4547-9F25-FAD1F7A44351X /rid=20241109222607.555240653593 /ver=fa.1091q

C:\Users\Admin\PCAppStore\nwjs\NW_store.exe

.\nwjs\NW_store.exe .\ui\.

C:\Users\Admin\PCAppStore\nwjs\NW_store.exe

C:\Users\Admin\PCAppStore\nwjs\NW_store.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\pc_app_store\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\pc_app_store\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\pc_app_store\User Data" --annotation=plat=Win64 --annotation=prod=pc_app_store --annotation=ver=0.1.0 --initial-client-data=0x290,0x294,0x298,0x28c,0x29c,0x7ffa5b40a960,0x7ffa5b40a970,0x7ffa5b40a980

C:\Users\Admin\PCAppStore\nwjs\NW_store.exe

"C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=gpu-process --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --no-appcompat-clear --start-stack-profiler --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2028 --field-trial-handle=2036,i,9318933483829014066,7488467286927125074,262144 --variations-seed-version /prefetch:2

C:\Users\Admin\PCAppStore\nwjs\NW_store.exe

"C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --no-appcompat-clear --start-stack-profiler --mojo-platform-channel-handle=1936 --field-trial-handle=2036,i,9318933483829014066,7488467286927125074,262144 --variations-seed-version /prefetch:3

C:\Users\Admin\PCAppStore\nwjs\NW_store.exe

"C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --no-appcompat-clear --mojo-platform-channel-handle=2248 --field-trial-handle=2036,i,9318933483829014066,7488467286927125074,262144 --variations-seed-version /prefetch:8

C:\Users\Admin\PCAppStore\nwjs\NW_store.exe

"C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --nwjs --extension-process --no-appcompat-clear --no-sandbox --file-url-path-alias="/gen=C:\Users\Admin\PCAppStore\nwjs\gen" --no-zygote --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2996 --field-trial-handle=2036,i,9318933483829014066,7488467286927125074,262144 --variations-seed-version /prefetch:2

C:\Users\Admin\PCAppStore\nwjs\NW_store.exe

"C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --no-appcompat-clear --mojo-platform-channel-handle=4156 --field-trial-handle=2036,i,9318933483829014066,7488467286927125074,262144 --variations-seed-version /prefetch:8

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Users\Admin\PCAppStore\nwjs\NW_store.exe

"C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --no-appcompat-clear --mojo-platform-channel-handle=4432 --field-trial-handle=2036,i,9318933483829014066,7488467286927125074,262144 --variations-seed-version /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x3d8 0x494

C:\Users\Admin\PCAppStore\download\SetupEngine.exe

"C:\Users\Admin\PCAppStore\download\SetupEngine.exe"

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://veryfast.io/installing.html?guid=F2CDB6FB-4AB8-4547-9F25-FAD1F7A44351X&_fcid=

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa5cd146f8,0x7ffa5cd14708,0x7ffa5cd14718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9329536243616843002,2857504013103580101,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3120 /prefetch:1

C:\Users\Admin\PCAppStore\nwjs\NW_store.exe

"C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --no-appcompat-clear --mojo-platform-channel-handle=4336 --field-trial-handle=2036,i,9318933483829014066,7488467286927125074,262144 --variations-seed-version /prefetch:8

C:\Users\Admin\PCAppStore\nwjs\NW_store.exe

"C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --no-appcompat-clear --mojo-platform-channel-handle=4596 --field-trial-handle=2036,i,9318933483829014066,7488467286927125074,262144 --variations-seed-version /prefetch:8

C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe

"C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe" /fcid /instdir C:\Program Files (x86)\Fast! /startup 1

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Register-ScheduledTask fast_task -InputObject (New-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Program Files (x86)\Fast!\fast!.exe') -Principal (New-ScheduledTaskPrincipal -UserId ($Env:UserDomain + '\' + $Env:UserName) -RunLevel Highest) -Trigger (New-ScheduledTaskTrigger -AtLogon) -Settings (New-ScheduledTaskSettingsSet -MultipleInstances Queue -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries)) -Force"

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\FAST!\Temp\diskspd.exe -c100M -b4K -t1 -r -o32 -d10 -ag -h -Rxml C:\Users\Admin\AppData\Local\FAST!\Temp\testfile.temp" > C:\Users\Admin\AppData\Local\FAST!\Temp\dskres.xml

C:\Users\Admin\AppData\Local\FAST!\Temp\diskspd.exe

C:\Users\Admin\AppData\Local\FAST!\Temp\diskspd.exe -c100M -b4K -t1 -r -o32 -d10 -ag -h -Rxml C:\Users\Admin\AppData\Local\FAST!\Temp\testfile.temp

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://veryfast.io/installed.php?guid=F2CDB6FB-4AB8-4547-9F25-FAD1F7A44351X&_fcid=

C:\Program Files (x86)\Fast!\FastSRV.exe

"C:\Program Files (x86)\Fast!\FastSRV.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa5cd146f8,0x7ffa5cd14708,0x7ffa5cd14718

C:\Program Files (x86)\Fast!\fast!.exe

"C:\Program Files (x86)\Fast!\fast!.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9329536243616843002,2857504013103580101,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1792 /prefetch:1

C:\Program Files (x86)\Fast!\Fast!.exe

"C:\Program Files (x86)\Fast!\Fast!.exe"

C:\Program Files (x86)\Fast!\nwjs\nw.exe

"C:\Program Files (x86)\Fast!\nwjs\nw.exe" ui\.

C:\Program Files (x86)\Fast!\nwjs\nw.exe

"C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\FAST!\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\FAST!\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\FAST!\User Data" --annotation=plat=Win64 --annotation=prod=FAST! --annotation=ver= --initial-client-data=0x278,0x2b4,0x2b8,0x270,0x2bc,0x7ffa5e55a970,0x7ffa5e55a980,0x7ffa5e55a990

C:\Program Files (x86)\Fast!\nwjs\nw.exe

"C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=gpu-process --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --start-stack-profiler --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2172 --field-trial-handle=2176,i,44449903932828697,11337424654235450874,262144 /prefetch:2

C:\Program Files (x86)\Fast!\nwjs\nw.exe

"C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --start-stack-profiler --mojo-platform-channel-handle=2180 --field-trial-handle=2176,i,44449903932828697,11337424654235450874,262144 /prefetch:8

C:\Program Files (x86)\Fast!\nwjs\nw.exe

"C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --mojo-platform-channel-handle=2300 --field-trial-handle=2176,i,44449903932828697,11337424654235450874,262144 /prefetch:8

C:\Program Files (x86)\Fast!\nwjs\nw.exe

"C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --nwjs --extension-process --first-renderer-process --no-sandbox --file-url-path-alias="/gen=C:\Program Files (x86)\Fast!\nwjs\gen" --no-zygote --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3084 --field-trial-handle=2176,i,44449903932828697,11337424654235450874,262144 /prefetch:1

C:\Program Files (x86)\Fast!\nwjs\nw.exe

"C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --mojo-platform-channel-handle=3940 --field-trial-handle=2176,i,44449903932828697,11337424654235450874,262144 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 pcapp.store udp
US 45.32.1.23:443 pcapp.store tcp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 23.1.32.45.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 delivery.pcapp.store udp
FR 185.93.2.11:443 delivery.pcapp.store tcp
US 8.8.8.8:53 pcapp.store udp
US 159.223.126.41:443 pcapp.store tcp
US 8.8.8.8:53 11.2.93.185.in-addr.arpa udp
US 8.8.8.8:53 32.169.19.2.in-addr.arpa udp
US 8.8.8.8:53 41.126.223.159.in-addr.arpa udp
US 8.8.8.8:53 repository.pcapp.store udp
FR 185.93.2.12:443 repository.pcapp.store tcp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 35.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 10.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 200.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 12.2.93.185.in-addr.arpa udp
US 216.239.32.36:443 region1.analytics.google.com tcp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 www.google.co.uk udp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.200.14:443 google.com tcp
GB 142.250.200.14:443 google.com tcp
GB 216.58.201.98:443 googleads.g.doubleclick.net tcp
GB 216.58.201.98:443 googleads.g.doubleclick.net tcp
GB 216.58.201.98:443 googleads.g.doubleclick.net tcp
BE 66.102.1.154:443 stats.g.doubleclick.net tcp
GB 216.58.204.67:443 www.google.co.uk tcp
GB 142.250.179.228:443 www.google.com udp
GB 216.58.204.67:443 www.google.co.uk udp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 154.1.102.66.in-addr.arpa udp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 98.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 228.179.250.142.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 216.239.32.36:443 region1.analytics.google.com udp
US 45.32.1.23:443 pcapp.store tcp
US 45.32.1.23:443 pcapp.store tcp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 67.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 d74queuslupub.cloudfront.net udp
NL 18.239.94.17:443 d74queuslupub.cloudfront.net tcp
US 45.32.1.23:443 pcapp.store tcp
US 8.8.8.8:53 17.94.239.18.in-addr.arpa udp
US 8.8.8.8:53 174.15.239.18.in-addr.arpa udp
US 8.8.8.8:53 80.41.65.18.in-addr.arpa udp
US 8.8.8.8:53 pcapp.store udp
US 8.8.8.8:53 pcapp.store udp
US 64.176.203.93:443 pcapp.store tcp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 93.203.176.64.in-addr.arpa udp
US 45.32.1.23:80 pcapp.store tcp
US 45.32.1.23:443 pcapp.store tcp
US 45.32.1.23:443 pcapp.store tcp
US 45.32.1.23:443 pcapp.store tcp
US 45.32.1.23:443 pcapp.store tcp
US 45.32.1.23:443 pcapp.store tcp
US 45.32.1.23:443 pcapp.store tcp
US 45.32.1.23:443 pcapp.store tcp
US 45.32.1.23:443 pcapp.store tcp
US 45.32.1.23:443 pcapp.store tcp
US 45.32.1.23:443 pcapp.store tcp
US 45.32.1.23:443 pcapp.store tcp
US 45.32.1.23:443 pcapp.store tcp
US 45.32.1.23:443 pcapp.store tcp
US 8.8.8.8:53 repository.pcapp.store udp
US 8.8.8.8:53 repository.pcapp.store udp
DE 169.150.255.181:443 repository.pcapp.store tcp
US 45.32.1.23:443 pcapp.store tcp
US 8.8.8.8:53 repository.pcapp.store udp
DE 207.211.211.26:443 repository.pcapp.store tcp
DE 207.211.211.26:443 repository.pcapp.store tcp
DE 207.211.211.26:443 repository.pcapp.store tcp
US 8.8.8.8:53 repcdn.pcapp.store udp
US 45.32.1.23:443 pcapp.store tcp
US 45.32.1.23:443 pcapp.store tcp
FR 185.93.2.8:443 repcdn.pcapp.store tcp
FR 185.93.2.8:443 repcdn.pcapp.store tcp
DE 207.211.211.26:443 repository.pcapp.store tcp
DE 207.211.211.26:443 repository.pcapp.store tcp
US 8.8.8.8:53 repcdn.pcapp.store udp
US 8.8.8.8:53 repcdn.pcapp.store udp
FR 185.93.2.8:443 repcdn.pcapp.store tcp
DE 207.211.211.26:443 repository.pcapp.store tcp
DE 207.211.211.26:443 repository.pcapp.store tcp
FR 185.93.2.12:443 repcdn.pcapp.store tcp
FR 185.93.2.12:443 repcdn.pcapp.store tcp
FR 185.93.2.12:443 repcdn.pcapp.store tcp
FR 185.93.2.12:443 repcdn.pcapp.store tcp
FR 185.93.2.12:443 repcdn.pcapp.store tcp
FR 185.93.2.12:443 repcdn.pcapp.store tcp
DE 207.211.211.26:443 repository.pcapp.store tcp
DE 207.211.211.26:443 repository.pcapp.store tcp
US 8.8.8.8:53 181.255.150.169.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.179.228:443 www.google.com udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:443 dns.google udp
US 8.8.8.8:53 8.2.93.185.in-addr.arpa udp
US 8.8.8.8:53 4.4.8.8.in-addr.arpa udp
US 8.8.8.8:53 26.211.211.207.in-addr.arpa udp
US 8.8.8.8:53 veryfast.io udp
US 161.35.127.181:80 veryfast.io tcp
US 161.35.127.181:443 veryfast.io tcp
US 8.8.8.8:53 ev.pcapp.store udp
US 147.182.211.77:443 ev.pcapp.store tcp
US 8.8.8.8:53 repcdn.veryfast.io udp
FR 185.93.2.9:443 repcdn.veryfast.io tcp
US 8.8.8.8:53 181.127.35.161.in-addr.arpa udp
US 8.8.8.8:53 77.211.182.147.in-addr.arpa udp
US 8.8.8.8:53 9.2.93.185.in-addr.arpa udp
GB 172.217.16.234:443 tcp
US 161.35.127.181:443 veryfast.io tcp
US 8.8.8.8:53 evcs-ocsp.ws.symantec.com udp
DE 152.199.19.74:80 evcs-ocsp.ws.symantec.com tcp
US 8.8.8.8:53 evcs-crl.ws.symantec.com udp
SE 192.229.221.95:80 evcs-crl.ws.symantec.com tcp
US 8.8.8.8:53 74.19.199.152.in-addr.arpa udp
SE 192.229.221.95:80 evcs-crl.ws.symantec.com tcp
US 8.8.8.8:53 veryfast.io udp
US 161.35.127.181:443 veryfast.io tcp
US 161.35.127.181:443 veryfast.io tcp
FR 185.93.2.9:443 repcdn.veryfast.io tcp
US 8.8.8.8:53 e6.o.lencr.org udp
GB 2.23.210.75:80 e6.o.lencr.org tcp
US 8.8.8.8:53 75.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 161.35.127.181:443 veryfast.io tcp
US 45.32.1.23:443 pcapp.store tcp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 connect.facebook.net udp
GB 163.70.151.21:443 connect.facebook.net tcp
US 8.8.8.8:53 21.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.147.35:443 www.facebook.com tcp
US 161.35.127.181:443 veryfast.io tcp
US 161.35.127.181:443 veryfast.io tcp
US 8.8.8.8:53 35.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 veryfast.io udp
US 8.8.8.8:53 veryfast.io udp
US 161.35.127.181:443 veryfast.io tcp
US 161.35.127.181:443 veryfast.io tcp
US 161.35.127.181:443 veryfast.io tcp
US 8.8.8.8:443 dns.google udp
GB 142.250.180.4:443 udp
US 8.8.8.8:53 4.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.180.4:443 www.google.com udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google udp
GB 142.250.200.10:443 tcp
US 8.8.8.8:53 10.200.250.142.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\nsc8C91.tmp\System.dll

MD5 cff85c549d536f651d4fb8387f1976f2
SHA1 d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e
SHA256 8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8
SHA512 531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

C:\Users\Admin\AppData\Local\Temp\nsc8C91.tmp\nsJSON.dll

MD5 f4d89d9a2a3e2f164aea3e93864905c9
SHA1 4d4e05ee5e4e77a0631a3dd064c171ba2e227d4a
SHA256 64b3efdf3de54e338d4db96b549a7bdb7237bb88a82a0a63aef570327a78a6fb
SHA512 dbda3fe7ca22c23d2d0f2a5d9d415a96112e2965081582c7a42c139a55c5d861a27f0bd919504de4f82c59cf7d1b97f95ed5a55e87d574635afdb7eb2d8cadf2

C:\Users\Admin\AppData\Local\Temp\nsc8C91.tmp\nsDialogs.dll

MD5 6c3f8c94d0727894d706940a8a980543
SHA1 0d1bcad901be377f38d579aafc0c41c0ef8dcefd
SHA256 56b96add1978b1abba286f7f8982b0efbe007d4a48b3ded6a4d408e01d753fe2
SHA512 2094f0e4bb7c806a5ff27f83a1d572a5512d979eefda3345baff27d2c89e828f68466d08c3ca250da11b01fc0407a21743037c25e94fbe688566dd7deaebd355

C:\Users\Admin\AppData\Local\Temp\nsc8C91.tmp\inetc.dll

MD5 a35cdc9cf1d17216c0ab8c5282488ead
SHA1 ed8e8091a924343ad8791d85e2733c14839f0d36
SHA256 a793929232afb78b1c5b2f45d82094098bcf01523159fad1032147d8d5f9c4df
SHA512 0f15b00d0bf2aabd194302e599d69962147b4b3ef99e5a5f8d5797a7a56fd75dd9db0a667cfba9c758e6f0dab9ced126a9b43948935fe37fc31d96278a842bdf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 c2d9eeb3fdd75834f0ac3f9767de8d6f
SHA1 4d16a7e82190f8490a00008bd53d85fb92e379b0
SHA256 1e5efb5f1d78a4cc269cb116307e9d767fc5ad8a18e6cf95c81c61d7b1da5c66
SHA512 d92f995f9e096ecc0a7b8b4aca336aeef0e7b919fe7fe008169f0b87da84d018971ba5728141557d42a0fc562a25191bd85e0d7354c401b09e8b62cdc44b6dcd

\??\pipe\LOCAL\crashpad_4080_VJNKQWAIVKIBSWRM

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e55832d7cd7e868a2c087c4c73678018
SHA1 ed7a2f6d6437e907218ffba9128802eaf414a0eb
SHA256 a4d7777b980ec53de3a70aca8fb25b77e9b53187e7d2f0fa1a729ee9a35da574
SHA512 897fdebf1a9269a1bf1e3a791f6ee9ab7c24c9d75eeff65ac9599764e1c8585784e1837ba5321d90af0b004af121b2206081a6fb1b1ad571a0051ee33d3f5c5f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a2c376990ac16b34a65cb9f320992222
SHA1 1889c2fe1686c8e7ae7c1dab4f7de57324f65bad
SHA256 0ced6fce5b2148ae37f8bb0cff66bade970650ff699d6ea75f304f9e8c21d67f
SHA512 b13b1e48e8f2a58c55c9954ca2dddfc8c95bd79e62faa605c9bbabb4792db6a4c2c3795a49166305f7cc91b3cc9aa681ffd1c868008767019c55ffb960887db8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\773CFF2C7835D48C4E76FE153DBA9F81_15174A80589B8DAF9768E9131F4845C0

MD5 efcbc906f8aba922791259471281fae5
SHA1 fa2f8a0f6d1d167b0716c4a3563b6d06694dddc5
SHA256 ad1ea3e67eea69937044c8b320cf97b1d34fd26bfd3bf82718598da24c09e3d9
SHA512 b96445d403e65b5fdc04b35d0c9ed80b585b4a145da2c27203de48aed8fb6c51dcc0db108704eb61bfff5b9511e233f412a378a7648dec55a92ec3ccd3063bd6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\773CFF2C7835D48C4E76FE153DBA9F81_15174A80589B8DAF9768E9131F4845C0

MD5 63e1d930f00857a68181fc0a43341b20
SHA1 206c082ca87606e23c8b2c226590a2acc171f6fb
SHA256 2c90f2f4f8165b574884faedbda8c7ae9ba06ae6404d31c15f848679bfe01ee8
SHA512 26e45032b28934328279fbc36630fd37cd2ba83fdfafb51bd36e2dc46d0fff88c89f6514c8114e7cd347bed98e865f50199afd49af0ff47c773527d98aafbf81

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_C39E9DBC666D19C07EEE7CD1E11AF8BE

MD5 a0e843aa1c3fed1136b75b9a96f1b99e
SHA1 f45faed625fd842befc0a0f024c29cacaef7955a
SHA256 64a61dd958d9c3597918f221ac14029fa8e88c5e956540ca49b8eaf95130df2b
SHA512 584a5cc494f0baa291ef3822d36babe7650aef43a5d8e7a47f48f5746cbe3431600435df613d45232e5656123d728a24bc4ea5510edcc90637966272ed6559a3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_C39E9DBC666D19C07EEE7CD1E11AF8BE

MD5 71abc4e1e000da08d8fe12cb6fe4f2d1
SHA1 a70075dc1c65fdb944c80086f649f67e74eb504f
SHA256 77213f1cab3e45e70a0814107413129bb37f6dfdba56ee5034d0f824787ebbb1
SHA512 b2c2e29f9c0ca367b1d991d343a1bc0e97ee30a40ddde4b354ea268da0b1f81636fe9016bad87b94f67e9a39a6a0819f612d7fd98d865066f6ed1d6c2029d833

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 522cb1811018b3816c2d2998c3bfc63f
SHA1 df8609ce6bff2047400519a873df7dd13c065329
SHA256 f9da306e14a11e88061a6f44cb165ed182e45d2694206481a433181d979efdae
SHA512 e26e84f5c6381ce84e568b8ed96c32a1b4072c3b9621edc4b5149d4a09e7ce14cfb9bb6e52d4a4e6402a89834c5a7ab21516a73630c0aa83284b03060842ef41

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 0a79102ded273ffc825b0a67e18413bf
SHA1 32ebebde976bdda22fdaaedb9dca64ec6e817522
SHA256 b69345ef3faad2d8acdaf1732ddfa58ff0702df4e3dc406ba81caf78ac61d51f
SHA512 968d1775b6549739c44302fb71badd8035324f67a5846a29c8eccb0047fc6eb01087d7afbb58d2322ec939a7fa7b411dc35226990d3b7a59aecb598be0d77e37

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 6bd59b92c992771a237a3ea4b320e8f1
SHA1 7587b2f69145c41d2118c23f8f1a70159cf99d0f
SHA256 3b760b1e725a10e545bb007019ab1f89456052ac717ffde5eeb266f23b166a68
SHA512 4d4774073c1751df00a9d3f696694f810b0920c96d0ea3253d07785e7ca9955da76592bf3411d6c14850f6e589ca65631b68eb3d12f1f0ee9a26e6478125dd00

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 f5e815a090a28bb65d2296cb4610666b
SHA1 8752e3baf71fb97fc21fdc6519322b17ff59bd0a
SHA256 5f166391c19d45a9785749a96cc9794058e492688c269d2de4a3fedcc24ec5d9
SHA512 f9377a6c5820f4c9f4fc5ab59dceba7690a0ec5a1f586d648ce5ddadc69d378d9370c0169ae33acb50ed74d414aeac4fbac5fbc18a9d1bd6acfffcac54a34119

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5801df.TMP

MD5 e97773d9cc5edb235cdb677d53cae829
SHA1 536a68048022814cf93abdf38f65d34c45a61b8c
SHA256 50f663946545b36dfbd24fe81a9bd011a8cbc9aaf251f4317aba7ebd5903d352
SHA512 25864a0130b0482863f977cfe8988c75443bc93838f66f36e6af401fc51356a496c6a6f67bb7cb422d1343c87cf31820e45d6cad71dd9e891a25d751996076cc

C:\Users\Admin\PCAppStore\nwjs\locales\bg.pak.info

MD5 82d7ab0ff6c34db264fd6778818f42b1
SHA1 eb508bd01721ba67f7daad55ba8e7acdb0a096eb
SHA256 e84331e84cd61d8bdacc574d5186fb259c00467513aa3f2090406330f68a45db
SHA512 176458b03cc2b2d3711965cd277531e002ae55d284b6c9178d2353e268f882430235468e5a1e9e45c8427864d109cf30a024a993b4763a75fa2744f6e0a6ae2a

C:\Users\Admin\AppData\Local\Temp\nskEB5C.tmp\Math.dll

MD5 85428cf1f140e5023f4c9d179b704702
SHA1 1b51213ddbaedfffb7e7f098f172f1d4e5c9efba
SHA256 8d9a23dd2004b68c0d2e64e6c6ad330d0c648bffe2b9f619a1e9760ef978207a
SHA512 dfe7f9f3030485caf30ec631424120030c3985df778993342a371bf1724fa84aa885b4e466c6f6b356d99cc24e564b9c702c7bcdd33052172e0794c2fdecce59

C:\Users\Admin\PCAppStore\PcAppStore.exe

MD5 92cc70d7d67db4a1dfc22857920c9364
SHA1 ea5ee53da20a09cacdc054b2fd462f10c901cb2d
SHA256 71226b69696e60a14e516c80e0852e636e9c2ac1f4498eeb8d38d4a93dc57391
SHA512 390f252a618539e0412177f9b43ba7e46e68909620e9abe3cbb57db2ef5e8a207b28c79e6d98bde7f6ddb520c8d57b62f5d34b7a06af3d6e1ae75d30ba7c29e7

C:\Users\Admin\PCAppStore\Watchdog.exe

MD5 7b432b3da82d7e40916d1d2eb6f9f48d
SHA1 e399e64d069169e9c61068d111b7cf5f57bae513
SHA256 828ad0151134c8a6e80b3d1716bf8a35cd902b3eecf7e3009987693ffd696ae4
SHA512 eae6b619014979f7b529bfbc923d1f1047efdf8c15bbb306fb4e02a9aae05dbd99036602f7606b53812af7da369e55ad84d08b25da8a083f3bf3121016762716

C:\Users\Admin\PCAppStore\Temp\tempPOSTResponse

MD5 3024a54e0c352abe5eb5f753ca4828da
SHA1 df0206851654405c8e5c2d3bc96fb536b8c2dcbf
SHA256 3cd0a703506c7394d6115d9ff721516560894358aef07459f30d8930df6c3b61
SHA512 d9d44051df56b29aa596ee38463b781dbe27f917f7dae1b2420122616da108520429dda58c75c7e6b2d41093f83c5a4bae96024885af3956f23a3ce5bd3f9358

C:\Users\Admin\PCAppStore\Temp\tempPOSTData

MD5 96194b30f5a95aa6671b80ec027ca325
SHA1 87813ef24bd559ef23911aebd0f06f539057e3e3
SHA256 076b0391653370f0323255f691c95bc114b2e7dc98146d29b923203cc0b4bb41
SHA512 bfd0b4c720e4167294809ad1a1029d4448024eed06bb75617040da9d36f04d7d226d80d6848de0afe052c506eda438eac0d5d7197aa91271e86e7520339ba728

C:\Users\Admin\PCAppStore\nwjs\NW_store.exe

MD5 e472e46bdfd736351d4b086b4c4ca134
SHA1 1aa886f0cb23b3d322a43be797d411fca84d82a7
SHA256 e825a252b5c5c9c2de8a6a6ade12a7f9cd0040f6a20e6ee44ba659034e6d5223
SHA512 173f5a7abdfea01c9c21ec716cba14eec4539da45e5734b3fd1e0688e1c22e4718bd701c25c8040d20cf48867e2a67ef2aba46380bab9ab1f7a42bd66fd33afb

C:\Users\Admin\PCAppStore\nwjs\nw_elf.dll

MD5 364f839ca8de4d942270d9097d48ef15
SHA1 82c8040dc2a733eb3ea3e051513c84f992bb17f1
SHA256 a4e521c12fe47816f2d9e2dfed9fd074e370ec587d0a0f3a03b5aebb76c06560
SHA512 baf1ed5e558dc0ae037fe0dff036792cfbd338915c8af99d10f0202b92ca820298657a86a0f3e8c1387326fda34de3ee08649c34af2417159a24aed9ced02df3

C:\Users\Admin\PCAppStore\nwjs\ffmpeg.dll

MD5 5fff6f0423a38bfaf174cb670650f4f9
SHA1 13ecd1c4784a5a178a998e9fc0dc08f556121712
SHA256 d4e6fc4e1bc6cb5b3ef7010e61d3a65e97804fb20346cee657688339075b2727
SHA512 e6ff0ea9f6196470f6e094d0ab655fb527c28fc2b2a5d126a10c1f4185c0dff5ed4f19e7ed717d67df324562b7aa56ed87aa0bd396a6ba722d3141b9f30fc41b

C:\Users\Admin\PCAppStore\ui\package.json

MD5 ba0268049bd46633f0423f58b70a6766
SHA1 b5ace19636832d4c9f4234a041a2399d10b1688c
SHA256 dc5928240fa75562c9de99e07584bb878b5f1697f6fa7876dddbc53409cd22ce
SHA512 e6e8e0d889c54ff57141e4c7515d9ffc8b1f9951ab65754d805150a67e1bd43d3894277792416ea76d36525ef2301af088a47e552b1a954e9b3afc9274407ec7

C:\Users\Admin\PCAppStore\nwjs\icudtl.dat

MD5 e0f1ad85c0933ecce2e003a2c59ae726
SHA1 a8539fc5a233558edfa264a34f7af6187c3f0d4f
SHA256 f5170aa2b388d23bebf98784dd488a9bcb741470384a6a9a8d7a2638d768defb
SHA512 714ed5ae44dfa4812081b8de42401197c235a4fa05206597f4c7b4170dd37e8360cc75d176399b735c9aec200f5b7d5c81c07b9ab58cbca8dc08861c6814fb28

C:\Users\Admin\PCAppStore\nwjs\resources.pak

MD5 0f1d45867b591d67b0301ee8c4ad5f7b
SHA1 f5fb6378c13912df079efee44476fc1b4666ef24
SHA256 a2434429fea5b3344426e388f9a2191e10449103e933ef7f0cdbf4638f22380d
SHA512 1db79c82e67547a76d3d479168ee12899e7e03d8c065239976e0a490804182290b76829e483e8f18f7feafe7e819d2784c507d7abcdab917b62d78696059ee80

C:\Users\Admin\PCAppStore\nwjs\locales\en-US.pak

MD5 4b6300c27e7575c32888c1f3364d5346
SHA1 c5f5e1d3524acc96fb4e18c08b02f54abf83c3d4
SHA256 0945c89b16d4feba346e85e14792b772dcc6278f7dca7fb099a6100c93e79740
SHA512 3f21b6f4a3e18755b355ce5f20384d549b3f723104a67c67ae521d2c4544aa3095fada8855a0cc1a10e7c5bf3e8f55d061ab2dcec210f76101a61d9484d4ee6f

C:\Users\Admin\PCAppStore\nwjs\nw_200_percent.pak

MD5 f666b710da2bed9ac0252c1fa1d00c4a
SHA1 0d8288fde82c2f3b7bd006fcf4cb92246aefaf6d
SHA256 f1ab589cfd40fb17a7c390b45ffad8fcf90c133fff1d14ca5bfc7053a21dc241
SHA512 982bb5ea2c14170d47e150dc8692ebe316ec5d6b584377020c1f58ae0632748cb631182a6bfad2f909ef6b818b012527367a36d8681b5b56dc735b8ccaf7b52f

C:\Users\Admin\PCAppStore\nwjs\nw_100_percent.pak

MD5 9b46f4c8dfc0a55bfafac55f17d7659b
SHA1 d25f27df176aadb67bc56a42262bccafd14af4f4
SHA256 b637ae345b830649b4027f39f6ee48f92484a2acb65de498e4fdd84ec1010336
SHA512 de5f500afe381a16e3ff7ddcb5c8aa538362e55222f7915276bb4c9261e41cbc2403ca1663a7dbf0706d8d51abc420e26804f67cfd646d7986130a20a659f345

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Sync Data\LevelDB\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Sync Data\LevelDB\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\38195c8b-ec74-4f6a-a744-2b05462630f7.tmp

MD5 728fe78292f104659fea5fc90570cc75
SHA1 11b623f76f31ec773b79cdb74869acb08c4052cb
SHA256 d98e226bea7a9c56bfdfab3c484a8e6a0fb173519c43216d3a1115415b166d20
SHA512 91e81b91b29d613fdde24b010b1724be74f3bae1d2fb4faa2c015178248ed6a0405e2b222f4a557a6b895663c159f0bf0dc6d64d21259299e36f53d95d7067aa

C:\Users\Admin\AppData\Local\pc_app_store\User Data\GraphiteDawnCache\data_3

MD5 41876349cb12d6db992f1309f22df3f0
SHA1 5cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256 e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512 e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

C:\Users\Admin\AppData\Local\pc_app_store\User Data\GraphiteDawnCache\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Users\Admin\AppData\Local\pc_app_store\User Data\GraphiteDawnCache\data_1

MD5 d0d388f3865d0523e451d6ba0be34cc4
SHA1 8571c6a52aacc2747c048e3419e5657b74612995
SHA256 902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b
SHA512 376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

C:\Users\Admin\AppData\Local\pc_app_store\User Data\GraphiteDawnCache\data_0

MD5 cf89d16bb9107c631daabf0c0ee58efb
SHA1 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256 d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA512 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Web Applications\_nwjs_pcapp.store\pc_app_store.ico.md5

MD5 03e9f614a008075733c76883156b568b
SHA1 5f9cb1b06928487c4b836e9dedc688e8a9650b0b
SHA256 b1a6a6fb45ad1e13054c40dc7c09e3098ee830bcf1ebaec27f640ae4c64b8416
SHA512 7e6969c8908a6bf57bd2cb4457a7c78360468383acee589278e49829617e2f3b872dd8213e57a2ed8f512d444c67a2e619deabdc1394d1c39c7759ed3c744f94

C:\Users\Admin\PCAppStore\assets\images\search-icon-header-blue.png

MD5 7a4e782938a595d3bcd85f31313777a7
SHA1 45b988256c360e651a942107a0a6c1f9405404e8
SHA256 f21c0a8b185e5d4f35cf68748c4502e09ab0dbfcb14e4341d59461c5052feefa
SHA512 32d5005a8171d9456159909603071fc19f9a096e239a25342a9945a34c898afeb38a5a46f91031a6b0949b4876eeae4a8678afe88d48c3fe696ef02492915441

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Cache\Cache_Data\f_00000d

MD5 15edbb4d85cf503917a877d894fa0a18
SHA1 45b9165e1a659c3aabecaaf3ef8672f10541ee17
SHA256 6b99a2c0c946d59d80a1d56f795c61059cec833c904aaf6397eebd21d8129d8a
SHA512 4dc82a722cedbb945177fde76aa5f5990f81aa6cc09988949340ffc1c7ece507508b6b5f239c22388c39716cbe4bdb48d88b2fde257b8f40cdfed695a060326f

C:\Users\Admin\PCAppStore\download\SetupEngine.exe

MD5 85f2849f25944fc15e58521a52b800ff
SHA1 718d11673de4743835523983ab5e06f88785a03d
SHA256 c4942bad2eaaca0bb5ed7e6900d6c85f12f0db6de790072838ce3f854b9ad677
SHA512 f5723f93695e84fc41f48f0153f024249e9abc9fd03d788af1c31d6084acfbe4c85a76de55ab8be4f68d16807bc0381c269cc3834510d538e9710f528b04beb7

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Local State

MD5 edd9768bf01a6636462d54b054ea9dce
SHA1 2e66f2f707326529646d2d4949077ae9c9a7c197
SHA256 41f0f921aae56394ba69f1236ce0d15968ff865b7faed3393f56ba68ba1a805d
SHA512 5f4172ccc80dd0f410f7574520897a27765b71775f86ed0d861f1d2ae8b30fba3e10816b0c0b16d659f03f718659d55afb325831aa49458892b5c8eca5845bfa

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Local State~RFe58464b.TMP

MD5 65cab78cf89bf06b0a7a91723ad41764
SHA1 6739d6f3f1502107897ec1cc71139d2877a3e58a
SHA256 dfc646a49690e6737c3810154a99fce631bcaeb9ee246f6098f52249a9b11f3a
SHA512 67462f8842ea31cb0df6098c06a326a708732a98ce6e3101739c49f2c7fd0d8ab55d16b4a35a1429aae691312285cf45483c9e4dfed82244e37bbb85bea2d237

C:\Users\Admin\AppData\Local\Temp\nsj412C.tmp\modern-wizard.bmp

MD5 cbe40fd2b1ec96daedc65da172d90022
SHA1 366c216220aa4329dff6c485fd0e9b0f4f0a7944
SHA256 3ad2dc318056d0a2024af1804ea741146cfc18cc404649a44610cbf8b2056cf2
SHA512 62990cb16e37b6b4eff6ab03571c3a82dcaa21a1d393c3cb01d81f62287777fb0b4b27f8852b5fa71bc975feab5baa486d33f2c58660210e115de7e2bd34ea63

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

MD5 2a3d316e715168725a9e882ac7ff983d
SHA1 fb447086a39036d676659cf3971729a704de8289
SHA256 97712b8ae5e1a6f21222b76a58ced5451456f7e47552703fe04fcd849c2f66c7
SHA512 43e9f98a362174fc9fba344484cc476b274ade2b40b1beb814ad44074dfe195b5babea1284a6334037f7b04ee00f40ab94993b0d637119873dadeafa45b4fa6a

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences~RFe587068.TMP

MD5 80fde78a41dca26b9ff469faa05d79f6
SHA1 eea4acafc04ded51d6ec7d91cc49bc28a5ab275c
SHA256 d9d81e2e7dc744739b304b2dc8ab8070deb11d336a0050920e34c94868e8e1af
SHA512 1fead50484d63a241d5019274ebdd7b8cc8e9fe7dcccdcb99f0d75d4ccc2eea1787b1c3ab3a4aeb02c7ca95e439d5641c8f3a71df939256b4316b91739b414c3

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 e2ce908c220884e70316a286fe0c49c5
SHA1 3d678043c0951620e201556a24acad7b3e2d7ff4
SHA256 b37021ed34b161adb678cd5d837348e3272c20e6272ecb0c6b24651ee00f2a87
SHA512 a1e9c363a58c826ee32724705d88d4ff236f7f11ba9f8a1f4b8c08f51ea23cba6f0986f84356c77bec3b3c69526192f328bb67202c76d0ddf59ca0ef62740495

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe587dc6.TMP

MD5 177ffe6c8cde45d36dafd91f0071d667
SHA1 6746923df7129804c11253d6758d7ece1b38d5c1
SHA256 30d2644fc58ead689779e2a23fbe2d74f0d2e95acc6bd43b023a465959116770
SHA512 65a902eeb7c4186e415bc28d2863ed223fc41b61cedf909ac5bb605dbbc09a034047da26761867106ce870902197e2eb927886451ca94874652b4693cd602730

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 aee36765c245b17dce85225fe4182395
SHA1 34b5bae9525f8486fdbc6b5f829e8f933342ca23
SHA256 7abd208dc4acf504136c186e51f5c9016b372e28c37e7916ef31f275c5c39cd0
SHA512 27fb56e4617e4e94055729b80fc4df88f730ebba180b2336e6a3d21e0a02c0d08469a27388c3dbc025a00abd48327b007be2d0f71ff9e8c023dc9f16075e58e8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 b0a7a6468a07f9a77bac08a525f37dcb
SHA1 74192351613143702f602af5f8b32f3ba37fcf81
SHA256 abc4d865bfbb02f560ee0edaea8abfdd9c031da529a7e3d0f505cdae51e90e74
SHA512 8b2667329860d288e71e14bf6c63724389dd479de5394e30f4641181f64fc65a2bdc5a9b297dd5ecfe60186ac3613289e0c87107aab61646cd728cbd0b120af0

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\TransportSecurity

MD5 57fcbf3515e1923a9a0a7604a54940e4
SHA1 41d2a7ba182c7f326a76fe2a1554be2ddcb4849f
SHA256 31a962636096e3c07f2592f7898f099aca8f0d88755d6e38b33807cfb96bced4
SHA512 bb280436e0006f36690eb16667b5db7130b38894e8dbd27f9bd9cc7151f92a2045e1e25da0956d7755d7f0ca9fe2d6196bad66818b38294804a853a93ef60edb

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\TransportSecurity~RFe5886af.TMP

MD5 3f16a71c0d727044709090a80725cbbb
SHA1 828cd83c59d83eeddc57cd322b15f035212b14f6
SHA256 f88b80f25091086deda7787fd72d8b39412df6eac1557f222c7a8d02141d5919
SHA512 d9aff7b11c859e21a497af65411824a219d4fdf23551c40b04816d28f7253237c09357c8dabb2fa0c425edafa87ee8ca056062ccd7b25a3325e04c8ea748bad2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5886a0.TMP

MD5 c8938f7e14f50cfbbf978b873a1e92d5
SHA1 03d43dd18951b754e7ed9f721c541c47d6cd2953
SHA256 fd3e863277b6de29daaacb955a1c2a38ed034dc8e1cd58cd7f874ec04d24a447
SHA512 c298d4a94180eb86e2327284e821e13aea6c2da01b9df3fe5bc1c94feb4a2152a4e72fdf9a509ac5769ffb072bc8ff723f80ea93f171e3e824c78d7897dc922e

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

MD5 0d5906fa3685bcd9474a75ad3ce26ed6
SHA1 a72daca84082d105e52bff0898da04a2fa2674e9
SHA256 c11e154ad96e68424483dd8beabaeec7b3eec56104e1fe1e265b763d4355151f
SHA512 f47296202ddb2e1a22d13aca2d9902bca58f992c4a60a71367794424c2e7752176c522325059f71bcd97ff707ba4785bd7d4f7e5138c4c1ead5a6544d4013abc

C:\Users\Admin\AppData\Local\Temp\nsj412C.tmp\Banner.dll

MD5 a1b9bdee9fc87d11676605bd79037646
SHA1 8d6879f63048eb93b9657d0b78f534869d1fff64
SHA256 39e3108e0a4ccfb9fe4d8caf4fb40baa39bdd797f3a4c1fa886086226e00f465
SHA512 cd65d18eca885807c7c810286cebef75555d13889a4847bb30dc1a08d8948893899cc411728097641a8c07a8dcc59e1c1efa0e860e93dada871d5b7acc61b1e5

memory/7092-921-0x0000000002760000-0x0000000002796000-memory.dmp

memory/7092-922-0x0000000004F90000-0x00000000055B8000-memory.dmp

memory/7092-923-0x0000000004D70000-0x0000000004D92000-memory.dmp

memory/7092-924-0x0000000005670000-0x00000000056D6000-memory.dmp

memory/7092-925-0x00000000056E0000-0x0000000005746000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_n5uh2n5a.gnc.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/7092-935-0x0000000005750000-0x0000000005AA4000-memory.dmp

memory/7092-936-0x0000000005D20000-0x0000000005D3E000-memory.dmp

memory/7092-937-0x0000000005D50000-0x0000000005D9C000-memory.dmp

memory/7092-938-0x00000000062F0000-0x0000000006322000-memory.dmp

memory/7092-939-0x000000006E5D0000-0x000000006E61C000-memory.dmp

memory/7092-949-0x0000000006330000-0x000000000634E000-memory.dmp

memory/7092-950-0x0000000006F10000-0x0000000006FB3000-memory.dmp

memory/7092-951-0x00000000076A0000-0x0000000007D1A000-memory.dmp

memory/7092-952-0x0000000007060000-0x000000000707A000-memory.dmp

memory/7092-953-0x00000000070B0000-0x00000000070BA000-memory.dmp

memory/7092-954-0x0000000007300000-0x0000000007396000-memory.dmp

memory/7092-955-0x0000000007260000-0x0000000007271000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\nsy9A19.tmp\nsExec.dll

MD5 675c4948e1efc929edcabfe67148eddd
SHA1 f5bdd2c4329ed2732ecfe3423c3cc482606eb28e
SHA256 1076ca39c449ed1a968021b76ef31f22a5692dfafeea29460e8d970a63c59906
SHA512 61737021f86f54279d0a4e35db0d0808e9a55d89784a31d597f2e4b65b7bbeec99aa6c79d65258259130eeda2e5b2820f4f1247777a3010f2dc53e30c612a683

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 564f6aff8cf5a0f75f5e73f6e3a15d8c
SHA1 9276968250d526233981099291900352fdd4dc9b
SHA256 f7ecda24f4424af7ef40d6c8397f1f2b189782f9974de8fb036f7a89a6943459
SHA512 9e11dc7d0e1ec8bd1d9e101b2f473d4445fd65408dc60eb364d77b6f11df7d562fba27498e90287821f55eb3117789163029345867cf81b26b940889737e80bd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 b5008d378af8a1f3d9aa888b762ee2db
SHA1 b67e7470426b5c3b29304f89bcc2f5885380c0fc
SHA256 9f6bcd6d37fbd8d3abf84dc28a452b9f17f87ff125463f87170cbeed318b9151
SHA512 0ad412fefabda71338bf059fe405ea1273374b64ffa5a400d445dfc4268e6ee168fd9fe9b107b8f577cb2a8002327c6788c57e26d1ffc9e06cd6c9b650644c94

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

MD5 ae4bd002dc8a58835d42d7db33ee38d4
SHA1 c330b656776993c6d367ea7ec75478c90efa9074
SHA256 3b292c4fa1484d19519a76009d9851c2746374e78215e977b0ee48f5f16bccd8
SHA512 90649020a372f3b6dc615c8441cea5584426a268eee57a5d97a8c7e56195202867bd3d76162fff242627ae87b68c394861bc3a16165bd3814b98e6ce8399703b

memory/6576-1013-0x00000000030A0000-0x00000000031BC000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\nsy9A19.tmp\SimpleSC.dll

MD5 7b89329c6d8693fb2f6a4330100490a0
SHA1 851b605cdc1c390c4244db56659b6b9aa8abd22c
SHA256 1620cdf739f459d1d83411f93648f29dcf947a910cc761e85ac79a69639d127d
SHA512 ac07972987ee610a677ea049a8ec521a720f7352d8b93411a95fd4b35ec29bfd1d6ccf55b48f32cc84c3dceef05855f723a88708eb4cf23caec77e7f6596786a

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

MD5 59502cfd28c3d40162a3e5064ee78cac
SHA1 b0d71398b8d8f53cb51327c8546569ca6d71793c
SHA256 a8594126190d6f1216a2e509271a9e3f27be0d19c14a573ce5fec5a33646e57f
SHA512 8721b3b8f644765cffdcce5d9661abd10b6af2289257420facc6bc4478c1b745c627f25f40a4fe8cd459f5aad8dea8680fdc6736355bf8a9385da9bd294d6811

C:\Program Files (x86)\Fast!\uninstaller.exe

MD5 7b84320c38dec82dd5dd432f2bd40b93
SHA1 9d0050434cf6f3b71bd404eafc77fa9a3e3e1924
SHA256 301d71a9350673254bb2c7e0f2954217b46b876d9af393029bbbfe5f852a41e7
SHA512 8569263ea8e405f11bd0d2d99949ec5f84f593d8a2210c2a82aabad5b98969dd79414f0072cf3b79d6ffd0703dcb73fbf72a2c56a75315fa4d89b50c024fdc28

memory/6576-1211-0x0000000004A50000-0x0000000004B6C000-memory.dmp

C:\Program Files (x86)\Fast!\BigTestFile

MD5 6eb8c366315498feabd796786a621bcb
SHA1 3074fbe6287be713de51280d8277ab2f4b707155
SHA256 626db8bea999709c8faead0ec9d60025604676fcc44130abe6c1168b90989b3b
SHA512 dc28756c56c8ceffde09717e71212c5335e7cd1195105f6d5955a8ea3419e11b63669b03c5eba1a72be84adc9d92b0a3250a991b7c6a59817d3ffd21fc452733

C:\Users\Admin\AppData\Local\FAST!\User Data\Default\Code Cache\wasm\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\FAST!\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\FAST!\User Data\Default\fd75ece1-1c97-4a99-8a88-32d63a1eaf4c.tmp

MD5 5058f1af8388633f609cadb75a75dc9d
SHA1 3a52ce780950d4d969792a2559cd519d7ee8c727
SHA256 cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA512 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

MD5 df09abb0f75b16bebfe6237d5857e19e
SHA1 2f4c4698f900db1fcbd7d4d87389f30a5a1af3fc
SHA256 e21ac13377c57cbfa9fc11530afc9c6278a84416593cd25d390661afa7d2d8b4
SHA512 94a4c389cc2d786c26665b248dcbedb4cdbb963a71841b6305aa5820fb22571904fbb7b2118b97293c9b10b4d5cfdc994b320b0e5700144b0c38b392cccad849

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 346a152f50de6ffe2e5dbca15859f0a5
SHA1 c5e3271b2169dbe9df5d380cb149fd970e1af2f3
SHA256 cf8a84cecab4c5117a3d90e2d085812b0d0c19f0b475b5e9243cffbbb6ba9c6b
SHA512 4fa1166223071376ac03dca148907eb807e25e8fb78971d7b0860f4ff89933d31455370abcd49d745b75fa44a581be9f50c6b35e1ea06b425affe216b82156e4

C:\Program Files (x86)\Fast!\BigTestFile

MD5 8f52e660bce0437d450ae62e18899133
SHA1 04779989adf8307e38a5264286fbcb2bbe35bd14
SHA256 6d3a6be0bf3ade1bb1b16546294a5200fe4dbc2868d6a6bdebc88a1de529788f
SHA512 e7dd315737e0d521f484eace4c18f6c1fb17184513aead5e40bb554a49eec8ee2462f9273cfbd30b8766fc131a8a8bc58be69423c48665710fcdaf3ae5e155cf

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\Network Persistent State

MD5 cf894f6976646c991cf7bc7ac293e795
SHA1 4fa465b1e083c248cd687b3c422aefde2afc2967
SHA256 d7cd706780ec6428cd6286617aec18a3313a20bdcdcedefe60e792b8f8ac36fa
SHA512 360d1868365b1052026f5d0d8efdaa7a52cf8c335d544163d6e4e7ad36e48a8a2bd1af7473b5c0756c368ac51fd953f8a1de70cad9921bde4876823b2f423534

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\Network Persistent State~RFe593520.TMP

MD5 2800881c775077e1c4b6e06bf4676de4
SHA1 2873631068c8b3b9495638c865915be822442c8b
SHA256 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512 e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

C:\Users\Admin\AppData\Local\FAST!\User Data\Local State

MD5 c258f6020d8c6bb6079f0a4d565cf35d
SHA1 2ff25717110d74b16403dd518b6435c61ae9d921
SHA256 8a0888a6e4e403506f8bb84fe4ea00c38449a1533b54fd3dbb13e2c9e1230e34
SHA512 46288c6fe31a9173611fa3981b546f63b3c898708dd9ae87ab28f6e9107b1ba1c7efaf091819d193d9979732db69df50f4b64f0372e8ad9dfd17e24259dd4a32

C:\Users\Admin\AppData\Local\FAST!\User Data\Local State~RFe593723.TMP

MD5 cdaa6e62e9c370ffe3d3792c5553a36c
SHA1 3c79e571e41585fbc73e99933fd500f17d26885c
SHA256 e7c1225c33330af8a334f2c8896fc117f03dc51aead3ea5da259e0139125375f
SHA512 a4fc634007c26df6e3da8f602f8321c151dabf999f148c1ea3c4196b7d893bebc044d428724820a66a3f3d67840f7373afd64f2c0386a75c1fa3e6e91966231f

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

MD5 15eaae517f075a153a3e5c0e7ca9857d
SHA1 1bcb236e60a9ac293075336ac6a46e0b311c4eb3
SHA256 34d5e4723df96f2078c931ffbb9506835c9cefa6cda3221d30ffda631ab12fe2
SHA512 6f97f6f7931c45102a4b63a5bebb9a85fcf4b4b8885b5b1222985460188acb5d5893653e4fa1ac89e553bb0266333387452d70c5273ef2b34be32a2ce85850e0

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\TransportSecurity

MD5 77fe8b3a97d7feb5505d46404dc4fceb
SHA1 c4233e19bb82d128ffcfa76a9fb40e230c2bebf0
SHA256 a959f85ef7c4ffad60b1e8c28e78c7848ecdbc20cc09805e2d8ba3b3b3af40fc
SHA512 caac2e7b968752f374cbbdb296510bc28f02acff2ea5201ed444647f4b25bb726091610a7472403e80be7327515843cae7b707ebd661f2a4b7582334663563ab

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 5b2ac250e030be8e6dd103f3352bac97
SHA1 0894a3f31cd16d1da9dcf6873892efd8e50e1b86
SHA256 f4cbcd8172dd7ef02f317d1574a6c0f61352270a7c5c79410f816e3eff6089aa
SHA512 b5b6ebae76b67b4146a08fc7fc3c716f138400380f121fb94513dc1254af4169eaf67b06beb963f4606009a11d43f20242abdf9117f552f838a5a63eda675402

Analysis: behavioral3

Detonation Overview

Submitted

2024-11-09 22:25

Reported

2024-11-09 22:27

Platform

win7-20241010-en

Max time kernel

15s

Max time network

19s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\rundll32.exe N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1356 -s 224

Network

N/A

Files

N/A

Analysis: behavioral6

Detonation Overview

Submitted

2024-11-09 22:25

Reported

2024-11-09 22:27

Platform

win10v2004-20241007-en

Max time kernel

92s

Max time network

98s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\inetc.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\rundll32.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1572 wrote to memory of 2068 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 1572 wrote to memory of 2068 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 1572 wrote to memory of 2068 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\inetc.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\inetc.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 2068 -ip 2068

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2068 -s 624

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 71.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp

Files

N/A

Analysis: behavioral7

Detonation Overview

Submitted

2024-11-09 22:25

Reported

2024-11-09 22:27

Platform

win7-20240729-en

Max time kernel

81s

Max time network

18s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsDialogs.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\rundll32.exe N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsDialogs.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsDialogs.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2776 -s 240

Network

N/A

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-11-09 22:25

Reported

2024-11-09 22:27

Platform

win10v2004-20241007-en

Max time kernel

91s

Max time network

96s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\rundll32.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 720 wrote to memory of 3572 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 720 wrote to memory of 3572 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 720 wrote to memory of 3572 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 368 -p 3572 -ip 3572

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3572 -s 612

Network

Country Destination Domain Proto
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 71.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 98.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-11-09 22:25

Reported

2024-11-09 22:27

Platform

win7-20240903-en

Max time kernel

118s

Max time network

119s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\inetc.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\rundll32.exe N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\inetc.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\inetc.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2124 -s 232

Network

N/A

Files

N/A

Analysis: behavioral8

Detonation Overview

Submitted

2024-11-09 22:25

Reported

2024-11-09 22:27

Platform

win10v2004-20241007-en

Max time kernel

94s

Max time network

100s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsDialogs.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\rundll32.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2796 wrote to memory of 4776 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2796 wrote to memory of 4776 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2796 wrote to memory of 4776 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsDialogs.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsDialogs.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4776 -ip 4776

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4776 -s 636

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 76.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 67.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp

Files

N/A