Malware Analysis Report

2025-01-19 00:03

Sample ID 241109-affdgsskdw
Target https://www.kinitopet.com/
Tags
steam defense_evasion discovery execution persistence phishing spyware stealer
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

Threat Level: Shows suspicious behavior

The file https://www.kinitopet.com/ was found to be: Shows suspicious behavior.

Malicious Activity Summary

steam defense_evasion discovery execution persistence phishing spyware stealer

Executes dropped EXE

Reads user/profile data of web browsers

Loads dropped DLL

Checks installed software on the system

Enumerates connected drives

Command and Scripting Interpreter: PowerShell

Legitimate hosting services abused for malware hosting/C2

Adds Run key to start application

Checks system information in the registry

Detected potential entity reuse from brand STEAM.

Drops file in Windows directory

Subvert Trust Controls: Mark-of-the-Web Bypass

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Enumerates physical storage devices

Browser Information Discovery

Enumerates system info in registry

Suspicious use of SendNotifyMessage

Suspicious use of SetWindowsHookEx

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Modifies registry class

Uses Volume Shadow Copy service COM API

Modifies data under HKEY_USERS

NTFS ADS

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-09 00:09

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-09 00:09

Reported

2024-11-09 00:13

Platform

win11-20241007-en

Max time kernel

264s

Max time network

264s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://www.kinitopet.com/

Signatures

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\Setup (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\Setup (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\Setup (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\Setup (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\Setup (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\Setup (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\Setup (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\Setup (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\Setup (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\Setup (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\Setup (1).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nseEEC.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nseEEC.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nseEEC.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nseEEC.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nseEEC.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nseEEC.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nseEEC.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nseEEC.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nseEEC.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nseEEC.tmp N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\download\SetupEngine.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\download\SetupEngine.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\download\SetupEngine.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\download\SetupEngine.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\download\SetupEngine.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\download\SetupEngine.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\download\SetupEngine.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\download\SetupEngine.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\download\SetupEngine.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\download\SetupEngine.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000\Software\Microsoft\Windows\CurrentVersion\Run\PCAppStore = "\"C:\\Users\\Admin\\PCAppStore\\PCAppStore.exe\" /init default" C:\Users\Admin\AppData\Local\Temp\nseEEC.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000\Software\Microsoft\Windows\CurrentVersion\Run\PcAppStoreUpdater = "\"C:\\Users\\Admin\\PCAppStore\\AutoUpdater.exe\" /i" C:\Users\Admin\AppData\Local\Temp\nseEEC.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000\Software\Microsoft\Windows\CurrentVersion\Run\Watchdog = "\"C:\\Users\\Admin\\PCAppStore\\Watchdog.exe\" /guid=DD844BC0-09D5-4996-AA38-4CEEB7107A86X /rid=20241109001111.176240740359 /ver=fa.1092c" C:\Users\Admin\AppData\Local\Temp\nseEEC.tmp N/A

Checks installed software on the system

discovery

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\S: C:\Program Files (x86)\Fast!\fast!.exe N/A
File opened (read-only) \??\Y: C:\Program Files (x86)\Fast!\fast!.exe N/A
File opened (read-only) \??\E: C:\Program Files (x86)\Fast!\fast!.exe N/A
File opened (read-only) \??\G: C:\Program Files (x86)\Fast!\fast!.exe N/A
File opened (read-only) \??\M: C:\Program Files (x86)\Fast!\fast!.exe N/A
File opened (read-only) \??\N: C:\Program Files (x86)\Fast!\fast!.exe N/A
File opened (read-only) \??\P: C:\Program Files (x86)\Fast!\fast!.exe N/A
File opened (read-only) \??\R: C:\Program Files (x86)\Fast!\fast!.exe N/A
File opened (read-only) \??\U: C:\Program Files (x86)\Fast!\fast!.exe N/A
File opened (read-only) \??\Z: C:\Program Files (x86)\Fast!\fast!.exe N/A
File opened (read-only) \??\A: C:\Program Files (x86)\Fast!\fast!.exe N/A
File opened (read-only) \??\B: C:\Program Files (x86)\Fast!\fast!.exe N/A
File opened (read-only) \??\J: C:\Program Files (x86)\Fast!\fast!.exe N/A
File opened (read-only) \??\K: C:\Program Files (x86)\Fast!\fast!.exe N/A
File opened (read-only) \??\L: C:\Program Files (x86)\Fast!\fast!.exe N/A
File opened (read-only) \??\O: C:\Program Files (x86)\Fast!\fast!.exe N/A
File opened (read-only) \??\I: C:\Program Files (x86)\Fast!\fast!.exe N/A
File opened (read-only) \??\Q: C:\Program Files (x86)\Fast!\fast!.exe N/A
File opened (read-only) \??\W: C:\Program Files (x86)\Fast!\fast!.exe N/A
File opened (read-only) \??\F: C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
File opened (read-only) \??\H: C:\Program Files (x86)\Fast!\fast!.exe N/A
File opened (read-only) \??\T: C:\Program Files (x86)\Fast!\fast!.exe N/A
File opened (read-only) \??\V: C:\Program Files (x86)\Fast!\fast!.exe N/A
File opened (read-only) \??\X: C:\Program Files (x86)\Fast!\fast!.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A drive.google.com N/A N/A
N/A drive.google.com N/A N/A

Checks system information in the registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Fast!\nwjs\nw.exe N/A

Detected potential entity reuse from brand STEAM.

phishing steam

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Fast!\nwjs\locales\fa.pak.info C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\locales\mr.pak.info C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\locales\te.pak.info C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\ui\package.json C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\ui\css\style.css C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\ui\icons\checkbox.svg C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\locales\ar.pak C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\locales\el.pak C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\locales\sl.pak.info C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\ui\index.html C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\locales\gu.pak.info C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\ui\images\exit-popup-bg.png C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File opened for modification C:\Program Files (x86)\Fast!\BigTestFile C:\Program Files (x86)\Fast!\fast!.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\vk_swiftshader.dll C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\locales\sv.pak C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\ui\icons\checkbox-checked.svg C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\ui\icons\fast.svg C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\ui\images\network-error-popup-bg.png C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\locales\pt-BR.pak.info C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\locales\ru.pak.info C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\ui\icons\logo.svg C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\ui\images\all-circles-bg-mask.png C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\locales\ur.pak.info C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\ui\images\survey-bg-second-bg.png C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\locales\cs.pak.info C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\locales\de.pak.info C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\locales\fr.pak C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\locales\sr.pak.info C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\locales\zh-CN.pak.info C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\locales\da.pak.info C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\locales\es-419.pak.info C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\locales\kn.pak.info C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\locales\ur.pak C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\locales\ml.pak.info C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\locales\nb.pak.info C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\locales\sr.pak C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\locales\tr.pak C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\ffmpeg.dll C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\v8_context_snapshot.bin C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\locales\en-GB.pak C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\locales\lt.pak C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\locales\uk.pak C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\locales\vi.pak C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\ui\js\ui.bin C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\locales\hr.pak.info C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\locales\kn.pak C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\locales\nl.pak.info C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\locales\zh-TW.pak C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\vulkan-1.dll C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\locales\es-419.pak C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\locales\ja.pak C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\locales\pl.pak.info C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\locales\he.pak C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\locales\ja.pak.info C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\locales\th.pak.info C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\ui\icons\info-logo.svg C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\ui\images\app-background.png C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\libEGL.dll C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\nw.exe C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\locales\ca.pak C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\locales\zh-CN.pak C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\ui\images\survey-bg.png C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\FastSRV.exe C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\locales\pt-PT.pak.info C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\SystemTemp C:\Program Files (x86)\Fast!\nwjs\nw.exe N/A
File opened for modification C:\Windows\Logs\DISM\dism.log C:\Users\Admin\AppData\Local\Temp\D03547B6-520A-4891-9D45-ACB42C200A8E\dismhost.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
File opened for modification C:\Windows\Panther\UnattendGC\setupact.log C:\Windows\System32\oobe\UserOOBEBroker.exe N/A
File opened for modification C:\Windows\Panther\UnattendGC\setuperr.log C:\Windows\System32\oobe\UserOOBEBroker.exe N/A
File opened for modification C:\Windows\Panther\UnattendGC\diagerr.xml C:\Windows\System32\oobe\UserOOBEBroker.exe N/A
File opened for modification C:\Windows\Panther\UnattendGC\diagwrn.xml C:\Windows\System32\oobe\UserOOBEBroker.exe N/A

Subvert Trust Controls: Mark-of-the-Web Bypass

defense_evasion
Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Setup (1).exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\PCAppStore\download\SetupEngine.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\DllHost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Fast!\FastSRV.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Fast!\Fast!.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Setup (1).exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\nseEEC.tmp N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\DllHost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\FAST!\Temp\diskspd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Fast!\fast!.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Fast!\nwjs\nw.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Fast!\nwjs\nw.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133755846821223664" C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-556537508-2730415644-482548075-1000\{2D7F6042-212E-441B-8905-14726BF4E041} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\MuiCache C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix C:\Windows\system32\BackgroundTransferHost.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\system32\BackgroundTransferHost.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\system32\BackgroundTransferHost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\MuiCache C:\Windows\system32\BackgroundTransferHost.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DD844BC0-09D5-4996-AA38-4CEEB7107A86X} C:\Program Files (x86)\Fast!\fast!.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\KinitoPET.zip:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 287358.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 900962.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Setup (1).exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\Downloads\Setup (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\Setup (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\Setup (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\Setup (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\Setup (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\Setup (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\Setup (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\Setup (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\Setup (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\Setup (1).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nseEEC.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nseEEC.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nseEEC.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nseEEC.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nseEEC.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nseEEC.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nseEEC.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nseEEC.tmp N/A
N/A N/A C:\Users\Admin\PCAppStore\Watchdog.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\Watchdog.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\Watchdog.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\Watchdog.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\download\SetupEngine.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\download\SetupEngine.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\download\SetupEngine.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\download\SetupEngine.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Program Files (x86)\Fast!\fast!.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3616 wrote to memory of 2488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3616 wrote to memory of 2488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3616 wrote to memory of 3096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3616 wrote to memory of 3096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3616 wrote to memory of 3096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3616 wrote to memory of 3096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3616 wrote to memory of 3096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3616 wrote to memory of 3096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3616 wrote to memory of 3096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3616 wrote to memory of 3096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3616 wrote to memory of 3096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3616 wrote to memory of 3096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3616 wrote to memory of 3096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3616 wrote to memory of 3096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3616 wrote to memory of 3096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3616 wrote to memory of 3096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3616 wrote to memory of 3096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3616 wrote to memory of 3096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3616 wrote to memory of 3096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3616 wrote to memory of 3096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3616 wrote to memory of 3096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3616 wrote to memory of 3096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3616 wrote to memory of 3096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3616 wrote to memory of 3096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3616 wrote to memory of 3096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3616 wrote to memory of 3096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3616 wrote to memory of 3096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3616 wrote to memory of 3096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3616 wrote to memory of 3096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3616 wrote to memory of 3096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3616 wrote to memory of 3096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3616 wrote to memory of 3096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3616 wrote to memory of 3096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3616 wrote to memory of 3096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3616 wrote to memory of 3096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3616 wrote to memory of 3096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3616 wrote to memory of 3096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3616 wrote to memory of 3096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3616 wrote to memory of 3096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3616 wrote to memory of 3096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3616 wrote to memory of 3096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3616 wrote to memory of 3096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3616 wrote to memory of 4388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3616 wrote to memory of 4388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3616 wrote to memory of 2256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3616 wrote to memory of 2256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3616 wrote to memory of 2256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3616 wrote to memory of 2256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3616 wrote to memory of 2256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3616 wrote to memory of 2256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3616 wrote to memory of 2256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3616 wrote to memory of 2256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3616 wrote to memory of 2256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3616 wrote to memory of 2256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3616 wrote to memory of 2256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3616 wrote to memory of 2256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3616 wrote to memory of 2256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3616 wrote to memory of 2256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3616 wrote to memory of 2256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3616 wrote to memory of 2256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3616 wrote to memory of 2256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3616 wrote to memory of 2256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3616 wrote to memory of 2256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3616 wrote to memory of 2256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://www.kinitopet.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x104,0x108,0x10c,0x100,0x110,0x7ff82fa73cb8,0x7ff82fa73cc8,0x7ff82fa73cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1732,10332944286697725600,17149833872722857996,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1812 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1732,10332944286697725600,17149833872722857996,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1732,10332944286697725600,17149833872722857996,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2432 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1732,10332944286697725600,17149833872722857996,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1732,10332944286697725600,17149833872722857996,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1732,10332944286697725600,17149833872722857996,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1732,10332944286697725600,17149833872722857996,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1732,10332944286697725600,17149833872722857996,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1732,10332944286697725600,17149833872722857996,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6112 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1732,10332944286697725600,17149833872722857996,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5656 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1732,10332944286697725600,17149833872722857996,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1732,10332944286697725600,17149833872722857996,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1732,10332944286697725600,17149833872722857996,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6116 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x00000000000004D4 0x00000000000004E0

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1732,10332944286697725600,17149833872722857996,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1732,10332944286697725600,17149833872722857996,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6192 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1732,10332944286697725600,17149833872722857996,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1732,10332944286697725600,17149833872722857996,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6368 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1732,10332944286697725600,17149833872722857996,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6256 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1732,10332944286697725600,17149833872722857996,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3112 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1732,10332944286697725600,17149833872722857996,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3484 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1732,10332944286697725600,17149833872722857996,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1164 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1732,10332944286697725600,17149833872722857996,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1976 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1732,10332944286697725600,17149833872722857996,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1732,10332944286697725600,17149833872722857996,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6836 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1732,10332944286697725600,17149833872722857996,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2628 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1732,10332944286697725600,17149833872722857996,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6984 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1732,10332944286697725600,17149833872722857996,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3420 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1732,10332944286697725600,17149833872722857996,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1732,10332944286697725600,17149833872722857996,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7624 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1732,10332944286697725600,17149833872722857996,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7876 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1732,10332944286697725600,17149833872722857996,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7624 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1732,10332944286697725600,17149833872722857996,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4768 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1732,10332944286697725600,17149833872722857996,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3476 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1732,10332944286697725600,17149833872722857996,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7812 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1732,10332944286697725600,17149833872722857996,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7868 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1732,10332944286697725600,17149833872722857996,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8104 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1732,10332944286697725600,17149833872722857996,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6744 /prefetch:8

C:\Users\Admin\Downloads\Setup (1).exe

"C:\Users\Admin\Downloads\Setup (1).exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://pcapp.store/installing.php?guid=DD844BC0-09D5-4996-AA38-4CEEB7107A86X&winver=22000&version=fa.1092c&nocache=20241109001048.90&_fcid=1731111021870690

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff82fa73cb8,0x7ff82fa73cc8,0x7ff82fa73cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1732,10332944286697725600,17149833872722857996,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8108 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1732,10332944286697725600,17149833872722857996,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\nseEEC.tmp

"C:\Users\Admin\AppData\Local\Temp\nseEEC.tmp" /internal 1731111021870690 /force

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1732,10332944286697725600,17149833872722857996,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3532 /prefetch:1

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\PCAppStore\PcAppStore.exe

"C:\Users\Admin\PCAppStore\PcAppStore.exe" /init default

C:\Users\Admin\PCAppStore\Watchdog.exe

"C:\Users\Admin\PCAppStore\Watchdog.exe" /guid=DD844BC0-09D5-4996-AA38-4CEEB7107A86X /rid=20241109001111.176240740359 /ver=fa.1092c

C:\Users\Admin\PCAppStore\nwjs\NW_store.exe

.\nwjs\NW_store.exe .\ui\.

C:\Users\Admin\PCAppStore\nwjs\NW_store.exe

C:\Users\Admin\PCAppStore\nwjs\NW_store.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\pc_app_store\User Data" /prefetch:4 --monitor-self --monitor-self-argument=--type=crashpad-handler "--monitor-self-argument=--user-data-dir=C:\Users\Admin\AppData\Local\pc_app_store\User Data" --monitor-self-argument=/prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\pc_app_store\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\pc_app_store\User Data" --annotation=plat=Win64 --annotation=prod=pc_app_store --annotation=ver=0.1.0 --initial-client-data=0x26c,0x270,0x274,0x268,0x278,0x7ff81b5ca960,0x7ff81b5ca970,0x7ff81b5ca980

C:\Users\Admin\PCAppStore\nwjs\NW_store.exe

C:\Users\Admin\PCAppStore\nwjs\NW_store.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\pc_app_store\User Data" /prefetch:4 --no-periodic-tasks --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\pc_app_store\User Data\Crashpad" --annotation=plat=Win64 --annotation=prod=pc_app_store --annotation=ver=0.1.0 --initial-client-data=0x1d4,0x1d8,0x1dc,0x1b0,0x1e0,0x7ff763868a60,0x7ff763868a70,0x7ff763868a80

C:\Users\Admin\PCAppStore\nwjs\NW_store.exe

"C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=gpu-process --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --no-appcompat-clear --start-stack-profiler --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1996 --field-trial-handle=2000,i,12829804302830613383,14480681024949563598,262144 --variations-seed-version /prefetch:2

C:\Users\Admin\PCAppStore\nwjs\NW_store.exe

"C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --no-appcompat-clear --start-stack-profiler --mojo-platform-channel-handle=2004 --field-trial-handle=2000,i,12829804302830613383,14480681024949563598,262144 --variations-seed-version /prefetch:3

C:\Users\Admin\PCAppStore\nwjs\NW_store.exe

"C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --no-appcompat-clear --mojo-platform-channel-handle=2164 --field-trial-handle=2000,i,12829804302830613383,14480681024949563598,262144 --variations-seed-version /prefetch:8

C:\Users\Admin\PCAppStore\nwjs\NW_store.exe

"C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --nwjs --extension-process --no-appcompat-clear --no-sandbox --file-url-path-alias="/gen=C:\Users\Admin\PCAppStore\nwjs\gen" --no-zygote --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2656 --field-trial-handle=2000,i,12829804302830613383,14480681024949563598,262144 --variations-seed-version /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1732,10332944286697725600,17149833872722857996,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6408 /prefetch:2

C:\Users\Admin\PCAppStore\nwjs\NW_store.exe

"C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --no-appcompat-clear --mojo-platform-channel-handle=4292 --field-trial-handle=2000,i,12829804302830613383,14480681024949563598,262144 --variations-seed-version /prefetch:8

C:\Users\Admin\PCAppStore\nwjs\NW_store.exe

"C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --no-appcompat-clear --mojo-platform-channel-handle=4576 --field-trial-handle=2000,i,12829804302830613383,14480681024949563598,262144 --variations-seed-version /prefetch:8

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Users\Admin\PCAppStore\download\SetupEngine.exe

"C:\Users\Admin\PCAppStore\download\SetupEngine.exe"

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{60A90A2F-858D-42AF-8929-82BE9D99E8A1}

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{60A90A2F-858D-42AF-8929-82BE9D99E8A1}

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://veryfast.io/installing.html?guid=DD844BC0-09D5-4996-AA38-4CEEB7107A86X&_fcid=

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0x104,0x12c,0x7ff82fa73cb8,0x7ff82fa73cc8,0x7ff82fa73cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1732,10332944286697725600,17149833872722857996,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5604 /prefetch:1

C:\Users\Admin\PCAppStore\nwjs\NW_store.exe

"C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --no-appcompat-clear --mojo-platform-channel-handle=4900 --field-trial-handle=2000,i,12829804302830613383,14480681024949563598,262144 --variations-seed-version /prefetch:8

C:\Users\Admin\PCAppStore\nwjs\NW_store.exe

"C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --no-appcompat-clear --mojo-platform-channel-handle=4992 --field-trial-handle=2000,i,12829804302830613383,14480681024949563598,262144 --variations-seed-version /prefetch:8

C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe

"C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe" /fcid /instdir C:\Program Files (x86)\Fast! /startup 1

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Register-ScheduledTask fast_task -InputObject (New-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Program Files (x86)\Fast!\fast!.exe') -Principal (New-ScheduledTaskPrincipal -UserId ($Env:UserDomain + '\' + $Env:UserName) -RunLevel Highest) -Trigger (New-ScheduledTaskTrigger -AtLogon) -Settings (New-ScheduledTaskSettingsSet -MultipleInstances Queue -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries)) -Force"

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe

"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca

C:\Windows\system32\BackgroundTransferHost.exe

"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\FAST!\Temp\diskspd.exe -c100M -b4K -t1 -r -o32 -d10 -ag -h -Rxml C:\Users\Admin\AppData\Local\FAST!\Temp\testfile.temp" > C:\Users\Admin\AppData\Local\FAST!\Temp\dskres.xml

C:\Users\Admin\AppData\Local\FAST!\Temp\diskspd.exe

C:\Users\Admin\AppData\Local\FAST!\Temp\diskspd.exe -c100M -b4K -t1 -r -o32 -d10 -ag -h -Rxml C:\Users\Admin\AppData\Local\FAST!\Temp\testfile.temp

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc

C:\Windows\System32\oobe\UserOOBEBroker.exe

C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://veryfast.io/installed.php?guid=DD844BC0-09D5-4996-AA38-4CEEB7107A86X&_fcid=

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff82fa73cb8,0x7ff82fa73cc8,0x7ff82fa73cd8

C:\Program Files (x86)\Fast!\FastSRV.exe

"C:\Program Files (x86)\Fast!\FastSRV.exe"

C:\Program Files (x86)\Fast!\fast!.exe

"C:\Program Files (x86)\Fast!\fast!.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1732,10332944286697725600,17149833872722857996,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6656 /prefetch:1

C:\Program Files (x86)\Fast!\Fast!.exe

"C:\Program Files (x86)\Fast!\Fast!.exe"

C:\Program Files (x86)\Fast!\nwjs\nw.exe

"C:\Program Files (x86)\Fast!\nwjs\nw.exe" ui\.

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Program Files (x86)\Fast!\nwjs\nw.exe

"C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\FAST!\User Data" /prefetch:7 --monitor-self --monitor-self-argument=--type=crashpad-handler "--monitor-self-argument=--user-data-dir=C:\Users\Admin\AppData\Local\FAST!\User Data" --monitor-self-argument=/prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\FAST!\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\FAST!\User Data" --annotation=plat=Win64 --annotation=prod=FAST! --annotation=ver= --initial-client-data=0x270,0x274,0x278,0x26c,0x27c,0x7ff815dba970,0x7ff815dba980,0x7ff815dba990

C:\Program Files (x86)\Fast!\nwjs\nw.exe

"C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\FAST!\User Data" /prefetch:7 --no-periodic-tasks --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\FAST!\User Data\Crashpad" --annotation=plat=Win64 --annotation=prod=FAST! --annotation=ver= --initial-client-data=0x1d0,0x1d4,0x1d8,0x14c,0x1dc,0x7ff6c8e4ca30,0x7ff6c8e4ca40,0x7ff6c8e4ca50

C:\Users\Admin\AppData\Local\Temp\D03547B6-520A-4891-9D45-ACB42C200A8E\dismhost.exe

C:\Users\Admin\AppData\Local\Temp\D03547B6-520A-4891-9D45-ACB42C200A8E\dismhost.exe {F7167F03-15FF-4DD9-8F90-F359CC8FB14B}

C:\Windows\system32\SystemSettingsAdminFlows.exe

"C:\Windows\system32\SystemSettingsAdminFlows.exe" EnterProductKey

C:\Users\Admin\Downloads\KinitoPET\KinitoPET\KinitoPET.exe

"C:\Users\Admin\Downloads\KinitoPET\KinitoPET\KinitoPET.exe"

C:\Users\Admin\Downloads\KinitoPET\KinitoPET\KinitoPET.exe

"C:\Users\Admin\Downloads\KinitoPET\KinitoPET\KinitoPET.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Users\Admin\PCAppStore\nwjs\NW_store.exe

"C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --no-appcompat-clear --start-stack-profiler --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1184 --field-trial-handle=2000,i,12829804302830613383,14480681024949563598,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.kinitopet.com udp
GB 142.250.200.19:443 www.kinitopet.com tcp
GB 216.58.201.110:443 apis.google.com tcp
GB 216.58.201.110:443 apis.google.com udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 10.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 35.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 200.187.250.142.in-addr.arpa udp
GB 216.58.213.1:443 759187026-atari-embeds.googleusercontent.com tcp
GB 216.58.213.1:443 759187026-atari-embeds.googleusercontent.com tcp
GB 216.58.213.1:443 759187026-atari-embeds.googleusercontent.com tcp
GB 216.58.213.1:443 759187026-atari-embeds.googleusercontent.com tcp
GB 216.58.213.1:443 759187026-atari-embeds.googleusercontent.com tcp
GB 216.58.213.1:443 759187026-atari-embeds.googleusercontent.com tcp
GB 216.58.213.1:443 759187026-atari-embeds.googleusercontent.com tcp
GB 216.58.213.1:443 759187026-atari-embeds.googleusercontent.com tcp
GB 216.58.213.1:443 759187026-atari-embeds.googleusercontent.com tcp
US 216.239.34.36:443 region1.analytics.google.com tcp
GB 142.250.187.206:443 drive.google.com tcp
GB 172.217.16.238:443 play.google.com tcp
GB 216.58.213.1:443 759187026-atari-embeds.googleusercontent.com udp
GB 142.250.187.206:443 drive.google.com udp
GB 172.217.16.238:443 play.google.com udp
N/A 224.0.0.251:5353 udp
GB 142.250.180.4:443 www.google.com tcp
GB 142.250.180.4:443 www.google.com tcp
US 23.192.21.216:443 store.steampowered.com tcp
US 23.192.21.216:443 store.steampowered.com tcp
SE 192.229.221.95:80 evcs-crl.ws.symantec.com tcp
US 104.18.42.105:443 shared.cloudflare.steamstatic.com tcp
US 104.18.42.105:443 shared.cloudflare.steamstatic.com tcp
US 104.18.42.105:443 shared.cloudflare.steamstatic.com tcp
US 104.18.42.105:443 shared.cloudflare.steamstatic.com tcp
US 104.18.42.105:443 shared.cloudflare.steamstatic.com tcp
US 104.18.42.105:443 shared.cloudflare.steamstatic.com tcp
US 104.18.42.105:443 shared.cloudflare.steamstatic.com tcp
US 151.101.3.52:443 cdn.fastly.steamstatic.com tcp
GB 104.82.234.109:443 api.steampowered.com tcp
N/A 127.0.0.1:27060 tcp
US 216.239.34.36:443 region1.analytics.google.com udp
GB 92.123.128.192:443 www.bing.com tcp
GB 92.123.128.169:443 r.bing.com tcp
GB 92.123.128.169:443 r.bing.com tcp
GB 92.123.128.164:443 r.bing.com tcp
GB 92.123.128.164:443 r.bing.com tcp
NL 40.126.32.134:443 login.microsoftonline.com tcp
US 45.79.115.66:443 kinito-interactive.itch.io tcp
US 45.79.115.66:443 kinito-interactive.itch.io tcp
US 104.26.8.198:443 static.itch.io tcp
US 104.26.8.198:443 static.itch.io tcp
US 104.26.8.198:443 static.itch.io tcp
US 104.26.8.198:443 static.itch.io tcp
US 104.26.8.198:443 static.itch.io tcp
US 172.67.132.40:443 img.itch.zone tcp
US 172.67.132.40:443 img.itch.zone tcp
US 172.67.132.40:443 img.itch.zone tcp
US 172.67.132.40:443 img.itch.zone tcp
US 104.26.8.198:443 static.itch.io tcp
US 172.66.0.236:443 itchio-mirror.cb031a832f44726753d6267436f3b414.r2.cloudflarestorage.com tcp
US 45.79.115.66:443 kinito-interactive.itch.io tcp
GB 142.250.178.14:443 fundingchoicesmessages.google.com tcp
GB 142.250.178.14:443 fundingchoicesmessages.google.com udp
GB 216.58.213.1:443 759187026-atari-embeds.googleusercontent.com udp
GB 172.217.16.238:443 play.google.com udp
GB 142.250.179.226:443 ep1.adtrafficquality.google tcp
GB 142.250.179.225:443 ep2.adtrafficquality.google tcp
GB 142.250.179.225:443 ep2.adtrafficquality.google udp
GB 172.217.169.33:443 tpc.googlesyndication.com tcp
GB 142.250.179.226:443 ep1.adtrafficquality.google udp
US 64.227.17.224:443 veryfast.io tcp
US 64.227.17.224:443 veryfast.io tcp
FR 185.93.2.8:443 repcdn.pcapp.store tcp
SE 192.229.221.95:80 evcs-crl.ws.symantec.com tcp
US 167.99.235.203:443 pcapp.store tcp
SE 192.229.221.95:80 evcs-crl.ws.symantec.com tcp
SE 192.229.221.95:80 evcs-crl.ws.symantec.com tcp
US 207.246.91.177:443 pcapp.store tcp
US 207.246.91.177:443 pcapp.store tcp
FR 185.93.2.11:443 repcdn.pcapp.store tcp
GB 2.23.210.75:80 e6.o.lencr.org tcp
FR 185.93.2.8:443 repcdn.pcapp.store tcp
GB 142.250.179.228:443 www.google.com udp
GB 216.58.204.67:443 www.google.co.uk tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 216.239.34.36:443 region1.analytics.google.com tcp
GB 142.250.200.14:443 google.com tcp
GB 142.250.200.14:443 google.com tcp
BE 66.102.1.157:443 stats.g.doubleclick.net tcp
GB 142.250.200.14:443 google.com tcp
US 216.239.34.36:443 region1.analytics.google.com tcp
US 216.239.34.36:443 region1.analytics.google.com udp
US 167.99.235.203:443 pcapp.store tcp
US 167.99.235.203:443 pcapp.store tcp
FR 52.222.169.28:443 d74queuslupub.cloudfront.net tcp
US 8.8.8.8:53 pcapp.store udp
US 8.8.8.8:53 pcapp.store udp
US 167.99.235.203:443 pcapp.store tcp
US 167.99.235.203:80 pcapp.store tcp
US 8.8.8.8:53 repcdn.pcapp.store udp
US 8.8.8.8:53 repcdn.pcapp.store udp
US 167.99.235.203:443 pcapp.store tcp
US 167.99.235.203:443 pcapp.store tcp
US 167.99.235.203:443 pcapp.store tcp
US 167.99.235.203:443 pcapp.store tcp
US 167.99.235.203:443 pcapp.store tcp
DE 212.102.56.178:443 repcdn.pcapp.store tcp
DE 212.102.56.178:443 repcdn.pcapp.store tcp
FR 185.93.2.11:443 repcdn.pcapp.store tcp
DE 212.102.56.178:443 repcdn.pcapp.store tcp
DE 212.102.56.178:443 repcdn.pcapp.store tcp
DE 212.102.56.178:443 repcdn.pcapp.store tcp
DE 212.102.56.178:443 repcdn.pcapp.store tcp
FR 185.93.2.11:443 repcdn.pcapp.store tcp
FR 185.93.2.11:443 repcdn.pcapp.store tcp
US 167.99.235.203:443 pcapp.store tcp
US 8.8.8.8:53 repository.pcapp.store udp
US 8.8.8.8:53 repository.pcapp.store udp
FR 185.93.2.8:443 repository.pcapp.store tcp
FR 185.93.2.8:443 repository.pcapp.store tcp
FR 185.93.2.8:443 repository.pcapp.store tcp
FR 185.93.2.8:443 repository.pcapp.store tcp
US 167.99.235.203:443 pcapp.store tcp
US 167.99.235.203:443 pcapp.store tcp
DE 195.181.170.19:443 repository.pcapp.store tcp
DE 195.181.170.19:443 repository.pcapp.store tcp
DE 195.181.170.19:443 repository.pcapp.store tcp
US 167.99.235.203:443 pcapp.store tcp
DE 195.181.170.19:443 repository.pcapp.store tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.180.4:443 www.google.com udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
GB 95.101.143.195:443 tcp
GB 95.101.143.195:443 tcp
US 8.8.8.8:443 dns.google udp
US 52.182.143.215:443 browser.pipe.aria.microsoft.com tcp
SE 192.229.221.95:80 evcs-crl.ws.symantec.com tcp
US 64.227.17.224:80 veryfast.io tcp
US 147.182.211.77:443 ev.pcapp.store tcp
GB 92.123.128.165:443 r.bing.com tcp
GB 92.123.128.165:443 r.bing.com tcp
GB 92.123.128.165:443 r.bing.com tcp
GB 92.123.128.165:443 r.bing.com tcp
GB 92.123.128.165:443 r.bing.com tcp
GB 92.123.128.165:443 r.bing.com tcp
US 64.227.17.224:443 veryfast.io tcp
FR 185.93.2.12:443 repcdn.veryfast.io tcp
US 64.227.17.224:443 veryfast.io tcp
SE 192.229.221.95:80 evcs-crl.ws.symantec.com tcp
SE 192.229.221.95:80 evcs-crl.ws.symantec.com tcp
DE 152.199.19.74:80 evcs-ocsp.ws.symantec.com tcp
GB 216.58.201.106:443 tcp
SE 192.229.221.95:80 evcs-crl.ws.symantec.com tcp
US 64.227.17.224:443 veryfast.io tcp
FR 185.93.2.8:443 repository.pcapp.store tcp
US 64.227.17.224:443 veryfast.io tcp
GB 92.123.128.178:443 r.bing.com tcp
US 13.107.213.254:443 t-ring-s2.msedge.net tcp
US 152.199.19.161:443 fp-vs-nocache.azureedge.net tcp
US 150.171.70.254:443 mcr-ring.msedge.net tcp
SE 192.229.221.95:80 evcs-crl.ws.symantec.com tcp
GB 163.70.151.21:443 connect.facebook.net tcp
GB 163.70.151.35:443 www.facebook.com tcp
US 64.227.17.224:443 veryfast.io tcp
US 64.227.17.224:443 veryfast.io tcp
US 8.8.8.8:443 dns.google udp
GB 142.250.179.228:443 www.google.com udp
GB 23.213.251.133:443 cxcs.microsoft.net tcp
GB 92.123.128.144:443 www.bing.com tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.4.4:443 dns.google udp
GB 172.217.169.74:443 udp
US 64.227.17.224:443 veryfast.io tcp
GB 142.250.179.228:443 www.google.com udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a28bb0d36049e72d00393056dce10a26
SHA1 c753387b64cc15c0efc80084da393acdb4fc01d0
SHA256 684d797e28b7fd86af84bfb217d190e4f5e03d92092d988a6091b2c7bbbd67c1
SHA512 20940fee33aa2194c36a3db92d4fd314ce7eacc2aa745abec62aa031c2a53ba4ff89f2568626e7bd2536090175f8d045c3bb52c5faa5ecc8da8410ab5fc519f7

\??\pipe\LOCAL\crashpad_3616_ZPHBYRJENXBMDGJZ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 554d6d27186fa7d6762d95dde7a17584
SHA1 93ea7b20b8fae384cf0be0d65e4295097112fdca
SHA256 2fa6145571e1f1ece9850a1ac94661213d3e0d82f1cef7ac1286ff6b2c2017cb
SHA512 57d9008ccabc315bd0e829b19fe91e24bab6ef20bcfab651b937b0f38eec840b58d0aed092a3bbedd2d6a95d5c150372a1e51087572de55672172adc1fc468a7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 234364e11867de12f3e0c9c959013da6
SHA1 543c758fc92b42573bc518f2d4374004e53c297b
SHA256 c43987c2e2df6ae8d654731f22ae24bb43e7c5d369248972b779b93ed34b006a
SHA512 240a8f8de050100b41f9e4bed546c8187ee7fd26d9cdfb36ff5f9fc08a06d7cc04097bdeb415c4eb693dce1b57e551623c1991de15aae6faf267b5666faaf49a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

MD5 352a958b151b9dbdc58c98906845e24b
SHA1 e01186db25cdac711c86cca949bd8130c6c9be98
SHA256 98212f60f4bad4a310f10812f66ba346ea10f8fe42a857a5bca173997fd7c342
SHA512 52213f0a82a3397a8b4aa5a5d22359c9932af80a974f52217325d45f9232a293196aa5c109c3ba2141a1d1abb73705a98d75336b98435e986eabe755bc52164f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 91970a7df7d12f8b2ae87cb7f98cc516
SHA1 e87d406858dce22789285efed726b61532de3a56
SHA256 9300c88626aa9ac13f5377d8681d8ddaf65a3714682a8ff8d08faae430daccd2
SHA512 1d2003b84afca2bbeacd7cddebc864547d171250a774f17d2992d866a550528fda13d3e8a3950d9b117d5fbc4ff68ce78bee396fa88019e322db29bdb78e05ff

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 280197e3b3d69b14a48a157727d3e740
SHA1 b3667cc41f755b5e012fd9134144c23a8187bb67
SHA256 c43297aaef8668e426c032e58e4055fb6c17cb2620a245ff6c62d9b84ebe514d
SHA512 07446aab19d384f41964a7d4169e301030e3be17bd0f63462b839ede6978779ea727215d69fdb2912936b14d5beb0a2909bfd6b64ae53d547c1544f76c68fdd2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f05b.TMP

MD5 73080000630aac58716ca8eb603b8b9a
SHA1 0c1bfbb0e82d0e85b5f37c09055663b345e99a91
SHA256 72c6bc6896602b3678688c2c265fff991ecb974441d23bb3af8aad435821c5e6
SHA512 543ea65f372b803b653f59f9c10afc871b12c660195eeb3830777394bbc03f3dc93b5deeef3df0549f211a822a6256bc089e33092089bf311d80915ad8da6fb3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a4eca5ec8a6cae514c030a5ec20d1823
SHA1 a1202a368d6cc54391c5d2efc9ba3a968fb3faad
SHA256 0b3419cc0d251c2f87dbdd1861d26ba97621c62026eeb689e6e49ad1299c0c0c
SHA512 ba5911463adcda6b24ec6147978932a3a3dc8d8d797fd58a070c41123df8f64996d4c5fa24e6badcb4d8fffbfb1e842e4f4aef1e1f88808b5557a74bde2e7ae7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 72684d892cfd3603dad4bd5ec2bb5d2e
SHA1 98026a9ea970d28060825179087a2a48942917fb
SHA256 e1bcddde188af7467c53e8d104f3e26f08740702d9a64c2eacaa36f2bc70866b
SHA512 621ace838b5a594cbbef4cf180b0fb2c4141dc3ccdb81340506da15484fe7733bffe948905b8b82c2fe4ea6fce46df8d1da60d095ebcbf3cf764d9dd210c4f8d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 9a82285feff3bc45bcccae66db3ff901
SHA1 0fe9c834c933a107162ad6e88c99555b1f9ec413
SHA256 a7852e32c0e62c711a03255969df9449e7fddb61a66c10fdb821d3221770a881
SHA512 a9d3e8719adf49b1da69de3181eac0915bc0b24e40a88ae36226275f86d7347fa7d7d3ea721c98069f63e4288fe6b8f9186ca4092ee9d74ea895b97a49845c2a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c7085952f82b68640ad98e62c58cc307
SHA1 882d990e5a6d9a25dbae54cc4319b07e91257bb5
SHA256 d474b40789ee328aed19f9356498ada107bffb9dcaf7cb174840ec21d651f83e
SHA512 91708903567715cc6e571baed05d95bfde00cdb64772602747ca34da1a67b01c45b0c77114e20665e1f2ed36a88c67fee2665def4e82cdf83efb8a55f979ace0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 c57feb45ad6131297f77084328d39a9d
SHA1 f63bf5d37e7a9746389f99c53f3a465b5c94a346
SHA256 9d589ebc5af71b0003861511650be6eb998d0f1449dd4f50bfe6c8e00419fb0c
SHA512 536e86aa1c2f7c1164b6b6904c2d0e50114571e36bace7dec1ac20c386de7475de1da4ecfeeb16781742160256a0fd6cfab8c6ed3b85e810d9f336dd9dbdac15

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1a39b6e271b3191a30fb348d62c337bc
SHA1 2ea2ffe67115790d4941410a11fadefb84cae0b1
SHA256 00d28249c081a2340120bb7e35cf14b5d5d4515556d0f93f62e4111a70b3ca0a
SHA512 96d8f5c34fef8c4b0fe7aea7457a301a9067814bb599e37916bde9e7adab6c1fe4bb1de30d39060e50318b4db756b2c6fdb1c73e5415204fe46c0df449f7cf55

C:\Users\Admin\Downloads\KinitoPET.zip:Zone.Identifier

MD5 fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1 d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256 eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512 aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7cdf0964138df8579b29c2e5294b0236
SHA1 6f289c556d192b8ba827773413eccbb1c9e38e38
SHA256 6e920b28c32c5c8523b82a6535e030e785664bf3e8af8bf9b9fae81d2213a9db
SHA512 32b8b599c5d34e6f3816446784686fff70e508efbd2fcee7976aa3d2a4367dd788a02452a7f41e7b1a5d5caea305e4e2752db78ce3add57cc56e98abda7b0ff2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 0a08d207b1c0b9b3bb1a46a2d761e2d1
SHA1 25f556bc0e446c8a50dfea92c8dde869d79a7d16
SHA256 e2df50080432de23928f96f1a9e8819e000e783bf1844d2a3a7f66009202991b
SHA512 ec5b3ef786625c275fca5cd994c34a16cfb3dbf9b1427e6bd3a4421d2acf7b9dbdf17147299453994f71d4dd0a12b1f37eddacbf7b698fea26fded8ea60b8d55

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 655676a292e8623ddb50f3915682cdeb
SHA1 6da5835cd78eff89efc068fcc58715b29989f82c
SHA256 414e1af89a321f759c985f476d310b29152874c93f6e2f23a741cdc939803385
SHA512 ed4386862e6c06dc720868be681baeac616cc6a34e97c09ecce1900e76893763756009bef3b630af099b782cca448bdf24ac6e290f357e18b3d20870c5be52e3

C:\Users\Admin\Downloads\Unconfirmed 900962.crdownload

MD5 4dd2e871dd4608417fe7ea90075fd34d
SHA1 33171ef2aa1b27c37a6bb0d17152304cc10404af
SHA256 3d069536178d18eaa1299aa3d2d7a5c728e4d96a7df00cad7832b0422e19354a
SHA512 2106d08b904e87ea8279c567cac2f369255e4f5d508d95d9d12ba79d97bae5eb2d5ae686242de23756ef82fe7acde4be5156531154139478ae8807bfa299c8dd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 4713048518a73acacd378f96bf237d5b
SHA1 d09ecaf5e125d34c3e2ea0f8e4d5d67abdfc65a7
SHA256 b39cbe180e426a89c8652ae0897facdd046471d3c58b90cdf3ea319a2d2c9753
SHA512 0f546c7760ff8298ca9bd5087f420f40f4d7c730fe7b586905507c1bc4b6d3318c8eea79f3190ecce12113fe2300cac347943aca4019a6eb53d6d982a4c55c16

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 da7cab1ede3e205704f74ab78a377396
SHA1 5ffab5397e36aeea6fdd29fd02b0be8172b06e61
SHA256 2dc667369127c2ada13ede5391b26b98096c285028d7d295a7e58a4a4cda4fbf
SHA512 94bc0461f4ccc6914f97eef8f46b7b114f7e0faaeafe6850b8fc900876acf6e232bdd531e019b5985ede1877ae138e341e0fb4c0099f32654a6b112769030cad

C:\Users\Admin\Downloads\Setup (1).exe:Zone.Identifier

MD5 3a3684cb99a02867a99272ce59bd40ef
SHA1 15ac670e5f6d3dd377a914e62d4dc82e91451d93
SHA256 c2d285b9336761752b9456a13e5bd0cf2f505f0bd7ee79228afe275f21002718
SHA512 b4513a005be7b8ec34f69bf9a10b16bfd9f64ae9c56f8e3b1250e5edde2d26e120d3a47e633bd27650ad428e616b676c445b742d2edea98a1cc99dd1b6603cd7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 ab90ce2253a56d1e3a23e082978d608f
SHA1 9afa8cdcc442dc8fd11147a6b548fc6c92e41fad
SHA256 d2fe233207328b8d88bd5ed98410e6df28bc7a040de7c150d776c416e5f90e2e
SHA512 dff6e6cd98de2c168f7d8be1ec2cbc1fc3a1697a420f084b11183009068a97f7e4274640d056951063fe64f56cfa94eb9d69dd7df8f7c9cc948fe0f013262055

C:\Users\Admin\AppData\Local\Temp\nsdFE42.tmp\System.dll

MD5 cff85c549d536f651d4fb8387f1976f2
SHA1 d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e
SHA256 8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8
SHA512 531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

C:\Users\Admin\AppData\Local\Temp\nsdFE42.tmp\nsJSON.dll

MD5 f4d89d9a2a3e2f164aea3e93864905c9
SHA1 4d4e05ee5e4e77a0631a3dd064c171ba2e227d4a
SHA256 64b3efdf3de54e338d4db96b549a7bdb7237bb88a82a0a63aef570327a78a6fb
SHA512 dbda3fe7ca22c23d2d0f2a5d9d415a96112e2965081582c7a42c139a55c5d861a27f0bd919504de4f82c59cf7d1b97f95ed5a55e87d574635afdb7eb2d8cadf2

C:\Users\Admin\AppData\Local\Temp\nsdFE42.tmp\NSISFastLib.dll

MD5 9c7a4d75f08d40ad6f5250df6739c1b8
SHA1 793749511c61b00a793d0aea487e366256dd1b95
SHA256 6eb17c527c9e7f7fea1fdb2ea152e957b50a56796e53ce1e5946b165b82deaef
SHA512 e85235307b85ffd3aab76ff6290bee0b3b9fd74c61a812b5355fe7b854d4c6b77bd521e52638d28e249a43d9ec7aa6f2670af2b1c671091492c7fe19d6f9a4e6

C:\Users\Admin\AppData\Local\Temp\nsdFE42.tmp\nsDialogs.dll

MD5 6c3f8c94d0727894d706940a8a980543
SHA1 0d1bcad901be377f38d579aafc0c41c0ef8dcefd
SHA256 56b96add1978b1abba286f7f8982b0efbe007d4a48b3ded6a4d408e01d753fe2
SHA512 2094f0e4bb7c806a5ff27f83a1d572a5512d979eefda3345baff27d2c89e828f68466d08c3ca250da11b01fc0407a21743037c25e94fbe688566dd7deaebd355

C:\Users\Admin\AppData\Local\Temp\nsdFE42.tmp\inetc.dll

MD5 a35cdc9cf1d17216c0ab8c5282488ead
SHA1 ed8e8091a924343ad8791d85e2733c14839f0d36
SHA256 a793929232afb78b1c5b2f45d82094098bcf01523159fad1032147d8d5f9c4df
SHA512 0f15b00d0bf2aabd194302e599d69962147b4b3ef99e5a5f8d5797a7a56fd75dd9db0a667cfba9c758e6f0dab9ced126a9b43948935fe37fc31d96278a842bdf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\773CFF2C7835D48C4E76FE153DBA9F81_15174A80589B8DAF9768E9131F4845C0

MD5 91b954a96bb503e26f9fcafb23491f9e
SHA1 8e52b6bf7e9370f8f5373526fbda01dbdc7e7c84
SHA256 a0ea41ee5191f0e631f38389b18b58b7663e97e04cc63e12cc2808a3b13e9aa6
SHA512 1b0951932923b2e0519fd4e415bca1bb64d72154179e7a8db56ca885b7e32c690702c1dd1c1f2f8188ed383b13eb58c27a7743f04423050c1085431a4a5a6023

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\773CFF2C7835D48C4E76FE153DBA9F81_15174A80589B8DAF9768E9131F4845C0

MD5 20f285b90661f7fb87c74563641de158
SHA1 5505bf5cb27c3a83b3660a3c5d4d99ad499e78ad
SHA256 bb811a2939f554e861ec572fe20a3f10ad302f87ffe3fdaca0e37b1b7ee88cc7
SHA512 d4792adf05030f5e49bac5e090e51a498a8731d73f244cc0c37b3d0bf08881c6ff316f340d8119c36bc165e01162ac9c177cce7c4a602ff0a2efe05150eac2e1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_C39E9DBC666D19C07EEE7CD1E11AF8BE

MD5 a2eeb97d788bf80e54d203dcf5dd41e9
SHA1 2884b7763ba6644c004251d2e2a8510981ee9619
SHA256 ce839e1b4779545cef3e3bde815d1e7931b22b6f3cac67ef8b95514790aad024
SHA512 ddfb5c669494cd91cba68cdb84e9497eb40e672f8c9f9f3935838b59c90435a5d8d89db386e07f96dfcbc6a13b9c15f55c7a6d0ea66ddbfd2fac436ebf2451ce

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_C39E9DBC666D19C07EEE7CD1E11AF8BE

MD5 7b75d054c354544217965de2b66889cb
SHA1 6ab7dffa0969e95b482af091cea51c9e1e3e260a
SHA256 de216c2904aad6b18862b0b70293261edbc3c0c318737af39e63955d0e8ae50e
SHA512 18ebf882fc0414cad834200edc9afb9e056548f17de743415533c96b1092fd45381d4cbe5e1c65fd6e5f1cdc1a556e29a6fba8e90cb990db42394663d0d6da95

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8d3d3a58956ba8dc1b9b7a84239b2d37
SHA1 4f58a2f28de1443eca17922465aeb2aabbd1e58c
SHA256 e413e2459f327bba13d67f985fda2f38acafee23b2790ab06b47fbf21e189d9c
SHA512 70d9afa787fd51bf48acc03462dded52f567b6125e6f7a3f4b30db8ef6e95af79ca1bfffd28d5489dc47ea3fc9ea3010dfa6eadf9275c4a76932ec9d31441de6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 bda883011edf216308a7f2f8a0a8aacb
SHA1 7cfbf758b0ec96bc5003c6655404e09ff803381d
SHA256 4867f8c0702883da98611eeb9c37fc907741b67d6cd98f6a640f752455b66344
SHA512 40f435a06e420d5226487f8747f13a600f00a03a5b992c56f4be9445d8605c71d54fd9e9c10d2c109816a84d4003a5ca55d8507e07d99454ca673e0be1e14174

C:\Users\Admin\PCAppStore\nwjs\locales\bg.pak.info

MD5 82d7ab0ff6c34db264fd6778818f42b1
SHA1 eb508bd01721ba67f7daad55ba8e7acdb0a096eb
SHA256 e84331e84cd61d8bdacc574d5186fb259c00467513aa3f2090406330f68a45db
SHA512 176458b03cc2b2d3711965cd277531e002ae55d284b6c9178d2353e268f882430235468e5a1e9e45c8427864d109cf30a024a993b4763a75fa2744f6e0a6ae2a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 d10d6dc589fe221b74a5e7c70998bf0e
SHA1 5bd19ea21c8a97c90d7b0d7a8607ac140c513214
SHA256 2fc1740d9894743e6b6cca783e4c6bd0408cf9826b4b6a3c99a2d73d7f25cc0f
SHA512 977af474a7afbdd55fa60ff6dfaf4db4795a088e5e44399b4ab29e9dfc968cfdd51d578f1b07ad334446a4462ee640a5d1b23130825b6736ec4ee0471c7e35b8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5965b5.TMP

MD5 084fcb36609084485fc8b0e8f351dd40
SHA1 77e63c8d76fd3f21ac954dedf37ff1b3efeaf4fd
SHA256 27b90f40ff91a5ed37f230635c26b0ee8de9243770e106e1253d290373f1eebf
SHA512 ab7b2a86b11ec5343309b20bb70752dcbd26dfb48465ce1c3eeb12512b658ebc117f9c691dc298b8bcf82387809d7931bac42a05c6a9e5b1b7bdc344e654fd92

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 368ced12416bf08549c4d75b521a4763
SHA1 401bc4c4723c9978b30394e0c8ca3a2b45e6f4a5
SHA256 db949937c85183fdce84d3ef0d1f634fae3f0a74e3ab9f3ff29762f8b75a884e
SHA512 608254d9e0f7d5af37965d13ef1c53ac6361853308712de61babfb1ca1bc06a40254b87b7abe61d67a844f279a4786ed765d87f92a63456392aee50a540f3b14

C:\Users\Admin\AppData\Local\Temp\nsk36F6.tmp\Math.dll

MD5 85428cf1f140e5023f4c9d179b704702
SHA1 1b51213ddbaedfffb7e7f098f172f1d4e5c9efba
SHA256 8d9a23dd2004b68c0d2e64e6c6ad330d0c648bffe2b9f619a1e9760ef978207a
SHA512 dfe7f9f3030485caf30ec631424120030c3985df778993342a371bf1724fa84aa885b4e466c6f6b356d99cc24e564b9c702c7bcdd33052172e0794c2fdecce59

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Sync Data\LevelDB\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\98ab3375-dacc-4566-9c6f-b52897795845.tmp

MD5 728fe78292f104659fea5fc90570cc75
SHA1 11b623f76f31ec773b79cdb74869acb08c4052cb
SHA256 d98e226bea7a9c56bfdfab3c484a8e6a0fb173519c43216d3a1115415b166d20
SHA512 91e81b91b29d613fdde24b010b1724be74f3bae1d2fb4faa2c015178248ed6a0405e2b222f4a557a6b895663c159f0bf0dc6d64d21259299e36f53d95d7067aa

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\DawnCache\data_3

MD5 41876349cb12d6db992f1309f22df3f0
SHA1 5cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256 e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512 e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\DawnCache\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\DawnCache\data_0

MD5 cf89d16bb9107c631daabf0c0ee58efb
SHA1 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256 d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA512 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 054ead68d4ba655ec3327a297b60f06f
SHA1 7aaf3d4c32db91009b9a11f226258f1b4552485b
SHA256 0143a33910d6a15b6f87d31dfede439a542d6dfff1ba675cbc1dfbd44cdea797
SHA512 7fdd00c52b65fd193216d2c2a12f9acd6f2b934cb2473816fdc9dd88bd83f45b063d298dc8603853ebc57d2b55ad563ea94a8b710e3ea578a140191b71d37505

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Web Applications\_nwjs_pcapp.store\pc_app_store.ico.md5

MD5 03e9f614a008075733c76883156b568b
SHA1 5f9cb1b06928487c4b836e9dedc688e8a9650b0b
SHA256 b1a6a6fb45ad1e13054c40dc7c09e3098ee830bcf1ebaec27f640ae4c64b8416
SHA512 7e6969c8908a6bf57bd2cb4457a7c78360468383acee589278e49829617e2f3b872dd8213e57a2ed8f512d444c67a2e619deabdc1394d1c39c7759ed3c744f94

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Cache\Cache_Data\f_00000a

MD5 15edbb4d85cf503917a877d894fa0a18
SHA1 45b9165e1a659c3aabecaaf3ef8672f10541ee17
SHA256 6b99a2c0c946d59d80a1d56f795c61059cec833c904aaf6397eebd21d8129d8a
SHA512 4dc82a722cedbb945177fde76aa5f5990f81aa6cc09988949340ffc1c7ece507508b6b5f239c22388c39716cbe4bdb48d88b2fde257b8f40cdfed695a060326f

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Cache\Cache_Data\f_000015

MD5 8e433c0592f77beb6dc527d7b90be120
SHA1 d7402416753ae1bb4cbd4b10d33a0c10517838bd
SHA256 f052ee44c3728dfd23aba8a4567150bc314d23903026fbb6ad089422c2df56af
SHA512 5e90f48b923bb95aeb49691d03dade8825c119b2fa28977ea170c41548900f4e0165e2869f97c7a9380d7ff8ff331a1da855500e5f7b0dfd2b9abd77a386bbf3

C:\Users\Admin\PCAppStore\download\SetupEngine.exe

MD5 85f2849f25944fc15e58521a52b800ff
SHA1 718d11673de4743835523983ab5e06f88785a03d
SHA256 c4942bad2eaaca0bb5ed7e6900d6c85f12f0db6de790072838ce3f854b9ad677
SHA512 f5723f93695e84fc41f48f0153f024249e9abc9fd03d788af1c31d6084acfbe4c85a76de55ab8be4f68d16807bc0381c269cc3834510d538e9710f528b04beb7

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Cache\Cache_Data\f_000008

MD5 457442c95842e19e6aca17d451148620
SHA1 ac7565494cddaf1fd99ab3b27ff71f8ad3716d2b
SHA256 8fe7289e77a9393a85514009d489c3cbf73db5713ed2cd88d6263b5d4377b15a
SHA512 13a4c99bc8669032baccf0e78957e21a9bc745c10da1e716ab79ff38508f18800cdc0d149272802035e6b83aca069c9a3fb39b96fb63ea206f34ca866e15b6c7

C:\Users\Admin\AppData\Local\Temp\nse8BBD.tmp\modern-wizard.bmp

MD5 cbe40fd2b1ec96daedc65da172d90022
SHA1 366c216220aa4329dff6c485fd0e9b0f4f0a7944
SHA256 3ad2dc318056d0a2024af1804ea741146cfc18cc404649a44610cbf8b2056cf2
SHA512 62990cb16e37b6b4eff6ab03571c3a82dcaa21a1d393c3cb01d81f62287777fb0b4b27f8852b5fa71bc975feab5baa486d33f2c58660210e115de7e2bd34ea63

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Local State

MD5 774af30309f3e5992de11c145c81760a
SHA1 51fc790436c82e7a47b68e0c8f2c09893a1495bb
SHA256 bc17be26819880579fb8813d17a894ae3fdc7560e1c518cee173de4fff6001cb
SHA512 1d6cbc5cb3a2fb33227ece6c92c56e2ec392a04f72f67409efa2e9f5a85521b061c2ee1a7a9577a2dcd8228c1f9693bcd9a05bb6f642b5ab133b5ae3d4c6dd7b

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Local State

MD5 046ecf613ad52836fb0c381f2604db12
SHA1 2e324a96d7204552cfb48049069fb50a85acf04b
SHA256 c65c63a9c74c5798293d8431bcbb4302a2806e3788fa71078bddeb5a7e44f354
SHA512 b5d20e0b1fb4d1c6076338de7281c4fcf88e2ab7732f2fbaff0562293e67ba01776d6d39b4f19d3e69b335abbf1e447a674d93039acf4275f5dcdf27379260de

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 f8fb8809a48c51b3f21b084407284632
SHA1 bd8cf4539cd42bc78729a9e8c1b12a9d03cc4309
SHA256 fe75aca79efcfbb6cdfd07e9d66e22f44e835de6759c084ebe956ab085dcc3fd
SHA512 f1eab4ce76f2bee608d2f09cbaf0b6bb29b66412021a3405ba283ecbbf281368b977caea788f7a438dbfa6216acfc1bfcbd8e646b87234744841ab6249133670

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences~RFe59beb2.TMP

MD5 9a9fb9b2b77f356e47ba4a3dde362c59
SHA1 434f0bcca9184102fb5fbd9a88c376f92dd0540f
SHA256 3553aca8e0228409320158c5cf89ed7194ca8d77d20f94669245ccc1b8e7a1fd
SHA512 162430c9d891206d0028140bce7cb23d73ae50d768ca68ed65cf8b4c0b6679d68b892b94b9ed28900d1358d4d8e9dbe0754895c024814d0cb6a801025c98dc6e

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

MD5 d4d569f799e993e5e03765c3eab92b56
SHA1 3113334809fe0d0fdfc59548de8fa05d92177cb4
SHA256 04863bc19cac353ee9e027c43d913efea8b16e018f4c188b827060184b30cc02
SHA512 5ae39c5fc4bbeb720ac2294e8229de1b094b5224fcae37b817cbf969482d8680c06535490e3a89837575df8e8927608c1dc55ad265e01162ef188b8f49d9ee3a

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\TransportSecurity

MD5 34f427a24a59266dd1902af50050e30d
SHA1 0f2b80d95e73116710e3a6d590b482c4b56b0115
SHA256 328c0e4230df902607b16acfd98f7283d1cf4c03c1717295783ebaa488436f1b
SHA512 7bd4fe36f49535a67497e7063a1d0cdf1bf5136ce8efb079e5a4e29527cc0f6b37bb875dffb5153085aae5386ee386ca05b98535f51c7a826a2bd2d802030160

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\TransportSecurity~RFe59c26c.TMP

MD5 b323a80d06532559bae3fc99b413e214
SHA1 3ad3a1b3de99efa1ee71d7bb1b703684f9f474a4
SHA256 d7b10020f7aa361bd26a4367dd2e6de99d6ca58a867e6444e4a9b976a4d8dde0
SHA512 d13f456ee6b691cd104e961403afb4f22d9803c0a9f010a8b37f5341ea1886565eb989da102198b5da4c60c927f47f6bc2c301a100d736b5799f3ca6304aeb48

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c1b6b52a89a79e01b583436ed8e240ff
SHA1 91f5b65bfb657c3feb934fe0b8744332d551191f
SHA256 2b0733df533ade6bb2d1b19845fec63b165a1bffcf38b661c50f02198ca0f3b9
SHA512 c57b61b310c3880a52e4f98bae83e01c5c7cd7b9a67ca10636e0d9603aa8f9dfbd724da7b9f4e4a8ba6498c56d29ca70c9970db70168471f61c8b1cc5f260954

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe59cab9.TMP

MD5 46ccab97b7c8f07f29f22aa8d9dd5baa
SHA1 b0f0b2576ee4608746f9133384217feec6e7d332
SHA256 85f579d101b46147b5ca1ef09078dae6e96cde3a1c5929f8f2be779449267710
SHA512 f4420f788008a117c405d28a4643d3dee76b64d7bf6696fd994e9b6728770323d910e521e1b14ddc72ea2922b3b66b7b3346c94bc4305d32fb32b52594ffed58

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 696f9fc61e34fc0d109cf9e3ad1e3a0e
SHA1 4a4ad84c75955a2ff8013fdf05a3ca1a58538c78
SHA256 19f1b0da07abf6fcd2087815bcdc024ced9b00b32b591ddf772a8bc4fefda3cc
SHA512 954a26938d19f98861fc118a32d2fa622f65a7b533a40130abfcfed70944e3d85df62d1490ce69cd0b6e098284ede2169c8ddc9164dc7551d373c9b54a1ad0e4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 7cf8adf2059ec3ccb4b11583743c93a4
SHA1 bc2d8b129fd7ed96e2fc218115883f0c48bec7d8
SHA256 c07f04b02650979dbc90486beed00090f5368e8f3eb71d78df74256992817c4f
SHA512 051af288843678f256bdcd9fbacd968339427d08a3554d59eae2ba97c3feebd3cc09423bb9770b798207274f1b768866632c85633926c0c1711973079b9ea20b

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

MD5 fbce5f65630a1f8b3db1cfa9c68759fd
SHA1 9af3e923321805659a1ce7a3457fe354bcf52852
SHA256 78c87c3a19367c0e073e740a1d622e35d706d65f6ce3041d54109520d028d76a
SHA512 b62a9541c666f0a5fe67b51e024e30957a8326f73dbce207911c85b6c64e30f9fe1c838f02742d1f705de938e48335149c57b83b65d78ba90ebf13ae9f12bf7a

C:\Users\Admin\AppData\Local\Temp\nse8BBD.tmp\Banner.dll

MD5 a1b9bdee9fc87d11676605bd79037646
SHA1 8d6879f63048eb93b9657d0b78f534869d1fff64
SHA256 39e3108e0a4ccfb9fe4d8caf4fb40baa39bdd797f3a4c1fa886086226e00f465
SHA512 cd65d18eca885807c7c810286cebef75555d13889a4847bb30dc1a08d8948893899cc411728097641a8c07a8dcc59e1c1efa0e860e93dada871d5b7acc61b1e5

memory/5032-1598-0x0000000005270000-0x00000000052A6000-memory.dmp

memory/5032-1599-0x0000000005910000-0x0000000005F3A000-memory.dmp

memory/5032-1600-0x0000000005890000-0x00000000058B2000-memory.dmp

memory/5032-1601-0x0000000006170000-0x00000000061D6000-memory.dmp

memory/5032-1602-0x0000000006200000-0x0000000006266000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_ksy0denh.kyd.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/5032-1611-0x0000000006270000-0x00000000065C7000-memory.dmp

memory/5032-1612-0x0000000006720000-0x000000000673E000-memory.dmp

memory/5032-1613-0x0000000006750000-0x000000000679C000-memory.dmp

memory/5032-1636-0x0000000006D00000-0x0000000006D34000-memory.dmp

memory/5032-1637-0x0000000073390000-0x00000000733DC000-memory.dmp

memory/5032-1646-0x0000000006D40000-0x0000000006D5E000-memory.dmp

memory/5032-1647-0x0000000007920000-0x00000000079C4000-memory.dmp

memory/5032-1650-0x0000000007A90000-0x0000000007AAA000-memory.dmp

memory/5032-1649-0x00000000080E0000-0x000000000875A000-memory.dmp

memory/5032-1651-0x0000000007B00000-0x0000000007B0A000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\77906237-0874-4234-a4c7-1f49f6e2935f.down_data

MD5 5683c0028832cae4ef93ca39c8ac5029
SHA1 248755e4e1db552e0b6f8651b04ca6d1b31a86fb
SHA256 855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e
SHA512 aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3

memory/5032-1662-0x0000000007D40000-0x0000000007DD6000-memory.dmp

memory/5032-1663-0x0000000007CA0000-0x0000000007CB1000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 1ac018085758e312d43e614a5ba26efa
SHA1 77520120aef0e4759c9ea0c08bfa631f716aa27b
SHA256 46c56b33ed1d3e4d105d58a982e3ef1bfc551f4fb3677d35aeff34d11f7a9fc6
SHA512 d7d5134d044872b79b68a2ed684979abfa786d2efbe0f732b8eda93c30638989cfd59cbb9d9c699c6b417107bd04a8cd3edab1ece5314507e0706a0ed8bc8273

C:\Users\Admin\AppData\Local\Temp\nsaF573.tmp\nsExec.dll

MD5 675c4948e1efc929edcabfe67148eddd
SHA1 f5bdd2c4329ed2732ecfe3423c3cc482606eb28e
SHA256 1076ca39c449ed1a968021b76ef31f22a5692dfafeea29460e8d970a63c59906
SHA512 61737021f86f54279d0a4e35db0d0808e9a55d89784a31d597f2e4b65b7bbeec99aa6c79d65258259130eeda2e5b2820f4f1247777a3010f2dc53e30c612a683

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

MD5 591a7186cf1aebc2b7445eb0ce7f153d
SHA1 865c12529d3ae11b94a05d75b1fb3450ae9bd969
SHA256 9a3ebeedaefedc8045daa239963f73b52ea72880488075b4fe350bf954445617
SHA512 d6e17de75e1eecb7b87674565254c88f977206821966a055c0ca11842a42746eda5033122a9d54a2c92ff0eedd286a29dd4d0befd839a363dd8d080fc8549153

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\TransportSecurity

MD5 048ae1b46270d1eb7d11d11f94a0c948
SHA1 3b9d15a9a918f53cb37159f3a4b301852cdc9d30
SHA256 1479595ee9599220329981b6c4d86f2a774b8aa99219980a65dc69981eee4208
SHA512 71ec610757757c9fa0287aa2ef0d8be24752436a88f120d729ca8f74d85741649f8be6cf6fed654309493059ba671ea8e1595bc18a5bd1cb81fbba8127a2dd71

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 e84359e39c87cbee68d8052edeef7b9f
SHA1 379546d4b1463989cac3df3dc72d87b0b025a969
SHA256 9f69e406eda4321cd45513005c20de8c03bf9948cef81db00a120b121c4b2c06
SHA512 e0483b78c4faec6e9a73e502cfc48290bbf92ae303d9e34d05aa5e4b93a1699601ea4d8c882504c9fa8e54fd1c68230ccda70fb74376698813f64c818d9ad75b

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

MD5 58374b575b88ec69639eb1e8605a92a7
SHA1 76c3ed1e5003d90949898be688ae57e725d1c170
SHA256 64bffb169760eb2900f9cacfd3518b8e1bc44455bed5534a5328ff8f506b5995
SHA512 5aa6a23e84691e0e64727b0a968f3c27d6665c17550f46e9cb5b7a4701de4f581b2a7b20d292f2e5cca1fc8e6422d6b115d507a297f02c6e0e80aefa6f9223f5

memory/384-1738-0x0000000003260000-0x000000000337C000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\nsaF573.tmp\SimpleSC.dll

MD5 7b89329c6d8693fb2f6a4330100490a0
SHA1 851b605cdc1c390c4244db56659b6b9aa8abd22c
SHA256 1620cdf739f459d1d83411f93648f29dcf947a910cc761e85ac79a69639d127d
SHA512 ac07972987ee610a677ea049a8ec521a720f7352d8b93411a95fd4b35ec29bfd1d6ccf55b48f32cc84c3dceef05855f723a88708eb4cf23caec77e7f6596786a

C:\Program Files (x86)\Fast!\uninstaller.exe

MD5 7b84320c38dec82dd5dd432f2bd40b93
SHA1 9d0050434cf6f3b71bd404eafc77fa9a3e3e1924
SHA256 301d71a9350673254bb2c7e0f2954217b46b876d9af393029bbbfe5f852a41e7
SHA512 8569263ea8e405f11bd0d2d99949ec5f84f593d8a2210c2a82aabad5b98969dd79414f0072cf3b79d6ffd0703dcb73fbf72a2c56a75315fa4d89b50c024fdc28

memory/384-1928-0x0000000004A50000-0x0000000004B6C000-memory.dmp

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

MD5 587d983942246e4f77af2e004ce4dff8
SHA1 76bcbf860fd2cbecdf04963a381068a776507333
SHA256 14a7416a2fea472dbe72086c176f714ec98b0425a76cb6ec05947d61a3b21a5c
SHA512 b99c8784995c05703838b081cb262acfa9c2f4acdeccefdc30d8d577de67bb02cd6a8f15959c966a7027b33064f9747d8969daa34e11b368e502d4da9203bb81

C:\Program Files (x86)\Fast!\BigTestFile

MD5 fe082f4113888229b6ef694a07c7ce5f
SHA1 1ffb2d6acba55f8629f22622e175f4947d1dc554
SHA256 bd4d9626b43897ddac718e07003d4eeda39b9202651d9a2fc2fbbd552ef41367
SHA512 1c1457803a7aed1cf7eafde300bc13ce7d03dfb705128c8aa51003d1677841991be103950ad5a7470a12539a300dabbecff8c75b67e857343d995dd3ac1cf630

C:\Program Files (x86)\Fast!\BigTestFile

MD5 a71e4b78e5db0a82ac8c8e4ceee96d68
SHA1 61138d07df512d2c7c20ea56a08b905a78edcda5
SHA256 8cb40c8b4f4670dd227571bbc325d3965366f72d0a838b65aeb82e0eefffb2bd
SHA512 db6f43b301a4a919a58c3efb79c4ec7d3777677c57d48b3c20e27b3dc637ca82f9eb2e36d0a37dbb7e6279ad5f4e39a0f11367f011a178087ff3dc87685dfba0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 84a9c2a23d409ba595aa4e1718f027be
SHA1 32618e6e77d99e907e78954af94bae762a9992c7
SHA256 86bf456099b81717add7a17921e5b8fec3ee9d991122e5619228895448dd0b91
SHA512 4f7e2c44844eb8a93ef1f92c9ee624929fca9e2dd87b5937ef7f262ea11c8279ed765a06e668ad4e4a2642e6e89b6cb125c6c4457e1d5e0f04b2dd7c4251f0c6

C:\Program Files (x86)\Fast!\BigTestFile

MD5 77f1a79141ce86074d9181159f77cae0
SHA1 d6150a013d04e6683d8e613448297aa6dbf84701
SHA256 8a8922d6b1d6d34f388991497783570fb45e508d88c40ca97463c3f116adf33b
SHA512 18330f6e617bf8e95c691e6317e4abba0f232598165bdd0b203520ef90d0da9cb8e1c5c7b460ce120f14e10217595905c8150edc09a3c447e02a30083fae145f

C:\Program Files (x86)\Fast!\BigTestFile

MD5 312010697eb4c5ccaf335050c38f17c5
SHA1 cb75fb814d5595e9369389470977d8b040e93dc9
SHA256 54c393100e42692bedb64eab1129d7f91f0292e8b2ab2cdc5e631495be63e738
SHA512 952a9fcf35ce4109c9a28b773519acafb630d2f34868b5263671989d55ca9177000b99684aaa1447ea85ee7e371fc833e4f5e7356456d83a051e7b728548aaae

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

MD5 b529f1e293bffd8f07ea487faa4a8a59
SHA1 9c56f1c9bf552d1fe93a4bbb820f9df6f6e6412f
SHA256 f8eeeb04c1fb7a96a7ced7e6c195a52b4e936c68d2cb0a7bf7a783ff99f983c6
SHA512 7999f9f758bd032c4d1d70677183719c87ef0879cfc1d870785cc82edac8183aba033b17309e4565f1bcd398b636ac3a8bde51ed71230697ae8ea7a689e50102

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\Network Persistent State

MD5 773da39ba0033ea5051a92221f1ec4e0
SHA1 ec09110a9bcafa236bcddd72b5724660cb301ee7
SHA256 39a029088f8ec2d43bb1c21278de1d8b6c4f04c6f0d09091a113b50784687d75
SHA512 5303b9d792c985c05e6200c8c018aefe83caa471210464548c10da27384ee5d87af7c03ec61386b9e56954d4f0ae4961f347d7572dca2e8d4d181e3c3591920a

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\Network Persistent State~RFe5a8984.TMP

MD5 2800881c775077e1c4b6e06bf4676de4
SHA1 2873631068c8b3b9495638c865915be822442c8b
SHA256 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512 e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\TransportSecurity

MD5 976cb28cd599f7b4d223e5b1acca512f
SHA1 1388899b24c75e068d6d3433c0356add7b0b3a8d
SHA256 2022ff984fe980025d3e88a8b31c9dbe9ea2ebf87cc02c6610da1f783bade574
SHA512 2f52b1afab704387b1b8b79acbdcb9b0ca52efeadd2fc41a11c3b9532b3abce2f4183ea491135f5040cad0625c9ff9d000c85d82aee0a3c759b2560e2e018194

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 8686f7bce1596b30b9ae453fbc8a6e98
SHA1 9f425e4b0a229ce4e930e8d9cf8a95e40e7ed7f2
SHA256 d1454eb54d153086411c9ad339dae603c720b0dead07c369443607e8a239aa27
SHA512 f7c44fd0f7094cf0e3c175e4da4e1771c547c7331b714366a43d750e92d828519cf5876745a96834a3ef96e7c02c898f3284a812dfeb01ae6ee2a7fafa679667

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

MD5 47c8fc3593e7558c0e23ca77561c15d6
SHA1 8c46364928f5a031e11f9171cf0f5874166d9546
SHA256 ee30ad19ce5c4c4aebbe501db0dcd5eff55af57c8f75552594c9d9fa7953a832
SHA512 c5e6d52ba4e1ab69edcea5e63e3df41fe451745c80600c80cf8f27b5368836976edac30bfc4f96c93985a0facb662baa083a45957f9f3bcad62d314c46d7962a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 3901a7014f8a4a4df82fc84b6e66b690
SHA1 c4e3d35b0895de880138671b735aa3457ccc4040
SHA256 ed2fbf1392216a039673e87875962d7cdadbc69b65b752fa2c6f992272240996
SHA512 768c5ff3d38f26de311231746c4d6feead12ddcdd54a244eb11a0e6e0fc53c55efc25d47543901f9f97b8353b3ca94436b9722b0c7595ff8ca9d6c86a034247e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 ca1cb86cfb7dc0e31b5509012489eb93
SHA1 d187001f24bf58af233508645e348a96923bf6af
SHA256 3cfeab032c9cf2b91167c1487905af1335aaf058a6ad9e00d9cdbf5bc96553c1
SHA512 41d1bb0be264fd0451ec99d38824cbadd454a0920cf5a0294cc0d28c64163d9e1951d9739082f8c246da90beea5bce376087f23120a572b2f15e84b8ade3ef0b

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

MD5 fec1c939f5622429cef671a6eadb8bf9
SHA1 f656c2777650bf970b12b815208aafe298d1c286
SHA256 cf7132c82c20aa7ddd8b61dd72314826fac828702867770830c6bcbd88ca86ee
SHA512 82bfcd05f84a8268c8b6da8e9f13ee11e0c4663b7140ca01f694fd8ed6769dcb438a9db0571f13557ab088fb2505bbe6e5530eb15f2d21ad0f039c5ac4db3de6

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

MD5 d1443dfe85310c73ace6a9fae8cf281f
SHA1 a69e215b8f06dc85164d1b23b173fdd233b56d57
SHA256 39d2264795975655b91996040d8122f0900cc8d95449c13e283b8df54402b78b
SHA512 ececcf7129b54ca22709174ab1e42f1b69a243798d21b449e96570a606a18355c53e625c5199ddc0b64a59e2aa18b7943b973586b3c39bebc3a6c96fc3060d36

memory/7240-3510-0x0000000000010000-0x0000000001C65000-memory.dmp

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\TransportSecurity

MD5 c1df0195e9e7a3e5dc1dc393851a1021
SHA1 376bae6cfc264bb3be2427ea15bc2f236cb227ad
SHA256 011ae3eac3b82e46f3a9a34a049d4f0205360e641f1c73b6d1528737ce87a3d5
SHA512 ee23ecff16ae8074b0bee35ed465d50b2de6f39589554cd810301f45fd2d9a387120b440267793d17952d8466d646c982a9daa36f0b0f813cbea672864dd173d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 815983230cbc29306544f378709d835a
SHA1 094dbe9fd958aebd6b39eaadf447082f594527f0
SHA256 4c39a80c8240f9b84f0866f35a78a2f1239fd6298da0bba31e9a9259d67a27ee
SHA512 b693fa57b5401cb189c480ab14676c2f2c6242891d39fabbf921dd455f35a4c6b2574fb7339302f0a950c04f8af88a304c5a6f99d4685a9dd5f07cf0ca4f7930

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 56b08747bba188e40948df249ba6d789
SHA1 135e142553287d3823ea4b2837b42fb5153a9c16
SHA256 eaf2ac348d5a7abd27ec1e07aa4e1db33dfdf98d053ba688cf9803b354cb378d
SHA512 3b6bd28ef1153fa8280d7219a47c761a626cd04e862a5153f9a3e989789d5c552d7f78fef1b9b2f9b04b3b4fd210898488bb7016a5e6c700b6565d5ccb0cc138

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

MD5 9df4d268dc0eef1d2fa20ff4efcb95c8
SHA1 f5e4431cf58c625b626897b7acf5cf4bdc97c62d
SHA256 a3b92ae32b421595fc77d8695c58121556dbebcf4ceab73e2a17425236e83500
SHA512 0cebc8d8c8618c6e73408f2344b4a0534e72c239bcff88b01654bb568cc999e033ea5ad4f7c5659c2063bcc69014f913b1d9b1a3c4c61cea62624ef55e8fef98

memory/7864-3555-0x000001C4BFF00000-0x000001C4BFF01000-memory.dmp

memory/7864-3554-0x000001C4BFF00000-0x000001C4BFF01000-memory.dmp

memory/7864-3553-0x000001C4BFF00000-0x000001C4BFF01000-memory.dmp

memory/7864-3561-0x000001C4BFF00000-0x000001C4BFF01000-memory.dmp

memory/7864-3565-0x000001C4BFF00000-0x000001C4BFF01000-memory.dmp

memory/7864-3564-0x000001C4BFF00000-0x000001C4BFF01000-memory.dmp

memory/7864-3563-0x000001C4BFF00000-0x000001C4BFF01000-memory.dmp

memory/7864-3562-0x000001C4BFF00000-0x000001C4BFF01000-memory.dmp

memory/7864-3560-0x000001C4BFF00000-0x000001C4BFF01000-memory.dmp

memory/7864-3559-0x000001C4BFF00000-0x000001C4BFF01000-memory.dmp

C:\Users\Admin\AppData\Local\D3DSCache\e75ae0776967e3f0\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

MD5 f49655f856acb8884cc0ace29216f511
SHA1 cb0f1f87ec0455ec349aaa950c600475ac7b7b6b
SHA256 7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba
SHA512 599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

C:\Users\Admin\AppData\Local\D3DSCache\e75ae0776967e3f0\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

MD5 5da7aad8df6342db4528ce16b4f4e467
SHA1 08917ed58cc5bfdfdf2a34de4275356affdf2d2c
SHA256 690c594920f91b28ca311b79af9888c924db3b4fd31f3eb7e480045749b65307
SHA512 043c94c4695499e7a2047a9ae670942edf21822ff1a0a4c087fa008c64aa983eb2b34ddf27add6cdef091dac2bd7e5e282cb517128f983d51bf47e3391130880

C:\Users\Admin\AppData\Local\D3DSCache\e75ae0776967e3f0\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

MD5 7119cee8c52ce1ca22890ca45bebba27
SHA1 a8292fd51a05a8d6697db3dbb5a15a743019a019
SHA256 53178bac0a9f65e4f9a5c5a29dec03d0d34a048aaed4fa8625b68004725bcdeb
SHA512 197fd9a7cff0127cdbf3769bd1ec3c0f97f28782e6569f71484d0d459d313c057472b38a94f79b96ca6e5a4ca698c59ad25a929912a641e758f3561480600fcf

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

MD5 ebe42a12bfc3939163517e8ece3356bb
SHA1 fa99dcdfe6a27e902e2453ad82677e72a53bd247
SHA256 267340d2b44d959eecabc607af0b415dcf872a4720a03c76d3f3be280d3cb4bd
SHA512 4750371bbc2e7a53dc3efbe1980b4bf5855b77ae9d8b4f0d6c7ec424a543e09a20c377d02aff5faa65ec8056b1153c95742dacb46a3a8149f676047b4f501f00

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

MD5 8b39fa365e38d2450ff356a8f9b9a971
SHA1 427325285d8652b486b2a570aba2b5679196dd14
SHA256 08bdb1891364df5a93081eeefa4ea42cb0531e5f13e7c71e0a1fdca266269be5
SHA512 880b2e8fa8cbf50d83a4d83a6c584123d1c85d8f01215141668cdd430270233c753733414ac4a15e3be642a2ae9683ef7b65b1a8c510b9e84a9da32163ee89d3

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

MD5 43f0944ea59a020feaba3920f938e391
SHA1 f38e6bff3516713a4fb193ad4ad028a6e407110c
SHA256 edd2f90c03e6748c2d3857929e3372bb07167bd6e15f955bfafbef9631bafa36
SHA512 63a97c08137a3c6dff5a8061521cd9f89061f73df8e99d9886b92b85159ee351e50d0c8e25b3f67571e5348e1fc26cd6218c8b9529d1d893eac488f98847ac90