hxxp://google[.]com

Analysis

max time kernel
213s
max time network
213s
platform
windows11-21h2_x64
resource
win11-20250410-en
resource tags

arch:x64arch:x86image:win11-20250410-enlocale:en-usos:windows11-21h2-x64system
submitted
14/04/2025, 15:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://google.com

Score

7^/10

microsoft defense_evasion discovery persistence phishing spyware stealer trojan

Malware Config

Signatures

Executes dropped EXE 6 IoCs

pid	Process
4656	Setup.exe
5176	PcAppStore.exe
5432	Watchdog.exe
2468	AutoUpdater.exe
5624	Watchdog.exe
5784	PcAppStore.exe

Loads dropped DLL 13 IoCs

pid	Process
4656	Setup.exe
4656	Setup.exe
4656	Setup.exe
4656	Setup.exe
4656	Setup.exe
4656	Setup.exe
4656	Setup.exe
4656	Setup.exe
4656	Setup.exe
4656	Setup.exe
4656	Setup.exe
4656	Setup.exe
4656	Setup.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 3 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Run\PCAppStore = "\"C:\\Users\\Admin\\PCAppStore\\PCAppStore.exe\" /init default"	Setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Run\PcAppStoreUpdater = "\"C:\\Users\\Admin\\PCAppStore\\AutoUpdater.exe\" /i"	Setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Run\Watchdog = "\"C:\\Users\\Admin\\PCAppStore\\Watchdog.exe\" /guid=82B1CF6D-CFE6-413C-968F-6DB6B2E694BFX /rid=20250414151010.598240731750 /ver=fa.2010"	Setup.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks whether UAC is enabled 1 TTPs 1 IoCs

defense_evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	PcAppStore.exe

Network Share Discovery 1 TTPs
Attempt to gather information on host network.
discovery

Network Share Discovery
T1135

Detected potential entity reuse from brand MICROSOFT. 1 IoCs

phishing microsoft

flow	pid	Process
68	1524	chrome.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\SystemTemp	msedgewebview2.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Setup.exe:Zone.Identifier	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Setup.exe

Checks SCSI registry key(s) 3 TTPs 38 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\LocationInformation	PcAppStore.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Security	PcAppStore.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	PcAppStore.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ContainerID	PcAppStore.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Service	PcAppStore.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\UpperFilters	PcAppStore.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\LowerFilters	PcAppStore.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\DeviceType	PcAppStore.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	PcAppStore.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\LocationInformation	PcAppStore.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Security	PcAppStore.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\UINumberDescFormat	PcAppStore.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0025	PcAppStore.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ContainerID	PcAppStore.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\UINumber	PcAppStore.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\LowerFilters	PcAppStore.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	PcAppStore.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\UINumber	PcAppStore.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\DeviceType	PcAppStore.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	PcAppStore.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\UpperFilters	PcAppStore.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000	PcAppStore.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	PcAppStore.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\DeviceDesc	PcAppStore.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	PcAppStore.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\DeviceDesc	PcAppStore.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	PcAppStore.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Mfg	PcAppStore.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	PcAppStore.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	PcAppStore.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName	PcAppStore.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\UINumberDescFormat	PcAppStore.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Service	PcAppStore.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Driver	PcAppStore.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0025	PcAppStore.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Driver	PcAppStore.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Mfg	PcAppStore.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs	PcAppStore.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedgewebview2.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedgewebview2.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133891168857607548"	chrome.exe

Modifies registry class 9 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3582532709-2637047242-3508314386-1000\{F311133D-A9AC-4BB5-855F-1FDC5BF31386}	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	BackgroundTransferHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:"	BackgroundTransferHost.exe
Key created	\REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000_Classes\Local Settings\MuiCache	BackgroundTransferHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\DisplayName = "Chrome Sandbox"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\Moniker = "cr.sb.odm3E4D1A088C1F6D498C84F3C86DE73CE49F82A104"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\Children	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix	BackgroundTransferHost.exe
Key created	\REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428	chrome.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Setup.exe:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 30 IoCs

pid	Process
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
4656	Setup.exe
4656	Setup.exe
4656	Setup.exe
4656	Setup.exe
4656	Setup.exe
4656	Setup.exe
4656	Setup.exe
4656	Setup.exe
4656	Setup.exe
4656	Setup.exe
2104	chrome.exe
2104	chrome.exe
4656	Setup.exe
4656	Setup.exe
4656	Setup.exe
4656	Setup.exe
4656	Setup.exe
4656	Setup.exe
5176	PcAppStore.exe
5176	PcAppStore.exe
5432	Watchdog.exe
5432	Watchdog.exe
5624	Watchdog.exe
5624	Watchdog.exe
5784	PcAppStore.exe
5784	PcAppStore.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
5176	PcAppStore.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 20 IoCs

pid	Process
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
2092	msedgewebview2.exe
2092	msedgewebview2.exe
2092	msedgewebview2.exe
2092	msedgewebview2.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1684	chrome.exe
Token: SeCreatePagefilePrivilege	1684	chrome.exe
Token: SeShutdownPrivilege	1684	chrome.exe
Token: SeCreatePagefilePrivilege	1684	chrome.exe
Token: SeShutdownPrivilege	1684	chrome.exe
Token: SeCreatePagefilePrivilege	1684	chrome.exe
Token: SeShutdownPrivilege	1684	chrome.exe
Token: SeCreatePagefilePrivilege	1684	chrome.exe
Token: SeShutdownPrivilege	1684	chrome.exe
Token: SeCreatePagefilePrivilege	1684	chrome.exe
Token: SeShutdownPrivilege	1684	chrome.exe
Token: SeCreatePagefilePrivilege	1684	chrome.exe
Token: SeShutdownPrivilege	1684	chrome.exe
Token: SeCreatePagefilePrivilege	1684	chrome.exe
Token: SeShutdownPrivilege	1684	chrome.exe
Token: SeCreatePagefilePrivilege	1684	chrome.exe
Token: SeShutdownPrivilege	1684	chrome.exe
Token: SeCreatePagefilePrivilege	1684	chrome.exe
Token: SeShutdownPrivilege	1684	chrome.exe
Token: SeCreatePagefilePrivilege	1684	chrome.exe
Token: SeShutdownPrivilege	1684	chrome.exe
Token: SeCreatePagefilePrivilege	1684	chrome.exe
Token: SeShutdownPrivilege	1684	chrome.exe
Token: SeCreatePagefilePrivilege	1684	chrome.exe
Token: SeShutdownPrivilege	1684	chrome.exe
Token: SeCreatePagefilePrivilege	1684	chrome.exe
Token: SeShutdownPrivilege	1684	chrome.exe
Token: SeCreatePagefilePrivilege	1684	chrome.exe
Token: SeShutdownPrivilege	1684	chrome.exe
Token: SeCreatePagefilePrivilege	1684	chrome.exe
Token: SeShutdownPrivilege	1684	chrome.exe
Token: SeCreatePagefilePrivilege	1684	chrome.exe
Token: SeShutdownPrivilege	1684	chrome.exe
Token: SeCreatePagefilePrivilege	1684	chrome.exe
Token: SeShutdownPrivilege	1684	chrome.exe
Token: SeCreatePagefilePrivilege	1684	chrome.exe
Token: SeShutdownPrivilege	1684	chrome.exe
Token: SeCreatePagefilePrivilege	1684	chrome.exe
Token: SeShutdownPrivilege	1684	chrome.exe
Token: SeCreatePagefilePrivilege	1684	chrome.exe
Token: SeShutdownPrivilege	1684	chrome.exe
Token: SeCreatePagefilePrivilege	1684	chrome.exe
Token: SeShutdownPrivilege	1684	chrome.exe
Token: SeCreatePagefilePrivilege	1684	chrome.exe
Token: SeShutdownPrivilege	1684	chrome.exe
Token: SeCreatePagefilePrivilege	1684	chrome.exe
Token: SeShutdownPrivilege	1684	chrome.exe
Token: SeCreatePagefilePrivilege	1684	chrome.exe
Token: SeShutdownPrivilege	1684	chrome.exe
Token: SeCreatePagefilePrivilege	1684	chrome.exe
Token: SeShutdownPrivilege	1684	chrome.exe
Token: SeCreatePagefilePrivilege	1684	chrome.exe
Token: SeShutdownPrivilege	1684	chrome.exe
Token: SeCreatePagefilePrivilege	1684	chrome.exe
Token: SeShutdownPrivilege	1684	chrome.exe
Token: SeCreatePagefilePrivilege	1684	chrome.exe
Token: SeShutdownPrivilege	1684	chrome.exe
Token: SeCreatePagefilePrivilege	1684	chrome.exe
Token: SeShutdownPrivilege	1684	chrome.exe
Token: SeCreatePagefilePrivilege	1684	chrome.exe
Token: SeShutdownPrivilege	1684	chrome.exe
Token: SeCreatePagefilePrivilege	1684	chrome.exe
Token: SeShutdownPrivilege	1684	chrome.exe
Token: SeCreatePagefilePrivilege	1684	chrome.exe

Suspicious use of FindShellTrayWindow 54 IoCs

pid	Process
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
5176	PcAppStore.exe
5176	PcAppStore.exe
5176	PcAppStore.exe
5176	PcAppStore.exe
5176	PcAppStore.exe
5176	PcAppStore.exe
5176	PcAppStore.exe
5176	PcAppStore.exe
5176	PcAppStore.exe
5176	PcAppStore.exe
5176	PcAppStore.exe
5176	PcAppStore.exe
5176	PcAppStore.exe
5176	PcAppStore.exe
5176	PcAppStore.exe
1684	chrome.exe

Suspicious use of SendNotifyMessage 50 IoCs

pid	Process
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
5176	PcAppStore.exe
5176	PcAppStore.exe
5176	PcAppStore.exe
5176	PcAppStore.exe
5176	PcAppStore.exe
5176	PcAppStore.exe
5176	PcAppStore.exe
5176	PcAppStore.exe
5176	PcAppStore.exe
5176	PcAppStore.exe
5176	PcAppStore.exe
5176	PcAppStore.exe
5176	PcAppStore.exe
5176	PcAppStore.exe
5176	PcAppStore.exe
5176	PcAppStore.exe
5176	PcAppStore.exe
5176	PcAppStore.exe
5176	PcAppStore.exe
5176	PcAppStore.exe
5176	PcAppStore.exe
5176	PcAppStore.exe
5176	PcAppStore.exe
5176	PcAppStore.exe
5176	PcAppStore.exe
5176	PcAppStore.exe
5176	PcAppStore.exe
5176	PcAppStore.exe
5176	PcAppStore.exe
5176	PcAppStore.exe
5176	PcAppStore.exe
5176	PcAppStore.exe
5176	PcAppStore.exe
5176	PcAppStore.exe
5176	PcAppStore.exe
5176	PcAppStore.exe
5176	PcAppStore.exe
5176	PcAppStore.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
5176	PcAppStore.exe
5176	PcAppStore.exe
5176	PcAppStore.exe
5176	PcAppStore.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
5176	PcAppStore.exe
5176	PcAppStore.exe
5176	PcAppStore.exe
5176	PcAppStore.exe
5176	PcAppStore.exe
5176	PcAppStore.exe
5176	PcAppStore.exe
5176	PcAppStore.exe
5176	PcAppStore.exe
5176	PcAppStore.exe
5176	PcAppStore.exe
5176	PcAppStore.exe
5176	PcAppStore.exe
5176	PcAppStore.exe
5176	PcAppStore.exe
5176	PcAppStore.exe
5176	PcAppStore.exe
5176	PcAppStore.exe
5176	PcAppStore.exe
5176	PcAppStore.exe
5176	PcAppStore.exe
5176	PcAppStore.exe
5176	PcAppStore.exe
5176	PcAppStore.exe
5176	PcAppStore.exe
5176	PcAppStore.exe
5176	PcAppStore.exe
5176	PcAppStore.exe
5176	PcAppStore.exe
5176	PcAppStore.exe
5176	PcAppStore.exe
5176	PcAppStore.exe
5176	PcAppStore.exe
5176	PcAppStore.exe
5176	PcAppStore.exe
5176	PcAppStore.exe
5176	PcAppStore.exe
5176	PcAppStore.exe
5176	PcAppStore.exe
5176	PcAppStore.exe
5176	PcAppStore.exe
5176	PcAppStore.exe
5176	PcAppStore.exe
5176	PcAppStore.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1684 wrote to memory of 1956	1684	chrome.exe	78
PID 1684 wrote to memory of 1956	1684	chrome.exe	78
PID 1684 wrote to memory of 4432	1684	chrome.exe	79
PID 1684 wrote to memory of 4432	1684	chrome.exe	79
PID 1684 wrote to memory of 4432	1684	chrome.exe	79
PID 1684 wrote to memory of 4432	1684	chrome.exe	79
PID 1684 wrote to memory of 4432	1684	chrome.exe	79
PID 1684 wrote to memory of 4432	1684	chrome.exe	79
PID 1684 wrote to memory of 4432	1684	chrome.exe	79
PID 1684 wrote to memory of 4432	1684	chrome.exe	79
PID 1684 wrote to memory of 4432	1684	chrome.exe	79
PID 1684 wrote to memory of 4432	1684	chrome.exe	79
PID 1684 wrote to memory of 4432	1684	chrome.exe	79
PID 1684 wrote to memory of 4432	1684	chrome.exe	79
PID 1684 wrote to memory of 4432	1684	chrome.exe	79
PID 1684 wrote to memory of 4432	1684	chrome.exe	79
PID 1684 wrote to memory of 4432	1684	chrome.exe	79
PID 1684 wrote to memory of 4432	1684	chrome.exe	79
PID 1684 wrote to memory of 4432	1684	chrome.exe	79
PID 1684 wrote to memory of 4432	1684	chrome.exe	79
PID 1684 wrote to memory of 4432	1684	chrome.exe	79
PID 1684 wrote to memory of 4432	1684	chrome.exe	79
PID 1684 wrote to memory of 4432	1684	chrome.exe	79
PID 1684 wrote to memory of 4432	1684	chrome.exe	79
PID 1684 wrote to memory of 4432	1684	chrome.exe	79
PID 1684 wrote to memory of 4432	1684	chrome.exe	79
PID 1684 wrote to memory of 4432	1684	chrome.exe	79
PID 1684 wrote to memory of 4432	1684	chrome.exe	79
PID 1684 wrote to memory of 4432	1684	chrome.exe	79
PID 1684 wrote to memory of 4432	1684	chrome.exe	79
PID 1684 wrote to memory of 4432	1684	chrome.exe	79
PID 1684 wrote to memory of 4432	1684	chrome.exe	79
PID 1684 wrote to memory of 1524	1684	chrome.exe	80
PID 1684 wrote to memory of 1524	1684	chrome.exe	80
PID 1684 wrote to memory of 5988	1684	chrome.exe	81
PID 1684 wrote to memory of 5988	1684	chrome.exe	81
PID 1684 wrote to memory of 5988	1684	chrome.exe	81
PID 1684 wrote to memory of 5988	1684	chrome.exe	81
PID 1684 wrote to memory of 5988	1684	chrome.exe	81
PID 1684 wrote to memory of 5988	1684	chrome.exe	81
PID 1684 wrote to memory of 5988	1684	chrome.exe	81
PID 1684 wrote to memory of 5988	1684	chrome.exe	81
PID 1684 wrote to memory of 5988	1684	chrome.exe	81
PID 1684 wrote to memory of 5988	1684	chrome.exe	81
PID 1684 wrote to memory of 5988	1684	chrome.exe	81
PID 1684 wrote to memory of 5988	1684	chrome.exe	81
PID 1684 wrote to memory of 5988	1684	chrome.exe	81
PID 1684 wrote to memory of 5988	1684	chrome.exe	81
PID 1684 wrote to memory of 5988	1684	chrome.exe	81
PID 1684 wrote to memory of 5988	1684	chrome.exe	81
PID 1684 wrote to memory of 5988	1684	chrome.exe	81
PID 1684 wrote to memory of 5988	1684	chrome.exe	81
PID 1684 wrote to memory of 5988	1684	chrome.exe	81
PID 1684 wrote to memory of 5988	1684	chrome.exe	81
PID 1684 wrote to memory of 5988	1684	chrome.exe	81
PID 1684 wrote to memory of 5988	1684	chrome.exe	81
PID 1684 wrote to memory of 5988	1684	chrome.exe	81
PID 1684 wrote to memory of 5988	1684	chrome.exe	81
PID 1684 wrote to memory of 5988	1684	chrome.exe	81
PID 1684 wrote to memory of 5988	1684	chrome.exe	81
PID 1684 wrote to memory of 5988	1684	chrome.exe	81
PID 1684 wrote to memory of 5988	1684	chrome.exe	81
PID 1684 wrote to memory of 5988	1684	chrome.exe	81
PID 1684 wrote to memory of 5988	1684	chrome.exe	81

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://google.com
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc85f6dcf8,0x7ffc85f6dd04,0x7ffc85f6dd10
  2⤵
  PID:1956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1944,i,13082616372813434964,884304823863630120,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=1940 /prefetch:2
  2⤵
  PID:4432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=2220,i,13082616372813434964,884304823863630120,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=1432 /prefetch:11
  2⤵
  - Detected potential entity reuse from brand MICROSOFT.
  PID:1524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2356,i,13082616372813434964,884304823863630120,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=2332 /prefetch:13
  2⤵
  PID:5988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3076,i,13082616372813434964,884304823863630120,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=3088 /prefetch:1
  2⤵
  PID:3920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3080,i,13082616372813434964,884304823863630120,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=3108 /prefetch:1
  2⤵
  PID:5812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4168,i,13082616372813434964,884304823863630120,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=3768 /prefetch:9
  2⤵
  PID:3652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4600,i,13082616372813434964,884304823863630120,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=4640 /prefetch:1
  2⤵
  PID:4272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5224,i,13082616372813434964,884304823863630120,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=5240 /prefetch:14
  2⤵
  PID:5344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5444,i,13082616372813434964,884304823863630120,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=5524 /prefetch:1
  2⤵
  PID:3416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5728,i,13082616372813434964,884304823863630120,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=5360 /prefetch:1
  2⤵
  PID:1288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5752,i,13082616372813434964,884304823863630120,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=5700 /prefetch:1
  2⤵
  PID:3444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5524,i,13082616372813434964,884304823863630120,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=5512 /prefetch:1
  2⤵
  PID:1792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5848,i,13082616372813434964,884304823863630120,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=5904 /prefetch:1
  2⤵
  PID:2260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=6028,i,13082616372813434964,884304823863630120,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=6040 /prefetch:1
  2⤵
  PID:572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5664,i,13082616372813434964,884304823863630120,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=5900 /prefetch:14
  2⤵
  PID:3784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5660,i,13082616372813434964,884304823863630120,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=6132 /prefetch:14
  2⤵
  PID:2872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5844,i,13082616372813434964,884304823863630120,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=6180 /prefetch:14
  2⤵
  PID:4632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6148,i,13082616372813434964,884304823863630120,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=6184 /prefetch:14
  2⤵
  PID:1208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6156,i,13082616372813434964,884304823863630120,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=5440 /prefetch:14
  2⤵
  PID:484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5888,i,13082616372813434964,884304823863630120,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=5428 /prefetch:14
  2⤵
  PID:4540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=4148,i,13082616372813434964,884304823863630120,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=5684 /prefetch:1
  2⤵
  PID:648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=5700,i,13082616372813434964,884304823863630120,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=4224 /prefetch:1
  2⤵
  PID:1172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6008,i,13082616372813434964,884304823863630120,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=4244 /prefetch:14
  2⤵
  PID:5808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=5892,i,13082616372813434964,884304823863630120,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=4280 /prefetch:1
  2⤵
  PID:5516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6032,i,13082616372813434964,884304823863630120,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=5876 /prefetch:14
  2⤵
  - Modifies registry class
  PID:4904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3332,i,13082616372813434964,884304823863630120,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=6064 /prefetch:12
  2⤵
  PID:400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=5972,i,13082616372813434964,884304823863630120,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=3456 /prefetch:1
  2⤵
  PID:2472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=6260,i,13082616372813434964,884304823863630120,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=4700 /prefetch:1
  2⤵
  PID:4052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6612,i,13082616372813434964,884304823863630120,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=6712 /prefetch:14
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  PID:1824
- C:\Users\Admin\Downloads\Setup.exe
  "C:\Users\Admin\Downloads\Setup.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Adds Run key to start application
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:4656
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" https://pcapp.store/installing.php?guid=82B1CF6D-CFE6-413C-968F-6DB6B2E694BFX&winver=22000&version=fa.2010&nocache=20250414151010.83&_fcid=1744643371412543
    3⤵
    PID:5668
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffc85f6dcf8,0x7ffc85f6dd04,0x7ffc85f6dd10
      4⤵
      PID:4788
- - C:\Users\Admin\PCAppStore\PcAppStore.exe
    "C:\Users\Admin\PCAppStore\PcAppStore.exe" /init default
    3⤵
    - Executes dropped EXE
    - Checks whether UAC is enabled
    - Checks SCSI registry key(s)
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    PID:5176
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=PcAppStore.exe --webview-exe-version=1.0.0.2010 --user-data-dir="C:\Users\Admin\PCAppStore\UserData\Admin\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --mojo-named-platform-channel-pipe=5176.1924.2091415228960223382
      4⤵
      Drops file in Windows directory
      Enumerates system info in registry
      Modifies data under HKEY_USERS
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      PID:2092
    - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\PCAppStore\UserData\Admin\EBWebView /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\PCAppStore\UserData\Admin\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=132.0.6834.160 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=132.0.2957.140 --initial-client-data=0x17c,0x180,0x184,0x158,0x18c,0x7ffc70a8b078,0x7ffc70a8b084,0x7ffc70a8b090
        5⤵
        
        PID:5252
    - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=gpu-process --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\PCAppStore\UserData\Admin\EBWebView" --webview-exe-name=PcAppStore.exe --webview-exe-version=1.0.0.2010 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=1720,i,16494777266419675705,1173158276236897378,262144 --variations-seed-version --mojo-platform-channel-handle=1644 /prefetch:2
        5⤵
        
        PID:4952
    - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\PCAppStore\UserData\Admin\EBWebView" --webview-exe-name=PcAppStore.exe --webview-exe-version=1.0.0.2010 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --always-read-main-dll --field-trial-handle=1988,i,16494777266419675705,1173158276236897378,262144 --variations-seed-version --mojo-platform-channel-handle=2020 /prefetch:11
        5⤵
        
        PID:5956
    - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\PCAppStore\UserData\Admin\EBWebView" --webview-exe-name=PcAppStore.exe --webview-exe-version=1.0.0.2010 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --always-read-main-dll --field-trial-handle=2288,i,16494777266419675705,1173158276236897378,262144 --variations-seed-version --mojo-platform-channel-handle=2260 /prefetch:13
        5⤵
        
        PID:1596
    - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=renderer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\PCAppStore\UserData\Admin\EBWebView" --webview-exe-name=PcAppStore.exe --webview-exe-version=1.0.0.2010 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --always-read-main-dll --field-trial-handle=3552,i,16494777266419675705,1173158276236897378,262144 --variations-seed-version --mojo-platform-channel-handle=3564 /prefetch:1
        5⤵
        
        PID:3032
    - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=renderer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\PCAppStore\UserData\Admin\EBWebView" --webview-exe-name=PcAppStore.exe --webview-exe-version=1.0.0.2010 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --always-read-main-dll --field-trial-handle=3764,i,16494777266419675705,1173158276236897378,262144 --variations-seed-version --mojo-platform-channel-handle=3948 /prefetch:1
        5⤵
        
        PID:3572
    - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=renderer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\PCAppStore\UserData\Admin\EBWebView" --webview-exe-name=PcAppStore.exe --webview-exe-version=1.0.0.2010 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --always-read-main-dll --field-trial-handle=4192,i,16494777266419675705,1173158276236897378,262144 --variations-seed-version --mojo-platform-channel-handle=4172 /prefetch:1
        5⤵
        
        PID:6140
    - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=renderer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\PCAppStore\UserData\Admin\EBWebView" --webview-exe-name=PcAppStore.exe --webview-exe-version=1.0.0.2010 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --always-read-main-dll --field-trial-handle=5016,i,16494777266419675705,1173158276236897378,262144 --variations-seed-version --mojo-platform-channel-handle=2064 /prefetch:1
        5⤵
        
        PID:2080
- - C:\Users\Admin\PCAppStore\Watchdog.exe
    "C:\Users\Admin\PCAppStore\Watchdog.exe" /guid=82B1CF6D-CFE6-413C-968F-6DB6B2E694BFX /rid=20250414151010.598240731750 /ver=fa.2010
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:5432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=6976,i,13082616372813434964,884304823863630120,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=7056 /prefetch:10
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --field-trial-handle=5716,i,13082616372813434964,884304823863630120,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=6764 /prefetch:1
  2⤵
  PID:1496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=on_device_model.mojom.OnDeviceModelService --lang=en-US --service-sandbox-type=on_device_model_execution --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=7164,i,13082616372813434964,884304823863630120,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=7096 /prefetch:14
  2⤵
  PID:2328

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:5740

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4944

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D8 0x00000000000004C0
1⤵
PID:5640

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\PCAppStore\PCAppStore.exe" /init default
1⤵
PID:3180
- C:\Users\Admin\PCAppStore\PcAppStore.exe
  C:\Users\Admin\PCAppStore\PCAppStore.exe /init default
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:5784

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\PCAppStore\AutoUpdater.exe" /i
1⤵
PID:6132
- C:\Users\Admin\PCAppStore\AutoUpdater.exe
  C:\Users\Admin\PCAppStore\AutoUpdater.exe /i
  2⤵
  - Executes dropped EXE
  PID:2468

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\PCAppStore\Watchdog.exe" /guid=82B1CF6D-CFE6-413C-968F-6DB6B2E694BFX /rid=20250414151010.598240731750 /ver=fa.2010
1⤵
PID:4804
- C:\Users\Admin\PCAppStore\Watchdog.exe
  C:\Users\Admin\PCAppStore\Watchdog.exe /guid=82B1CF6D-CFE6-413C-968F-6DB6B2E694BFX /rid=20250414151010.598240731750 /ver=fa.2010
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:5624

C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13
1⤵
- Modifies registry class
PID:2668

Network

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Network Share Discovery

T1135

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\773CFF2C7835D48C4E76FE153DBA9F81_F232D15B306B87EF7D89BDECABC88676

Filesize
471B

MD5
927a208b03ac29e786ff2f59b025ce94

SHA1
b61e4edb6eb9f8abc09d7e1a35e0a7370f7792fc

SHA256
d1284bf76b0a0a9e5a7cd542646f42d4fd4fd33b8542babf99a0a1cad0978198

SHA512
644917853004a1deefc4f0157bb801ad317b3b872aa19b69b0ae57ba72aa7075bd1ce84ce79eb81abdfbe83b3fcf3243411dcc51c71b891e25c63dc7c2698caf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62

Filesize
2KB

MD5
863617c53ee0ce4a14d8e2bdd7184b0e

SHA1
dceab5cbc88af7be85400bb27434e681fc437a9a

SHA256
89162a594645c7e77f827e191078e405d6af34c597680061467f922ed83c682a

SHA512
75b63484875d234fbdfdb805bb924b65e343b4f270d0916e02015a0e4c8583e53b7a51a329d49830fbf84f7e51bb3592c04280ecfad9df456ed9065b131ded84

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894

Filesize
1KB

MD5
936934d92b9e00c4bfec2a6c086baaea

SHA1
0da88b365cbf67985bf5ba804830c8459a9e7b37

SHA256
32d9623108d3bd804c1dbb07bc321a8ba973d7781775096358f63f856e4f07fd

SHA512
8cfbd841a4bdf01c469ec731d5259ccf7ef473dc5fea67ce3948b74698ea9ec493e2d9d5da36959e262ef63f24b64cda0a080910adbf0de00ca4c3b4515eb3fa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_C39E9DBC666D19C07EEE7CD1E11AF8BE

Filesize
471B

MD5
df9afd2142128350646d891cfc7095f0

SHA1
fc9b5681fe4feb44918b40f0b520ed9414de62c1

SHA256
3ef5c99884f4facd94e3cc37b51544c51d4e5087106b5fef2fa46bcd35a438e1

SHA512
e5eac18f0282d11e189168248c0312da7aab39fc28b8f852d8d339fb7a1a98609432e45594daceb30665ba53f7f4ea3cf7f55d54f31dc34f1ddf28edc0898cec

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\75CA58072B9926F763A91F0CC2798706_B5D3A17E5BEDD2EDA793611A0A74E1E8

Filesize
438B

MD5
00322b71ba3d6f57217eea6515093754

SHA1
9cb6bf356f37beb2a5e91be820406a327ee78c4e

SHA256
4f8c7de6587dc1f45adf5649df75c684bedc3c26e20666a94e8d3bcc40f28fe1

SHA512
021bffbfee43e576e3ff590ffb09df7f3b1dee321df4efdf38a3bdb90134d0bc08a1ac8caf92ffa89e5eb913000cffe9ecad159661bb3ddceaeae2fc036aceda

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\773CFF2C7835D48C4E76FE153DBA9F81_F232D15B306B87EF7D89BDECABC88676

Filesize
408B

MD5
75ae79fbd7ebff3acbc67d9284449805

SHA1
f064538deed067a20dc3c908d6fb7aa49036383c

SHA256
bb53e36a1579ccbdc81c62cefe9b1bfcef63c2bf6f3d68fa1d051d7b35341682

SHA512
46dcfd273b741100ae4fb3220c4a913106e3d7a2152504dbd914086239688838578e1091d6283601c34e850fc2ad671d7ff7f7fecf1a0a8d1af78168fc44ef1a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62

Filesize
458B

MD5
f8945b666cf06af603b9a946c568d6aa

SHA1
46e8068a928889b8691e9c408ecc734f494b59b4

SHA256
43e0a97bfd4f8bd4840c5b9e9ab475ac18d1bb0a400c6663a92fabcc267301a7

SHA512
9051baed1a1c5f5948dd0166b8acb312651c147ab2d7c06786409e2743b56cc821b56e9d5b5e6276660c9fcec76769d623ecc3dbd811e08765be53bf3a07461b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894

Filesize
432B

MD5
d75feccbc2b7badc5ea9076abba87629

SHA1
b96852b0d0ee3bc694c4370a3a766af7b7db0736

SHA256
3475428c1ef97bdd760d3256f9d6cc397d99fce724cf55e64571e003ebaed54b

SHA512
96e4efc3af237748d54fd46f255746fae344842e5ae7a45d66641c1d6f3285c994240e54926f47b53b5f306fff6a17defcd2094d40a5ab10e97e48b5c680f665

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_C39E9DBC666D19C07EEE7CD1E11AF8BE

Filesize
412B

MD5
33bd02388a9033379d6380fba8baeee3

SHA1
8def0ba7f0b61b56f3239d35eb3771775d071f8d

SHA256
88dfb7e9377041e138592a78f13d36b630d62e6a4a68fe07f8b7929ad80d89b2

SHA512
a6f4f20e491256649858652f08e3f1b642df7de4d7a3189d89021ed478677205faee7dc6ed9c177a962813e99b008eca5768ae6cacc98a2def96b9c51e565616

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\7bc703b3-ccff-45d0-8160-27849413c1f6.tmp

Filesize
78KB

MD5
be1e3568f782071cd8913f4f9239de23

SHA1
058c0bd1691d64f26e9beb6fe4483a2bd137e563

SHA256
4f9388e712ef13d6a286f0f65b0e15f4df00e2743ce7112c71162ff762b34bcc

SHA512
a9019a58789f671447a7143deeab1ce52eea498caffc0fb3c151cfdb1fae314590bc1b65318c8e40479528d8752910d15dead81451a36e412e245a2f96161263

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
ca060006d13e844958f6179fe4098f61

SHA1
a96b246712964e00ecddfb77378e60a40fb3b0f4

SHA256
65498aa66d018a7284c60350fbdc7137bc4a2b4b2d5512bc1d4258cb1658e7bf

SHA512
76a189d9ad020720f6cf24acb163e2dbef3738c93bb46d5efab66c4229f98cdc0d2acfa4adea98d517110a075ebdb9ea7bc6fef18eecfe577d8124922e8d7aac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
414B

MD5
68040e8620b8ecd3f780bc667aa8471b

SHA1
3c6d3a422f7eda7560ec8701e7061996ae577e0f

SHA256
d0f538a36bc8bed577922f47723e4b3ff95d1d5baaf3226d0e889b6d2af0023a

SHA512
4838e490ddb324633265260481ae761a8d7755c93dee40c3400c78a712a5330c8819074366075beb0137dd9b20acb22a74270489e0b5608898152f797e3813e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000004

Filesize
216KB

MD5
50a7159ff34dea151d624f07e6cb1664

SHA1
e13fe30db96dcee328efda5cc78757b6e5b9339c

SHA256
e990d9d31c4c7d57dd4795e43baea05501fb6ea8b7760f89001be660425dd01b

SHA512
a7768dd7e315b07754a305080e0fc023765e5a224b2c3824e8e10f29286df63bbdefef379e069941fd8cd9c7c3befce976779ae2efdfb6e7da697b09d7f07250

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000024

Filesize
38KB

MD5
f53236bc138719b68ccd1c7efb02a276

SHA1
26b7d3eea5d3b12d0b0e173ebf2af50a7d7e56d6

SHA256
787c14f8cc865430c03c96a345044b7c5b8dc8a032511a500d4a42228533acd8

SHA512
5485bc7ccce8ec75f60bca3be846086a4bd4466009c8e22da9cdd16bb1154529af2fb2667cd3a97485cc4f6635fb79ac0fdda4f3e1f39f25f6196f708a92d740

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
2KB

MD5
c3bf34e7d23f541dc06504b699d9d373

SHA1
8f8331d990dc48db1b06f44317f81a3684cda9cf

SHA256
fe9b04d874728ed2bcda288cd31d4b1abaaf1144bc776cc0dd48a9a74b29fa08

SHA512
cd4cbabdc1a57785663420f541ccdc41a969ed59fa26210f996648e8918a84ce743279c870a86961ba1b29bc65a94a16d0f59cbf03bad2a25e4668e4bf544049

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
1KB

MD5
beb508b42783830b1d6eab31bf54f119

SHA1
e0d34cb834bf4222f296b914844e4340a63622a2

SHA256
570874141a732885ef8f9f0073f667b588eb52d2883103f0e97d214799bf06fd

SHA512
97b12281d11decdb8ff2881889db0725d63612c1083583a380be9b33b500fe762a1ec483c0acdcf9977c9f7220f2e301b2bd80ae929e35a1e56b9615c98d1c03

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
5dbd811a2e11000f7436bfaa34374291

SHA1
670e759741b443f1e55819ef0f96c62390be81ee

SHA256
c5189efb7c7de63a13d08055338268cf4696ea114c0dc94430f57704813a2da5

SHA512
69ef68e82ceee1d9f41ebdee4ae2edff7b44506b50a825e4466d9d8a362b8dad981f4c051633653a5138b125006af25b7d088b3b06244fa92bb993667a54ce7b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
1f017139d7d5a3a5dbad56931c07f452

SHA1
abce9aa5a2ede58d91941646d21b3068a8d34c12

SHA256
b87c7e1b3a4434dc135ddc8e8bf86a4f6661dcd60c91a191fff7d1b705bec755

SHA512
62030abb59235969c98d9b64b43ee56acfefc0024466b2a908669fe9218a43704a247f39a11d8f2d191e2b4a62385c5a4d4a445b1c9c0dbff279805f16fd3666

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
12KB

MD5
2d382f6e9256e8fb8a6a6f05cb4236f3

SHA1
cfb03895738b13d2028b34e9592bfd61889c7fa7

SHA256
7e5ca3c29d8a01c99b85d9e9de1343a50e4ba0a915e8b1ce77345e7d90d238c3

SHA512
c7342278fbbcd0fe2aff4122879740d1711eb234aac3491a756cc2d9cecf06b6966c834c000f31c00ddb26c0e068aa4765e30f224abc159d9497d615e05bb497

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
e572b3d4ea4c7174b09c28dd2178ce1d

SHA1
1db42fd57686092a2afa31b64ad37d617f10ccef

SHA256
cbedbdf03e76ff680ba7de25de895466baf93240ef22cd974b3fa4e6ec6be7c5

SHA512
b5cbcd41dc5d9a802030ea052b975a88cb9d0f058faad29fa7225662639029325010903e0564dd7855b32cff97ef5da99ccabf3828fa9953318bd2f1876dd821

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a1a6b333b3e7283b7708185e94c93524

SHA1
7fee8cfb82fdafb5c84e842079101a303b700a40

SHA256
d0b0c9d33b9e409457cf75436755d5bb29b7f1a7fad2871beae7e5f2ca44bde9

SHA512
e9c6fd0ef57e1466a63426bcb19602019ae2e3a44d1f6f585ce42cbdc67f21537c4a3b0c5703d593f430a25fbeda03f9951fab7cb8be9df846b1f6795fe192fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
c40812c7ec9a54d0ed6e83d2fcbc3ee0

SHA1
81e24634bc078bd2d1f57cf1de4e1e07eaaaf082

SHA256
0c65aac88aa8a5a18e256511ba222141f220787902f549a213da21ebb34ff66b

SHA512
b1352e90926c4097e0a7fcb850049fb76fd915ad9a34a7c3f717cc3ed92246f777cfc96df6c1cf72bd159c46d747b705e8871733290a3a474f87eb4b4cb7eacf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
9d883536add3922bbeab342e79945ddd

SHA1
afe11bc6aa0d75a2168178560cafa3120476d7df

SHA256
bece002a95a2b390f1be13d750d03862aa75808fb4bcfedc1a2a22eebba8d229

SHA512
fcf31932b0a4a6dba9be8e0aa3ef38219a343062325fc073fbe9db0ab14d784285398f2220f3c24caf9212db25c4451d82444e4cd4004398a729186da1735431

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c6be49b8ded8f9b95f1e7af7e311b8e0

SHA1
fcc7cf3b2e520972e24550b840fd602ab5a59134

SHA256
6b299777d7a5faf636cdf044f2c665cef677fa89f2a4d35200e8010256689013

SHA512
573e42a8ba361b97f687be7bb691931a6273b18d2a731748c0e2fb035460bb5de10a7e045edf3ea8016f25dd4c44fc1be590473eeb037a6c8455fb80778fa05e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
25cbdbca97ca9118237dbd99e9daef18

SHA1
d94a9c9d5e4eb24fd880f6f872b98d7d6709fcde

SHA256
064e3e63b0286791ad698422c50186f271f4bd7ac6a1f9f8fa13f622a0e6340d

SHA512
a1e94f0a43fb80071293b484e6cd3dcc8c9007045f66e0fc2b435d76c0d086801cab86d554cb886c813f9401dbc72410ad1d253fb5ba56d2e3054a3ae71a46b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
f15c7cadff26c788ad0fc63d24498087

SHA1
fded2e5c064171e87bc41bcb52d15e8ea868bce8

SHA256
2c15607f44d600f5fa49f35ea72aca09a40061a2ac59afe8d2d910a2dda8b3bf

SHA512
5ab1b7f4dafeefc56bb8ead5e506cf3a6bf7224f4946a106e11510a70cdb0f90d6a8913be48b9e472c1cc380dc71323433e39b7a87eed3c645ec1a519a158df2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
64f9e74b79dd6e4ae58718a23e4dcf8d

SHA1
b4008a276d88e6ec9dfbbed2be316fa4fe0e857d

SHA256
eab6cbdc5a521abfbb0abe2a68bf6e8ccc515dd740ebf10a9c94a7b6c4b53359

SHA512
562a199d0189cc8a3dc7b93fce273e6fc10932d092ef02a45d55f4c6fe1f34319b9195ebdb8a2871eefae618723725e4cf28cd4a91493f3fdbac4e41839a6230

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
f056012df0b406186ca600091b3786de

SHA1
dfd8250b888e5a2337174f48a0a336a04c23f06e

SHA256
15993f256327913ff80c03e3e173488cc52710b5ab9da273228ecca03e39eb2d

SHA512
e5bf702dcd2ecc430fc63eab4c81249721ec5ee7c4f1bce23810a81f0b1c0fa6036e31e04caf8ba685a8b4d2f706aa460f2a28d3a31b9befa80c29f1f11566be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
6d007b4a7fedeb2dd2221db431de812b

SHA1
09484dedda2b1b7d07fcf191d12b4a7383bd2893

SHA256
9c6c22d4bc8ddd74d6a01855d5c27a714411bd7dfd7ddb57a0919135778bd251

SHA512
d0cb111209b63ee72a0a3cd430f93bba56061a68b4d87236f9460266ea29a406d5ad61c63a719045f165e3c8ecf20212f3ad77739172e7491d2ce75a32bb361f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
2e96feeaf31bf1ae82c253875f02f59d

SHA1
b3bb4edd169b2e9f76a8a8437a9e51e24cf3fd2e

SHA256
d50cde088c2a3f08e8abefcb90f682aa66fff40e3057cb44d07dc0b32f38e78d

SHA512
1fe5e1c1c66e04d32383a7e4f15fa7ba535758856adb3dc70d5290555b10ace685f2b6bd6806e81c81ed1b0cf08f4a4431c0601c02914984130bd585298df9ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
d2a54d84c67a87afe3e9056c907756bf

SHA1
ed77816efba5ccb48ea3ebb5cbbb717473d511d2

SHA256
1a2934dc8183f0d70464b5a18c5e5aff07781bbe66a77a0e6811efb7a010aa0d

SHA512
b3ac795586ad2c2cdc560bc33b132f63468491c7b38f8b055a6f50949040275bb2b8cc63425eb41261937eeba1321063682b6eb8b6a4ef3450498d748ed2c118

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57a345.TMP

Filesize
48B

MD5
3b81385a92a04314e212fb0fd52be0d8

SHA1
48233b704fa5ebaa084b6117a06eb8436b82e796

SHA256
845836569b1dbac64bfa5953c764f9c329076b2b27f35916d54e4868449c9875

SHA512
e83db0b02384d99a894d8949a96893774de2f3ebd67e9bec0965795415adcba6a6c9d08503af27a7be24d43d8d28303f3b46f4ec1fe8f8f59accef734d7685cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
79KB

MD5
3d36a825f2d20d75e13fbf1d4b7d7580

SHA1
798eb94a285d405b9c5e021857d39452f2a1e827

SHA256
a4837e8952d08c32480c8e1205329cc449daadfd2d65c88f97a52d18c3dab2a0

SHA512
320b2cb65e7d4ddbb19fe9eb6229b251f69014bc2f4950f48f33aa9928a2f587c713ec91661a938f3f465b2ea9e8673fac3b9720d18f5b3776409af0954def9e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
79KB

MD5
29c47d5306031733f238a001eb683c36

SHA1
ffd0c877c6f1cbcc2e7011bbe80d68c64c10875a

SHA256
5602ef2f5e0b66677306ab8ce4489e5d3f00f4b493b4a02aa32d4c1a0d1cd713

SHA512
4fc5fb00af914cb987fa980d2df0c54b2375313aae670c2b4359bc3aca7325775b0f53944db2972ea544aeddaa3cfc7b3b29245f1fc18a30057c1507533b20b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
79KB

MD5
14db12b27778966c8378fd621defd226

SHA1
6c1bd536c5e1fe704e78c78b939dcf36ca631e11

SHA256
b9f9c88d1b011b8825dcbd45a469630a32e7a4742359ec91e63f6646b2639cb4

SHA512
094ef004a898f5bb65e675ba5f5a445c6a3086d92de064373ad9ae669dcf687d1f9e80efd0a892b01bc805368187edd641eaeae49cdcd2426d5abce4e45c489e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0RMF1LWF\icon_check[1].htm

Filesize
162B

MD5
4f8e702cc244ec5d4de32740c0ecbd97

SHA1
3adb1f02d5b6054de0046e367c1d687b6cdf7aff

SHA256
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a

SHA512
21047fea5269fee75a2a187aa09316519e35068cb2f2f76cfaf371e5224445e9d5c98497bd76fb9608d2b73e9dac1a3f5bfadfdc4623c479d53ecf93d81d3c9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0RMF1LWF\index_1743772637956[1].js

Filesize
156KB

MD5
7c3020d71734bd72bbaaf6ddeeeafd2c

SHA1
289a3221fa8b38222af52e91e2134a8f5126e30f

SHA256
dcbfb9f962ad513c843b85ef73305ea9f492de87d27987df8858017cf69940dc

SHA512
c9f474a3946ab5bae0669c3b43dc891b986441f1ae812e1b417fec4f8c67961d687f7019615e539ac0a5ce20094089c44e5851479fc954903c2fa68d939e4cb2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\47CNJ3GN\appHint[1].js

Filesize
101KB

MD5
def2586a0074702e298e143c16ec48fc

SHA1
204f3b4c139b86a040c43d539ab857fcad2b6893

SHA256
2f031305ba0378eb49e5783acbeeb57261d7a2bd9935b455224546296e784b5e

SHA512
7ffa6905e9f7ad6326f3117e12a9d3c2fb867619a542a6f8b76cdc167cac260d8f5fd7d2e47215a8feb104014f5b59e202b22d364653598dd039d2710e27b96e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\72VQWE2Y\pixel[1].gif

Filesize
42B

MD5
d89746888da2d9510b64a9f031eaecd5

SHA1
d5fceb6532643d0d84ffe09c40c481ecdf59e15a

SHA256
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

SHA512
d5da26b5d496edb0221df1a4057a8b0285d15592a8f8dc7016a294df37ed335f3fde6a2252962e0df38b62847f8b771463a0124ef3f84299f262ed9d9d3cee4c

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\e68294d8-3a64-4ce5-8b7d-a6b4548ebba0.down_data

Filesize
555KB

MD5
5683c0028832cae4ef93ca39c8ac5029

SHA1
248755e4e1db552e0b6f8651b04ca6d1b31a86fb

SHA256
855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e

SHA512
aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc7E7.tmp\Math.dll

Filesize
67KB

MD5
85428cf1f140e5023f4c9d179b704702

SHA1
1b51213ddbaedfffb7e7f098f172f1d4e5c9efba

SHA256
8d9a23dd2004b68c0d2e64e6c6ad330d0c648bffe2b9f619a1e9760ef978207a

SHA512
dfe7f9f3030485caf30ec631424120030c3985df778993342a371bf1724fa84aa885b4e466c6f6b356d99cc24e564b9c702c7bcdd33052172e0794c2fdecce59

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc7E7.tmp\NSISFastLib.dll

Filesize
137KB

MD5
9c7a4d75f08d40ad6f5250df6739c1b8

SHA1
793749511c61b00a793d0aea487e366256dd1b95

SHA256
6eb17c527c9e7f7fea1fdb2ea152e957b50a56796e53ce1e5946b165b82deaef

SHA512
e85235307b85ffd3aab76ff6290bee0b3b9fd74c61a812b5355fe7b854d4c6b77bd521e52638d28e249a43d9ec7aa6f2670af2b1c671091492c7fe19d6f9a4e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc7E7.tmp\System.dll

Filesize
12KB

MD5
cff85c549d536f651d4fb8387f1976f2

SHA1
d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e

SHA256
8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8

SHA512
531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc7E7.tmp\inetc.dll

Filesize
38KB

MD5
a35cdc9cf1d17216c0ab8c5282488ead

SHA1
ed8e8091a924343ad8791d85e2733c14839f0d36

SHA256
a793929232afb78b1c5b2f45d82094098bcf01523159fad1032147d8d5f9c4df

SHA512
0f15b00d0bf2aabd194302e599d69962147b4b3ef99e5a5f8d5797a7a56fd75dd9db0a667cfba9c758e6f0dab9ced126a9b43948935fe37fc31d96278a842bdf

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc7E7.tmp\nsDialogs.dll

Filesize
9KB

MD5
6c3f8c94d0727894d706940a8a980543

SHA1
0d1bcad901be377f38d579aafc0c41c0ef8dcefd

SHA256
56b96add1978b1abba286f7f8982b0efbe007d4a48b3ded6a4d408e01d753fe2

SHA512
2094f0e4bb7c806a5ff27f83a1d572a5512d979eefda3345baff27d2c89e828f68466d08c3ca250da11b01fc0407a21743037c25e94fbe688566dd7deaebd355

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc7E7.tmp\nsJSON.dll

Filesize
23KB

MD5
f4d89d9a2a3e2f164aea3e93864905c9

SHA1
4d4e05ee5e4e77a0631a3dd064c171ba2e227d4a

SHA256
64b3efdf3de54e338d4db96b549a7bdb7237bb88a82a0a63aef570327a78a6fb

SHA512
dbda3fe7ca22c23d2d0f2a5d9d415a96112e2965081582c7a42c139a55c5d861a27f0bd919504de4f82c59cf7d1b97f95ed5a55e87d574635afdb7eb2d8cadf2

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Downloads\Setup.exe

Filesize
1.9MB

MD5
d823f4d2518d81e85bc05bf821db258a

SHA1
2da1375de08b96982795d4b96bba7e848dbc4dce

SHA256
7a1713838a2fd0f736a83e0fd561bf086834aecfa2e44898db593997ce6081c9

SHA512
9569ec9f55a0a6b6247174eda55dd3914475f0cf60bddd80755b8d73470d765c5c2e7c40d6bcd090ecd3ab0e92bfbf84500aa1fe079127c88fa09cc9c8b262c8

Download Submit
C:\Users\Admin\Downloads\Setup.exe:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Users\Admin\PCAppStore\AutoUpdater.exe

Filesize
601KB

MD5
7a1083f1846db5b4d452fdffcc82c667

SHA1
9199e1bb787a2eb765c43b7bfee9bc8155d1d37f

SHA256
93dd12d17aca3b4bb8c4884119496529405bc0050a982520b42fbebd06956462

SHA512
d78a9166e9423da274b8fbdd634123badaf4856c91240246f7101b9f845459c031fd484479855cf59cb62f3d184ac9937a3ab88660880276c360a108198dd0d8

Download Submit
C:\Users\Admin\PCAppStore\PcAppStore.exe

Filesize
3.4MB

MD5
71b973dbdfc7b52ae10afa4d0ad2b78f

SHA1
bda27794a218b34a8a221627ea433075403d744e

SHA256
05883fccb64dd4357c229ccca669afdacbfa0bc9a1c8d857f5205aed0a81e00a

SHA512
b590e942e193ad24900da6108cbef848484b5e077dd842194752b4cdd4b51d79db2f35af9c0d3d85b19cfb7576f4b66726f8f392c4d7e54dcfb9ad3ad890b3db

Download Submit
C:\Users\Admin\PCAppStore\UserData\Admin\EBWebView\Crashpad\settings.dat

Filesize
280B

MD5
b661bb34bd88572353516701dddefb88

SHA1
8983a4e2724099eb4a2e9283cea72540a632900a

SHA256
20daef391c3311f887477005383a8fdffa2e7ced2ac58f13050003b2e632c81b

SHA512
455c7e66630ca2d3211407d566ee01a4561f8b77bf1cf1ea142847ff8ffe219d064bf225db5bc82cc71d25c9505f89e92b640ca526bf9ba5aa7fd96afe040967

Download Submit
C:\Users\Admin\PCAppStore\UserData\Admin\EBWebView\Crashpad\settings.dat

Filesize
280B

MD5
a474c47816360cebc57829532775336d

SHA1
b8e72926721a6fd18804b576c9ddaf2837b565cf

SHA256
b4ed98ce1b2a8f78529ec7f1d2f4f2ea33ec67884eab167ff6a406f3fa92563d

SHA512
12500d54b906c3835555f03099c90822146f3598fcef05f97fc4522f806d4987fe0c090c7378a4560f29dc26f69b16ff08ad22159ad8b41de4f64638cb36e7ce

Download Submit
C:\Users\Admin\PCAppStore\UserData\Admin\EBWebView\Default\Cache\Cache_Data\f_000009

Filesize
47KB

MD5
8e433c0592f77beb6dc527d7b90be120

SHA1
d7402416753ae1bb4cbd4b10d33a0c10517838bd

SHA256
f052ee44c3728dfd23aba8a4567150bc314d23903026fbb6ad089422c2df56af

SHA512
5e90f48b923bb95aeb49691d03dade8825c119b2fa28977ea170c41548900f4e0165e2869f97c7a9380d7ff8ff331a1da855500e5f7b0dfd2b9abd77a386bbf3

Download Submit
C:\Users\Admin\PCAppStore\UserData\Admin\EBWebView\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
3bee64fb38d2d2ef15c55b0540578bb5

SHA1
cae0e63ffc9b874f25ef3ce5198b0d934f86f3e2

SHA256
ee618bfc6a966cea0146f274a986c21252808edad819671e9cc9cefa27b509df

SHA512
daeded4a43677e7b8be6d871562e14696820909c1236fd975d70413aa923c7fdab513036fc1f4796cc8ea89e94822d6a7fbcf346afdb8e4acef51245f50dc1f6

Download Submit
C:\Users\Admin\PCAppStore\UserData\Admin\EBWebView\Default\Code Cache\js\index-dir\the-real-index~RFe59b982.TMP

Filesize
48B

MD5
3f6a6c539d8b170f1d7ac9b2eb84615e

SHA1
541dc3830764c18dbe373b9c703e92f0e0ef3b1a

SHA256
3f2686fdcc4fc1feb5d74ff3202f14239a75ef93a843016018aba6f50f03670d

SHA512
90bfd1baf5fc3b3ca6f3505830f4f485932e1d7df0d516bcd1f94fb7114c2fd8119ad3939811aa2c7e11aa7eb40a3907d963c55b7065e4d6c2705f99d071d63e

Download Submit
C:\Users\Admin\PCAppStore\UserData\Admin\EBWebView\Default\DawnWebGPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\PCAppStore\UserData\Admin\EBWebView\Default\DawnWebGPUCache\data_1

Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\Users\Admin\PCAppStore\UserData\Admin\EBWebView\Default\DawnWebGPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\PCAppStore\UserData\Admin\EBWebView\Default\DawnWebGPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\PCAppStore\UserData\Admin\EBWebView\Default\Extension Rules\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\PCAppStore\UserData\Admin\EBWebView\Default\Network\Network Persistent State

Filesize
1KB

MD5
3ac0c27c55c09c7117531d27042ab33d

SHA1
ea0e2786d5cf5631d4827e5f537b2cf56a396af9

SHA256
effa66491898bc3c899ea446c9c10b10bd2557e93a6b76d811fd7af612b66811

SHA512
076fbcbdc7786c726a6df6f7a3646cba4ca75494b4fb9ff0b3b13d27775c6af7b50f496f10e0d2198c651fa41d108996d1ac3524bd2adec30e4bf2a275215871

Download Submit
C:\Users\Admin\PCAppStore\UserData\Admin\EBWebView\Default\Network\Network Persistent State~RFe5a7418.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\PCAppStore\UserData\Admin\EBWebView\Default\Network\TransportSecurity

Filesize
690B

MD5
80c0cfcdfb8e6c29ac64aca008a2ba17

SHA1
2ca037ea0b5cd3b693dea46c89edb96b735b1517

SHA256
db8847e8588607491229059808dc964b2ea86808178d9a77b22d38f67d534ba2

SHA512
8fbbd1775ff5fd5cd84c18363a51b5e9837ffd1f1fe4053902d7e91b101e6232ff3a7b817e636b773b421b29a4546a2fc104dd89a28f88312d1d5a409bca22c8

Download Submit
C:\Users\Admin\PCAppStore\UserData\Admin\EBWebView\Default\Network\TransportSecurity~RFe5a5b31.TMP

Filesize
523B

MD5
4c853b23e054751ce4b56a18ff0c2ede

SHA1
1238381d96b2a45eed409a589f7dfd58b58eba84

SHA256
397a6a72c6fcdf48ec33dfd385af80ad058b3d5754f87d6532713010849d4326

SHA512
0ada656f58311774940890e00ed046f9eed362d79b1085ddff5186035e44cf8026b472800d301fc4a05dd81abb1deb3e0b87d50a8141b8c27cf6bf92a9d5a62f

Download Submit
C:\Users\Admin\PCAppStore\UserData\Admin\EBWebView\Default\Preferences

Filesize
6KB

MD5
4b5fa4d300d07aba6b2715c850692fff

SHA1
bbbeb888611517b9a3a13d558d50b56efc987027

SHA256
3a419b3238fe45b9d9ed36647964bca1037959a624906fc8fb3a01f1be5dfa35

SHA512
bb9d7286d4431094bac0acb9e7d7fd2caa916dc5aef05acbc2086e459f5edde70babc121309e5907d8d4e9b911677d36867ae60e820f2a021bc5141866672a9e

Download Submit
C:\Users\Admin\PCAppStore\UserData\Admin\EBWebView\Default\Preferences

Filesize
7KB

MD5
b1cef833499b557de03f4d2de9b34dc6

SHA1
176845cfd6be47f129fcacb75a0fa8515bbd369f

SHA256
19c76ac836afc16bb66ec3a2a2ddbe99d5aaeedd7e73b98c3e5a58cde7406c53

SHA512
6c41821d220f2f25b6070594e72fafb3e4f48b53d802fce2063a29d2c6284473b2a59c215a107e898461af400c21f980b4d9afa3245f4aabf918082559cef2f9

Download Submit
C:\Users\Admin\PCAppStore\UserData\Admin\EBWebView\Default\Preferences

Filesize
6KB

MD5
84f4610c25c12337d661e0fe7ff34fec

SHA1
d8a24a9f3028ff7d0c21dded4b699783d2acfcea

SHA256
e58a819cc607c8c74630fd9dce3cdbc4a486c30dfbbe8671bbdff4f68916bec2

SHA512
8697af3443e392c91d1e9c2f22799faf824b460aa2ba74cc427abf8944af11ace645872aadc7ae2f87a5e4f9164869db61aec329e86ae5e4cd4527220323487e

Download Submit
C:\Users\Admin\PCAppStore\UserData\Admin\EBWebView\Default\Preferences~RFe59fc77.TMP

Filesize
6KB

MD5
dcbf2b8c58b79564afd164a20169a40e

SHA1
18e75e96bbd1d451c52e106be115f569232619c1

SHA256
f1d62b39b2ae945ede438a731e9229c40e5adedaa5c8b37fb0b1bb42442bf958

SHA512
91d82cb01efbe2052726cc72b729864ff9f0b28b80895c49021e61566fcadd3d28bde80ae61a5ca427b32a0eb4a9fcf668ded7f0552fb8f47f6a3a4f444d96aa

Download Submit
C:\Users\Admin\PCAppStore\UserData\Admin\EBWebView\Default\Site Characteristics Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\PCAppStore\UserData\Admin\EBWebView\Local State

Filesize
16KB

MD5
b92815a110fa8a4ab00c43e74ea439a2

SHA1
594335b3a8435a569170394a8996bb2c34a35e4c

SHA256
4dd34d19db392fc97036daceae1dc1e58e4b39d5121976192cb160907f22584f

SHA512
7f0f8ced8354324a07d9fa17683111a7053902be82a23b086b1d739fc420720dc47e87cb3a2e473d86c755d92c94f2a4d64c16918ea228d2a6789585061a0f2a

Download Submit
C:\Users\Admin\PCAppStore\UserData\Admin\EBWebView\Local State

Filesize
1KB

MD5
54d997ae24a6f8c7b229d52fd8aced25

SHA1
2ceb8472e891cfd324ded9389c0e34e20102883a

SHA256
edf2aa1b5766ae8b354c3ef7fe9fab7dca7606fbf8fb65930712b7fafeaddeb3

SHA512
cf3b844ca3dbd3ec2522a313862c4ac0e047d6d0c25366b43093c38025c614ca31b404f34fcae2fb63c825f485fc68da9cba0627372f0c34af3ac159861e4124

Download Submit
C:\Users\Admin\PCAppStore\UserData\Admin\EBWebView\Local State

Filesize
2KB

MD5
215cd68ac96685f7e642f81e97c217f1

SHA1
7f45fe841bd53d7c11cd1609a7db22d7d3564163

SHA256
46e20406a0a3062f7b044e3aafa9ef2f986fd2e2f567a65fec8f4f4a6d17fed2

SHA512
bc0fe8b50d70f91974664ba321d1ecb8bab20e724187b1dcafda4b8f699137a4c4c7700d7ce92dd55cf87f480ef01739729752584f92bfea7450af29817e1274

Download Submit
C:\Users\Admin\PCAppStore\UserData\Admin\EBWebView\Local State

Filesize
3KB

MD5
1148a8886b38404f638be2dce7fabb3f

SHA1
08d8978bcf0e57c33117e1b1f0273ee787789c14

SHA256
0c91d1e484022850cf91b03d7d67d7af1baa2d914bb57dbbf21545d45aa7e403

SHA512
4eb100018af269e12301e493b0fbec433e0aacdf81c66862374cf7ca3aba5a2c5cd35405502e81fe88cf4f66a3c214fa57ff0638f7c30f7a733efc543639988e

Download Submit
C:\Users\Admin\PCAppStore\UserData\Admin\EBWebView\Local State

Filesize
16KB

MD5
75a3c4bac9557e78a8b349f5cd82a7c3

SHA1
a7cfc515c73097dcacac4f5ee03bc10dc1756f44

SHA256
7eb4f55af9e1e9c203c028fa33aab4c2718faa2234bd40f307a7e63efd5b90a0

SHA512
4a1317789c6d72b772b8c424a6d02258fb16ffb29e9e4c8fe25f841a5a6d6a9c91e8198f784520ad317c8bd984ba739daec80bd6fb2183d819f070b91b706f7e

Download Submit
C:\Users\Admin\PCAppStore\UserData\Admin\EBWebView\Local State~RFe595e24.TMP

Filesize
1KB

MD5
821db2fa66886687d25317722e030352

SHA1
dd5a2033d6d2b26f9f1cfcf4ffc972f0a15b36ca

SHA256
bcfe79bfaafcff0b69759cb22ab461f78c459557a8a6586aaf2c57e375e73c9b

SHA512
ab69d49958578922235ea5482a8de1beef7c8bb9cfb45a55dc85c1f07be1b162e87e723327e2f5ab1d22dced7cda58410e86cb58aac3e3efe7f305162b239c87

Download Submit
C:\Users\Admin\PCAppStore\UserData\Admin\EBWebView\RevisitationBloomfilter

Filesize
392B

MD5
9be43d185582304f8b6f9affe7bb357d

SHA1
d4425c33efa1cf1382d855e4ef16f8eac0750023

SHA256
041a4a506f7ca54694560638243ef03de03e5cc8cd02eaea92b4c5339fee0a30

SHA512
bd1eea5a6a1bcfd3abcd9b179b098d24ca8bab2e30a55a2f0d974b0ffacaddc302bce242ee02746a5e7eea33416fe9e9ad190aed5eeea5bf9b47a320aab0b41c

Download Submit
C:\Users\Admin\PCAppStore\UserData\Admin\EBWebView\RevisitationBloomfilter~RFe5a8406.TMP

Filesize
392B

MD5
e2cbf342ac363b9ac3cf1dccaa4e204e

SHA1
57fda0158456ed02da3c7d3513095c7b13e9ae02

SHA256
a888f52e73200c6fafcbad1bbdbc72cc9b91347cd67e753e2f8197253c42dc3d

SHA512
b68aa545bb9364b4d48fbed3350ad2a35a0852ad7e265d3f4d80909907e5b42f8d776ceed4b30a4ee5357736eb265b6442984dfc76b90e8814319c640b6ff31a

Download Submit
C:\Users\Admin\PCAppStore\Watchdog.exe

Filesize
298KB

MD5
52b95b5be353a73e530fac5f9090ff25

SHA1
d4763c44f457026c430712a4bf2937a0d5e6b103

SHA256
0c03c1f992938b5f0bc73941769fab6e40fe41d0a96992ae3c6ad9e5fc5d6049

SHA512
d07c63eae9adf41a479a3f38aa7cdcc59f5fe48797a2ff2254127e1af51ac7e260c3ae5c86a6ec07e222d72c377b4530bae66bb18ec9539a0c1c951a0fe18fb9

Download Submit
C:\Users\Admin\PCAppStore\cache\cache_setup.json

Filesize
7KB

MD5
c55435b64cae283f02c38e641c2f402e

SHA1
86d8e2f9bfdd064a6718550c94d3232f6d306cd8

SHA256
dc3ad13be55710e435af5afefdf916d9bb9e8810fde169e8a43a9f5f0e28806b

SHA512
cac071c02a06e0fcb150e67d06fd3d3b8244adfb5aa4c808c5dec5396f0f5e32673514897801cdc6bbeb4763e3e6965d11c73d23d6982243b733656989eb588d

Download Submit
C:\Users\Admin\PCAppStore\cache\cache_setup.json

Filesize
12KB

MD5
e3eee223f63ebef781eea77185b7877b

SHA1
b80aefcfc2a2c81ffbae9c8de261eecdc9a06d22

SHA256
769cfee6ccd4777c93488f1f3fb9a9aad7b9ff040d49c9769d6662888f80cbd6

SHA512
b554c347310f8445449acfa018e352b1b71ddbc505f3bc7b76030ff619c8cb956f97b5443e125877bf2acf7a409146ebb2d4b2760ad6574e053e788d0a4644c1

Download Submit
C:\Users\Admin\PCAppStore\update\LastVersion

Filesize
8B

MD5
34263d558d9e5a7edc04f8d80c76649d

SHA1
9cf0b311765445b7bb1c9b25767e615019305bfa

SHA256
dda3b20d07cf936a8ebf80b771bf76a130aede7abe77261d1fd254d4a3ae3450

SHA512
bd8a989e06f7a23105419aa7785a465484657e1c2bb6403ca0402b5a5251172f7074a86ae57cb4800a90fbc1ec69e31d1dbce9103535cdfc3a61eb2ac2103f78

Download Submit
memory/3032-1245-0x00007FFC942D0000-0x00007FFC942D1000-memory.dmp

Filesize
4KB

Download
memory/4952-1147-0x00007FFC942D0000-0x00007FFC942D1000-memory.dmp

Filesize
4KB

Download