Windows Analysis Report
Setup.exe

Overview

General Information

Sample name: Setup.exe
Analysis ID: 1546037
MD5: c306c6af9bd1955956f52acc1c9327ea
SHA1: 3b3ed814ac41a710212cc83d92fde56a38b42b17
SHA256: 9c7c1345990163c48c6f4801e26b12390c498395bf280a79ecf6aee816eefb49
Infos:

Detection

Score: 51
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Compliance

Score: 34
Range: 0 - 100

Signatures

Multi AV Scanner detection for dropped file
Creates multiple autostart registry keys
Found direct / indirect Syscall (likely to bypass EDR)
Machine Learning detection for sample
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Tries to harvest and steal browser information (history, passwords, etc)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality for read data from the clipboard
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to dynamically determine API calls
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
EXE planting / hijacking vulnerabilities found
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Installs a global mouse hook
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
OS version to string mapping found (often used in BOTs)
PE file contains an invalid checksum
PE file contains more sections than normal
PE file contains sections with non-standard names
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Stores files to the Windows start menu directory
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

AV Detection
barindex
Multi AV Scanner detection for dropped file
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp ReversingLabs: Detection: 29%
Machine Learning detection for sample
Source: Setup.exe Joe Sandbox ML: detected
EXE planting / hijacking vulnerabilities found
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp EXE: C:\Users\user\PCAppStore\Uninstaller.exe Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp EXE: C:\Users\user\PCAppStore\Watchdog.exe Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp EXE: C:\Users\user\PCAppStore\nwjs\NW_store.exe Jump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exe EXE: C:\Users\user\PCAppStore\download\ZoomInstaller.exe Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp EXE: C:\Users\user\PCAppStore\PcAppStore.exe Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp EXE: C:\Users\user\PCAppStore\AutoUpdater.exe Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp EXE: C:\Users\user\PCAppStore\nwjs\notification_helper.exe Jump to behavior
Source: https://pcapp.store/?p=lpd_installing_r2&guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1730271248380473&_winver=19045&version=fa.1092c HTTP Parser: No favicon
Source: https://pcapp.store/?p=lpd_installing_r2&guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1730271248380473&_winver=19045&version=fa.1092c HTTP Parser: No favicon
Source: https://pcapp.store/?p=lpd_installing_r2&guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1730271248380473&_winver=19045&version=fa.1092c HTTP Parser: No favicon
Source: https://pcapp.store/?p=lpd_installing_r2&guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1730271248380473&_winver=19045&version=fa.1092c HTTP Parser: No favicon

Compliance
barindex
EXE planting / hijacking vulnerabilities found
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp EXE: C:\Users\user\PCAppStore\Uninstaller.exe Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp EXE: C:\Users\user\PCAppStore\Watchdog.exe Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp EXE: C:\Users\user\PCAppStore\nwjs\NW_store.exe Jump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exe EXE: C:\Users\user\PCAppStore\download\ZoomInstaller.exe Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp EXE: C:\Users\user\PCAppStore\PcAppStore.exe Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp EXE: C:\Users\user\PCAppStore\AutoUpdater.exe Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp EXE: C:\Users\user\PCAppStore\nwjs\notification_helper.exe Jump to behavior
Uses 32bit PE files
Source: Setup.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp Registry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PCAppStore Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp File created: C:\Users\user\PCAppStore\ui\static\js\2.801b9d83.chunk.js.LICENSE.txt Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp File created: C:\Users\user\PCAppStore\ReadMe.txt Jump to behavior
Source: Setup.exe Static PE information: certificate valid
Source: Setup.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: C:\Build\Build_1092c_D20241025T171023\fa_rss\Watchdog\x64\Release\Watchdog.pdb source: nsq4808.tmp, 00000009.00000002.2496609049.00000000027E4000.00000004.00000020.00020000.00000000.sdmp, Watchdog.exe, 0000000B.00000002.3061715229.00007FF75C49A000.00000002.00000001.01000000.00000017.sdmp, Watchdog.exe, 0000000B.00000000.2366649249.00007FF75C49A000.00000002.00000001.01000000.00000017.sdmp
Source: Binary string: C:\Build\Build_1092c_D20241025T171023\fa_rss\AppStoreUpdater\Release\auto_updater.pdb1 source: nsq4808.tmp, 00000009.00000002.2496609049.0000000002ECF000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: WCKsatFYtLNCcBGzYutkrweBluUg.exe, 0000000E.00000002.3046497436.0000000000C6E000.00000002.00000001.01000000.0000001A.sdmp, WCKsatFYtLNCcBGzYutkrweBluUg.exe, 00000010.00000000.2449220299.0000000000C6E000.00000002.00000001.01000000.0000001A.sdmp, WCKsatFYtLNCcBGzYutkrweBluUg.exe, 00000011.00000002.3047062520.0000000000C6E000.00000002.00000001.01000000.0000001A.sdmp, WCKsatFYtLNCcBGzYutkrweBluUg.exe, 00000012.00000002.3041072285.0000000000C6E000.00000002.00000001.01000000.0000001A.sdmp, WCKsatFYtLNCcBGzYutkrweBluUg.exe, 00000013.00000002.3028041615.0000000000C6E000.00000002.00000001.01000000.0000001A.sdmp, WCKsatFYtLNCcBGzYutkrweBluUg.exe, 00000014.00000002.3042638220.0000000000C6E000.00000002.00000001.01000000.0000001A.sdmp, WCKsatFYtLNCcBGzYutkrweBluUg.exe, 00000015.00000000.2471622186.0000000000C6E000.00000002.00000001.01000000.0000001A.sdmp, WCKsatFYtLNCcBGzYutkrweBluUg.exe, 00000016.00000000.2475220946.0000000000C6E000.00000002.00000001.01000000.0000001A.sdmp, WCKsatFYtLNCcBGzYutkrweBluUg.exe, 00000017.00000000.2480749861.0000000000C6E000.00000002.00000001.01000000.0000001A.sdmp, WCKsatFYtLNCcBGzYutkrweBluUg.exe, 00000018.00000000.2485165462.0000000000C6E000.00000002.00000001.01000000.0000001A.sdmp, WCKsatFYtLNCcBGzYutkrweBluUg.exe, 0000001A.00000000.2493935998.0000000000C6E000.00000002.00000001.01000000.0000001A.sdmp, WCKsatFYtLNCcBGzYutkrweBluUg.exe, 0000001B.00000002.3034033202.0000000000C6E000.00000002.00000001.01000000.0000001A.sdmp, WCKsatFYtLNCcBGzYutkrweBluUg.exe, 0000001C.00000002.3047804990.0000000000C6E000.00000002.00000001.01000000.0000001A.sdmp, WCKsatFYtLNCcBGzYutkrweBluUg.exe, 0000001D.00000000.2500606041.0000000000C6E000.00000002.00000001.01000000.0000001A.sdmp, WCKsatFYtLNCcBGzYutkrweBluUg.exe, 0000001F.00000000.2504050842.0000000000C6E000.00000002.00000001.01000000.0000001A.sdmp, WCKsatFYtLNCcBGzYutkrweBluUg.exe, 00000020.00000002.3040637974.0000000000C6E000.00000002.00000001.01000000.0000001A.sdmp, WCKsatFYtLNCcBGzYutkrweBluUg.exe, 00000021.00000002.3027462286.0000000000C6E000.00000002.00000001.01000000.0000001A.sdmp, WCKsatFYtLNCcBGzYutkrweBluUg.exe, 00000022.00000002.3028005009.0000000000C6E000.00000002.00000001.01000000.0000001A.sdmp, WCKsatFYtLNCcBGzYutkrweBluUg.exe, 00000023.00000000.2511109967.0000000000C6E000.00000002.00000001.01000000.0000001A.sdmp, WCKsatFYtLNCcBGzYutkrweBluUg.exe, 00000024.00000002.3051559338.0000000000C6E000.00000002.00000001.01000000.0000001A.sdmp, WCKsatFYtLNCcBGzYutkrweBluUg.exe, 00000025.00000000.2517940833.0000000000C6E000.00000002.00000001.01000000.0000001A.sdmp, WCKsatFYtLNCcBGzYutkrweBluUg.exe, 00000026.00000002.3041627451.0000000000C6E000.00000002.00000001.01000000.0000001A.sdmp, WCKsatFYtLNCcBGzYutkrweBluUg.exe, 00000027.00000000.2523509945.0000000000C6E000.00000002.00000001.01000000.0000001A.sdmp, WCKsatFYtLNCcBGzYutkrweBluUg.exe, 00000028.00000000.2524807272.0000000000C6E000.00000002.00000001.01000000.0
Source: Binary string: C:\Users\zak\Downloads\Inetc\Unicode\Plugins\inetc.pdb source: Setup.exe, 00000000.00000002.2031646137.000000000040A000.00000004.00000001.01000000.00000003.sdmp
Source: Binary string: C:\Build\Build_1092c_D20241025T171023\fa_rss\engine\Release\PCAppStore.pdb source: nsq4808.tmp, 00000009.00000002.2496609049.0000000002BD8000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 0000000A.00000000.2366309517.00007FF71AE4B000.00000002.00000001.01000000.00000016.sdmp, PcAppStore.exe, 0000000A.00000002.3233552193.00007FF71AE4B000.00000002.00000001.01000000.00000016.sdmp, PcAppStore.exe, 0000001E.00000000.2499837866.00007FF71AE4B000.00000002.00000001.01000000.00000016.sdmp, PcAppStore.exe, 0000001E.00000002.2506777440.00007FF71AE4B000.00000002.00000001.01000000.00000016.sdmp
Source: Binary string: C:\Build\Build_1092c_D20241025T171023\fa_rss\AppStoreUpdater\Release\auto_updater.pdb source: nsq4808.tmp, 00000009.00000002.2496609049.0000000002ECF000.00000004.00000020.00020000.00000000.sdmp
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_00405C49 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose, 0_2_00405C49
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_00406873 FindFirstFileW,FindClose, 0_2_00406873
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_0040290B FindFirstFileW, 0_2_0040290B
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp Code function: 9_2_00405D74 CloseHandle,GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose, 9_2_00405D74
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp Code function: 9_2_0040699E FindFirstFileW,FindClose, 9_2_0040699E
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp Code function: 9_2_0040290B FindFirstFileW, 9_2_0040290B
Source: C:\Users\user\PCAppStore\PcAppStore.exe Code function: 10_2_00007FF71ADE75F8 FindClose,FindFirstFileExW,GetLastError,GetCurrentDirectoryW,GetLastError, 10_2_00007FF71ADE75F8
Source: C:\Users\user\PCAppStore\PcAppStore.exe Code function: 10_2_00007FF71ADE76A8 GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,__std_fs_open_handle,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,CloseHandle,CloseHandle, 10_2_00007FF71ADE76A8
Source: C:\Users\user\PCAppStore\Watchdog.exe Code function: 11_2_00007FF75C4816E0 FindClose,FindFirstFileExW,GetLastError, 11_2_00007FF75C4816E0
Source: C:\Users\user\PCAppStore\Watchdog.exe Code function: 11_2_00007FF75C481754 GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,__std_fs_open_handle,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,CloseHandle,CloseHandle, 11_2_00007FF75C481754
Source: C:\Users\user\PCAppStore\Watchdog.exe Code function: 11_2_00007FF75C490330 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose, 11_2_00007FF75C490330
IP address seen in connection with other malware
Source: Joe Sandbox View IP Address: 1.1.1.1 1.1.1.1
Source: Joe Sandbox View IP Address: 170.114.52.2 170.114.52.2
Source: C:\Users\user\PCAppStore\PcAppStore.exe Code function: 10_2_00007FF71AC7CB80 GetTickCount64,Sleep,GetTickCount,Sleep,URLDownloadToFileW,Sleep,DeleteFileW, 10_2_00007FF71AC7CB80
Source: chrome.exe, 00000001.00000002.3399571970.00001F50006D5000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: %https://www.youtube.com/?feature=ytca equals www.youtube.com (Youtube)
Source: chrome.exe, 00000001.00000002.3399571970.00001F50006D5000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: @https://www.youtube.com/s/notifications/manifest/cr_install.html equals www.youtube.com (Youtube)
Source: chromecache_321.3.dr String found in binary or memory: Math.round(q);t["gtm.videoElapsedTime"]=Math.round(f);t["gtm.videoPercent"]=r;t["gtm.videoVisible"]=u;return t},rk:function(){e=pb()},zd:function(){d()}}};var Yb=ka(["data-gtm-yt-inspected-"]),nD=["www.youtube.com","www.youtube-nocookie.com"],oD,pD=!1; equals www.youtube.com (Youtube)
Source: chromecache_321.3.dr String found in binary or memory: c?"runIfCanceled":"runIfUncanceled",[]);if(!g.length)return!0;var k=UA(a,c,e);S(121);if(k["gtm.elementUrl"]==="https://www.facebook.com/tr/")return S(122),!0;if(d&&f){for(var m=Ab(b,g.length),n=0;n<g.length;++n)g[n](k,m);return m.done}for(var p=0;p<g.length;++p)g[p](k,function(){});return!0},XA=function(){var a=[],b=function(c){return db(a,function(d){return d.form===c})};return{store:function(c,d){var e=b(c);e?e.button=d:a.push({form:c,button:d})},get:function(c){var d=b(c);return d?d.button:null}}}, equals www.facebook.com (Facebook)
Source: chrome.exe, 00000001.00000002.3399571970.00001F50006D5000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/: equals www.youtube.com (Youtube)
Source: chrome.exe, 00000001.00000002.3399571970.00001F50006D5000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/J equals www.youtube.com (Youtube)
Source: chrome.exe, 00000001.00000002.3393052150.00001F50002D0000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.html equals www.youtube.com (Youtube)
Source: chromecache_321.3.dr String found in binary or memory: if(!(e||f||g||k.length||m.length))return;var p={Ah:e,yh:f,zh:g,ii:k,ji:m,Qe:n,Ib:b},q=C.YT;if(q)return q.ready&&q.ready(d),b;var r=C.onYouTubeIframeAPIReady;C.onYouTubeIframeAPIReady=function(){r&&r();d()};G(function(){for(var u=E.getElementsByTagName("script"),v=u.length,t=0;t<v;t++){var w=u[t].getAttribute("src");if(yD(w,"iframe_api")||yD(w,"player_api"))return b}for(var x=E.getElementsByTagName("iframe"),y=x.length,A=0;A<y;A++)if(!pD&&wD(x[A],p.Qe))return oc("https://www.youtube.com/iframe_api"), equals www.youtube.com (Youtube)
Source: chromecache_321.3.dr String found in binary or memory: var AC=function(a,b,c,d,e){var f=rA("fsl",c?"nv.mwt":"mwt",0),g;g=c?rA("fsl","nv.ids",[]):rA("fsl","ids",[]);if(!g.length)return!0;var k=wA(a,"gtm.formSubmit",g),m=a.action;m&&m.tagName&&(m=a.cloneNode(!1).action);S(121);if(m==="https://www.facebook.com/tr/")return S(122),!0;k["gtm.elementUrl"]=m;k["gtm.formCanceled"]=c;a.getAttribute("name")!=null&&(k["gtm.interactedFormName"]=a.getAttribute("name"));e&&(k["gtm.formSubmitElement"]=e,k["gtm.formSubmitElementText"]=e.value);if(d&&f){if(!dz(k,fz(b, equals www.facebook.com (Facebook)
Source: chrome.exe, 00000001.00000002.3418996338.00001F5000C1C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/1423136
Source: chrome.exe, 00000001.00000002.3418996338.00001F5000C1C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/1423136P
Source: chrome.exe, 00000001.00000002.3418266147.00001F5000BA8000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/2162
Source: chrome.exe, 00000001.00000002.3418266147.00001F5000BA8000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/2517
Source: chrome.exe, 00000001.00000002.3418266147.00001F5000BA8000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/2517te
Source: chrome.exe, 00000001.00000002.3418266147.00001F5000BA8000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/2970
Source: chrome.exe, 00000001.00000002.3418266147.00001F5000BA8000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/2970encodin
Source: chrome.exe, 00000001.00000002.3418266147.00001F5000BA8000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3078
Source: chrome.exe, 00000001.00000002.3418266147.00001F5000BA8000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3205
Source: chrome.exe, 00000001.00000002.3418266147.00001F5000BA8000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3206
Source: chrome.exe, 00000001.00000002.3418266147.00001F5000BA8000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3452
Source: chrome.exe, 00000001.00000002.3418266147.00001F5000BA8000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3498
Source: chrome.exe, 00000001.00000002.3418266147.00001F5000BA8000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3502
Source: chrome.exe, 00000001.00000002.3418266147.00001F5000BA8000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3577
Source: chrome.exe, 00000001.00000002.3418266147.00001F5000BA8000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3584
Source: chrome.exe, 00000001.00000002.3418266147.00001F5000BA8000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3586
Source: chrome.exe, 00000001.00000002.3423887929.00001F5000EF0000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3623
Source: chrome.exe, 00000001.00000002.3423887929.00001F5000EF0000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3624
Source: chrome.exe, 00000001.00000002.3423887929.00001F5000EF0000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3625
Source: chrome.exe, 00000001.00000002.3418266147.00001F5000BA8000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3832
Source: chrome.exe, 00000001.00000002.3418266147.00001F5000BA8000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3862
Source: chrome.exe, 00000001.00000002.3418266147.00001F5000BA8000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3965
Source: chrome.exe, 00000001.00000002.3418266147.00001F5000BA8000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3970
Source: chrome.exe, 00000001.00000002.3418266147.00001F5000BA8000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4324
Source: chrome.exe, 00000001.00000002.3418266147.00001F5000BA8000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4384
Source: chrome.exe, 00000001.00000002.3418266147.00001F5000BA8000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4384e
Source: chrome.exe, 00000001.00000002.3418266147.00001F5000BA8000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4405
Source: chrome.exe, 00000001.00000002.3418266147.00001F5000BA8000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4428
Source: chrome.exe, 00000001.00000002.3418266147.00001F5000BA8000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4551
Source: chrome.exe, 00000001.00000002.3418266147.00001F5000BA8000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4551e2
Source: chrome.exe, 00000001.00000002.3418266147.00001F5000BA8000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4633
Source: chrome.exe, 00000001.00000002.3418266147.00001F5000BA8000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4722
Source: chrome.exe, 00000001.00000002.3418266147.00001F5000BA8000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4836
Source: chrome.exe, 00000001.00000002.3418266147.00001F5000BA8000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4901
Source: chrome.exe, 00000001.00000002.3418266147.00001F5000BA8000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4937
Source: chrome.exe, 00000001.00000002.3418996338.00001F5000C1C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5007
Source: chrome.exe, 00000001.00000002.3418266147.00001F5000BA8000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5055
Source: chrome.exe, 00000001.00000002.3418266147.00001F5000BA8000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5061
Source: chrome.exe, 00000001.00000002.3418266147.00001F5000BA8000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5281
Source: chrome.exe, 00000001.00000002.3418266147.00001F5000BA8000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5371
Source: chrome.exe, 00000001.00000002.3418266147.00001F5000BA8000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5375
Source: chrome.exe, 00000001.00000002.3418266147.00001F5000BA8000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5421
Source: chrome.exe, 00000001.00000002.3418266147.00001F5000BA8000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5430
Source: chrome.exe, 00000001.00000002.3418266147.00001F5000BA8000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5535
Source: chrome.exe, 00000001.00000002.3418266147.00001F5000BA8000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5658
Source: chrome.exe, 00000001.00000002.3418996338.00001F5000C1C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5750
Source: chrome.exe, 00000001.00000002.3418266147.00001F5000BA8000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5881
Source: chrome.exe, 00000001.00000002.3418266147.00001F5000BA8000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5901
Source: chrome.exe, 00000001.00000002.3418266147.00001F5000BA8000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5906
Source: chrome.exe, 00000001.00000002.3418996338.00001F5000C1C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6041
Source: chrome.exe, 00000001.00000002.3418266147.00001F5000BA8000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6048
Source: chrome.exe, 00000001.00000002.3418266147.00001F5000BA8000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6141
Source: chrome.exe, 00000001.00000002.3418266147.00001F5000BA8000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6248
Source: chrome.exe, 00000001.00000002.3418266147.00001F5000BA8000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/62488
Source: chrome.exe, 00000001.00000002.3418266147.00001F5000BA8000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6439
Source: chrome.exe, 00000001.00000002.3418266147.00001F5000BA8000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6651
Source: chrome.exe, 00000001.00000002.3418266147.00001F5000BA8000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6692
Source: chrome.exe, 00000001.00000002.3418266147.00001F5000BA8000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6755
Source: chrome.exe, 00000001.00000002.3418266147.00001F5000BA8000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6860
Source: chrome.exe, 00000001.00000002.3418266147.00001F5000BA8000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6876
Source: chrome.exe, 00000001.00000002.3418266147.00001F5000BA8000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6878
Source: chrome.exe, 00000001.00000002.3418266147.00001F5000BA8000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6929
Source: chrome.exe, 00000001.00000002.3418266147.00001F5000BA8000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6953
Source: chrome.exe, 00000001.00000002.3386639992.00001F500000C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7036
Source: chrome.exe, 00000001.00000002.3418266147.00001F5000BA8000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7047
Source: chrome.exe, 00000001.00000002.3418266147.00001F5000BA8000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7172
Source: chrome.exe, 00000001.00000002.3418996338.00001F5000C1C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7279
Source: chrome.exe, 00000001.00000002.3418996338.00001F5000C1C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7279d
Source: chrome.exe, 00000001.00000002.3418266147.00001F5000BA8000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7370
Source: chrome.exe, 00000001.00000002.3418266147.00001F5000BA8000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7406
Source: chrome.exe, 00000001.00000002.3418266147.00001F5000BA8000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7488
Source: chrome.exe, 00000001.00000002.3418266147.00001F5000BA8000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7553
Source: chrome.exe, 00000001.00000002.3418266147.00001F5000BA8000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7556
Source: chrome.exe, 00000001.00000002.3406392524.00001F50007C0000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7724
Source: chrome.exe, 00000001.00000002.3418266147.00001F5000BA8000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7760
Source: chrome.exe, 00000001.00000002.3395481405.00001F500041C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7761
Source: chrome.exe, 00000001.00000002.3395481405.00001F500041C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7761A
Source: chrome.exe, 00000001.00000002.3418266147.00001F5000BA8000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/8162
Source: chrome.exe, 00000001.00000002.3418266147.00001F5000BA8000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/8215
Source: chrome.exe, 00000001.00000002.3418266147.00001F5000BA8000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/8229
Source: chrome.exe, 00000001.00000002.3418996338.00001F5000C1C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/8280
Source: chrome.exe, 00000001.00000002.3391938485.00001F500020C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://clients2.google.com/time/1/current
Source: chrome.exe, 00000001.00000002.3396343213.00001F50004F8000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://clientservices.googleapis.com/chrome-variations/seed?osname=win&channel=stable&milestone=117
Source: chrome.exe, 00000001.00000002.3412683395.00001F5000950000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://dl.google.com/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjhkYWYwZDctOTExOS00MGQ5LTgyNjAt
Source: chrome.exe, 00000001.00000002.3420519334.00001F5000CB8000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://dl.google.com/release2/chrome_component/AMpg5-cnrANo_2018.8.8.0/2018.8.8.0_win64_win_third_pa
Source: chrome.exe, 00000001.00000002.3434204883.00001F50015D0000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://dl.google.com/release2/chrome_component/V3P1l2hLvLw_7/7_all_sslErrorAssistant.crx3
Source: chrome.exe, 00000001.00000002.3434204883.00001F50015D0000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://dl.google.com/release2/chrome_component/V3P1l2hLvLw_7/7_all_sslErrorAssistant.crx352.0/
Source: chrome.exe, 00000001.00000002.3388043152.00001F500007B000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://dl.google.com/release2/chrome_component/ac6mhlwypzipnufijdvfyhdgvt4q_67/khaoiebndkojlmppeemjh
Source: chrome.exe, 00000001.00000002.3389725445.00001F50000FC000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://dl.google.com/release2/chrome_component/acaldksiunzh56452py2db5mnbpa_120.0.6050.0/jamhcnnkihi
Source: chrome.exe, 00000001.00000002.3389725445.00001F50000FC000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://dl.google.com/release2/chrome_component/acccxbt6wwsvpxzpob4hojndwkqq_4.10.2830.0/oimompecagna
Source: chrome.exe, 00000001.00000002.3399009470.00001F5000698000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://dl.google.com/release2/chrome_component/acdrpu5h5nrvazlb22ulljvgujnq_3048/jflookgnkcckhobagln
Source: chrome.exe, 00000001.00000002.3388043152.00001F500007B000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://dl.google.com/release2/chrome_component/aclacns2lwpknygjwzhz5vqbtzhq_1118/efniojlnjndmcbiieeg
Source: chrome.exe, 00000001.00000002.3391112532.00001F500018C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://dl.google.com/release2/chrome_component/aclz7ibkvp257t2vgob3ecc555sa_20241018.689539685.14/ob
Source: chrome.exe, 00000001.00000002.3389725445.00001F50000FC000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://dl.google.com/release2/chrome_component/ad3skwo2srs5xchyxzz6ujgnedha_9.52.0/gcmjkmgdlgnkkcocm
Source: chrome.exe, 00000001.00000002.3415761555.00001F5000A8C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://dl.google.com/release2/chrome_component/adrga7eefaxjfdmmgfkiaxjg4yjq_2024.7.12.235938/eeigpng
Source: chrome.exe, 00000001.00000002.3388043152.00001F500007B000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://dl.google.com/release2/chrome_component/adurx3xz3dy7ajnoguus4co3vr6q_9258/hfnkpimlhhgieaddgfe
Source: chrome.exe, 00000001.00000002.3412683395.00001F5000950000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://dl.google.com/release2/chrome_component/cpx7rw4q3nwu7emczqf2w6cu7y_2023.3.30.1305/cocncanleaf
Source: chrome.exe, 00000001.00000002.3389725445.00001F50000FC000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://dl.google.com/release2/chrome_component/cxxqn654fg7hzrcrrnqcniqqye_2024.10.11.1/kiabhabjdbkjd
Source: chrome.exe, 00000001.00000002.3412683395.00001F5000950000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://dl.google.com/release2/chrome_component/e6xlmsu5i2bokri3w4cyuhv4nq_2024.8.10.0/gonpemdgkjcecd
Source: chrome.exe, 00000001.00000002.3389725445.00001F50000FC000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://dl.google.com/release2/chrome_component/imoffpf67hel7kbknqflao2oo4_1.0.2738.0/neifaoindggfcji
Source: chrome.exe, 00000001.00000002.3399009470.00001F5000698000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://dl.google.com/release2/chrome_component/j2hxfei2occ5siitujtlwgp6xi_3/ojhpjlocmbogdgmfpkhlaaea
Source: chrome.exe, 00000001.00000002.3415761555.00001F5000A8C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://dl.google.com/release2/chrome_component/p2zbkxfgkqyr6ljey2oe3bnzoy_2023.11.29.1201/ggkkehgbnf
Source: chrome.exe, 00000001.00000002.3432681498.00001F5001540000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://dns-tunnel-check.googlezip.net/connect
Source: chrome.exe, 00000001.00000002.3388043152.00001F500007B000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNzI0QUFXNV9zT2RvdUwy
Source: chrome.exe, 00000001.00000002.3412683395.00001F5000950000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjhkYWYwZDctOTExOS00
Source: chrome.exe, 00000001.00000002.3420894777.00001F5000CE0000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/AMpg5-cnrANo_2018.8.8.0/2018.8.8.0_win64_
Source: chrome.exe, 00000001.00000002.3425707081.00001F5000FF0000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/V3P1l2hLvLw_7/7_all_sslErrorAssistant.crx
Source: chrome.exe, 00000001.00000002.3389725445.00001F50000FC000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ac6mhlwypzipnufijdvfyhdgvt4q_67/khaoiebnd
Source: chrome.exe, 00000001.00000002.3398797921.00001F500066C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaldksiunzh56452py2db5mnbpa_120.0.6050.0
Source: chrome.exe, 00000001.00000002.3398797921.00001F500066C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acccxbt6wwsvpxzpob4hojndwkqq_4.10.2830.0/
Source: chrome.exe, 00000001.00000002.3412683395.00001F5000950000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acdrpu5h5nrvazlb22ulljvgujnq_3048/jflookg
Source: chrome.exe, 00000001.00000002.3389725445.00001F50000FC000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/aclacns2lwpknygjwzhz5vqbtzhq_1118/efniojl
Source: chrome.exe, 00000001.00000002.3390185653.00001F500014C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/aclz7ibkvp257t2vgob3ecc555sa_20241018.689
Source: chrome.exe, 00000001.00000002.3389725445.00001F50000FC000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ad3skwo2srs5xchyxzz6ujgnedha_9.52.0/gcmjk
Source: chrome.exe, 00000001.00000002.3398797921.00001F500066C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adrga7eefaxjfdmmgfkiaxjg4yjq_2024.7.12.23
Source: chrome.exe, 00000001.00000002.3389725445.00001F50000FC000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adurx3xz3dy7ajnoguus4co3vr6q_9258/hfnkpim
Source: chrome.exe, 00000001.00000002.3398797921.00001F500066C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/cpx7rw4q3nwu7emczqf2w6cu7y_2023.3.30.1305
Source: chrome.exe, 00000001.00000002.3415761555.00001F5000A8C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/cxxqn654fg7hzrcrrnqcniqqye_2024.10.11.1/k
Source: chrome.exe, 00000001.00000002.3398797921.00001F500066C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.3415761555.00001F5000A8C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/e6xlmsu5i2bokri3w4cyuhv4nq_2024.8.10.0/go
Source: chrome.exe, 00000001.00000002.3398797921.00001F500066C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/imoffpf67hel7kbknqflao2oo4_1.0.2738.0/nei
Source: chrome.exe, 00000001.00000002.3399009470.00001F5000698000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/j2hxfei2occ5siitujtlwgp6xi_3/ojhpjlocmbog
Source: chrome.exe, 00000001.00000002.3415761555.00001F5000A8C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/p2zbkxfgkqyr6ljey2oe3bnzoy_2023.11.29.120
Source: chrome.exe, 00000001.00000002.3388689636.00001F500009E000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://google.com/
Source: chrome.exe, 00000001.00000002.3424639814.00001F5000F6C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://issuetracker.google.com/200067929
Source: chrome.exe, 00000001.00000002.3393052150.00001F50002D0000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://localhost:64111/browseore/api/api.php
Source: chrome.exe, 00000001.00000002.3393052150.00001F50002D0000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://localhost:64111/saveimgD93BF0&_fcid=1730271248380473&_winver=19045&version=fa.1092c
Source: Setup.exe, 00000000.00000002.2031646137.000000000040A000.00000004.00000001.01000000.00000003.sdmp, Setup.exe, 00000000.00000000.1750365336.000000000040A000.00000008.00000001.01000000.00000003.sdmp, nsq4808.tmp, 00000009.00000000.2016697958.000000000040A000.00000008.00000001.01000000.0000000F.sdmp, nsq4808.tmp, 00000009.00000002.2493986952.000000000040A000.00000004.00000001.01000000.0000000F.sdmp, nsq4808.tmp, 00000009.00000002.2496609049.0000000002F60000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: chrome.exe, 00000001.00000002.3412683395.00001F5000950000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjhkYWYwZDctOTExOS0
Source: chrome.exe, 00000001.00000002.3420894777.00001F5000CE0000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://redirector.gvt1.com/edgedl/release2/chrome_component/AMpg5-cnrANo_2018.8.8.0/2018.8.8.0_win64
Source: chrome.exe, 00000001.00000002.3419179801.00001F5000C40000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://redirector.gvt1.com/edgedl/release2/chrome_component/V3P1l2hLvLw_7/7_all_sslErrorAssistant.cr
Source: chrome.exe, 00000001.00000002.3413538929.00001F5000994000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://safebrowsing.googleusercontent.com/safebrowsing/clientreport/chrome-certs
Source: chrome.exe, 00000001.00000002.3413884541.00001F50009C0000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://unisolated.invalid/
Source: chrome.exe, 00000001.00000002.3413884541.00001F50009C0000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://unisolated.invalid/a
Source: chrome.exe, 00000001.00000002.3412683395.00001F5000950000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://www.google.com/dl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjhkYWYwZDctOTExOS00MGQ5LTgy
Source: chrome.exe, 00000001.00000002.3420519334.00001F5000CB8000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://www.google.com/dl/release2/chrome_component/AMpg5-cnrANo_2018.8.8.0/2018.8.8.0_win64_win_thir
Source: chrome.exe, 00000001.00000002.3434204883.00001F50015D0000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://www.google.com/dl/release2/chrome_component/V3P1l2hLvLw_7/7_all_sslErrorAssistant.crx3
Source: chrome.exe, 00000001.00000002.3388043152.00001F500007B000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://www.google.com/dl/release2/chrome_component/ac6mhlwypzipnufijdvfyhdgvt4q_67/khaoiebndkojlmppe
Source: chrome.exe, 00000001.00000002.3389725445.00001F50000FC000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://www.google.com/dl/release2/chrome_component/acaldksiunzh56452py2db5mnbpa_120.0.6050.0/jamhcnn
Source: chrome.exe, 00000001.00000002.3412683395.00001F5000950000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://www.google.com/dl/release2/chrome_component/acccxbt6wwsvpxzpob4hojndwkqq_4.10.2830.0/oimompec
Source: chrome.exe, 00000001.00000002.3399009470.00001F5000698000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://www.google.com/dl/release2/chrome_component/acdrpu5h5nrvazlb22ulljvgujnq_3048/jflookgnkcckhob
Source: chrome.exe, 00000001.00000002.3399009470.00001F5000698000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://www.google.com/dl/release2/chrome_component/aclacns2lwpknygjwzhz5vqbtzhq_1118/efniojlnjndmcbi
Source: chrome.exe, 00000001.00000002.3391112532.00001F500018C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://www.google.com/dl/release2/chrome_component/aclz7ibkvp257t2vgob3ecc555sa_20241018.689539685.1
Source: chrome.exe, 00000001.00000002.3389725445.00001F50000FC000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://www.google.com/dl/release2/chrome_component/ad3skwo2srs5xchyxzz6ujgnedha_9.52.0/gcmjkmgdlgnkk
Source: chrome.exe, 00000001.00000002.3398797921.00001F500066C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://www.google.com/dl/release2/chrome_component/adrga7eefaxjfdmmgfkiaxjg4yjq_2024.7.12.235938/eei
Source: chrome.exe, 00000001.00000002.3419792507.00001F5000C70000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://www.google.com/dl/release2/chrome_component/adurx3xz3dy7ajnoguus4co3vr6q_9258/hfnkpimlhhgiead
Source: chrome.exe, 00000001.00000002.3398797921.00001F500066C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://www.google.com/dl/release2/chrome_component/cpx7rw4q3nwu7emczqf2w6cu7y_2023.3.30.1305/cocncan
Source: chrome.exe, 00000001.00000002.3389725445.00001F50000FC000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://www.google.com/dl/release2/chrome_component/cxxqn654fg7hzrcrrnqcniqqye_2024.10.11.1/kiabhabjd
Source: chrome.exe, 00000001.00000002.3389725445.00001F50000FC000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.3412683395.00001F5000950000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://www.google.com/dl/release2/chrome_component/e6xlmsu5i2bokri3w4cyuhv4nq_2024.8.10.0/gonpemdgkj
Source: chrome.exe, 00000001.00000002.3389725445.00001F50000FC000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://www.google.com/dl/release2/chrome_component/imoffpf67hel7kbknqflao2oo4_1.0.2738.0/neifaoindgg
Source: chrome.exe, 00000001.00000002.3399009470.00001F5000698000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://www.google.com/dl/release2/chrome_component/j2hxfei2occ5siitujtlwgp6xi_3/ojhpjlocmbogdgmfpkhl
Source: chrome.exe, 00000001.00000002.3398797921.00001F500066C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://www.google.com/dl/release2/chrome_component/p2zbkxfgkqyr6ljey2oe3bnzoy_2023.11.29.1201/ggkkeh
Source: chrome.exe, 00000001.00000002.3413884541.00001F50009C0000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://www.gstatic.com/generate_204
Source: chrome.exe, 00000001.00000002.3417923579.00001F5000B88000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: chrome.exe, 00000001.00000002.3391938485.00001F500020C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://accountcapabilities-pa.googleapis.com/
Source: chrome.exe, 00000001.00000002.3388043152.00001F5000064000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://accountcapabilities-pa.googleapis.com/v1/accountcapabilities:batchGet
Source: chrome.exe, 00000001.00000002.3395481405.00001F500041C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.3418996338.00001F5000C1C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com
Source: chrome.exe, 00000001.00000002.3386639992.00001F500000C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.3418266147.00001F5000BA8000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/
Source: chrome.exe, 00000001.00000002.3391651275.00001F50001C4000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/AddSession
Source: chrome.exe, 00000001.00000002.3391938485.00001F500020C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/GetCheckConnectionInfo
Source: chrome.exe, 00000001.00000002.3391938485.00001F500020C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/ListAccounts?json=standard
Source: chrome.exe, 00000001.00000002.3391651275.00001F50001C4000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/Logout
Source: chrome.exe, 00000001.00000002.3391651275.00001F50001C4000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/Logout1
Source: chrome.exe, 00000001.00000002.3391651275.00001F50001C4000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/MergeSession
Source: chrome.exe, 00000001.00000002.3391651275.00001F50001C4000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/OAuthLogin
Source: chrome.exe, 00000001.00000002.3391938485.00001F500020C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/RotateBoundCookies
Source: chrome.exe, 00000001.00000002.3391938485.00001F500020C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/chrome/blank.html
Source: chrome.exe, 00000001.00000002.3391938485.00001F500020C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/chrome/blank.htmlB
Source: chrome.exe, 00000001.00000002.3391938485.00001F500020C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/embedded/reauth/chromeos
Source: chrome.exe, 00000001.00000002.3389250415.00001F50000B4000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/embedded/setup/chrome/usermenu
Source: chrome.exe, 00000001.00000002.3389250415.00001F50000B4000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/embedded/setup/kidsignin/chromeos
Source: chrome.exe, 00000001.00000002.3389250415.00001F50000B4000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/embedded/setup/kidsignup/chromeos
Source: chrome.exe, 00000001.00000002.3391938485.00001F500020C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/embedded/setup/v2/chromeos
Source: chrome.exe, 00000001.00000002.3391938485.00001F500020C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/embedded/setup/windows
Source: chrome.exe, 00000001.00000002.3391938485.00001F500020C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/embedded/xreauth/chrome
Source: chrome.exe, 00000001.00000002.3391938485.00001F500020C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/encryption/unlock/desktop
Source: chrome.exe, 00000001.00000002.3388043152.00001F5000064000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/encryption/unlock/desktop?kdi=CAIaDgoKY2hyb21lc3luYxAB
Source: chrome.exe, 00000001.00000002.3391938485.00001F500020C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/o/oauth2/revoke
Source: chrome.exe, 00000001.00000002.3391938485.00001F500020C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/oauth/multilogin
Source: chrome.exe, 00000001.00000002.3391938485.00001F500020C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/signin/chrome/sync?ssp=1
Source: chrome.exe, 00000001.00000002.3391651275.00001F50001C4000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com:443
Source: chrome.exe, 00000001.00000002.3395481405.00001F500041C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.3418996338.00001F5000C1C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.comP
Source: chrome.exe, 00000001.00000002.3415622670.00001F5000A78000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://alling.p
Source: chrome.exe, 00000001.00000002.3283427795.000001FDAEB1D000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: https://analytics.google.com/g/collect?v=2&tid=G-VFQWFX3X1C&gtm=45je4au0h2v898645365za200zb910325665
Source: chrome.exe, 00000001.00000002.3418266147.00001F5000BA8000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/4830
Source: chrome.exe, 00000001.00000002.3418266147.00001F5000BA8000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/4966
Source: chrome.exe, 00000001.00000002.3418266147.00001F5000BA8000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/5845
Source: chrome.exe, 00000001.00000002.3418266147.00001F5000BA8000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/6574
Source: chrome.exe, 00000001.00000002.3418266147.00001F5000BA8000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7161
Source: chrome.exe, 00000001.00000002.3418266147.00001F5000BA8000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7162
Source: chrome.exe, 00000001.00000002.3418996338.00001F5000C1C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7246
Source: chrome.exe, 00000001.00000002.3418266147.00001F5000BA8000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7308
Source: chrome.exe, 00000001.00000002.3418266147.00001F5000BA8000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7319
Source: chrome.exe, 00000001.00000002.3418266147.00001F5000BA8000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7320
Source: chrome.exe, 00000001.00000002.3418266147.00001F5000BA8000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7369
Source: chrome.exe, 00000001.00000002.3418266147.00001F5000BA8000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7382
Source: chrome.exe, 00000001.00000002.3418266147.00001F5000BA8000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7489
Source: chrome.exe, 00000001.00000002.3418266147.00001F5000BA8000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7604
Source: chrome.exe, 00000001.00000002.3418266147.00001F5000BA8000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7714
Source: chrome.exe, 00000001.00000002.3418266147.00001F5000BA8000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7847
Source: chrome.exe, 00000001.00000002.3418266147.00001F5000BA8000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7899
Source: chrome.exe, 00000001.00000002.3406062770.00001F5000770000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://calendar.google.com/calendar/u/0/r/eventedit?usp=chrome_actions
Source: chrome.exe, 00000001.00000002.3417923579.00001F5000B88000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.ico
Source: chrome.exe, 00000001.00000002.3417473523.00001F5000B6C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/favicon.ico
Source: chrome.exe, 00000001.00000002.3417473523.00001F5000B6C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/favicon.icofrom_play_api
Source: chrome.exe, 00000001.00000002.3415761555.00001F5000A8C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/search
Source: chrome.exe, 00000001.00000002.3395815212.00001F5000490000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/search?ei=&fr=crmas&p=
Source: chrome.exe, 00000001.00000002.3395815212.00001F5000490000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/search?ei=&fr=crmas&p=searchTerms
Source: chrome.exe, 00000001.00000002.3413538929.00001F5000994000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: chrome.exe, 00000001.00000002.3397659242.00001F50005E0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.3386639992.00001F500000C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore
Source: chrome.exe, 00000001.00000002.3397659242.00001F50005E0000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore206E5
Source: chrome.exe, 00000001.00000002.3413078495.00001F500097C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.3391938485.00001F500020C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.3416875858.00001F5000B28000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.3413884541.00001F50009C0000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=en
Source: chrome.exe, 00000001.00000002.3416875858.00001F5000B28000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=en106243
Source: chrome.exe, 00000001.00000002.3397659242.00001F50005E0000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstoreP
Source: chrome.exe, 00000001.00000002.3232110268.000001FDACBC0000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: https://chromekanonymity-pa.googleapis.com/
Source: chrome.exe, 00000001.00000002.3232110268.000001FDACBC0000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/
Source: chrome.exe, 00000001.00000002.3232110268.000001FDACBC0000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/(
Source: chrome.exe, 00000001.00000002.3232110268.000001FDACBC0000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/(TrustTokenOperationsRequiringOriginTrial#all-operat
Source: chrome.exe, 00000001.00000002.3391938485.00001F500020C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://chromereporting-pa.googleapis.com/v1/events
Source: chrome.exe, 00000001.00000002.3391938485.00001F500020C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://chromereporting-pa.googleapis.com/v1/record
Source: chrome.exe, 00000001.00000002.3386639992.00001F500000C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://chromewebstore.google.com/
Source: chrome.exe, 00000001.00000002.3394717986.00001F5000390000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://chromium-i18n.appspot.com/ssl-aggregate-address/
Source: chrome.exe, 00000001.00000002.3391651275.00001F50001C4000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://classroom.googleapis.com/
Source: chrome.exe, 00000001.00000002.3391651275.00001F50001C4000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://classroom.googleapis.com/g1
Source: chrome.exe, 00000001.00000002.3386639992.00001F500000C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.3398039226.00001F5000618000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.3417473523.00001F5000B6C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: chrome.exe, 00000001.00000002.3391651275.00001F50001C4000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://clients4.google.com/chrome-sync
Source: chrome.exe, 00000001.00000002.3391651275.00001F50001C4000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://clients4.google.com/chrome-sync/event
Source: chrome.exe, 00000001.00000002.3396343213.00001F50004F8000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://clientservices.googleapis.com/chrome-variations/seed?osname=win&channel=stable&milestone=117
Source: chrome.exe, 00000001.00000002.3425600382.00001F5000FE0000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://csp.withgoog
Source: chrome.exe, 00000001.00000002.3393937604.00001F5000300000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://csp.withgoogle.c
Source: chrome.exe, 00000001.00000002.3427578825.00001F5001114000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://csp.withgoogle.com/csp/analytics-container-tag-serving
Source: chrome.exe, 00000001.00000002.3415276757.00001F5000A48000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://csp.withgoogle.com/csp/analytics-container-tag-servingCross-Origin-Resource-Policy:
Source: chrome.exe, 00000001.00000002.3228261023.000001FDACA6D000.00000004.00000001.00040000.00000000.sdmp, chrome.exe, 00000001.00000002.3418519744.00001F5000BE0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.3405421194.00001F5000748000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://csp.withgoogle.com/csp/clientupdate-aus/1
Source: chrome.exe, 00000001.00000002.3418519744.00001F5000BE0000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://csp.withgoogle.com/csp/clientupdate-aus/1Cache-Control:
Source: chrome.exe, 00000001.00000002.3228261023.000001FDACA6D000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: https://csp.withgoogle.com/csp/clientupdate-aus/1d
Source: chrome.exe, 00000001.00000002.3393937604.00001F5000300000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://csp.withgoogle.com/csp/download-dt/1
Source: chrome.exe, 00000001.00000002.3391112532.00001F500018C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://csp.withgoogle.com/csp/download-dt/1C1ONGR_enUS1134
Source: chrome.exe, 00000001.00000002.3398368580.00001F5000658000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.3405523488.00001F500075A000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.3393937604.00001F5000300000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://csp.withgoogle.com/csp/download-dt/1Content-Security-Policy:
Source: chrome.exe, 00000001.00000002.3398368580.00001F5000658000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.3405523488.00001F500075A000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.3393937604.00001F5000300000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://csp.withgoogle.com/csp/download-dt/1Content-Type:
Source: chrome.exe, 00000001.00000002.3405523488.00001F500075A000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://csp.withgoogle.com/csp/download-dt/1d
Source: chrome.exe, 00000001.00000002.3415276757.00001F5000A48000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://csp.withgoogle.com/csp/report-to/analytics-container-tag-serving
Source: chrome.exe, 00000001.00000002.3283427795.000001FDAEB1D000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:57:0
Source: chrome.exe, 00000001.00000002.3382959223.000001FDB05ED000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
Source: chrome.exe, 00000001.00000002.3283427795.000001FDAEB1D000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:57:0
Source: chrome.exe, 00000001.00000002.3283427795.000001FDAEB1D000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:57:0Cross-Origin-Opener-Policy-Report-Only:
Source: chrome.exe, 00000001.00000002.3283427795.000001FDAEB1D000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:136:0
Source: Setup.exe, 00000000.00000003.2026940195.0000000002AE8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://delivery.pcapp.store/
Source: Setup.exe, 00000000.00000003.2026827122.0000000002AE6000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000002.2032906797.0000000002AE9000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.2026940195.0000000002AE8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://delivery.pcapp.store/MINGPROFILE=JO
Source: Setup.exe, 00000000.00000002.2032031620.000000000076A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://delivery.pcapp.store/download.php?&src=mini_installer&file=1&mini_ver=&evt_src=fa_mini_insta
Source: Setup.exe, 00000000.00000002.2031646137.0000000000436000.00000004.00000001.01000000.00000003.sdmp String found in binary or memory: https://delivery.pcapp.store/download.php?&src=mini_installer&file=1&mini_ver=ersion=fa.1092c&src=pc
Source: Setup.exe, 00000000.00000002.2032146838.0000000000819000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.2026827122.0000000002AE6000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000002.2032906797.0000000002AE9000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.2026940195.0000000002AE8000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.2026333149.0000000000819000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://delivery.pcapp.store/download.php?&src=mini_installer&file=1&mini_ver=fa.1092c
Source: Setup.exe, 00000000.00000002.2032146838.0000000000819000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.2026333149.0000000000819000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://delivery.pcapp.store/download.php?&src=mini_installer&file=1&mini_ver=fa.1092cPa
Source: chrome.exe, 00000001.00000002.3412683395.00001F5000950000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://dl.google.com/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjhkYWYwZDctOTExOS00MGQ5LTgyNjA
Source: chrome.exe, 00000001.00000002.3420519334.00001F5000CB8000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://dl.google.com/release2/chrome_component/AMpg5-cnrANo_2018.8.8.0/2018.8.8.0_win64_win_third_p
Source: chrome.exe, 00000001.00000002.3434204883.00001F50015D0000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://dl.google.com/release2/chrome_component/V3P1l2hLvLw_7/7_all_sslErrorAssistant.crx3
Source: chrome.exe, 00000001.00000002.3399009470.00001F5000698000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://dl.google.com/release2/chrome_component/ac6mhlwypzipnufijdvfyhdgvt4q_67/khaoiebndkojlmppeemj
Source: chrome.exe, 00000001.00000002.3389725445.00001F50000FC000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://dl.google.com/release2/chrome_component/acaldksiunzh56452py2db5mnbpa_120.0.6050.0/jamhcnnkih
Source: chrome.exe, 00000001.00000002.3389725445.00001F50000FC000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://dl.google.com/release2/chrome_component/acccxbt6wwsvpxzpob4hojndwkqq_4.10.2830.0/oimompecagn
Source: chrome.exe, 00000001.00000002.3399009470.00001F5000698000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://dl.google.com/release2/chrome_component/acdrpu5h5nrvazlb22ulljvgujnq_3048/jflookgnkcckhobagl
Source: chrome.exe, 00000001.00000002.3399009470.00001F5000698000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://dl.google.com/release2/chrome_component/aclacns2lwpknygjwzhz5vqbtzhq_1118/efniojlnjndmcbiiee
Source: chrome.exe, 00000001.00000002.3391112532.00001F500018C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://dl.google.com/release2/chrome_component/aclz7ibkvp257t2vgob3ecc555sa_20241018.689539685.14/o
Source: chrome.exe, 00000001.00000002.3389725445.00001F50000FC000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://dl.google.com/release2/chrome_component/ad3skwo2srs5xchyxzz6ujgnedha_9.52.0/gcmjkmgdlgnkkcoc
Source: chrome.exe, 00000001.00000002.3415761555.00001F5000A8C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://dl.google.com/release2/chrome_component/adrga7eefaxjfdmmgfkiaxjg4yjq_2024.7.12.235938/eeigpn
Source: chrome.exe, 00000001.00000002.3388043152.00001F500007B000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://dl.google.com/release2/chrome_component/adurx3xz3dy7ajnoguus4co3vr6q_9258/hfnkpimlhhgieaddgf
Source: chrome.exe, 00000001.00000002.3412683395.00001F5000950000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://dl.google.com/release2/chrome_component/cpx7rw4q3nwu7emczqf2w6cu7y_2023.3.30.1305/cocncanlea
Source: chrome.exe, 00000001.00000002.3389725445.00001F50000FC000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://dl.google.com/release2/chrome_component/cxxqn654fg7hzrcrrnqcniqqye_2024.10.11.1/kiabhabjdbkj
Source: chrome.exe, 00000001.00000002.3412683395.00001F5000950000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://dl.google.com/release2/chrome_component/e6xlmsu5i2bokri3w4cyuhv4nq_2024.8.10.0/gonpemdgkjcec
Source: chrome.exe, 00000001.00000002.3389725445.00001F50000FC000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://dl.google.com/release2/chrome_component/imoffpf67hel7kbknqflao2oo4_1.0.2738.0/neifaoindggfcj
Source: chrome.exe, 00000001.00000002.3399009470.00001F5000698000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://dl.google.com/release2/chrome_component/j2hxfei2occ5siitujtlwgp6xi_3/ojhpjlocmbogdgmfpkhlaae
Source: chrome.exe, 00000001.00000002.3398797921.00001F500066C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://dl.google.com/release2/chrome_component/p2zbkxfgkqyr6ljey2oe3bnzoy_2023.11.29.1201/ggkkehgbn
Source: chrome.exe, 00000001.00000002.3399571970.00001F50006D5000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/document/:
Source: chrome.exe, 00000001.00000002.3399571970.00001F50006D5000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/document/?usp=installed_webapp
Source: chrome.exe, 00000001.00000002.3399571970.00001F50006D5000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/document/J
Source: chrome.exe, 00000001.00000002.3399571970.00001F50006D5000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.3393052150.00001F50002D0000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/document/installwebapp?usp=chrome_default
Source: chrome.exe, 00000001.00000002.3406286660.00001F50007AC000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/document/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000001.00000002.3406286660.00001F50007AC000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/forms/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000001.00000002.3406286660.00001F50007AC000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/forms/u/0/create?usp=chrome_actionsy
Source: chrome.exe, 00000001.00000002.3399571970.00001F50006D5000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/presentation/:
Source: chrome.exe, 00000001.00000002.3399571970.00001F50006D5000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/presentation/?usp=installed_webapp
Source: chrome.exe, 00000001.00000002.3399571970.00001F50006D5000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/presentation/J
Source: chrome.exe, 00000001.00000002.3399571970.00001F50006D5000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.3393052150.00001F50002D0000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/presentation/installwebapp?usp=chrome_default
Source: chrome.exe, 00000001.00000002.3406062770.00001F5000770000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/presentation/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000001.00000002.3399571970.00001F50006D5000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/spreadsheets/:
Source: chrome.exe, 00000001.00000002.3399571970.00001F50006D5000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/spreadsheets/?usp=installed_webapp
Source: chrome.exe, 00000001.00000002.3399571970.00001F50006D5000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/spreadsheets/J
Source: chrome.exe, 00000001.00000002.3399571970.00001F50006D5000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.3393052150.00001F50002D0000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/spreadsheets/installwebapp?usp=chrome_default
Source: chrome.exe, 00000001.00000002.3406062770.00001F5000770000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/spreadsheets/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000001.00000002.3418266147.00001F5000BA8000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.3432681498.00001F5001540000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.3418996338.00001F5000C1C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://doubleclick.net/
Source: chrome.exe, 00000001.00000002.3418266147.00001F5000BA8000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://doubleclick.net/O
Source: chrome.exe, 00000001.00000002.3432921226.00001F5001548000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.3430067128.00001F5001388000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.3433944483.00001F50015B0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.3432681498.00001F5001540000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://doubleclick.net/ore/
Source: chrome.exe, 00000001.00000002.3433944483.00001F50015B0000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://doubleclick.net/ore/c
Source: chrome.exe, 00000001.00000002.3433434563.00001F5001570000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.3418996338.00001F5000C1C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://doubleclick.net/t/
Source: chrome.exe, 00000001.00000002.3399571970.00001F50006D5000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://drive.google.com/:
Source: chrome.exe, 00000001.00000002.3399571970.00001F50006D5000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://drive.google.com/?lfhs=2
Source: chrome.exe, 00000001.00000002.3399571970.00001F50006D5000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://drive.google.com/J
Source: chrome.exe, 00000001.00000002.3399571970.00001F50006D5000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.3394717986.00001F5000390000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://drive.google.com/drive/installwebapp?usp=chrome_default
Source: chrome.exe, 00000001.00000002.3397468169.00001F50005C0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.3417473523.00001F5000B6C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/?q=
Source: chrome.exe, 00000001.00000002.3397468169.00001F50005C0000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/?q=searchTerms
Source: chrome.exe, 00000001.00000002.3417923579.00001F5000B88000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: chrome.exe, 00000001.00000002.3417473523.00001F5000B6C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: chrome.exe, 00000001.00000002.3417473523.00001F5000B6C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/favicon.ico
Source: chrome.exe, 00000001.00000002.3389250415.00001F50000B4000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/AMpg5-cnrANo_2018.8.8.0/2018.8.8.0_win64
Source: chrome.exe, 00000001.00000002.3425707081.00001F5000FF0000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/V3P1l2hLvLw_7/7_all_sslErrorAssistant.cr
Source: chrome.exe, 00000001.00000002.3389725445.00001F50000FC000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ac6mhlwypzipnufijdvfyhdgvt4q_67/khaoiebn
Source: chrome.exe, 00000001.00000002.3398797921.00001F500066C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaldksiunzh56452py2db5mnbpa_120.0.6050.
Source: chrome.exe, 00000001.00000002.3398797921.00001F500066C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acccxbt6wwsvpxzpob4hojndwkqq_4.10.2830.0
Source: chrome.exe, 00000001.00000002.3412683395.00001F5000950000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acdrpu5h5nrvazlb22ulljvgujnq_3048/jflook
Source: chrome.exe, 00000001.00000002.3389725445.00001F50000FC000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/aclacns2lwpknygjwzhz5vqbtzhq_1118/efnioj
Source: chrome.exe, 00000001.00000002.3390185653.00001F500014C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/aclz7ibkvp257t2vgob3ecc555sa_20241018.68
Source: chrome.exe, 00000001.00000002.3389725445.00001F50000FC000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ad3skwo2srs5xchyxzz6ujgnedha_9.52.0/gcmj
Source: chrome.exe, 00000001.00000002.3391112532.00001F500018C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adrga7eefaxjfdmmgfkiaxjg4yjq_2024.7.12.2
Source: chrome.exe, 00000001.00000002.3389725445.00001F50000FC000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adurx3xz3dy7ajnoguus4co3vr6q_9258/hfnkpi
Source: chrome.exe, 00000001.00000002.3398797921.00001F500066C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/cpx7rw4q3nwu7emczqf2w6cu7y_2023.3.30.130
Source: chrome.exe, 00000001.00000002.3415761555.00001F5000A8C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/cxxqn654fg7hzrcrrnqcniqqye_2024.10.11.1/
Source: chrome.exe, 00000001.00000002.3398797921.00001F500066C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.3415761555.00001F5000A8C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/e6xlmsu5i2bokri3w4cyuhv4nq_2024.8.10.0/g
Source: chrome.exe, 00000001.00000002.3415761555.00001F5000A8C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/imoffpf67hel7kbknqflao2oo4_1.0.2738.0/ne
Source: chrome.exe, 00000001.00000002.3399009470.00001F5000698000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/j2hxfei2occ5siitujtlwgp6xi_3/ojhpjlocmbo
Source: chrome.exe, 00000001.00000002.3415761555.00001F5000A8C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/p2zbkxfgkqyr6ljey2oe3bnzoy_2023.11.29.12
Source: chrome.exe, 00000001.00000002.3423426023.00001F5000EB8000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://fonts.gstatic.com
Source: chrome.exe, 00000001.00000002.3400374582.00001F5000721000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.3423426023.00001F5000EB8000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://fonts.gstatic.com/
Source: chrome.exe, 00000001.00000002.3232110268.000001FDACBC0000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/
Source: chrome.exe, 00000001.00000002.3232110268.000001FDACBC0000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/
Source: chrome.exe, 00000001.00000002.3391651275.00001F50001C4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.3389250415.00001F50000B4000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://google.com/
Source: chrome.exe, 00000001.00000002.3391651275.00001F50001C4000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://google.com/googleapis.com
Source: chrome.exe, 00000001.00000002.3387084981.00001F5000058000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml
Source: chrome.exe, 00000001.00000002.3412583245.00001F5000930000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://googleads.g.doubleclick.net/pagead/viewthroughconversion/858128210/?random=1730372436136&cv=
Source: chrome.exe, 00000001.00000002.3412583245.00001F5000930000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://googleads.g.doubleclick.net/pagead/viewthroughconversion/858128210/?random=1730372436188&cv=
Source: chrome.exe, 00000001.00000002.3427578825.00001F5001114000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://googleads.g.doubleclick.net/pagead/viewthroughconversion/858128210/?random=1730372436528&cv=
Source: chrome.exe, 00000001.00000002.3433834662.00001F50015A0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.3429277393.00001F50012E0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.3432208048.00001F500151C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.3418266147.00001F5000BA8000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.3418996338.00001F5000C1C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.3429549881.00001F5001310000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://googletagmanager.com/
Source: chrome.exe, 00000001.00000002.3433834662.00001F50015A0000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://googletagmanager.com/=
Source: chrome.exe, 00000001.00000002.3429277393.00001F50012E0000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://googletagmanager.com/cy
Source: chrome.exe, 00000001.00000002.3429277393.00001F50012E0000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://googletagmanager.com/ithmZP
Source: chrome.exe, 00000001.00000002.3429549881.00001F5001310000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://googletagmanager.com/y
Source: chrome.exe, 00000001.00000002.3397659242.00001F50005E0000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://googleusercontent.com/
Source: chrome.exe, 00000001.00000002.3424639814.00001F5000F6C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/161903006
Source: chrome.exe, 00000001.00000002.3424639814.00001F5000F6C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/166809097
Source: chrome.exe, 00000001.00000002.3424639814.00001F5000F6C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/184850002
Source: chrome.exe, 00000001.00000002.3424639814.00001F5000F6C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/187425444
Source: chrome.exe, 00000001.00000002.3424438401.00001F5000F50000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/220069903
Source: chrome.exe, 00000001.00000002.3424639814.00001F5000F6C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/229267970
Source: chrome.exe, 00000001.00000002.3424639814.00001F5000F6C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/250706693
Source: chrome.exe, 00000001.00000002.3424639814.00001F5000F6C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/253522366
Source: chrome.exe, 00000001.00000002.3424438401.00001F5000F50000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/255411748
Source: chrome.exe, 00000001.00000002.3424639814.00001F5000F6C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/258207403
Source: chrome.exe, 00000001.00000002.3424639814.00001F5000F6C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/274859104
Source: chrome.exe, 00000001.00000002.3424639814.00001F5000F6C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/284462263
Source: chrome.exe, 00000001.00000002.3418824062.00001F5000C0C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/issues/166475273
Source: chrome.exe, 00000001.00000002.3406286660.00001F50007AC000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://keep.google.com/u/0/?usp=chrome_actions#NEWNOTE
Source: chrome.exe, 00000001.00000002.3406286660.00001F50007AC000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://keep.google.com/u/0/?usp=chrome_actions#NEWNOTEkly
Source: chrome.exe, 00000001.00000002.3232110268.000001FDACBC0000.00000004.00000001.00040000.00000000.sdmp, chrome.exe, 00000001.00000002.3413884541.00001F50009C0000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiment/2
Source: chrome.exe, 00000001.00000002.3406392524.00001F50007C0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.3232110268.000001FDACBC0000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiment/2/springboard
Source: chrome.exe, 00000001.00000002.3232110268.000001FDACBC0000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiment/2/springboard#exps-registration-success-page-urls
Source: chrome.exe, 00000001.00000002.3232110268.000001FDACBC0000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiment/2/springboardPi
Source: chrome.exe, 00000001.00000002.3232110268.000001FDACBC0000.00000004.00000001.00040000.00000000.sdmp, chrome.exe, 00000001.00000002.3413884541.00001F50009C0000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiments
Source: chrome.exe, 00000001.00000002.3232110268.000001FDACBC0000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: https://lens.google.com/v3/upload
Source: chrome.exe, 00000001.00000002.3232110268.000001FDACBC0000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: https://lens.google.com/v3/upload#companion-iph-blocklisted-page-urls
Source: chrome.exe, 00000001.00000002.3394177731.00001F500032C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=ee272b19-4411-433f-8f28-5c1
Source: chrome.exe, 00000001.00000002.3391651275.00001F50001C4000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://m.google.com/devicemanagement/data/api
Source: chrome.exe, 00000001.00000002.3389610440.00001F50000EC000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.3399571970.00001F50006D5000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://mail.google.com/mail/:
Source: chrome.exe, 00000001.00000002.3389610440.00001F50000EC000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.3399571970.00001F50006D5000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://mail.google.com/mail/?usp=installed_webapp
Source: chrome.exe, 00000001.00000002.3389610440.00001F50000EC000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.3399571970.00001F50006D5000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://mail.google.com/mail/J
Source: chrome.exe, 00000001.00000002.3389610440.00001F50000EC000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.3399571970.00001F50006D5000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.3394717986.00001F5000390000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://mail.google.com/mail/installwebapp?usp=chrome_default
Source: chrome.exe, 00000001.00000002.3406062770.00001F5000770000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://myaccount.google.com/?utm_source=ga-chrome-actions&utm_medium=manageGA
Source: chrome.exe, 00000001.00000002.3408084629.00001F5000864000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://myaccount.google.com/data-and-privacy?utm_source=ga-chrome-actions&utm_medium=managePrivacy
Source: chrome.exe, 00000001.00000002.3408084629.00001F5000864000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://myaccount.google.com/find-your-phone?utm_source=ga-chrome-actions&utm_medium=findYourPhone
Source: chrome.exe, 00000001.00000002.3408084629.00001F5000864000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://myaccount.google.com/signinoptions/password?utm_source=ga-chrome-actions&utm_medium=changePW
Source: chrome.exe, 00000001.00000002.3391651275.00001F50001C4000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://oauthaccountmanager.googleapis.com/
Source: chrome.exe, 00000001.00000002.3391938485.00001F500020C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://oauthaccountmanager.googleapis.com/v1/issuetoken
Source: chrome.exe, 00000001.00000002.3415908871.00001F5000AAC000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.3417767177.00001F5000B7C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.3418266147.00001F5000BA8000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1673999601&target=OPTIMIZATION_TARGET_PAG
Source: chrome.exe, 00000001.00000002.3418408774.00001F5000BD4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.3418519744.00001F5000BE0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.3417767177.00001F5000B7C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1678906374&target=OPTIMIZATION_TARGET_OMN
Source: chrome.exe, 00000001.00000002.3415908871.00001F5000AAC000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.3417767177.00001F5000B7C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.3418266147.00001F5000BA8000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1679317318&target=OPTIMIZATION_TARGET_LAN
Source: chrome.exe, 00000001.00000002.3418408774.00001F5000BD4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.3417767177.00001F5000B7C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.3393052150.00001F50002D0000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695049402&target=OPTIMIZATION_TARGET_GEO
Source: chrome.exe, 00000001.00000002.3417767177.00001F5000B7C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.3418266147.00001F5000BA8000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.3393052150.00001F50002D0000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695049414&target=OPTIMIZATION_TARGET_NOT
Source: chrome.exe, 00000001.00000002.3418408774.00001F5000BD4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.3417767177.00001F5000B7C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.3418266147.00001F5000BA8000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695051229&target=OPTIMIZATION_TARGET_PAG
Source: chrome.exe, 00000001.00000002.3418408774.00001F5000BD4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.3415908871.00001F5000AAC000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.3417767177.00001F5000B7C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=210230727&target=OPTIMIZATION_TARGET_CLIE
Source: chrome.exe, 00000001.00000002.3418408774.00001F5000BD4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.3415908871.00001F5000AAC000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.3417767177.00001F5000B7C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.3418266147.00001F5000BA8000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=4&target=OPTIMIZATION_TARGET_PAGE_TOPICS_
Source: chrome.exe, 00000001.00000002.3412583245.00001F5000930000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.3416025025.00001F5000AC0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.3392253047.00001F500027C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://pcapp.st
Source: chrome.exe, 00000001.00000002.3416025025.00001F5000AC0000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://pcapp.stD
Source: chrome.exe, 00000001.00000002.3419584106.00001F5000C68000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.3424735946.00001F5000F7C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.3388043152.00001F500007B000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.3414662646.00001F5000A18000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.3395337779.00001F500040C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.3403083164.00001F500073A000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.3423200308.00001F5000E9C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.3403083164.00001F5000738000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.3408084629.00001F5000864000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.3420390373.00001F5000CA8000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://pcapp.store
Source: Setup.exe, 00000000.00000002.2032146838.0000000000854000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.2026940195.0000000002AE8000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.3283427795.000001FDAEB1D000.00000004.00000001.00040000.00000000.sdmp, chrome.exe, 00000001.00000002.3387084981.00001F5000058000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.3390738827.00001F500015C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.3425402037.00001F5000FD2000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.3343345564.000001FDAEFA3000.00000002.00000001.00040000.0000001C.sdmp, chrome.exe, 00000001.00000002.3427777999.00001F5001141000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.3397037448.00001F5000588000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.3417473523.00001F5000B73000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.3423787216.00001F5000ED0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.3415908871.00001F5000AAC000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.3123419597.00000067733FC000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.3433944483.00001F50015B0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.3435341636.00001F50018A0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.3228561196.000001FDACAED000.00000004.00000001.00040000.00000000.sdmp, chrome.exe, 00000001.00000002.3426073550.00001F5001030000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.3425864176.00001F5001018000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.3403083164.00001F500073A000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.3431963485.00001F50014F8000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.3412583245.00001F5000930000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://pcapp.store/
Source: chrome.exe, 00000001.00000002.3412583245.00001F5000930000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://pcapp.store/)
Source: chrome.exe, 00000001.00000002.3343345564.000001FDAEFA3000.00000002.00000001.00040000.0000001C.sdmp, chrome.exe, 00000001.00000002.3427777999.00001F5001141000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://pcapp.store//
Source: chrome.exe, 00000001.00000002.3414511685.00001F5000A0C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://pcapp.store/71248380473
Source: chrome.exe, 00000001.00000002.3427363516.00001F50010D4000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://pcapp.store/?p=lpd_installin
Source: chrome.exe, 00000001.00000002.3393052150.00001F50002D0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.3412902176.00001F500096C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://pcapp.store/?p=lpd_installing_r2&guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=17302712483
Source: Setup.exe, 00000000.00000003.2026827122.0000000002AE6000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000002.2032906797.0000000002AE9000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.2026940195.0000000002AE8000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.3427578825.00001F5001114000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://pcapp.store/P
Source: chrome.exe, 00000001.00000002.3412583245.00001F5000930000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://pcapp.store/a=2592000Connection:
Source: chrome.exe, 00000001.00000002.3406392524.00001F50007C0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.3228261023.000001FDACA6D000.00000004.00000001.00040000.00000000.sdmp, chrome.exe, 00000001.00000002.3433834662.00001F50015A0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.3433434563.00001F5001570000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.3416556071.00001F5000B00000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.3426739820.00001F500108C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.3395699523.00001F5000478000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.3406062770.00001F5000770000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.3425600382.00001F5000FE0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.3418996338.00001F5000C1C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.3399571970.00001F50006D0000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://pcapp.store/api/api.php
Source: Setup.exe, 00000000.00000003.2026333149.00000000007E4000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://pcapp.store/inst_cpg.php?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1730271248380473&ve
Source: nsq4808.tmp, 00000009.00000002.2495673742.000000000081E000.00000004.00000020.00020000.00000000.sdmp, nsq4808.tmp, 00000009.00000002.2498335046.0000000003881000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://pcapp.store/inst_cpg.php?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&version=fa.1092c&src=pcap
Source: Setup.exe, 00000000.00000002.2032031620.000000000076A000.00000004.00000020.00020000.00000000.sdmp, nsq4808.tmp, 00000009.00000002.2495312828.00000000007BD000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://pcapp.store/installing.php?guid=&winver=
Source: chrome.exe, 00000001.00000002.3165367912.000001FDA8BD0000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.3385426188.00000A50002A4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.3414511685.00001F5000A0C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.3400248674.00001F500070C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.3419792507.00001F5000C70000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://pcapp.store/installing.php?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&winver=19045&version=fa
Source: chrome.exe, 00000001.00000002.3426073550.00001F5001030000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://pcapp.store/js?id=G-VFQWFX3X1C
Source: chrome.exe, 00000001.00000002.3393052150.00001F50002D0000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://pcapp.store/lp/appstore/img/favicon.ico
Source: chrome.exe, 00000001.00000002.3400248674.00001F500070C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://pcapp.store/lp/appstore/img/favicon.ico5BqP
Source: chrome.exe, 00000001.00000002.3429679727.00001F5001328000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://pcapp.store/lp/appstore/img/favicon.icoN-
Source: chrome.exe, 00000001.00000002.3432102343.00001F5001508000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://pcapp.store/lp/appstore/img/favicon.icopH
Source: chrome.exe, 00000001.00000002.3411946572.00001F50008A4000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://pcapp.store/lp/lpd_installin
Source: chrome.exe, 00000001.00000002.3426073550.00001F5001030000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://pcapp.store/lp/lpd_installing_r2/src/lpd_installing_r2.min.js?nocache=1709636059406
Source: Setup.exe, 00000000.00000003.2026827122.0000000002AE6000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000002.2032906797.0000000002AE9000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.2026940195.0000000002AE8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://pcapp.store/p
Source: Setup.exe, 00000000.00000003.2026827122.0000000002AE6000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000002.2032906797.0000000002AE9000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.2026940195.0000000002AE8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://pcapp.store/p.store/download.php?&src=mini_installer&file=1&mini_ver=fa.1092c
Source: chrome.exe, 00000001.00000002.3425864176.00001F5001018000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://pcapp.store/p=lpd_installing_r2&guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=173027124838
Source: Setup.exe, 00000000.00000002.2032678588.0000000002A84000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1784098836.0000000002A85000.00000004.00000020.00020000.00000000.sdmp, nsq4808.tmp, 00000009.00000003.2493164662.0000000000822000.00000004.00000020.00020000.00000000.sdmp, nsq4808.tmp, 00000009.00000003.2493164662.0000000000808000.00000004.00000020.00020000.00000000.sdmp, nsq4808.tmp, 00000009.00000003.2346943114.0000000003865000.00000004.00000020.00020000.00000000.sdmp, nsq4808.tmp, 00000009.00000003.2346943114.0000000003867000.00000004.00000020.00020000.00000000.sdmp, nsq4808.tmp, 00000009.00000003.2346943114.0000000003889000.00000004.00000020.00020000.00000000.sdmp, nsq4808.tmp, 00000009.00000002.2495673742.0000000000822000.00000004.00000020.00020000.00000000.sdmp, nsq4808.tmp, 00000009.00000002.2498335046.0000000003850000.00000004.00000020.00020000.00000000.sdmp, nsq4808.tmp, 00000009.00000002.2495673742.0000000000808000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 0000000A.00000002.3183095672.0000027498DD0000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 0000000A.00000002.3183095672.0000027498E46000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 0000000A.00000002.3134501078.0000027498709000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 0000000A.00000002.3134501078.00000274986A2000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://pcapp.store/pixel.gif?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&version=fa.1092c&evt_src=fa_
Source: nsq4808.tmp, 00000009.00000002.2495673742.000000000081E000.00000004.00000020.00020000.00000000.sdmp, nsq4808.tmp, 00000009.00000003.2493164662.0000000000808000.00000004.00000020.00020000.00000000.sdmp, nsq4808.tmp, 00000009.00000002.2498335046.0000000003881000.00000004.00000020.00020000.00000000.sdmp, nsq4808.tmp, 00000009.00000002.2498335046.0000000003867000.00000004.00000020.00020000.00000000.sdmp, nsq4808.tmp, 00000009.00000002.2495673742.0000000000808000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://pcapp.store/pixel.gif?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&version=fa.1092c&inst_parent
Source: chrome.exe, 00000001.00000002.3431543283.00001F5001458000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.3430661494.00001F50013B8000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.3430261305.00001F50013AC000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://pcapp.store/pixelgif.php
Source: chrome.exe, 00000001.00000002.3430661494.00001F50013B8000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://pcapp.store/pixelgif.phpP
Source: chrome.exe, 00000001.00000002.3431543283.00001F5001458000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://pcapp.store/pixelgif.phpm
Source: Setup.exe, 00000000.00000002.2032031620.000000000076A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://pcapp.store/privacy.html?guid=welhttps://pcapp.store/pixel.gif?guid=&version=&evt_src=fa_min
Source: chrome.exe, 00000001.00000002.3431963485.00001F50014F8000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://pcapp.store/rP
Source: chrome.exe, 00000001.00000002.3412583245.00001F5000930000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://pcapp.store/src/main.js
Source: Setup.exe, 00000000.00000002.2032031620.000000000076A000.00000004.00000020.00020000.00000000.sdmp, nsq4808.tmp, 00000009.00000002.2495312828.00000000007BD000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://pcapp.store/tos.html?guid=
Source: chrome.exe, 00000001.00000002.3419584106.00001F5000C68000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://pcapp.store1
Source: chrome.exe, 00000001.00000002.3406392524.00001F50007C0000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://pcapp.store:443
Source: chrome.exe, 00000001.00000002.3414662646.00001F5000A18000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://pcapp.storeAccess-Control-Allow-Credentials:
Source: chrome.exe, 00000001.00000002.3395337779.00001F500040C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://pcapp.storeAccess-Coro
Source: chrome.exe, 00000001.00000002.3283427795.000001FDAEB1D000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: https://pcapp.storeDate:
Source: chrome.exe, 00000001.00000002.3377799672.000001FDAF237000.00000004.00000001.00040000.00000000.sdmp, chrome.exe, 00000001.00000002.3427777999.00001F5001141000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.3389610440.00001F50000EC000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://pcapp.storeH
Source: chrome.exe, 00000001.00000002.3414943618.00001F5000A30000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://pcapp.storeHX
Source: chrome.exe, 00000001.00000002.3428110425.00001F500114D000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://pcapp.store_default
Source: chrome.exe, 00000001.00000002.3423324171.00001F5000EAC000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://pcapp.storewww.googletagmanager.com_default
Source: chrome.exe, 00000001.00000002.3423324171.00001F5000EAC000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://pcapp.storewww.googletagmanager.com_default/
Source: chrome.exe, 00000001.00000002.3389250415.00001F50000B4000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://redirector.gvt1.com/edgedl/release2/chrome_component/AMpg5-cnrANo_2018.8.8.0/2018.8.8.0_win6
Source: chrome.exe, 00000001.00000002.3419179801.00001F5000C40000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://redirector.gvt1.com/edgedl/release2/chrome_component/V3P1l2hLvLw_7/7_all_sslErrorAssistant.c
Source: chrome.exe, 00000001.00000002.3421736405.00001F5000D77000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.3398368580.00001F5000662000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://repository.pcapp.store/pcapp/images/front_img/lp/lpd_installing_r2/img/done_cursor_icon.svg
Source: chrome.exe, 00000001.00000002.3388043152.00001F5000064000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://safebrowsing.google.com/safebrowsing/clientreport/chrome-sct-auditing
Source: chrome.exe, 00000001.00000002.3388689636.00001F5000088000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://sctauditing-pa.googleapis.com/v1/knownscts/length/$1/prefix/$2?key=AIzaSyBOti4mM-6x9WDnZIjIe
Source: chrome.exe, 00000001.00000002.3391651275.00001F50001C4000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://securitydomain-pa.googleapis.com/v1/
Source: chrome.exe, 00000001.00000002.3406286660.00001F50007AC000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://sites.google.com/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000001.00000002.3406286660.00001F50007AC000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://sites.google.com/u/0/create?usp=chrome_actionsactions
Source: chrome.exe, 00000001.00000002.3413884541.00001F50009C0000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://t0.gstatic.com/faviconV2
Source: chrome.exe, 00000001.00000002.3391651275.00001F50001C4000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://tasks.googleapis.com/
Source: chrome.exe, 00000001.00000003.2451613420.00001F5000F2C000.00000004.00000001.00020000.00000000.sdmp, chromecache_321.3.dr String found in binary or memory: https://td.doubleclick.net
Source: chrome.exe, 00000001.00000003.2451613420.00001F5000F2C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://td.doubleclick.net/td/bjs
Source: chrome.exe, 00000001.00000003.2451613420.00001F5000F2C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://td.doubleclick.net/td/bts
Source: chrome.exe, 00000001.00000002.3424639814.00001F5000F6C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.3228561196.000001FDACAE7000.00000004.00000001.00040000.00000000.sdmp, chrome.exe, 00000001.00000002.3393052150.00001F50002D0000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://td.doubleclick.net/td/ga/rul?tid=G-VFQWFX3X1C&gacid=186695171.1730372436&gtm=45je4au0h2v8986
Source: chrome.exe, 00000001.00000002.3417473523.00001F5000B73000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.3403083164.00001F5000738000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.3416025025.00001F5000AC0000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://td.doubleclick.net/td/rul/858128210?random=1730372436136&cv=11&fst=1730372436136&fmt=3&bg=ff
Source: chrome.exe, 00000001.00000002.3417473523.00001F5000B73000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://td.doubleclick.net/td/rul/858128210?random=1730372436188&cv=11&fst=1730372436188&fmt=3&bg=ff
Source: chrome.exe, 00000001.00000002.3412683395.00001F5000950000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://td.doubleclick.net/td/rul/858128210?random=1730372436528&cv=11&fst=1730372436528&fmt=3&bg=ff
Source: chrome.exe, 00000001.00000003.2451613420.00001F5000F2C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://td.doubleclick.net/td/update?ig_name=4s2146701656.1730372436
Source: chrome.exe, 00000001.00000002.3428110425.00001F500114D000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://td.doubleclick.net4s2146701656.1730372436
Source: chrome.exe, 00000001.00000002.3428110425.00001F500114D000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://td.doubleclick.net4s2146701656.1730372436/
Source: chrome.exe, 00000001.00000002.3420390373.00001F5000CA8000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://td.doubleclick.neter.comccoofpliimaahmaaome
Source: chrome.exe, 00000001.00000003.2451613420.00001F5000F2C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=156786411258
Source: chrome.exe, 00000001.00000003.2451613420.00001F5000F2C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=163766597928
Source: chrome.exe, 00000001.00000002.3415622670.00001F5000A78000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=163766597928&cr_id=688917203998&cv_id=0&format=$
Source: chrome.exe, 00000001.00000002.3397468169.00001F50005C0000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://update.googleapis.com/servic
Source: chrome.exe, 00000001.00000003.2451173224.00001F5000340000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.2451173224.00001F5000343000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.3398797921.00001F500066C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://update.googleapis.com/service/update2/json?cup2key=13:yTNt8Zkqf3Dd7IWJFICM26lL3Htbq-gOFv5JZd
Source: chrome.exe, 00000001.00000002.3397468169.00001F50005C0000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://update.googleapis.com/servicup
Source: chrome.exe, 00000001.00000002.3418266147.00001F5000BA8000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.ecosia.org/newtab/
Source: chrome.exe, 00000001.00000002.3417923579.00001F5000B88000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.ecosia.org/search?q=
Source: chrome.exe, 00000001.00000002.3417923579.00001F5000B88000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.ecosia.org/search?q=&addon=opensearch
Source: chrome.exe, 00000001.00000002.3417923579.00001F5000B88000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.ecosia.org/search?q=&addon=opensearchn=opensearch
Source: chrome.exe, 00000001.00000002.3398039226.00001F5000618000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/
Source: chrome.exe, 00000001.00000002.3406392524.00001F50007C0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.3412583245.00001F5000930000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/chrome/tips/
Source: chrome.exe, 00000001.00000002.3406392524.00001F50007C0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.3412583245.00001F5000930000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/chrome/tips/gs
Source: chrome.exe, 00000001.00000002.3412683395.00001F5000950000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/dl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjhkYWYwZDctOTExOS00MGQ5LTg
Source: chrome.exe, 00000001.00000002.3420519334.00001F5000CB8000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/dl/release2/chrome_component/AMpg5-cnrANo_2018.8.8.0/2018.8.8.0_win64_win_thi
Source: chrome.exe, 00000001.00000002.3434204883.00001F50015D0000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/dl/release2/chrome_component/V3P1l2hLvLw_7/7_all_sslErrorAssistant.crx3
Source: chrome.exe, 00000001.00000002.3399009470.00001F5000698000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/dl/release2/chrome_component/ac6mhlwypzipnufijdvfyhdgvt4q_67/khaoiebndkojlmpp
Source: chrome.exe, 00000001.00000002.3389725445.00001F50000FC000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/dl/release2/chrome_component/acaldksiunzh56452py2db5mnbpa_120.0.6050.0/jamhcn
Source: chrome.exe, 00000001.00000002.3412683395.00001F5000950000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/dl/release2/chrome_component/acccxbt6wwsvpxzpob4hojndwkqq_4.10.2830.0/oimompe
Source: chrome.exe, 00000001.00000002.3399009470.00001F5000698000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/dl/release2/chrome_component/acdrpu5h5nrvazlb22ulljvgujnq_3048/jflookgnkcckho
Source: chrome.exe, 00000001.00000002.3399009470.00001F5000698000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/dl/release2/chrome_component/aclacns2lwpknygjwzhz5vqbtzhq_1118/efniojlnjndmcb
Source: chrome.exe, 00000001.00000002.3391112532.00001F500018C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/dl/release2/chrome_component/aclz7ibkvp257t2vgob3ecc555sa_20241018.689539685.
Source: chrome.exe, 00000001.00000002.3389725445.00001F50000FC000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/dl/release2/chrome_component/ad3skwo2srs5xchyxzz6ujgnedha_9.52.0/gcmjkmgdlgnk
Source: chrome.exe, 00000001.00000002.3398797921.00001F500066C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/dl/release2/chrome_component/adrga7eefaxjfdmmgfkiaxjg4yjq_2024.7.12.235938/ee
Source: chrome.exe, 00000001.00000002.3388043152.00001F500007B000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/dl/release2/chrome_component/adurx3xz3dy7ajnoguus4co3vr6q_9258/hfnkpimlhhgiea
Source: chrome.exe, 00000001.00000002.3398797921.00001F500066C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/dl/release2/chrome_component/cpx7rw4q3nwu7emczqf2w6cu7y_2023.3.30.1305/cocnca
Source: chrome.exe, 00000001.00000002.3389725445.00001F50000FC000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/dl/release2/chrome_component/cxxqn654fg7hzrcrrnqcniqqye_2024.10.11.1/kiabhabj
Source: chrome.exe, 00000001.00000002.3389725445.00001F50000FC000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.3412683395.00001F5000950000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/dl/release2/chrome_component/e6xlmsu5i2bokri3w4cyuhv4nq_2024.8.10.0/gonpemdgk
Source: chrome.exe, 00000001.00000002.3389725445.00001F50000FC000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/dl/release2/chrome_component/imoffpf67hel7kbknqflao2oo4_1.0.2738.0/neifaoindg
Source: chrome.exe, 00000001.00000002.3399009470.00001F5000698000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/dl/release2/chrome_component/j2hxfei2occ5siitujtlwgp6xi_3/ojhpjlocmbogdgmfpkh
Source: chrome.exe, 00000001.00000002.3398797921.00001F500066C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/dl/release2/chrome_component/p2zbkxfgkqyr6ljey2oe3bnzoy_2023.11.29.1201/ggkke
Source: chrome.exe, 00000001.00000002.3396204614.00001F50004E0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.3397659242.00001F50005E0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.3406062770.00001F5000770000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.3416720767.00001F5000B14000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: chrome.exe, 00000001.00000002.3394717986.00001F5000390000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/tools/feedback/chrome/__submit
Source: chrome.exe, 00000001.00000002.3382959223.000001FDB05ED000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: https://www.googleadservices.com/pagead/p3p.xml
Source: chrome.exe, 00000001.00000002.3386639992.00001F500000C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.googleapis.com/
Source: chrome.exe, 00000001.00000002.3391938485.00001F500020C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.googleapis.com/oauth2/v1/userinfo
Source: chrome.exe, 00000001.00000002.3391938485.00001F500020C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.googleapis.com/oauth2/v2/tokeninfo
Source: chrome.exe, 00000001.00000002.3391938485.00001F500020C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.googleapis.com/oauth2/v4/token
Source: chrome.exe, 00000001.00000002.3391938485.00001F500020C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.googleapis.com/reauth/v1beta/users/
Source: chrome.exe, 00000001.00000002.3377799672.000001FDAF237000.00000004.00000001.00040000.00000000.sdmp, chrome.exe, 00000001.00000002.3427777999.00001F5001141000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.3389610440.00001F50000EC000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.3414943618.00001F5000A30000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.3415761555.00001F5000A8C000.00000004.00000001.00020000.00000000.sdmp, chromecache_321.3.dr String found in binary or memory: https://www.googletagmanager.com
Source: chrome.exe, 00000001.00000002.3419584106.00001F5000C68000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.3430661494.00001F50013B8000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.3428110425.00001F500114D000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.3432102343.00001F5001508000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.3430261305.00001F50013AC000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.googletagmanager.com/
Source: chrome.exe, 00000001.00000002.3430261305.00001F50013AC000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.googletagmanager.com/P
Source: chrome.exe, 00000001.00000002.3423787216.00001F5000ED0000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.googletagmanager.com/gtag/js?id=AW-858128210
Source: chrome.exe, 00000001.00000002.3423787216.00001F5000ED0000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.googletagmanager.com/gtag/js?id=G-VFQWFX3X1C
Source: chrome.exe, 00000001.00000003.2549857333.00001F5001A28000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.3399571970.00001F50006D0000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.googletagmanager.com/gtag/js?id=G-VFQWFX3X1C&l=dataLayer&cx=c
Source: chrome.exe, 00000001.00000002.3432102343.00001F5001508000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.googletagmanager.com/pH
Source: chrome.exe, 00000001.00000002.3405421194.00001F5000748000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.3391182070.00001F5000194000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.3424343152.00001F5000F38000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.3419179801.00001F5000C40000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.3412583245.00001F5000930000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.3408084629.00001F5000864000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.3427578825.00001F5001114000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.3393052150.00001F50002D0000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.googletagmanager.com/static/service_worker/4al0/sw.js?origin=https%3A%2F%2Fpcapp.store
Source: chrome.exe, 00000001.00000002.3412583245.00001F5000930000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.3393052150.00001F50002D0000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.googletagmanager.com/static/service_worker/4al0/sw.js?origin=https%3A%2F%2Fpcapp.storeH
Source: chrome.exe, 00000001.00000002.3390738827.00001F500015C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.3391182070.00001F5000194000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.googletagmanager.com/static/service_worker/4al0/sw.js?origin=https%3A%2F%2Fpcapp.storeHX
Source: chrome.exe, 00000001.00000002.3408084629.00001F5000864000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.googletagmanager.com/static/service_worker/4al0/sw.js?origin=https%3A%2F%2Fpcapp.storepp
Source: chrome.exe, 00000001.00000002.3427578825.00001F5001114000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.googletagmanager.com/static/service_worker/4al0/sw.js?origin=https%3A%2F%2Fpcapp.storeto
Source: chrome.exe, 00000001.00000002.3427363516.00001F50010D4000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.googletagmanager.com/static/service_worker/4al0/sw_iframe.html?origin=https%3A%2F%2Fpcap
Source: chrome.exe, 00000001.00000002.3283427795.000001FDAEB17000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: https://www.googletagmanager.comH
Source: chrome.exe, 00000001.00000002.3424735946.00001F5000F7C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.googletagmanager.comHX
Source: chrome.exe, 00000001.00000002.3420519334.00001F5000CB8000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.3395919558.00001F50004B0000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.gstatic.com/chrome/intelligence/assist/ranker/models/translate/2017/03/translate_ranker_
Source: chrome.exe, 00000001.00000002.3399571970.00001F50006D5000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/:
Source: chrome.exe, 00000001.00000002.3399571970.00001F50006D5000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/?feature=ytca
Source: chrome.exe, 00000001.00000002.3399571970.00001F50006D5000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/J
Source: chrome.exe, 00000001.00000002.3399571970.00001F50006D5000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000001.00000002.3393052150.00001F50002D0000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.html
Contains functionality for read data from the clipboard
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_004056DE GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard, 0_2_004056DE
Installs a global mouse hook
Source: C:\Users\user\PCAppStore\PcAppStore.exe Windows user hook set: 0 mouse low level C:\Users\user\PCAppStore\PcAppStore.exe Jump to behavior
Contains functionality to shutdown / reboot the system
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_0040352D EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,ExitProcess,CoUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess, 0_2_0040352D
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp Code function: 9_2_00403640 EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,ExitProcess,CoUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess, 9_2_00403640
Detected potential crypto function
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_0040755C 0_2_0040755C
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_00406D85 0_2_00406D85
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp Code function: 9_2_00406D5F 9_2_00406D5F
Source: C:\Users\user\PCAppStore\PcAppStore.exe Code function: 10_2_00007FF71AE31274 10_2_00007FF71AE31274
Source: C:\Users\user\PCAppStore\PcAppStore.exe Code function: 10_2_00007FF71AC695B0 10_2_00007FF71AC695B0
Source: C:\Users\user\PCAppStore\PcAppStore.exe Code function: 10_2_00007FF71AE0D984 10_2_00007FF71AE0D984
Source: C:\Users\user\PCAppStore\PcAppStore.exe Code function: 10_2_00007FF71AE21A5C 10_2_00007FF71AE21A5C
Source: C:\Users\user\PCAppStore\PcAppStore.exe Code function: 10_2_00007FF71AE200EC 10_2_00007FF71AE200EC
Source: C:\Users\user\PCAppStore\PcAppStore.exe Code function: 10_2_00007FF71AE0DD88 10_2_00007FF71AE0DD88
Source: C:\Users\user\PCAppStore\PcAppStore.exe Code function: 10_2_00007FF71AE213DC 10_2_00007FF71AE213DC
Source: C:\Users\user\PCAppStore\PcAppStore.exe Code function: 10_2_00007FF71AE0B478 10_2_00007FF71AE0B478
Source: C:\Users\user\PCAppStore\PcAppStore.exe Code function: 10_2_00007FF71AE0B274 10_2_00007FF71AE0B274
Source: C:\Users\user\PCAppStore\PcAppStore.exe Code function: 10_2_00007FF71AE15560 10_2_00007FF71AE15560
Source: C:\Users\user\PCAppStore\PcAppStore.exe Code function: 10_2_00007FF71ADE76A8 10_2_00007FF71ADE76A8
Source: C:\Users\user\PCAppStore\PcAppStore.exe Code function: 10_2_00007FF71AE30BD8 10_2_00007FF71AE30BD8
Source: C:\Users\user\PCAppStore\PcAppStore.exe Code function: 10_2_00007FF71AE22B94 10_2_00007FF71AE22B94
Source: C:\Users\user\PCAppStore\PcAppStore.exe Code function: 10_2_00007FF71AE0AC58 10_2_00007FF71AE0AC58
Source: C:\Users\user\PCAppStore\PcAppStore.exe Code function: 10_2_00007FF71AE0AA54 10_2_00007FF71AE0AA54
Source: C:\Users\user\PCAppStore\PcAppStore.exe Code function: 10_2_00007FF71AE2F008 10_2_00007FF71AE2F008
Source: C:\Users\user\PCAppStore\PcAppStore.exe Code function: 10_2_00007FF71AE20F48 10_2_00007FF71AE20F48
Source: C:\Users\user\PCAppStore\PcAppStore.exe Code function: 10_2_00007FF71AC40F20 10_2_00007FF71AC40F20
Source: C:\Users\user\PCAppStore\PcAppStore.exe Code function: 10_2_00007FF71AE0B068 10_2_00007FF71AE0B068
Source: C:\Users\user\PCAppStore\PcAppStore.exe Code function: 10_2_00007FF71AE0AE64 10_2_00007FF71AE0AE64
Source: C:\Users\user\PCAppStore\PcAppStore.exe Code function: 10_2_00007FF71AE0C3D8 10_2_00007FF71AE0C3D8
Source: C:\Users\user\PCAppStore\PcAppStore.exe Code function: 10_2_00007FF71AE0C75C 10_2_00007FF71AE0C75C
Source: C:\Users\user\PCAppStore\Watchdog.exe Code function: 11_2_00007FF75C481754 11_2_00007FF75C481754
Source: C:\Users\user\PCAppStore\Watchdog.exe Code function: 11_2_00007FF75C47ED50 11_2_00007FF75C47ED50
Source: C:\Users\user\PCAppStore\Watchdog.exe Code function: 11_2_00007FF75C48DDDC 11_2_00007FF75C48DDDC
Source: C:\Users\user\PCAppStore\Watchdog.exe Code function: 11_2_00007FF75C488EDC 11_2_00007FF75C488EDC
Source: C:\Users\user\PCAppStore\Watchdog.exe Code function: 11_2_00007FF75C489F20 11_2_00007FF75C489F20
Source: C:\Users\user\PCAppStore\Watchdog.exe Code function: 11_2_00007FF75C48C7C4 11_2_00007FF75C48C7C4
Source: C:\Users\user\PCAppStore\Watchdog.exe Code function: 11_2_00007FF75C49285C 11_2_00007FF75C49285C
Source: C:\Users\user\PCAppStore\Watchdog.exe Code function: 11_2_00007FF75C4890E8 11_2_00007FF75C4890E8
Source: C:\Users\user\PCAppStore\Watchdog.exe Code function: 11_2_00007FF75C48D948 11_2_00007FF75C48D948
Source: C:\Users\user\PCAppStore\Watchdog.exe Code function: 11_2_00007FF75C496AB8 11_2_00007FF75C496AB8
Source: C:\Users\user\PCAppStore\Watchdog.exe Code function: 11_2_00007FF75C490330 11_2_00007FF75C490330
Source: C:\Users\user\PCAppStore\Watchdog.exe Code function: 11_2_00007FF75C4923C0 11_2_00007FF75C4923C0
Source: C:\Users\user\PCAppStore\Watchdog.exe Code function: 11_2_00007FF75C48E45C 11_2_00007FF75C48E45C
Source: C:\Users\user\PCAppStore\Watchdog.exe Code function: 11_2_00007FF75C488CD0 11_2_00007FF75C488CD0
Found potential string decryption / allocating functions
Source: C:\Users\user\PCAppStore\PcAppStore.exe Code function: String function: 00007FF71ABFFCC0 appears 57 times
Source: C:\Users\user\PCAppStore\PcAppStore.exe Code function: String function: 00007FF71ABF11A0 appears 403 times
Source: C:\Users\user\PCAppStore\PcAppStore.exe Code function: String function: 00007FF71ABF0F30 appears 102 times
PE file contains more sections than normal
Source: NW_store.exe.9.dr Static PE information: Number of sections : 13 > 10
Source: nw.dll.9.dr Static PE information: Number of sections : 15 > 10
Source: vk_swiftshader.dll.9.dr Static PE information: Number of sections : 11 > 10
Source: ffmpeg.dll.9.dr Static PE information: Number of sections : 11 > 10
Source: vulkan-1.dll.9.dr Static PE information: Number of sections : 11 > 10
Source: libEGL.dll.9.dr Static PE information: Number of sections : 12 > 10
Source: node.dll.9.dr Static PE information: Number of sections : 11 > 10
Source: nw_elf.dll.9.dr Static PE information: Number of sections : 14 > 10
Source: libGLESv2.dll.9.dr Static PE information: Number of sections : 12 > 10
Source: notification_helper.exe.9.dr Static PE information: Number of sections : 13 > 10
Sample file is different than original file name gathered from version info
Source: Setup.exe, 00000000.00000002.2031646137.000000000040A000.00000004.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilenameinetc.dllF vs Setup.exe
Uses 32bit PE files
Source: Setup.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: classification engine Classification label: mal51.spyw.evad.winEXE@35/289@0/30
Source: C:\Users\user\PCAppStore\PcAppStore.exe Code function: 10_2_00007FF71ABF8790 GetLastError,FormatMessageW, 10_2_00007FF71ABF8790
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_0040352D EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,ExitProcess,CoUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess, 0_2_0040352D
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp Code function: 9_2_00403640 EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,ExitProcess,CoUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess, 9_2_00403640
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_0040498A GetDlgItem,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW, 0_2_0040498A
Source: C:\Users\user\PCAppStore\Watchdog.exe Code function: 11_2_00007FF75C47DBA0 CreateToolhelp32Snapshot,Process32FirstW,CloseHandle,Concurrency::details::WorkQueue::IsStructuredEmpty,CloseHandle,Process32NextW,CloseHandle, 11_2_00007FF75C47DBA0
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_004021AA CoCreateInstance, 0_2_004021AA
Source: C:\Users\user\PCAppStore\PcAppStore.exe Code function: 10_2_00007FF71AC91860 FindResourceExW,LoadResource,LockResource,SizeofResource,GlobalAlloc,GlobalLock,GlobalUnlock,CreateStreamOnHGlobal,GetLastError, 10_2_00007FF71AC91860
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp File created: C:\Users\user\PCAppStore Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe File created: C:\Users\user\AppData\Local\Temp\nsi277E.tmp Jump to behavior
Source: Setup.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\Setup.exe WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select Name from Win32_Processor
Source: C:\Users\user\Desktop\Setup.exe WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select MaxClockSpeed from Win32_Processor
Source: C:\Users\user\Desktop\Setup.exe WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select NumberOfCores from Win32_Processor
Source: C:\Users\user\Desktop\Setup.exe WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select NumberOfLogicalProcessors from Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select Name from Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select MaxClockSpeed from Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select NumberOfCores from Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select NumberOfLogicalProcessors from Win32_Processor
Source: C:\Users\user\Desktop\Setup.exe File read: C:\Users\desktop.ini Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: nsq4808.tmp, 00000009.00000002.2496609049.0000000002BD8000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 0000000A.00000000.2366350970.00007FF71AE92000.00000008.00000001.01000000.00000016.sdmp, PcAppStore.exe, 0000000A.00000002.3238628547.00007FF71AE93000.00000008.00000001.01000000.00000016.sdmp, PcAppStore.exe, 0000001E.00000002.2506897341.00007FF71AE93000.00000008.00000001.01000000.00000016.sdmp, PcAppStore.exe, 0000001E.00000000.2500001259.00007FF71AE92000.00000008.00000001.01000000.00000016.sdmp Binary or memory string: SELECT sql FROM%d UNION ALL SELECT shell_add_schema(sql,mainNULL,name) AS sql, type, tbl_name, name, rowid, AS snum, AS sname FROM .sqlite_schema UNION ALL SELECT shell_module_schema(name), 'table', name, name, name, 9e+99, 'main' FROM pragma_module_list) WHERE %Qlower(printf('%s.%s',sname,tbl_name))lower(tbl_name) GLOB LIKE ESCAPE '\' AND name NOT LIKE 'sqlite_%%' AND sql IS NOT NULL ORDER BY snum, rowidSQL: %s;
Source: nsq4808.tmp, 00000009.00000002.2496609049.0000000002BD8000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 0000000A.00000000.2366350970.00007FF71AE92000.00000008.00000001.01000000.00000016.sdmp, PcAppStore.exe, 0000000A.00000002.3238628547.00007FF71AE93000.00000008.00000001.01000000.00000016.sdmp, PcAppStore.exe, 0000001E.00000002.2506897341.00007FF71AE93000.00000008.00000001.01000000.00000016.sdmp, PcAppStore.exe, 0000001E.00000000.2500001259.00007FF71AE92000.00000008.00000001.01000000.00000016.sdmp Binary or memory string: INSERT INTO sqlite_schema(type,name,tbl_name,rootpage,sql)VALUES('table','%q','%q',0,'%q');%s
Source: nsq4808.tmp, 00000009.00000002.2496609049.0000000002BD8000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 0000000A.00000000.2366350970.00007FF71AE92000.00000008.00000001.01000000.00000016.sdmp, PcAppStore.exe, 0000000A.00000002.3238628547.00007FF71AE93000.00000008.00000001.01000000.00000016.sdmp, PcAppStore.exe, 0000001E.00000002.2506897341.00007FF71AE93000.00000008.00000001.01000000.00000016.sdmp, PcAppStore.exe, 0000001E.00000000.2500001259.00007FF71AE92000.00000008.00000001.01000000.00000016.sdmp Binary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: nsq4808.tmp, 00000009.00000002.2496609049.0000000002BD8000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 0000000A.00000000.2366350970.00007FF71AE92000.00000008.00000001.01000000.00000016.sdmp, PcAppStore.exe, 0000000A.00000002.3238628547.00007FF71AE93000.00000008.00000001.01000000.00000016.sdmp, PcAppStore.exe, 0000001E.00000002.2506897341.00007FF71AE93000.00000008.00000001.01000000.00000016.sdmp, PcAppStore.exe, 0000001E.00000000.2500001259.00007FF71AE92000.00000008.00000001.01000000.00000016.sdmp Binary or memory string: SELECT max(length(key)) FROM temp.sqlite_parameters;
Source: nsq4808.tmp, 00000009.00000002.2496609049.0000000002BD8000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 0000000A.00000000.2366350970.00007FF71AE92000.00000008.00000001.01000000.00000016.sdmp, PcAppStore.exe, 0000000A.00000002.3238628547.00007FF71AE93000.00000008.00000001.01000000.00000016.sdmp, PcAppStore.exe, 0000001E.00000002.2506897341.00007FF71AE93000.00000008.00000001.01000000.00000016.sdmp, PcAppStore.exe, 0000001E.00000000.2500001259.00007FF71AE92000.00000008.00000001.01000000.00000016.sdmp Binary or memory string: CREATE TABLE ColNames( cpos INTEGER PRIMARY KEY, name TEXT, nlen INT, chop INT, reps INT, suff TEXT);CREATE VIEW RepeatedNames AS SELECT DISTINCT t.name FROM ColNames t WHERE t.name COLLATE NOCASE IN ( SELECT o.name FROM ColNames o WHERE o.cpos<>t.cpos);
Source: nsq4808.tmp, 00000009.00000002.2496609049.0000000002BD8000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 0000000A.00000000.2366350970.00007FF71AE92000.00000008.00000001.01000000.00000016.sdmp, PcAppStore.exe, 0000000A.00000002.3238628547.00007FF71AE93000.00000008.00000001.01000000.00000016.sdmp, PcAppStore.exe, 0000001E.00000002.2506897341.00007FF71AE93000.00000008.00000001.01000000.00000016.sdmp, PcAppStore.exe, 0000001E.00000000.2500001259.00007FF71AE92000.00000008.00000001.01000000.00000016.sdmp Binary or memory string: SELECT type,name,tbl_name,sql FROM sqlite_schema ORDER BY name;
Source: nsq4808.tmp, 00000009.00000002.2496609049.0000000002BD8000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 0000000A.00000000.2366350970.00007FF71AE92000.00000008.00000001.01000000.00000016.sdmp, PcAppStore.exe, 0000000A.00000002.3238628547.00007FF71AE93000.00000008.00000001.01000000.00000016.sdmp, PcAppStore.exe, 0000001E.00000002.2506897341.00007FF71AE93000.00000008.00000001.01000000.00000016.sdmp, PcAppStore.exe, 0000001E.00000000.2500001259.00007FF71AE92000.00000008.00000001.01000000.00000016.sdmp Binary or memory string: SELECT key, quote(value) FROM temp.sqlite_parameters;
Source: chrome.exe, 00000001.00000002.3399571970.00001F50006D5000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: CREATE TABLE psl_extensions (domain VARCHAR NOT NULL, UNIQUE (domain));
Source: nsq4808.tmp, 00000009.00000002.2496609049.0000000002BD8000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 0000000A.00000000.2366350970.00007FF71AE92000.00000008.00000001.01000000.00000016.sdmp, PcAppStore.exe, 0000000A.00000002.3238628547.00007FF71AE93000.00000008.00000001.01000000.00000016.sdmp, PcAppStore.exe, 0000001E.00000002.2506897341.00007FF71AE93000.00000008.00000001.01000000.00000016.sdmp, PcAppStore.exe, 0000001E.00000000.2500001259.00007FF71AE92000.00000008.00000001.01000000.00000016.sdmp Binary or memory string: SELECT 'CREATE TEMP' || substr(sql, 7) FROM sqlite_schema WHERE tbl_name = %Q AND type IN ('table', 'trigger') ORDER BY type;
Source: nsq4808.tmp, 00000009.00000002.2496609049.0000000002BD8000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 0000000A.00000000.2366350970.00007FF71AE92000.00000008.00000001.01000000.00000016.sdmp, PcAppStore.exe, 0000000A.00000002.3238628547.00007FF71AE93000.00000008.00000001.01000000.00000016.sdmp, PcAppStore.exe, 0000001E.00000002.2506897341.00007FF71AE93000.00000008.00000001.01000000.00000016.sdmp, PcAppStore.exe, 0000001E.00000000.2500001259.00007FF71AE92000.00000008.00000001.01000000.00000016.sdmp Binary or memory string: INSERT INTO selftest(tno,op,cmd,ans) SELECT rowid*10,op,cmd,ans FROM [_shell$self];
Source: nsq4808.tmp, 00000009.00000002.2496609049.0000000002BD8000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 0000000A.00000000.2366350970.00007FF71AE92000.00000008.00000001.01000000.00000016.sdmp, PcAppStore.exe, 0000000A.00000002.3238628547.00007FF71AE93000.00000008.00000001.01000000.00000016.sdmp, PcAppStore.exe, 0000001E.00000002.2506897341.00007FF71AE93000.00000008.00000001.01000000.00000016.sdmp, PcAppStore.exe, 0000001E.00000000.2500001259.00007FF71AE92000.00000008.00000001.01000000.00000016.sdmp Binary or memory string: SELECT * FROM "%w" ORDER BY rowid DESC;Warning: cannot step "%s" backwardsSELECT name, sql FROM sqlite_schema WHERE %sError: (%d) %s on [%s]
Source: nsq4808.tmp, 00000009.00000002.2496609049.0000000002BD8000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 0000000A.00000000.2366350970.00007FF71AE92000.00000008.00000001.01000000.00000016.sdmp, PcAppStore.exe, 0000000A.00000002.3238628547.00007FF71AE93000.00000008.00000001.01000000.00000016.sdmp, PcAppStore.exe, 0000001E.00000002.2506897341.00007FF71AE93000.00000008.00000001.01000000.00000016.sdmp, PcAppStore.exe, 0000001E.00000000.2500001259.00007FF71AE92000.00000008.00000001.01000000.00000016.sdmp Binary or memory string: INSERT INTO sqlite_schema(type,name,tbl_name,rootpage,sql)VALUES('table','%q','%q',0,'%q');
Source: nsq4808.tmp, 00000009.00000002.2496609049.0000000002BD8000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 0000000A.00000000.2366350970.00007FF71AE92000.00000008.00000001.01000000.00000016.sdmp, PcAppStore.exe, 0000000A.00000002.3238628547.00007FF71AE93000.00000008.00000001.01000000.00000016.sdmp, PcAppStore.exe, 0000001E.00000002.2506897341.00007FF71AE93000.00000008.00000001.01000000.00000016.sdmp, PcAppStore.exe, 0000001E.00000000.2500001259.00007FF71AE92000.00000008.00000001.01000000.00000016.sdmp Binary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: nsq4808.tmp, 00000009.00000002.2496609049.0000000002BD8000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 0000000A.00000000.2366350970.00007FF71AE92000.00000008.00000001.01000000.00000016.sdmp, PcAppStore.exe, 0000000A.00000002.3238628547.00007FF71AE93000.00000008.00000001.01000000.00000016.sdmp, PcAppStore.exe, 0000001E.00000002.2506897341.00007FF71AE93000.00000008.00000001.01000000.00000016.sdmp, PcAppStore.exe, 0000001E.00000000.2500001259.00007FF71AE92000.00000008.00000001.01000000.00000016.sdmp Binary or memory string: SELECT * FROM "%w" ORDER BY rowid DESC;
Source: nsq4808.tmp, 00000009.00000002.2496609049.0000000002BD8000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 0000000A.00000000.2366350970.00007FF71AE92000.00000008.00000001.01000000.00000016.sdmp, PcAppStore.exe, 0000000A.00000002.3238628547.00007FF71AE93000.00000008.00000001.01000000.00000016.sdmp, PcAppStore.exe, 0000001E.00000002.2506897341.00007FF71AE93000.00000008.00000001.01000000.00000016.sdmp, PcAppStore.exe, 0000001E.00000000.2500001259.00007FF71AE92000.00000008.00000001.01000000.00000016.sdmp Binary or memory string: SELECT tbl,idx,stat FROM sqlite_stat1 ORDER BY tbl,idx;
Source: nsq4808.tmp, 00000009.00000002.2496609049.0000000002BD8000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 0000000A.00000000.2366350970.00007FF71AE92000.00000008.00000001.01000000.00000016.sdmp, PcAppStore.exe, 0000000A.00000002.3238628547.00007FF71AE93000.00000008.00000001.01000000.00000016.sdmp, PcAppStore.exe, 0000001E.00000002.2506897341.00007FF71AE93000.00000008.00000001.01000000.00000016.sdmp, PcAppStore.exe, 0000001E.00000000.2500001259.00007FF71AE92000.00000008.00000001.01000000.00000016.sdmp Binary or memory string: SELECT 'EXPLAIN QUERY PLAN SELECT 1 FROM ' || quote(s.name) || ' WHERE ' || group_concat(quote(s.name) || '.' || quote(f.[from]) || '=?' || fkey_collate_clause( f.[table], COALESCE(f.[to], p.[name]), s.name, f.[from]),' AND '), 'SEARCH ' || s.name || ' USING COVERING INDEX*(' || group_concat('*=?', ' AND ') || ')', s.name || '(' || group_concat(f.[from], ', ') || ')', f.[table] || '(' || group_concat(COALESCE(f.[to], p.[name])) || ')', 'CREATE INDEX ' || quote(s.name ||'_'|| group_concat(f.[from], '_')) || ' ON ' || quote(s.name) || '(' || group_concat(quote(f.[from]) || fkey_collate_clause( f.[table], COALESCE(f.[to], p.[name]), s.name, f.[from]), ', ') || ');', f.[table] FROM sqlite_schema AS s, pragma_foreign_key_list(s.name) AS f LEFT JOIN pragma_table_info AS p ON (pk-1=seq AND p.arg=f.[table]) GROUP BY s.name, f.id ORDER BY (CASE WHEN ? THEN f.[table] ELSE s.name END)
Source: nsq4808.tmp, 00000009.00000002.2496609049.0000000002BD8000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 0000000A.00000000.2366350970.00007FF71AE92000.00000008.00000001.01000000.00000016.sdmp, PcAppStore.exe, 0000000A.00000002.3238628547.00007FF71AE93000.00000008.00000001.01000000.00000016.sdmp, PcAppStore.exe, 0000001E.00000002.2506897341.00007FF71AE93000.00000008.00000001.01000000.00000016.sdmp, PcAppStore.exe, 0000001E.00000000.2500001259.00007FF71AE92000.00000008.00000001.01000000.00000016.sdmp Binary or memory string: SELECT 'CREATE TEMP' || substr(sql, 7) FROM sqlite_schema WHERE tbl_name = %Q AND type IN ('table', 'trigger') ORDER BY type;ALTER TABLE temp.%Q RENAME TO %QINSERT INTO %Q VALUES(, %s?)UPDATE %Q SET , %s%Q=?DELETE FROM %QSELECT type, name, sql, 1 FROM sqlite_schema WHERE type IN ('table','view') AND name NOT LIKE 'sqlite_%%' UNION ALL SELECT type, name, sql, 2 FROM sqlite_schema WHERE type = 'trigger' AND tbl_name IN(SELECT name FROM sqlite_schema WHERE type = 'view') ORDER BY 4, 1CREATE TABLE x(, %s%Q COLLATE %s)CREATE VIRTUAL TABLE %Q USING expert(%Q)SELECT max(i.seqno) FROM sqlite_schema AS s, pragma_index_list(s.name) AS l, pragma_index_info(l.name) AS i WHERE s.type = 'table', %sx.%Q IS rem(%d, x.%Q) COLLATE %s%s%dSELECT %s FROM %Q x ORDER BY %sSELECT %s FROM temp.t592690916721053953805701627921227776 x ORDER BY %s%d %dDROP TABLE IF EXISTS temp.t592690916721053953805701627921227776CREATE TABLE temp.t592690916721053953805701627921227776 AS SELECT * FROM %QSELECT s.rowid, s.name, l.name FROM sqlite_schema AS s, pragma_index_list(s.name) AS l WHERE s.type = 'table'SELECT name, coll FROM pragma_index_xinfo(?) WHERE keyINSERT INTO sqlite_stat1 VALUES(?, ?, ?)ANALYZE; PRAGMA writable_schema=1remsampleDROP TABLE IF EXISTS temp.t592690916721053953805701627921227776ANALYZE sqlite_schemaDROP TABLE IF EXISTS temp.t592690916721053953805701627921227776:memory::memory:SELECT sql FROM sqlite_schema WHERE name NOT LIKE 'sqlite_%%' AND sql NOT LIKE 'CREATE VIRTUAL %%'Cannot find a unique index name to propose. -- stat1: %s;%s%s
Source: nsq4808.tmp, 00000009.00000002.2496609049.0000000002BD8000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 0000000A.00000000.2366350970.00007FF71AE92000.00000008.00000001.01000000.00000016.sdmp, PcAppStore.exe, 0000000A.00000002.3238628547.00007FF71AE93000.00000008.00000001.01000000.00000016.sdmp, PcAppStore.exe, 0000001E.00000002.2506897341.00007FF71AE93000.00000008.00000001.01000000.00000016.sdmp, PcAppStore.exe, 0000001E.00000000.2500001259.00007FF71AE92000.00000008.00000001.01000000.00000016.sdmp Binary or memory string: INSERT OR IGNORE INTO "%s" VALUES(?,?);Error %d: %s on [%s]
Source: nsq4808.tmp, 00000009.00000002.2496609049.0000000002BD8000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 0000000A.00000000.2366350970.00007FF71AE92000.00000008.00000001.01000000.00000016.sdmp, PcAppStore.exe, 0000000A.00000002.3238628547.00007FF71AE93000.00000008.00000001.01000000.00000016.sdmp, PcAppStore.exe, 0000001E.00000002.2506897341.00007FF71AE93000.00000008.00000001.01000000.00000016.sdmp, PcAppStore.exe, 0000001E.00000000.2500001259.00007FF71AE92000.00000008.00000001.01000000.00000016.sdmp Binary or memory string: SELECT name,seq FROM sqlite_sequence ORDER BY name;
Source: C:\Users\user\Desktop\Setup.exe File read: C:\Users\user\Desktop\Setup.exe Jump to behavior
Source: unknown Process created: C:\Users\user\Desktop\Setup.exe "C:\Users\user\Desktop\Setup.exe"
Source: C:\Users\user\Desktop\Setup.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://pcapp.store/installing.php?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&winver=19045&version=fa.1092c&nocache=20241031070029.271&_fcid=1730271248380473
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2080 --field-trial-handle=2024,i,2326540136548541943,16570278364610659642,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5184 --field-trial-handle=2024,i,2326540136548541943,16570278364610659642,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5324 --field-trial-handle=2024,i,2326540136548541943,16570278364610659642,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Users\user\Desktop\Setup.exe Process created: C:\Users\user\AppData\Local\Temp\nsq4808.tmp "C:\Users\user\AppData\Local\Temp\nsq4808.tmp" /internal 1730271248380473 /force
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp Process created: C:\Users\user\PCAppStore\PcAppStore.exe "C:\Users\user\PCAppStore\PcAppStore.exe" /init default
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp Process created: C:\Users\user\PCAppStore\Watchdog.exe "C:\Users\user\PCAppStore\Watchdog.exe" /guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0 /rid=20241031070123.8585445468 /ver=fa.1092c
Source: C:\Windows\explorer.exe Process created: C:\Users\user\PCAppStore\PcAppStore.exe "C:\Users\user\PCAppStore\PCAppStore.exe" /init default
Source: C:\Users\user\Desktop\Setup.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://pcapp.store/installing.php?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&winver=19045&version=fa.1092c&nocache=20241031070029.271&_fcid=1730271248380473 Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Process created: C:\Users\user\AppData\Local\Temp\nsq4808.tmp "C:\Users\user\AppData\Local\Temp\nsq4808.tmp" /internal 1730271248380473 /force Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2080 --field-trial-handle=2024,i,2326540136548541943,16570278364610659642,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5184 --field-trial-handle=2024,i,2326540136548541943,16570278364610659642,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5324 --field-trial-handle=2024,i,2326540136548541943,16570278364610659642,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp Process created: C:\Users\user\PCAppStore\PcAppStore.exe "C:\Users\user\PCAppStore\PcAppStore.exe" /init default Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp Process created: C:\Users\user\PCAppStore\Watchdog.exe "C:\Users\user\PCAppStore\Watchdog.exe" /guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0 /rid=20241031070123.8585445468 /ver=fa.1092c Jump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\explorer.exe Process created: C:\Users\user\PCAppStore\PcAppStore.exe "C:\Users\user\PCAppStore\PCAppStore.exe" /init default
Source: C:\Windows\explorer.exe Process created: unknown unknown
Source: C:\Windows\explorer.exe Process created: unknown unknown
Source: C:\Windows\explorer.exe Process created: unknown unknown
Source: C:\Windows\explorer.exe Process created: unknown unknown
Source: C:\Users\user\Desktop\Setup.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: acgenral.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: samcli.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: msacm32.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: dwmapi.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: winmmbase.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: winmmbase.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: oleacc.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: shfolder.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: secur32.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: winnsi.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: rasadhlp.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: fwpuclnt.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: schannel.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: mskeyprotect.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: ntasn1.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: dpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: ncrypt.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: ncryptsslp.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: riched20.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: usp10.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: msls31.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: windows.shell.servicehostbuilder.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: onecoreuapcommonproxystub.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: ieframe.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: netapi32.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: wkscli.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: windows.staterepositoryps.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: edputil.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: secur32.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: mlang.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: policymanager.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: msvcp110_win.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: onecorecommonproxystub.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp Section loaded: dwmapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp Section loaded: oleacc.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp Section loaded: version.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp Section loaded: shfolder.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp Section loaded: amsi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp Section loaded: wininet.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp Section loaded: winhttp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp Section loaded: winnsi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp Section loaded: dpapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp Section loaded: msasn1.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp Section loaded: gpapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp Section loaded: urlmon.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp Section loaded: dnsapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp Section loaded: rasadhlp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp Section loaded: fwpuclnt.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp Section loaded: schannel.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp Section loaded: mskeyprotect.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp Section loaded: ntasn1.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp Section loaded: ncrypt.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp Section loaded: ncryptsslp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp Section loaded: dhcpcsvc.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp Section loaded: secur32.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp Section loaded: linkinfo.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp Section loaded: ntshrui.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp Section loaded: cscapi.dll Jump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exe Section loaded: wlanapi.dll Jump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exe Section loaded: dwmapi.dll Jump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exe Section loaded: wtsapi32.dll Jump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exe Section loaded: secur32.dll Jump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exe Section loaded: webio.dll Jump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exe Section loaded: winnsi.dll Jump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exe Section loaded: uiautomationcore.dll Jump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exe Section loaded: oleacc.dll Jump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exe Section loaded: uiamanager.dll Jump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exe Section loaded: rasadhlp.dll Jump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exe Section loaded: fwpuclnt.dll Jump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exe Section loaded: schannel.dll Jump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exe Section loaded: mskeyprotect.dll Jump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exe Section loaded: ntasn1.dll Jump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exe Section loaded: ncrypt.dll Jump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exe Section loaded: ncryptsslp.dll Jump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exe Section loaded: dpapi.dll Jump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exe Section loaded: sxs.dll Jump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exe Section loaded: windowscodecs.dll Jump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exe Section loaded: winsta.dll Jump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exe Section loaded: windows.ui.dll Jump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exe Section loaded: windowmanagementapi.dll Jump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exe Section loaded: inputhost.dll Jump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exe Section loaded: twinapi.appcore.dll Jump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exe Section loaded: twinapi.appcore.dll Jump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exe Section loaded: twinapi.dll Jump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exe Section loaded: windows.shell.servicehostbuilder.dll Jump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exe Section loaded: onecoreuapcommonproxystub.dll Jump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exe Section loaded: edputil.dll Jump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exe Section loaded: windows.staterepositoryps.dll Jump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exe Section loaded: appresolver.dll Jump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exe Section loaded: bcp47langs.dll Jump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exe Section loaded: slc.dll Jump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exe Section loaded: sppc.dll Jump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exe Section loaded: onecorecommonproxystub.dll Jump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exe Section loaded: pcacli.dll Jump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exe Section loaded: sfc_os.dll Jump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exe Section loaded: apphelp.dll
Source: C:\Users\user\PCAppStore\Watchdog.exe Section loaded: urlmon.dll
Source: C:\Users\user\PCAppStore\Watchdog.exe Section loaded: winhttp.dll
Source: C:\Users\user\PCAppStore\Watchdog.exe Section loaded: iertutil.dll
Source: C:\Users\user\PCAppStore\Watchdog.exe Section loaded: srvcli.dll
Source: C:\Users\user\PCAppStore\Watchdog.exe Section loaded: netutils.dll
Source: C:\Users\user\PCAppStore\Watchdog.exe Section loaded: kernel.appcore.dll
Source: C:\Users\user\PCAppStore\Watchdog.exe Section loaded: windows.storage.dll
Source: C:\Users\user\PCAppStore\Watchdog.exe Section loaded: wldp.dll
Source: C:\Users\user\PCAppStore\Watchdog.exe Section loaded: uxtheme.dll
Source: C:\Users\user\PCAppStore\Watchdog.exe Section loaded: wininet.dll
Source: C:\Users\user\PCAppStore\Watchdog.exe Section loaded: sspicli.dll
Source: C:\Users\user\PCAppStore\Watchdog.exe Section loaded: profapi.dll
Source: C:\Users\user\PCAppStore\Watchdog.exe Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\PCAppStore\Watchdog.exe Section loaded: mswsock.dll
Source: C:\Users\user\PCAppStore\Watchdog.exe Section loaded: iphlpapi.dll
Source: C:\Users\user\PCAppStore\Watchdog.exe Section loaded: winnsi.dll
Source: C:\Users\user\PCAppStore\Watchdog.exe Section loaded: dnsapi.dll
Source: C:\Users\user\PCAppStore\Watchdog.exe Section loaded: rasadhlp.dll
Source: C:\Users\user\PCAppStore\Watchdog.exe Section loaded: fwpuclnt.dll
Source: C:\Users\user\PCAppStore\Watchdog.exe Section loaded: schannel.dll
Source: C:\Users\user\PCAppStore\Watchdog.exe Section loaded: mskeyprotect.dll
Source: C:\Users\user\PCAppStore\Watchdog.exe Section loaded: ntasn1.dll
Source: C:\Users\user\PCAppStore\Watchdog.exe Section loaded: msasn1.dll
Source: C:\Users\user\PCAppStore\Watchdog.exe Section loaded: dpapi.dll
Source: C:\Users\user\PCAppStore\Watchdog.exe Section loaded: cryptsp.dll
Source: C:\Users\user\PCAppStore\Watchdog.exe Section loaded: rsaenh.dll
Source: C:\Users\user\PCAppStore\Watchdog.exe Section loaded: cryptbase.dll
Source: C:\Users\user\PCAppStore\Watchdog.exe Section loaded: gpapi.dll
Source: C:\Users\user\PCAppStore\Watchdog.exe Section loaded: ncrypt.dll
Source: C:\Users\user\PCAppStore\Watchdog.exe Section loaded: ncryptsslp.dll
Source: C:\Windows\explorer.exe Section loaded: cdprt.dll
Source: C:\Windows\explorer.exe Section loaded: smartscreenps.dll
Source: C:\Windows\explorer.exe Section loaded: provsvc.dll
Source: C:\Windows\explorer.exe Section loaded: vcruntime140_1.dll
Source: C:\Windows\explorer.exe Section loaded: vcruntime140.dll
Source: C:\Windows\explorer.exe Section loaded: msvcp140.dll
Source: C:\Windows\explorer.exe Section loaded: vcruntime140.dll
Source: C:\Windows\explorer.exe Section loaded: windows.internal.shell.broker.dll
Source: C:\Windows\explorer.exe Section loaded: capabilityaccessmanagerclient.dll
Source: C:\Program Files (x86)\DrSXXVmHpZDxFgrRfOEBCcSJhLjFyVbPIcJlABnTLoDKq\WCKsatFYtLNCcBGzYutkrweBluUg.exe Section loaded: uiautomationcore.dll
Source: C:\Program Files (x86)\DrSXXVmHpZDxFgrRfOEBCcSJhLjFyVbPIcJlABnTLoDKq\WCKsatFYtLNCcBGzYutkrweBluUg.exe Section loaded: propsys.dll
Source: C:\Program Files (x86)\DrSXXVmHpZDxFgrRfOEBCcSJhLjFyVbPIcJlABnTLoDKq\WCKsatFYtLNCcBGzYutkrweBluUg.exe Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\DrSXXVmHpZDxFgrRfOEBCcSJhLjFyVbPIcJlABnTLoDKq\WCKsatFYtLNCcBGzYutkrweBluUg.exe Section loaded: oleacc.dll
Source: C:\Program Files (x86)\DrSXXVmHpZDxFgrRfOEBCcSJhLjFyVbPIcJlABnTLoDKq\WCKsatFYtLNCcBGzYutkrweBluUg.exe Section loaded: uiautomationcore.dll
Source: C:\Program Files (x86)\DrSXXVmHpZDxFgrRfOEBCcSJhLjFyVbPIcJlABnTLoDKq\WCKsatFYtLNCcBGzYutkrweBluUg.exe Section loaded: propsys.dll
Source: C:\Program Files (x86)\DrSXXVmHpZDxFgrRfOEBCcSJhLjFyVbPIcJlABnTLoDKq\WCKsatFYtLNCcBGzYutkrweBluUg.exe Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\DrSXXVmHpZDxFgrRfOEBCcSJhLjFyVbPIcJlABnTLoDKq\WCKsatFYtLNCcBGzYutkrweBluUg.exe Section loaded: oleacc.dll
Source: C:\Program Files (x86)\DrSXXVmHpZDxFgrRfOEBCcSJhLjFyVbPIcJlABnTLoDKq\WCKsatFYtLNCcBGzYutkrweBluUg.exe Section loaded: uiautomationcore.dll
Source: C:\Program Files (x86)\DrSXXVmHpZDxFgrRfOEBCcSJhLjFyVbPIcJlABnTLoDKq\WCKsatFYtLNCcBGzYutkrweBluUg.exe Section loaded: propsys.dll
Source: C:\Program Files (x86)\DrSXXVmHpZDxFgrRfOEBCcSJhLjFyVbPIcJlABnTLoDKq\WCKsatFYtLNCcBGzYutkrweBluUg.exe Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\DrSXXVmHpZDxFgrRfOEBCcSJhLjFyVbPIcJlABnTLoDKq\WCKsatFYtLNCcBGzYutkrweBluUg.exe Section loaded: oleacc.dll
Source: C:\Program Files (x86)\DrSXXVmHpZDxFgrRfOEBCcSJhLjFyVbPIcJlABnTLoDKq\WCKsatFYtLNCcBGzYutkrweBluUg.exe Section loaded: uiautomationcore.dll
Source: C:\Program Files (x86)\DrSXXVmHpZDxFgrRfOEBCcSJhLjFyVbPIcJlABnTLoDKq\WCKsatFYtLNCcBGzYutkrweBluUg.exe Section loaded: propsys.dll
Source: C:\Program Files (x86)\DrSXXVmHpZDxFgrRfOEBCcSJhLjFyVbPIcJlABnTLoDKq\WCKsatFYtLNCcBGzYutkrweBluUg.exe Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\DrSXXVmHpZDxFgrRfOEBCcSJhLjFyVbPIcJlABnTLoDKq\WCKsatFYtLNCcBGzYutkrweBluUg.exe Section loaded: oleacc.dll
Source: C:\Program Files (x86)\DrSXXVmHpZDxFgrRfOEBCcSJhLjFyVbPIcJlABnTLoDKq\WCKsatFYtLNCcBGzYutkrweBluUg.exe Section loaded: uiautomationcore.dll
Source: C:\Program Files (x86)\DrSXXVmHpZDxFgrRfOEBCcSJhLjFyVbPIcJlABnTLoDKq\WCKsatFYtLNCcBGzYutkrweBluUg.exe Section loaded: propsys.dll
Source: C:\Program Files (x86)\DrSXXVmHpZDxFgrRfOEBCcSJhLjFyVbPIcJlABnTLoDKq\WCKsatFYtLNCcBGzYutkrweBluUg.exe Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\DrSXXVmHpZDxFgrRfOEBCcSJhLjFyVbPIcJlABnTLoDKq\WCKsatFYtLNCcBGzYutkrweBluUg.exe Section loaded: oleacc.dll
Source: C:\Program Files (x86)\DrSXXVmHpZDxFgrRfOEBCcSJhLjFyVbPIcJlABnTLoDKq\WCKsatFYtLNCcBGzYutkrweBluUg.exe Section loaded: uiautomationcore.dll
Source: C:\Program Files (x86)\DrSXXVmHpZDxFgrRfOEBCcSJhLjFyVbPIcJlABnTLoDKq\WCKsatFYtLNCcBGzYutkrweBluUg.exe Section loaded: propsys.dll
Source: C:\Program Files (x86)\DrSXXVmHpZDxFgrRfOEBCcSJhLjFyVbPIcJlABnTLoDKq\WCKsatFYtLNCcBGzYutkrweBluUg.exe Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\DrSXXVmHpZDxFgrRfOEBCcSJhLjFyVbPIcJlABnTLoDKq\WCKsatFYtLNCcBGzYutkrweBluUg.exe Section loaded: oleacc.dll
Source: C:\Program Files (x86)\DrSXXVmHpZDxFgrRfOEBCcSJhLjFyVbPIcJlABnTLoDKq\WCKsatFYtLNCcBGzYutkrweBluUg.exe Section loaded: uiautomationcore.dll
Source: C:\Program Files (x86)\DrSXXVmHpZDxFgrRfOEBCcSJhLjFyVbPIcJlABnTLoDKq\WCKsatFYtLNCcBGzYutkrweBluUg.exe Section loaded: propsys.dll
Source: C:\Program Files (x86)\DrSXXVmHpZDxFgrRfOEBCcSJhLjFyVbPIcJlABnTLoDKq\WCKsatFYtLNCcBGzYutkrweBluUg.exe Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\DrSXXVmHpZDxFgrRfOEBCcSJhLjFyVbPIcJlABnTLoDKq\WCKsatFYtLNCcBGzYutkrweBluUg.exe Section loaded: oleacc.dll
Source: C:\Program Files (x86)\DrSXXVmHpZDxFgrRfOEBCcSJhLjFyVbPIcJlABnTLoDKq\WCKsatFYtLNCcBGzYutkrweBluUg.exe Section loaded: uiautomationcore.dll
Source: C:\Program Files (x86)\DrSXXVmHpZDxFgrRfOEBCcSJhLjFyVbPIcJlABnTLoDKq\WCKsatFYtLNCcBGzYutkrweBluUg.exe Section loaded: propsys.dll
Source: C:\Program Files (x86)\DrSXXVmHpZDxFgrRfOEBCcSJhLjFyVbPIcJlABnTLoDKq\WCKsatFYtLNCcBGzYutkrweBluUg.exe Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\DrSXXVmHpZDxFgrRfOEBCcSJhLjFyVbPIcJlABnTLoDKq\WCKsatFYtLNCcBGzYutkrweBluUg.exe Section loaded: oleacc.dll
Source: C:\Program Files (x86)\DrSXXVmHpZDxFgrRfOEBCcSJhLjFyVbPIcJlABnTLoDKq\WCKsatFYtLNCcBGzYutkrweBluUg.exe Section loaded: uiautomationcore.dll
Source: C:\Program Files (x86)\DrSXXVmHpZDxFgrRfOEBCcSJhLjFyVbPIcJlABnTLoDKq\WCKsatFYtLNCcBGzYutkrweBluUg.exe Section loaded: propsys.dll
Source: C:\Program Files (x86)\DrSXXVmHpZDxFgrRfOEBCcSJhLjFyVbPIcJlABnTLoDKq\WCKsatFYtLNCcBGzYutkrweBluUg.exe Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\DrSXXVmHpZDxFgrRfOEBCcSJhLjFyVbPIcJlABnTLoDKq\WCKsatFYtLNCcBGzYutkrweBluUg.exe Section loaded: oleacc.dll
Source: C:\Program Files (x86)\DrSXXVmHpZDxFgrRfOEBCcSJhLjFyVbPIcJlABnTLoDKq\WCKsatFYtLNCcBGzYutkrweBluUg.exe Section loaded: uiautomationcore.dll
Source: C:\Program Files (x86)\DrSXXVmHpZDxFgrRfOEBCcSJhLjFyVbPIcJlABnTLoDKq\WCKsatFYtLNCcBGzYutkrweBluUg.exe Section loaded: propsys.dll
Source: C:\Program Files (x86)\DrSXXVmHpZDxFgrRfOEBCcSJhLjFyVbPIcJlABnTLoDKq\WCKsatFYtLNCcBGzYutkrweBluUg.exe Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\DrSXXVmHpZDxFgrRfOEBCcSJhLjFyVbPIcJlABnTLoDKq\WCKsatFYtLNCcBGzYutkrweBluUg.exe Section loaded: oleacc.dll
Source: C:\Program Files (x86)\DrSXXVmHpZDxFgrRfOEBCcSJhLjFyVbPIcJlABnTLoDKq\WCKsatFYtLNCcBGzYutkrweBluUg.exe Section loaded: uiautomationcore.dll
Source: C:\Program Files (x86)\DrSXXVmHpZDxFgrRfOEBCcSJhLjFyVbPIcJlABnTLoDKq\WCKsatFYtLNCcBGzYutkrweBluUg.exe Section loaded: propsys.dll
Source: C:\Program Files (x86)\DrSXXVmHpZDxFgrRfOEBCcSJhLjFyVbPIcJlABnTLoDKq\WCKsatFYtLNCcBGzYutkrweBluUg.exe Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\DrSXXVmHpZDxFgrRfOEBCcSJhLjFyVbPIcJlABnTLoDKq\WCKsatFYtLNCcBGzYutkrweBluUg.exe Section loaded: oleacc.dll
Source: C:\Program Files (x86)\DrSXXVmHpZDxFgrRfOEBCcSJhLjFyVbPIcJlABnTLoDKq\WCKsatFYtLNCcBGzYutkrweBluUg.exe Section loaded: uiautomationcore.dll
Source: C:\Program Files (x86)\DrSXXVmHpZDxFgrRfOEBCcSJhLjFyVbPIcJlABnTLoDKq\WCKsatFYtLNCcBGzYutkrweBluUg.exe Section loaded: propsys.dll
Source: C:\Program Files (x86)\DrSXXVmHpZDxFgrRfOEBCcSJhLjFyVbPIcJlABnTLoDKq\WCKsatFYtLNCcBGzYutkrweBluUg.exe Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\DrSXXVmHpZDxFgrRfOEBCcSJhLjFyVbPIcJlABnTLoDKq\WCKsatFYtLNCcBGzYutkrweBluUg.exe Section loaded: oleacc.dll
Source: C:\Program Files (x86)\DrSXXVmHpZDxFgrRfOEBCcSJhLjFyVbPIcJlABnTLoDKq\WCKsatFYtLNCcBGzYutkrweBluUg.exe Section loaded: uiautomationcore.dll
Source: C:\Program Files (x86)\DrSXXVmHpZDxFgrRfOEBCcSJhLjFyVbPIcJlABnTLoDKq\WCKsatFYtLNCcBGzYutkrweBluUg.exe Section loaded: propsys.dll
Source: C:\Program Files (x86)\DrSXXVmHpZDxFgrRfOEBCcSJhLjFyVbPIcJlABnTLoDKq\WCKsatFYtLNCcBGzYutkrweBluUg.exe Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\DrSXXVmHpZDxFgrRfOEBCcSJhLjFyVbPIcJlABnTLoDKq\WCKsatFYtLNCcBGzYutkrweBluUg.exe Section loaded: oleacc.dll
Source: C:\Program Files (x86)\DrSXXVmHpZDxFgrRfOEBCcSJhLjFyVbPIcJlABnTLoDKq\WCKsatFYtLNCcBGzYutkrweBluUg.exe Section loaded: uiautomationcore.dll
Source: C:\Program Files (x86)\DrSXXVmHpZDxFgrRfOEBCcSJhLjFyVbPIcJlABnTLoDKq\WCKsatFYtLNCcBGzYutkrweBluUg.exe Section loaded: propsys.dll
Source: C:\Program Files (x86)\DrSXXVmHpZDxFgrRfOEBCcSJhLjFyVbPIcJlABnTLoDKq\WCKsatFYtLNCcBGzYutkrweBluUg.exe Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\DrSXXVmHpZDxFgrRfOEBCcSJhLjFyVbPIcJlABnTLoDKq\WCKsatFYtLNCcBGzYutkrweBluUg.exe Section loaded: oleacc.dll
Source: C:\Users\user\PCAppStore\PcAppStore.exe Section loaded: urlmon.dll
Source: C:\Users\user\PCAppStore\PcAppStore.exe Section loaded: iertutil.dll
Source: C:\Users\user\PCAppStore\PcAppStore.exe Section loaded: srvcli.dll
Source: C:\Users\user\PCAppStore\PcAppStore.exe Section loaded: netutils.dll
Source: C:\Users\user\PCAppStore\PcAppStore.exe Section loaded: version.dll
Source: C:\Users\user\PCAppStore\PcAppStore.exe Section loaded: wlanapi.dll
Source: C:\Users\user\PCAppStore\PcAppStore.exe Section loaded: iphlpapi.dll
Source: C:\Users\user\PCAppStore\PcAppStore.exe Section loaded: winhttp.dll
Source: C:\Users\user\PCAppStore\PcAppStore.exe Section loaded: dwmapi.dll
Source: C:\Users\user\PCAppStore\PcAppStore.exe Section loaded: wtsapi32.dll
Source: C:\Users\user\PCAppStore\PcAppStore.exe Section loaded: secur32.dll
Source: C:\Users\user\PCAppStore\PcAppStore.exe Section loaded: profapi.dll
Source: C:\Users\user\PCAppStore\PcAppStore.exe Section loaded: sspicli.dll
Source: C:\Users\user\PCAppStore\PcAppStore.exe Section loaded: kernel.appcore.dll
Source: C:\Users\user\PCAppStore\PcAppStore.exe Section loaded: wbemcomn.dll
Source: C:\Users\user\PCAppStore\PcAppStore.exe Section loaded: amsi.dll
Source: C:\Users\user\PCAppStore\PcAppStore.exe Section loaded: userenv.dll
Source: C:\Users\user\PCAppStore\PcAppStore.exe Section loaded: ondemandconnroutehelper.dll
Source: C:\Program Files (x86)\DrSXXVmHpZDxFgrRfOEBCcSJhLjFyVbPIcJlABnTLoDKq\WCKsatFYtLNCcBGzYutkrweBluUg.exe Section loaded: uiautomationcore.dll
Source: C:\Program Files (x86)\DrSXXVmHpZDxFgrRfOEBCcSJhLjFyVbPIcJlABnTLoDKq\WCKsatFYtLNCcBGzYutkrweBluUg.exe Section loaded: propsys.dll
Source: C:\Program Files (x86)\DrSXXVmHpZDxFgrRfOEBCcSJhLjFyVbPIcJlABnTLoDKq\WCKsatFYtLNCcBGzYutkrweBluUg.exe Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\DrSXXVmHpZDxFgrRfOEBCcSJhLjFyVbPIcJlABnTLoDKq\WCKsatFYtLNCcBGzYutkrweBluUg.exe Section loaded: oleacc.dll
Source: C:\Program Files (x86)\DrSXXVmHpZDxFgrRfOEBCcSJhLjFyVbPIcJlABnTLoDKq\WCKsatFYtLNCcBGzYutkrweBluUg.exe Section loaded: uiautomationcore.dll
Source: C:\Program Files (x86)\DrSXXVmHpZDxFgrRfOEBCcSJhLjFyVbPIcJlABnTLoDKq\WCKsatFYtLNCcBGzYutkrweBluUg.exe Section loaded: propsys.dll
Source: C:\Program Files (x86)\DrSXXVmHpZDxFgrRfOEBCcSJhLjFyVbPIcJlABnTLoDKq\WCKsatFYtLNCcBGzYutkrweBluUg.exe Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\DrSXXVmHpZDxFgrRfOEBCcSJhLjFyVbPIcJlABnTLoDKq\WCKsatFYtLNCcBGzYutkrweBluUg.exe Section loaded: oleacc.dll
Source: C:\Program Files (x86)\DrSXXVmHpZDxFgrRfOEBCcSJhLjFyVbPIcJlABnTLoDKq\WCKsatFYtLNCcBGzYutkrweBluUg.exe Section loaded: uiautomationcore.dll
Source: C:\Program Files (x86)\DrSXXVmHpZDxFgrRfOEBCcSJhLjFyVbPIcJlABnTLoDKq\WCKsatFYtLNCcBGzYutkrweBluUg.exe Section loaded: propsys.dll
Source: C:\Program Files (x86)\DrSXXVmHpZDxFgrRfOEBCcSJhLjFyVbPIcJlABnTLoDKq\WCKsatFYtLNCcBGzYutkrweBluUg.exe Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\DrSXXVmHpZDxFgrRfOEBCcSJhLjFyVbPIcJlABnTLoDKq\WCKsatFYtLNCcBGzYutkrweBluUg.exe Section loaded: oleacc.dll
Source: C:\Program Files (x86)\DrSXXVmHpZDxFgrRfOEBCcSJhLjFyVbPIcJlABnTLoDKq\WCKsatFYtLNCcBGzYutkrweBluUg.exe Section loaded: uiautomationcore.dll
Source: C:\Program Files (x86)\DrSXXVmHpZDxFgrRfOEBCcSJhLjFyVbPIcJlABnTLoDKq\WCKsatFYtLNCcBGzYutkrweBluUg.exe Section loaded: propsys.dll
Source: C:\Program Files (x86)\DrSXXVmHpZDxFgrRfOEBCcSJhLjFyVbPIcJlABnTLoDKq\WCKsatFYtLNCcBGzYutkrweBluUg.exe Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\DrSXXVmHpZDxFgrRfOEBCcSJhLjFyVbPIcJlABnTLoDKq\WCKsatFYtLNCcBGzYutkrweBluUg.exe Section loaded: oleacc.dll
Source: C:\Program Files (x86)\DrSXXVmHpZDxFgrRfOEBCcSJhLjFyVbPIcJlABnTLoDKq\WCKsatFYtLNCcBGzYutkrweBluUg.exe Section loaded: uiautomationcore.dll
Source: C:\Program Files (x86)\DrSXXVmHpZDxFgrRfOEBCcSJhLjFyVbPIcJlABnTLoDKq\WCKsatFYtLNCcBGzYutkrweBluUg.exe Section loaded: propsys.dll
Source: C:\Program Files (x86)\DrSXXVmHpZDxFgrRfOEBCcSJhLjFyVbPIcJlABnTLoDKq\WCKsatFYtLNCcBGzYutkrweBluUg.exe Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\DrSXXVmHpZDxFgrRfOEBCcSJhLjFyVbPIcJlABnTLoDKq\WCKsatFYtLNCcBGzYutkrweBluUg.exe Section loaded: oleacc.dll
Source: C:\Program Files (x86)\DrSXXVmHpZDxFgrRfOEBCcSJhLjFyVbPIcJlABnTLoDKq\WCKsatFYtLNCcBGzYutkrweBluUg.exe Section loaded: uiautomationcore.dll
Source: C:\Program Files (x86)\DrSXXVmHpZDxFgrRfOEBCcSJhLjFyVbPIcJlABnTLoDKq\WCKsatFYtLNCcBGzYutkrweBluUg.exe Section loaded: propsys.dll
Source: C:\Program Files (x86)\DrSXXVmHpZDxFgrRfOEBCcSJhLjFyVbPIcJlABnTLoDKq\WCKsatFYtLNCcBGzYutkrweBluUg.exe Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\DrSXXVmHpZDxFgrRfOEBCcSJhLjFyVbPIcJlABnTLoDKq\WCKsatFYtLNCcBGzYutkrweBluUg.exe Section loaded: oleacc.dll
Source: C:\Program Files (x86)\DrSXXVmHpZDxFgrRfOEBCcSJhLjFyVbPIcJlABnTLoDKq\WCKsatFYtLNCcBGzYutkrweBluUg.exe Section loaded: uiautomationcore.dll
Source: C:\Program Files (x86)\DrSXXVmHpZDxFgrRfOEBCcSJhLjFyVbPIcJlABnTLoDKq\WCKsatFYtLNCcBGzYutkrweBluUg.exe Section loaded: propsys.dll
Source: C:\Program Files (x86)\DrSXXVmHpZDxFgrRfOEBCcSJhLjFyVbPIcJlABnTLoDKq\WCKsatFYtLNCcBGzYutkrweBluUg.exe Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\DrSXXVmHpZDxFgrRfOEBCcSJhLjFyVbPIcJlABnTLoDKq\WCKsatFYtLNCcBGzYutkrweBluUg.exe Section loaded: oleacc.dll
Source: C:\Program Files (x86)\DrSXXVmHpZDxFgrRfOEBCcSJhLjFyVbPIcJlABnTLoDKq\WCKsatFYtLNCcBGzYutkrweBluUg.exe Section loaded: uiautomationcore.dll
Source: C:\Program Files (x86)\DrSXXVmHpZDxFgrRfOEBCcSJhLjFyVbPIcJlABnTLoDKq\WCKsatFYtLNCcBGzYutkrweBluUg.exe Section loaded: propsys.dll
Source: C:\Program Files (x86)\DrSXXVmHpZDxFgrRfOEBCcSJhLjFyVbPIcJlABnTLoDKq\WCKsatFYtLNCcBGzYutkrweBluUg.exe Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\DrSXXVmHpZDxFgrRfOEBCcSJhLjFyVbPIcJlABnTLoDKq\WCKsatFYtLNCcBGzYutkrweBluUg.exe Section loaded: oleacc.dll
Source: C:\Program Files (x86)\DrSXXVmHpZDxFgrRfOEBCcSJhLjFyVbPIcJlABnTLoDKq\WCKsatFYtLNCcBGzYutkrweBluUg.exe Section loaded: uiautomationcore.dll
Source: C:\Program Files (x86)\DrSXXVmHpZDxFgrRfOEBCcSJhLjFyVbPIcJlABnTLoDKq\WCKsatFYtLNCcBGzYutkrweBluUg.exe Section loaded: propsys.dll
Source: C:\Program Files (x86)\DrSXXVmHpZDxFgrRfOEBCcSJhLjFyVbPIcJlABnTLoDKq\WCKsatFYtLNCcBGzYutkrweBluUg.exe Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\DrSXXVmHpZDxFgrRfOEBCcSJhLjFyVbPIcJlABnTLoDKq\WCKsatFYtLNCcBGzYutkrweBluUg.exe Section loaded: oleacc.dll
Source: C:\Program Files (x86)\DrSXXVmHpZDxFgrRfOEBCcSJhLjFyVbPIcJlABnTLoDKq\WCKsatFYtLNCcBGzYutkrweBluUg.exe Section loaded: uiautomationcore.dll
Source: C:\Program Files (x86)\DrSXXVmHpZDxFgrRfOEBCcSJhLjFyVbPIcJlABnTLoDKq\WCKsatFYtLNCcBGzYutkrweBluUg.exe Section loaded: propsys.dll
Source: C:\Program Files (x86)\DrSXXVmHpZDxFgrRfOEBCcSJhLjFyVbPIcJlABnTLoDKq\WCKsatFYtLNCcBGzYutkrweBluUg.exe Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\DrSXXVmHpZDxFgrRfOEBCcSJhLjFyVbPIcJlABnTLoDKq\WCKsatFYtLNCcBGzYutkrweBluUg.exe Section loaded: oleacc.dll
Source: C:\Program Files (x86)\DrSXXVmHpZDxFgrRfOEBCcSJhLjFyVbPIcJlABnTLoDKq\WCKsatFYtLNCcBGzYutkrweBluUg.exe Section loaded: uiautomationcore.dll
Source: C:\Program Files (x86)\DrSXXVmHpZDxFgrRfOEBCcSJhLjFyVbPIcJlABnTLoDKq\WCKsatFYtLNCcBGzYutkrweBluUg.exe Section loaded: propsys.dll
Source: C:\Program Files (x86)\DrSXXVmHpZDxFgrRfOEBCcSJhLjFyVbPIcJlABnTLoDKq\WCKsatFYtLNCcBGzYutkrweBluUg.exe Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\DrSXXVmHpZDxFgrRfOEBCcSJhLjFyVbPIcJlABnTLoDKq\WCKsatFYtLNCcBGzYutkrweBluUg.exe Section loaded: oleacc.dll
Source: C:\Program Files (x86)\DrSXXVmHpZDxFgrRfOEBCcSJhLjFyVbPIcJlABnTLoDKq\WCKsatFYtLNCcBGzYutkrweBluUg.exe Section loaded: uiautomationcore.dll
Source: C:\Program Files (x86)\DrSXXVmHpZDxFgrRfOEBCcSJhLjFyVbPIcJlABnTLoDKq\WCKsatFYtLNCcBGzYutkrweBluUg.exe Section loaded: propsys.dll
Source: C:\Program Files (x86)\DrSXXVmHpZDxFgrRfOEBCcSJhLjFyVbPIcJlABnTLoDKq\WCKsatFYtLNCcBGzYutkrweBluUg.exe Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\DrSXXVmHpZDxFgrRfOEBCcSJhLjFyVbPIcJlABnTLoDKq\WCKsatFYtLNCcBGzYutkrweBluUg.exe Section loaded: oleacc.dll
Source: C:\Program Files (x86)\DrSXXVmHpZDxFgrRfOEBCcSJhLjFyVbPIcJlABnTLoDKq\WCKsatFYtLNCcBGzYutkrweBluUg.exe Section loaded: uiautomationcore.dll
Source: C:\Program Files (x86)\DrSXXVmHpZDxFgrRfOEBCcSJhLjFyVbPIcJlABnTLoDKq\WCKsatFYtLNCcBGzYutkrweBluUg.exe Section loaded: propsys.dll
Source: C:\Program Files (x86)\DrSXXVmHpZDxFgrRfOEBCcSJhLjFyVbPIcJlABnTLoDKq\WCKsatFYtLNCcBGzYutkrweBluUg.exe Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\DrSXXVmHpZDxFgrRfOEBCcSJhLjFyVbPIcJlABnTLoDKq\WCKsatFYtLNCcBGzYutkrweBluUg.exe Section loaded: oleacc.dll
Source: C:\Program Files (x86)\DrSXXVmHpZDxFgrRfOEBCcSJhLjFyVbPIcJlABnTLoDKq\WCKsatFYtLNCcBGzYutkrweBluUg.exe Section loaded: uiautomationcore.dll
Source: C:\Program Files (x86)\DrSXXVmHpZDxFgrRfOEBCcSJhLjFyVbPIcJlABnTLoDKq\WCKsatFYtLNCcBGzYutkrweBluUg.exe Section loaded: propsys.dll
Source: C:\Program Files (x86)\DrSXXVmHpZDxFgrRfOEBCcSJhLjFyVbPIcJlABnTLoDKq\WCKsatFYtLNCcBGzYutkrweBluUg.exe Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\DrSXXVmHpZDxFgrRfOEBCcSJhLjFyVbPIcJlABnTLoDKq\WCKsatFYtLNCcBGzYutkrweBluUg.exe Section loaded: oleacc.dll
Source: C:\Users\user\Desktop\Setup.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32 Jump to behavior
Source: PC App Store.lnk.9.dr LNK file: ..\..\..\..\..\..\PCAppStore\PcAppStore.exe
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp Registry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PCAppStore Jump to behavior
Source: Setup.exe Static PE information: certificate valid
Source: Setup.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: C:\Build\Build_1092c_D20241025T171023\fa_rss\Watchdog\x64\Release\Watchdog.pdb source: nsq4808.tmp, 00000009.00000002.2496609049.00000000027E4000.00000004.00000020.00020000.00000000.sdmp, Watchdog.exe, 0000000B.00000002.3061715229.00007FF75C49A000.00000002.00000001.01000000.00000017.sdmp, Watchdog.exe, 0000000B.00000000.2366649249.00007FF75C49A000.00000002.00000001.01000000.00000017.sdmp
Source: Binary string: C:\Build\Build_1092c_D20241025T171023\fa_rss\AppStoreUpdater\Release\auto_updater.pdb1 source: nsq4808.tmp, 00000009.00000002.2496609049.0000000002ECF000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: WCKsatFYtLNCcBGzYutkrweBluUg.exe, 0000000E.00000002.3046497436.0000000000C6E000.00000002.00000001.01000000.0000001A.sdmp, WCKsatFYtLNCcBGzYutkrweBluUg.exe, 00000010.00000000.2449220299.0000000000C6E000.00000002.00000001.01000000.0000001A.sdmp, WCKsatFYtLNCcBGzYutkrweBluUg.exe, 00000011.00000002.3047062520.0000000000C6E000.00000002.00000001.01000000.0000001A.sdmp, WCKsatFYtLNCcBGzYutkrweBluUg.exe, 00000012.00000002.3041072285.0000000000C6E000.00000002.00000001.01000000.0000001A.sdmp, WCKsatFYtLNCcBGzYutkrweBluUg.exe, 00000013.00000002.3028041615.0000000000C6E000.00000002.00000001.01000000.0000001A.sdmp, WCKsatFYtLNCcBGzYutkrweBluUg.exe, 00000014.00000002.3042638220.0000000000C6E000.00000002.00000001.01000000.0000001A.sdmp, WCKsatFYtLNCcBGzYutkrweBluUg.exe, 00000015.00000000.2471622186.0000000000C6E000.00000002.00000001.01000000.0000001A.sdmp, WCKsatFYtLNCcBGzYutkrweBluUg.exe, 00000016.00000000.2475220946.0000000000C6E000.00000002.00000001.01000000.0000001A.sdmp, WCKsatFYtLNCcBGzYutkrweBluUg.exe, 00000017.00000000.2480749861.0000000000C6E000.00000002.00000001.01000000.0000001A.sdmp, WCKsatFYtLNCcBGzYutkrweBluUg.exe, 00000018.00000000.2485165462.0000000000C6E000.00000002.00000001.01000000.0000001A.sdmp, WCKsatFYtLNCcBGzYutkrweBluUg.exe, 0000001A.00000000.2493935998.0000000000C6E000.00000002.00000001.01000000.0000001A.sdmp, WCKsatFYtLNCcBGzYutkrweBluUg.exe, 0000001B.00000002.3034033202.0000000000C6E000.00000002.00000001.01000000.0000001A.sdmp, WCKsatFYtLNCcBGzYutkrweBluUg.exe, 0000001C.00000002.3047804990.0000000000C6E000.00000002.00000001.01000000.0000001A.sdmp, WCKsatFYtLNCcBGzYutkrweBluUg.exe, 0000001D.00000000.2500606041.0000000000C6E000.00000002.00000001.01000000.0000001A.sdmp, WCKsatFYtLNCcBGzYutkrweBluUg.exe, 0000001F.00000000.2504050842.0000000000C6E000.00000002.00000001.01000000.0000001A.sdmp, WCKsatFYtLNCcBGzYutkrweBluUg.exe, 00000020.00000002.3040637974.0000000000C6E000.00000002.00000001.01000000.0000001A.sdmp, WCKsatFYtLNCcBGzYutkrweBluUg.exe, 00000021.00000002.3027462286.0000000000C6E000.00000002.00000001.01000000.0000001A.sdmp, WCKsatFYtLNCcBGzYutkrweBluUg.exe, 00000022.00000002.3028005009.0000000000C6E000.00000002.00000001.01000000.0000001A.sdmp, WCKsatFYtLNCcBGzYutkrweBluUg.exe, 00000023.00000000.2511109967.0000000000C6E000.00000002.00000001.01000000.0000001A.sdmp, WCKsatFYtLNCcBGzYutkrweBluUg.exe, 00000024.00000002.3051559338.0000000000C6E000.00000002.00000001.01000000.0000001A.sdmp, WCKsatFYtLNCcBGzYutkrweBluUg.exe, 00000025.00000000.2517940833.0000000000C6E000.00000002.00000001.01000000.0000001A.sdmp, WCKsatFYtLNCcBGzYutkrweBluUg.exe, 00000026.00000002.3041627451.0000000000C6E000.00000002.00000001.01000000.0000001A.sdmp, WCKsatFYtLNCcBGzYutkrweBluUg.exe, 00000027.00000000.2523509945.0000000000C6E000.00000002.00000001.01000000.0000001A.sdmp, WCKsatFYtLNCcBGzYutkrweBluUg.exe, 00000028.00000000.2524807272.0000000000C6E000.00000002.00000001.01000000.0
Source: Binary string: C:\Users\zak\Downloads\Inetc\Unicode\Plugins\inetc.pdb source: Setup.exe, 00000000.00000002.2031646137.000000000040A000.00000004.00000001.01000000.00000003.sdmp
Source: Binary string: C:\Build\Build_1092c_D20241025T171023\fa_rss\engine\Release\PCAppStore.pdb source: nsq4808.tmp, 00000009.00000002.2496609049.0000000002BD8000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 0000000A.00000000.2366309517.00007FF71AE4B000.00000002.00000001.01000000.00000016.sdmp, PcAppStore.exe, 0000000A.00000002.3233552193.00007FF71AE4B000.00000002.00000001.01000000.00000016.sdmp, PcAppStore.exe, 0000001E.00000000.2499837866.00007FF71AE4B000.00000002.00000001.01000000.00000016.sdmp, PcAppStore.exe, 0000001E.00000002.2506777440.00007FF71AE4B000.00000002.00000001.01000000.00000016.sdmp
Source: Binary string: C:\Build\Build_1092c_D20241025T171023\fa_rss\AppStoreUpdater\Release\auto_updater.pdb source: nsq4808.tmp, 00000009.00000002.2496609049.0000000002ECF000.00000004.00000020.00020000.00000000.sdmp
Contains functionality to dynamically determine API calls
Source: C:\Users\user\PCAppStore\PcAppStore.exe Code function: 10_2_00007FF71AC4BFE0 atomic,RoGetActivationFactory,atomic,LoadLibraryW,GetProcAddress,RoGetActivationFactory,atomic,atomic,type_info::_name_internal_method,Concurrency::details::WorkQueue::IsStructuredEmpty,LoadLibraryW,Concurrency::details::_Scheduler::_Scheduler,GetProcAddress,atomic, 10_2_00007FF71AC4BFE0
PE file contains an invalid checksum
Source: Setup.exe Static PE information: real checksum: 0x3937f should be: 0x33c16
Source: NW_store.exe.9.dr Static PE information: real checksum: 0x0 should be: 0x23ab08
Source: System.dll.0.dr Static PE information: real checksum: 0x0 should be: 0x3d68
Source: System.dll.9.dr Static PE information: real checksum: 0x0 should be: 0x3d68
Source: vk_swiftshader.dll.9.dr Static PE information: real checksum: 0x0 should be: 0x44caa7
Source: ffmpeg.dll.9.dr Static PE information: real checksum: 0x0 should be: 0x1f8136
Source: nsJSON.dll.0.dr Static PE information: real checksum: 0x0 should be: 0x6718
Source: NSISFastLib.dll.0.dr Static PE information: real checksum: 0x0 should be: 0x30512
Source: inetc.dll.9.dr Static PE information: real checksum: 0x0 should be: 0x13c41
Source: vulkan-1.dll.9.dr Static PE information: real checksum: 0x0 should be: 0xe0b14
Source: libEGL.dll.9.dr Static PE information: real checksum: 0x0 should be: 0x7ddc6
Source: nsJSON.dll.9.dr Static PE information: real checksum: 0x0 should be: 0x6718
Source: Math.dll.9.dr Static PE information: real checksum: 0x0 should be: 0x155a8
Source: nw_elf.dll.9.dr Static PE information: real checksum: 0x0 should be: 0x124d11
Source: NSISFastLib.dll.9.dr Static PE information: real checksum: 0x0 should be: 0x30512
Source: inetc.dll.0.dr Static PE information: real checksum: 0x0 should be: 0x13c41
Source: libGLESv2.dll.9.dr Static PE information: real checksum: 0x0 should be: 0x7b9652
Source: notification_helper.exe.9.dr Static PE information: real checksum: 0x0 should be: 0x11edb8
Source: nsDialogs.dll.0.dr Static PE information: real checksum: 0x0 should be: 0x2f9b
PE file contains sections with non-standard names
Source: NW_store.exe.9.dr Static PE information: section name: .gxfg
Source: NW_store.exe.9.dr Static PE information: section name: .retplne
Source: NW_store.exe.9.dr Static PE information: section name: .voltbl
Source: NW_store.exe.9.dr Static PE information: section name: CPADinfo
Source: NW_store.exe.9.dr Static PE information: section name: _RDATA
Source: NW_store.exe.9.dr Static PE information: section name: malloc_h
Source: ffmpeg.dll.9.dr Static PE information: section name: .gxfg
Source: ffmpeg.dll.9.dr Static PE information: section name: .retplne
Source: ffmpeg.dll.9.dr Static PE information: section name: .voltbl
Source: ffmpeg.dll.9.dr Static PE information: section name: _RDATA
Source: libEGL.dll.9.dr Static PE information: section name: .gxfg
Source: libEGL.dll.9.dr Static PE information: section name: .retplne
Source: libEGL.dll.9.dr Static PE information: section name: .voltbl
Source: libEGL.dll.9.dr Static PE information: section name: _RDATA
Source: libEGL.dll.9.dr Static PE information: section name: malloc_h
Source: libGLESv2.dll.9.dr Static PE information: section name: .gxfg
Source: libGLESv2.dll.9.dr Static PE information: section name: .retplne
Source: libGLESv2.dll.9.dr Static PE information: section name: .voltbl
Source: libGLESv2.dll.9.dr Static PE information: section name: _RDATA
Source: libGLESv2.dll.9.dr Static PE information: section name: malloc_h
Source: node.dll.9.dr Static PE information: section name: .gxfg
Source: node.dll.9.dr Static PE information: section name: .retplne
Source: node.dll.9.dr Static PE information: section name: .voltbl
Source: node.dll.9.dr Static PE information: section name: _RDATA
Source: notification_helper.exe.9.dr Static PE information: section name: .gxfg
Source: notification_helper.exe.9.dr Static PE information: section name: .retplne
Source: notification_helper.exe.9.dr Static PE information: section name: .voltbl
Source: notification_helper.exe.9.dr Static PE information: section name: CPADinfo
Source: notification_helper.exe.9.dr Static PE information: section name: _RDATA
Source: notification_helper.exe.9.dr Static PE information: section name: malloc_h
Source: nw.dll.9.dr Static PE information: section name: .gxfg
Source: nw.dll.9.dr Static PE information: section name: .retplne
Source: nw.dll.9.dr Static PE information: section name: .rodata
Source: nw.dll.9.dr Static PE information: section name: .voltbl
Source: nw.dll.9.dr Static PE information: section name: CPADinfo
Source: nw.dll.9.dr Static PE information: section name: LZMADEC
Source: nw.dll.9.dr Static PE information: section name: _RDATA
Source: nw.dll.9.dr Static PE information: section name: malloc_h
Source: nw_elf.dll.9.dr Static PE information: section name: .crthunk
Source: nw_elf.dll.9.dr Static PE information: section name: .gxfg
Source: nw_elf.dll.9.dr Static PE information: section name: .retplne
Source: nw_elf.dll.9.dr Static PE information: section name: .voltbl
Source: nw_elf.dll.9.dr Static PE information: section name: CPADinfo
Source: nw_elf.dll.9.dr Static PE information: section name: _RDATA
Source: nw_elf.dll.9.dr Static PE information: section name: malloc_h
Source: vk_swiftshader.dll.9.dr Static PE information: section name: .gxfg
Source: vk_swiftshader.dll.9.dr Static PE information: section name: .retplne
Source: vk_swiftshader.dll.9.dr Static PE information: section name: .voltbl
Source: vk_swiftshader.dll.9.dr Static PE information: section name: _RDATA
Source: vulkan-1.dll.9.dr Static PE information: section name: .gxfg
Source: vulkan-1.dll.9.dr Static PE information: section name: .retplne
Source: vulkan-1.dll.9.dr Static PE information: section name: .voltbl
Source: vulkan-1.dll.9.dr Static PE information: section name: _RDATA
Source: ZoomInstaller.exe.10.dr Static PE information: section name: _RDATA
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\PCAppStore\PcAppStore.exe Code function: 10_2_00007FF71AC4F0B0 pushfq ; ret 10_2_00007FF71AC4F0B1
Drops PE files
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp File created: C:\Users\user\PCAppStore\Uninstaller.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp File created: C:\Users\user\PCAppStore\nwjs\nw.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp File created: C:\Users\user\PCAppStore\nwjs\NW_store.exe Jump to dropped file
Source: C:\Users\user\PCAppStore\PcAppStore.exe File created: C:\Users\user\PCAppStore\download\ZoomInstaller.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp File created: C:\Users\user\PCAppStore\nwjs\ffmpeg.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp File created: C:\Users\user\PCAppStore\nwjs\vk_swiftshader.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp File created: C:\Users\user\PCAppStore\nwjs\notification_helper.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp File created: C:\Users\user\AppData\Local\Temp\nsj906B.tmp\System.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp File created: C:\Users\user\PCAppStore\nwjs\libEGL.dll Jump to dropped file
Source: C:\Users\user\Desktop\Setup.exe File created: C:\Users\user\AppData\Local\Temp\nsi277F.tmp\NSISFastLib.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp File created: C:\Users\user\AppData\Local\Temp\nsj906B.tmp\inetc.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp File created: C:\Users\user\AppData\Local\Temp\nsj906B.tmp\nsJSON.dll Jump to dropped file
Source: C:\Users\user\Desktop\Setup.exe File created: C:\Users\user\AppData\Local\Temp\nsq4808.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp File created: C:\Users\user\PCAppStore\Watchdog.exe Jump to dropped file
Source: C:\Users\user\Desktop\Setup.exe File created: C:\Users\user\AppData\Local\Temp\nsi277F.tmp\nsJSON.dll Jump to dropped file
Source: C:\Users\user\Desktop\Setup.exe File created: C:\Users\user\AppData\Local\Temp\nsi277F.tmp\inetc.dll Jump to dropped file
Source: C:\Users\user\Desktop\Setup.exe File created: C:\Users\user\AppData\Local\Temp\nsi277F.tmp\System.dll Jump to dropped file
Source: C:\Users\user\Desktop\Setup.exe File created: C:\Users\user\AppData\Local\Temp\nsi277F.tmp\nsDialogs.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp File created: C:\Users\user\PCAppStore\nwjs\vulkan-1.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp File created: C:\Users\user\AppData\Local\Temp\nsj906B.tmp\NSISFastLib.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp File created: C:\Users\user\PCAppStore\nwjs\node.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp File created: C:\Users\user\PCAppStore\nwjs\d3dcompiler_47.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp File created: C:\Users\user\PCAppStore\PcAppStore.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp File created: C:\Users\user\PCAppStore\AutoUpdater.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp File created: C:\Users\user\PCAppStore\nwjs\nw_elf.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp File created: C:\Users\user\AppData\Local\Temp\nsj906B.tmp\Math.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp File created: C:\Users\user\PCAppStore\nwjs\libGLESv2.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp File created: C:\Users\user\PCAppStore\ui\static\js\2.801b9d83.chunk.js.LICENSE.txt Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp File created: C:\Users\user\PCAppStore\ReadMe.txt Jump to behavior

Boot Survival
barindex
Creates multiple autostart registry keys
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run PcAppStoreUpdater Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Watchdog Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run PCAppStore Jump to behavior
Stores files to the Windows start menu directory
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run PCAppStore Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run PCAppStore Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run PcAppStoreUpdater Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run PcAppStoreUpdater Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Watchdog Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Watchdog Jump to behavior
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Source: C:\Users\user\Desktop\Setup.exe Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot Jump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exe Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot Jump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exe Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot
Source: C:\Users\user\Desktop\Setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\explorer.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\PCAppStore\PcAppStore.exe Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion
barindex
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Source: C:\Users\user\Desktop\Setup.exe WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select Caption from Win32_DiskDrive
Source: C:\Users\user\Desktop\Setup.exe WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select Size from Win32_DiskDrive
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select Caption from Win32_DiskDrive
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select Size from Win32_DiskDrive
Contains long sleeps (>= 3 min)
Source: C:\Users\user\PCAppStore\Watchdog.exe Thread delayed: delay time: 300000
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Source: C:\Users\user\PCAppStore\PcAppStore.exe Window / User API: threadDelayed 627 Jump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exe Window / User API: threadDelayed 784 Jump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exe Window / User API: threadDelayed 1377 Jump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exe Window / User API: foregroundWindowGot 533 Jump to behavior
Found dropped PE file which has not been started or loaded
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp Dropped PE file which has not been started: C:\Users\user\PCAppStore\Uninstaller.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp Dropped PE file which has not been started: C:\Users\user\PCAppStore\nwjs\nw.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp Dropped PE file which has not been started: C:\Users\user\PCAppStore\nwjs\NW_store.exe Jump to dropped file
Source: C:\Users\user\PCAppStore\PcAppStore.exe Dropped PE file which has not been started: C:\Users\user\PCAppStore\download\ZoomInstaller.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp Dropped PE file which has not been started: C:\Users\user\PCAppStore\nwjs\ffmpeg.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp Dropped PE file which has not been started: C:\Users\user\PCAppStore\nwjs\vk_swiftshader.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp Dropped PE file which has not been started: C:\Users\user\PCAppStore\nwjs\notification_helper.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsj906B.tmp\System.dll Jump to dropped file
Source: C:\Users\user\Desktop\Setup.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsi277F.tmp\NSISFastLib.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp Dropped PE file which has not been started: C:\Users\user\PCAppStore\nwjs\libEGL.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsj906B.tmp\inetc.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsj906B.tmp\nsJSON.dll Jump to dropped file
Source: C:\Users\user\Desktop\Setup.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsi277F.tmp\nsJSON.dll Jump to dropped file
Source: C:\Users\user\Desktop\Setup.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsi277F.tmp\inetc.dll Jump to dropped file
Source: C:\Users\user\Desktop\Setup.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsi277F.tmp\System.dll Jump to dropped file
Source: C:\Users\user\Desktop\Setup.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsi277F.tmp\nsDialogs.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsj906B.tmp\NSISFastLib.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp Dropped PE file which has not been started: C:\Users\user\PCAppStore\nwjs\vulkan-1.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp Dropped PE file which has not been started: C:\Users\user\PCAppStore\nwjs\node.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp Dropped PE file which has not been started: C:\Users\user\PCAppStore\nwjs\d3dcompiler_47.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp Dropped PE file which has not been started: C:\Users\user\PCAppStore\AutoUpdater.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp Dropped PE file which has not been started: C:\Users\user\PCAppStore\nwjs\nw_elf.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsj906B.tmp\Math.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp Dropped PE file which has not been started: C:\Users\user\PCAppStore\nwjs\libGLESv2.dll Jump to dropped file
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Users\user\PCAppStore\Watchdog.exe TID: 6816 Thread sleep count: 270 > 30
Source: C:\Users\user\PCAppStore\Watchdog.exe TID: 6816 Thread sleep time: -16200000s >= -30000s
Source: C:\Users\user\PCAppStore\Watchdog.exe TID: 6676 Thread sleep time: -300000s >= -30000s
Source: C:\Users\user\PCAppStore\Watchdog.exe TID: 6816 Thread sleep time: -60000s >= -30000s
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Source: C:\Users\user\Desktop\Setup.exe WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select ReleaseDate from Win32_BIOS
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select ReleaseDate from Win32_BIOS
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Source: C:\Users\user\Desktop\Setup.exe WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select UUID from Win32_ComputerSystemProduct
Source: C:\Users\user\Desktop\Setup.exe WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select Vendor from Win32_ComputerSystemProduct
Source: C:\Users\user\Desktop\Setup.exe WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select Version from Win32_ComputerSystemProduct
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select UUID from Win32_ComputerSystemProduct
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select Vendor from Win32_ComputerSystemProduct
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select Version from Win32_ComputerSystemProduct
Source: C:\Users\user\PCAppStore\PcAppStore.exe WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_ComputerSystemProduct
Source: C:\Users\user\PCAppStore\PcAppStore.exe WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_ComputerSystemProduct
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Source: C:\Users\user\Desktop\Setup.exe WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select Name from Win32_Processor
Source: C:\Users\user\Desktop\Setup.exe WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select MaxClockSpeed from Win32_Processor
Source: C:\Users\user\Desktop\Setup.exe WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select NumberOfCores from Win32_Processor
Source: C:\Users\user\Desktop\Setup.exe WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select NumberOfLogicalProcessors from Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select Name from Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select MaxClockSpeed from Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select NumberOfCores from Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select NumberOfLogicalProcessors from Win32_Processor
Sample execution stops while process was sleeping (likely an evasion)
Source: C:\Users\user\PCAppStore\PcAppStore.exe Last function: Thread delayed
Source: C:\Users\user\PCAppStore\Watchdog.exe Last function: Thread delayed
Source: C:\Users\user\PCAppStore\Watchdog.exe Last function: Thread delayed
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_00405C49 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose, 0_2_00405C49
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_00406873 FindFirstFileW,FindClose, 0_2_00406873
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_0040290B FindFirstFileW, 0_2_0040290B
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp Code function: 9_2_00405D74 CloseHandle,GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose, 9_2_00405D74
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp Code function: 9_2_0040699E FindFirstFileW,FindClose, 9_2_0040699E
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp Code function: 9_2_0040290B FindFirstFileW, 9_2_0040290B
Source: C:\Users\user\PCAppStore\PcAppStore.exe Code function: 10_2_00007FF71ADE75F8 FindClose,FindFirstFileExW,GetLastError,GetCurrentDirectoryW,GetLastError, 10_2_00007FF71ADE75F8
Source: C:\Users\user\PCAppStore\PcAppStore.exe Code function: 10_2_00007FF71ADE76A8 GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,__std_fs_open_handle,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,CloseHandle,CloseHandle, 10_2_00007FF71ADE76A8
Source: C:\Users\user\PCAppStore\Watchdog.exe Code function: 11_2_00007FF75C4816E0 FindClose,FindFirstFileExW,GetLastError, 11_2_00007FF75C4816E0
Source: C:\Users\user\PCAppStore\Watchdog.exe Code function: 11_2_00007FF75C481754 GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,__std_fs_open_handle,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,CloseHandle,CloseHandle, 11_2_00007FF75C481754
Source: C:\Users\user\PCAppStore\Watchdog.exe Code function: 11_2_00007FF75C490330 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose, 11_2_00007FF75C490330
Source: C:\Users\user\PCAppStore\Watchdog.exe Thread delayed: delay time: 60000
Source: C:\Users\user\PCAppStore\Watchdog.exe Thread delayed: delay time: 300000
Source: C:\Users\user\PCAppStore\Watchdog.exe Thread delayed: delay time: 60000
Source: explorer.exe, 0000000C.00000000.2395487561.00000000098A8000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: k&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000
Source: chrome.exe, 00000001.00000002.3416025025.00001F5000AC0000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: VMware
Source: nsq4808.tmp, 00000009.00000003.2493164662.0000000000808000.00000004.00000020.00020000.00000000.sdmp, nsq4808.tmp, 00000009.00000002.2495673742.0000000000808000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW8
Source: chrome.exe, 00000001.00000002.3427056179.00001F50010B0000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: VMware Virtual USB Mouse
Source: explorer.exe, 0000000C.00000002.3035085879.0000000001240000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&0000000}
Source: explorer.exe, 0000000C.00000002.3070608492.0000000003758000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: PcAppStore.exe, 0000001E.00000002.2506009311.0000023DC2C60000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: VMware, Inc.
Source: PcAppStore.exe, 0000000A.00000002.3134501078.0000027498670000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: PcAppStore.exe, 0000001E.00000003.2504655666.0000023DC2C92000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: stringComputer System ProductComputer System ProductHMFH4171434D56-1548-ED3D-AEE6-C75AECD93BF0VMware, Inc.None+
Source: Setup.exe, 00000000.00000003.1759403368.0000000002A60000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: {"system_stats":{"os_name":"Microsoft+Windows+10+Pro","os_installdate":"20231003095718%2E000000%2B060","os_processes":"113","os_architecture":"64-bit","os_virtmem":"8387636","os_mem":"4193332","cpu_name":"Intel%28R%29+Core%28TM%292+CPU+6600+%40+2%2E40+GHz","cpu_maxclock":"2000","cpu_cores":"4","cpu_logicalproc":"1","pc_vendor":"VMware%2C+Inc%2E","pc_version":"None","gpu_name":"PR8CPK3Y","gpu_ram":"0","gpu_bitsperpixel":"32","gpu_x":"1280","gpu_y":"1024","disk_name":"GWPE9XE3+SCSI+Disk+Device","disk_size":"412300001200","sec_as":"","sec_av":"Windows+Defender","sec_fw":"","bios_releasedate":"20221121000000%2E000000%2B000"},"pcapps":{"0":"7-Zip+23%2E01+%28x64%29","1":"Mozilla+Firefox+%28x64+en-US%29","2":"Mozilla+Maintenance+Service","3":"Microsoft+Office+Professional+Plus+2019+-+en-us","4":"Microsoft+Visual+C%2B%2B+2022+X64+Additional+Runtime+-+14%2E36%2E32532","5":"Office+16+Click-to-Run+Licensing+Component","6":"Office+16+Click-to-Run+Extensibility+Component+64-bit+Registration","7":"Adobe+Acrobat+%2864-bit%29","8":"Microsoft+Visual+C%2B%2B+2022+X64+Minimum+Runtime+-+14%2E36%2E32532","9":"Google+Chrome","10":"Microsoft+Edge","11":"Microsoft+Edge+Update","12":"Microsoft+Edge+WebView2+Runtime","13":"Java+Auto+Updater","14":"Java+8+Update+381","15":"Microsoft+Visual+C%2B%2B+2015-2022+Redistributable+%28x64%29+-+14%2E36%2E32532","16":"Office+16+Click-to-Run+Extensibility+Component"},"processes":{"0":"ApplicationFrameHost%2Eexe","1":"Memory+Compression","2":"OfficeClickToRun%2Eexe","3":"Registry","4":"RuntimeBroker%2Eexe","5":"SearchApp%2Eexe","6":"Setup%2Eexe","7":"SgrmBroker%2Eexe","8":"StartMenuExperienceHost%2Eexe","9":"System","10":"SystemSettings%2Eexe","11":"TextInputHost%2Eexe","12":"UserOOBEBroker%2Eexe","13":"WCKsatFYtLNCcBGzYutkrweBluUg%2Eexe","14":"WinStore%2EApp%2Eexe","15":"WmiPrvSE%2Eexe","16":"%5BSystem+Process%5D","17":"audiodg%2Eexe","18":"backgroundTaskHost%2Eexe","19":"conhost%2Eexe","20":"csrss%2Eexe","21":"ctfmon%2Eexe","22":"dasHost%2Eexe","23":"dllhost%2Eexe","24":"dwm%2Eexe","25":"explorer%2Eexe","26":"fontdrvhost%2Eexe","27":"lsass%2Eexe","28":"services%2Eexe","29":"sihost%2Eexe","30":"smartscreen%2Eexe","31":"smss%2Eexe","32":"spoolsv%2Eexe","33":"sppsvc%2Eexe","34":"svchost%2Eexe","35":"upfc%2Eexe","36":"wininit%2Eexe","37":"winlogon%2Eexe"},"sys_lang":"en-GB","parent_proc":"explorer%2Eexe"}
Source: Setup.exe, 00000000.00000003.2027254429.0000000000846000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000002.2032678588.0000000002A60000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000002.2032146838.0000000000846000.00000004.00000020.00020000.00000000.sdmp, nsq4808.tmp, 00000009.00000003.2493164662.000000000084F000.00000004.00000020.00020000.00000000.sdmp, nsq4808.tmp, 00000009.00000002.2495673742.000000000084F000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 0000000A.00000002.3088361173.0000027495EB7000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 0000000A.00000002.3088361173.0000027495F5E000.00000004.00000020.00020000.00000000.sdmp, Watchdog.exe, 0000000B.00000002.3042232678.00000233BAA2C000.00000004.00000020.00020000.00000000.sdmp, Watchdog.exe, 0000000B.00000002.3042232678.00000233BA9B3000.00000004.00000020.00020000.00000000.sdmp, Watchdog.exe, 0000000B.00000003.2504090931.00000233BAA2C000.00000004.00000020.00020000.00000000.sdmp, Watchdog.exe, 0000000B.00000003.2504090931.00000233BA9C1000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW
Source: nsq4808.tmp, 00000009.00000002.2498335046.0000000003850000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: VMware%2C+Inc%2E
Source: explorer.exe, 0000000C.00000002.3390909845.0000000009977000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f42ef&0&000000
Source: Setup.exe, 00000000.00000003.1758536585.0000000000819000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: {"system_stats":{"os_name":"Microsoft+Windows+10+Pro","os_installdate":"20231003095718%2E000000%2B060","os_processes":"113","os_architecture":"64-bit","os_virtmem":"8387636","os_mem":"4193332","cpu_name":"Intel%28R%29+Core%28TM%292+CPU+6600+%40+2%2E40+GHz","cpu_maxclock":"2000","cpu_cores":"4","cpu_logicalproc":"1","pc_vendor":"VMware%2C+Inc%2E","pc_version":"None","gpu_name":"PR8CPK3Y","gpu_ram":"0","gpu_bitsperpixel":"32","gpu_x":"1280","gpu_y":"1024","disk_name":"GWPE9XE3+SCSI+Disk+Device","disk_size":"412300001200","sec_as":"","sec_av":"Windows+Defender","sec_fw":"","bios_releasedate":"20221121000000%2E000000%2B000"},"pcapps":{"0":"7-Zip+23%2E01+%28x64%29","1":"Mozilla+Firefox+%28x64+en-US%29","2":"Mozilla+Maintenance+Service","3":"Microsoft+Office+Professional+Plus+2019+-+en-us","4":"Microsoft+Visual+C%2B%2B+2022+X64+Additional+Runtime+-+14%2E36%2E32532","5":"Office+16+Click-to-Run+Licensing+Component","6":"Office+16+Click-to-Run+Extensibility+Component+64-bit+Registration","7":"Adobe+Acrobat+%2864-bit%29","8":"Microsoft+Visual+C%2B%2B+2022+X64+Minimum+Runtime+-+14%2E36%2E32532","9":"Google+Chrome","10":"Microsoft+Edge","11":"Microsoft+Edge+Update","12":"Microsoft+Edge+WebView2+Runtime","13":"Java+Auto+Updater","14":"Java+8+Update+381","15":"Microsoft+Visual+C%2B%2B+2015-2022+Redistributable+%28x64%29+-+14%2E36%2E32532","16":"Office+16+Click-to-Run+Extensibility+Component"},"processes":{"0":"ApplicationFrameHost%2Eexe","1":"Memory+Compression","2":"OfficeClickToRun%2Eexe","3":"Registry","4":"RuntimeBroker%2Eexe","5":"SearchApp%2Eexe","6":"Setup%2Eexe","7":"SgrmBroker%2Eexe","8":"StartMenuExperienceHost%2Eexe","9":"System","10":"SystemSettings%2Eexe","11":"TextInputHost%2Eexe","12":"UserOOBEBroker%2Eexe",
Source: chrome.exe, 00000001.00000002.3165367912.000001FDA8BE7000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 0000001E.00000002.2506009311.0000023DC2C60000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: Setup.exe, 00000000.00000003.1758122387.0000000000819000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: stem_stats":{"os_name":"Microsoft+Windows+10+Pro","os_installdate":"20231003095718%2E000000%2B060","os_processes":"113","os_architecture":"64-bit","os_virtmem":"8387636","os_mem":"4193332","cpu_name":"Intel%28R%29+Core%28TM%292+CPU+6600+%40+2%2E40+GHz","cpu_maxclock":"2000","cpu_cores":"4","cpu_logicalproc":"1","pc_vendor":"VMware%2C+Inc%2E","pc_version":"None","gpu_name":"PR8CPK3Y","gpu_ram":"0","gpu_bitsperpixel":"32","gpu_x":"1280","gpu_y":"1024","disk_name":"GWPE9XE3+SCSI+Disk+Device",
Source: Setup.exe, 00000000.00000002.2032678588.0000000002A60000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: ,"cpu_maxclock":"2000","cpu_cores":"4","cpu_logicalproc":"1","pc_vendor":"VMware%2C+Inc%2E","pc_version":"None","gpu_name":"PR8CPK3Y","gpu_ram":"0","gpu_bitsperpixel":"32","gpu_x":"1280","gpu_y":"1024","disk_name":"GWPE9XE3+SCSI+Disk+Device","disk_size":"4
Source: explorer.exe, 0000000C.00000002.3385003856.0000000009815000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: NECVMWar VMware SATA CD00\w
Source: explorer.exe, 0000000C.00000000.2376803618.00000000078A0000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}$
Source: explorer.exe, 0000000C.00000002.3177256403.00000000079FB000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}'
Source: explorer.exe, 0000000C.00000000.2395487561.00000000098A8000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000
Source: explorer.exe, 0000000C.00000002.3390909845.0000000009977000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: VMware SATA CD00
Source: Setup.exe, 00000000.00000003.1758536585.0000000000836000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: stem_stats":{"os_name":"Microsoft+Windows+10+Pro","os_installdate":"20231003095718%2E000000%2B060","os_processes":"113","os_architecture":"64-bit","os_virtmem":"8387636","os_mem":"4193332","cpu_name":"Intel%28R%29+Core%28TM%292+CPU+6600+%40+2%2E40+GHz","cpu_maxclock":"2000","cpu_cores":"4","cpu_logicalproc":"1","pc_vendor":"VMware%2C+Inc%2E","pc_version":"None","gpu_name":"PR8CPK3Y","gpu_ram":"0","gpu_bitsperpixel":"32","gpu_x":"1280","gpu_y":"1024","disk_name":"GWPE9XE3+SCSI+Disk+Device","disk_size":"412300001200","sec_as":"","sec_av":"Windows+Defender","sec_fw":"","bios_releasedate":"20221121000000%2E000000%2B000"},"pcapps":{"0":"7-Zip+23%2E01+%28x64%29","1":"Mozilla+Firefox+%28x64+en-US%29","2":"Mozilla+Maintenance+Service","3":"Microsoft+Office+Professional+Plus+2019+-+en-us","4":"Microsoft+Visual+C%2B%2B+2022+X64+Additional+Runtime+-+14%2E36%2E32532","5":"Office+16+Click-to-Run+Licensing+Component","6":"Office+16+Click-to-Run+Extensibility+Component+64-bit+Registration","7":"Adobe+Acrobat+%2864-bit%29","8":"Microsoft+Visual+C%2B%2B+2022+X64+Minimum+Runtime+-+14%2E36%2E32532","9":"Google+Chrome","10":"Microsoft+Edge","11":"Microsoft+Edge+Update","12":"Microsoft+Edge+WebView2+Runtime","13":"Java+Auto+Updater","14":"Java+8+Update+381","15":"Microsoft+Visual+C%2B%2B+2015-2022+Redistributable+%28x64%29+-+14%2E36%2E32532","16":"Office+16+Click-to-Run+Extensibility+Component"},"processes":{"0":"ApplicationFrameHost%2Eexe","1":"Memory+Compression","2":"OfficeClickToRun%2Eexe","3":"Registry",
Source: tempPOSTData.9.dr Binary or memory string: {"system_stats":{"os_name":"Microsoft+Windows+10+Pro","os_installdate":"20231003095718%2E000000%2B060","os_processes":"113","os_architecture":"64-bit","os_virtmem":"8387636","os_mem":"4193332","cpu_name":"Intel%28R%29+Core%28TM%292+CPU+6600+%40+2%2E40+GHz","cpu_maxclock":"2000","cpu_cores":"4","cpu_logicalproc":"1","pc_vendor":"VMware%2C+Inc%2E","pc_version":"None","gpu_name":"PR8CPK3Y","gpu_ram":"0","gpu_bitsperpixel":"32","gpu_x":"1280","gpu_y":"1024","disk_name":"GWPE9XE3+SCSI+Disk+Device","disk_size":"412300001200","sec_as":"","sec_av":"Windows+Defender","sec_fw":"","bios_releasedate":"20221121000000%2E000000%2B000"},"pcapps":{"0":"7-Zip+23%2E01+%28x64%29","1":"Mozilla+Firefox+%28x64+en-US%29","2":"Mozilla+Maintenance+Service","3":"Microsoft+Office+Professional+Plus+2019+-+en-us","4":"Microsoft+Visual+C%2B%2B+2022+X64+Additional+Runtime+-+14%2E36%2E32532","5":"Office+16+Click-to-Run+Licensing+Component","6":"Office+16+Click-to-Run+Extensibility+Component+64-bit+Registration","7":"Adobe+Acrobat+%2864-bit%29","8":"Microsoft+Visual+C%2B%2B+2022+X64+Minimum+Runtime+-+14%2E36%2E32532","9":"Google+Chrome","10":"Microsoft+Edge","11":"Microsoft+Edge+Update","12":"Microsoft+Edge+WebView2+Runtime","13":"Java+Auto+Updater","14":"Java+8+Update+381","15":"Microsoft+Visual+C%2B%2B+2015-2022+Redistributable+%28x64%29+-+14%2E36%2E32532","16":"Office+16+Click-to-Run+Extensibility+Component"},"processes":{"0":"ApplicationFrameHost%2Eexe","1":"Memory+Compression","2":"OfficeClickToRun%2Eexe","3":"Registry","4":"RuntimeBroker%2Eexe","5":"SearchApp%2Eexe","6":"SgrmBroker%2Eexe","7":"StartMenuExperienceHost%2Eexe","8":"System","9":"SystemSettings%2Eexe","10":"TextInputHost%2Eexe","11":"UserOOBEBroker%2Eexe","12":"WCKsatFYtLNCcBGzYutkrweBluUg%2Eexe","13":"WinStore%2EApp%2Eexe","14":"WmiPrvSE%2Eexe","15":"%5BSystem+Process%5D","16":"audiodg%2Eexe","17":"chrome%2Eexe","18":"conhost%2Eexe","19":"csrss%2Eexe","20":"ctfmon%2Eexe","21":"dasHost%2Eexe","22":"dllhost%2Eexe","23":"dwm%2Eexe","24":"explorer%2Eexe","25":"fontdrvhost%2Eexe","26":"lsass%2Eexe","27":"nsq4808%2Etmp","28":"services%2Eexe","29":"sihost%2Eexe","30":"smartscreen%2Eexe","31":"smss%2Eexe","32":"spoolsv%2Eexe","33":"svchost%2Eexe","34":"wininit%2Eexe","35":"winlogon%2Eexe"}}
Source: explorer.exe, 0000000C.00000002.3177256403.00000000078AD000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: NXTTAVMWare
Source: Setup.exe, 00000000.00000003.1759238980.0000000000819000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: stem_stats":{"os_name":"Microsoft+Windows+10+Pro","os_installdate":"20231003095718%2E000000%2B060","os_processes":"113","os_architecture":"64-bit","os_virtmem":"8387636","os_mem":"4193332","cpu_name":"Intel%28R%29+Core%28TM%292+CPU+6600+%40+2%2E40+GHz","cpu_maxclock":"2000","cpu_cores":"4","cpu_logicalproc":"1","pc_vendor":"VMware%2C+Inc%2E","pc_version":"None","gpu_name":"PR8CPK3Y","gpu_ram":"0","gpu_bitsperpixel":"32","gpu_x":"1280","gpu_y":"1024","disk_name":"GWPE9XE3+SCSI+Disk+Device","disk_size":"412300001200","sec_as":"","sec_av":"Windows+Defender","sec_fw":"","bios_releasedate":"20221121000000%2E000000%2B000"},"pcapps":{"0":"7-Zip+23%2E01+%28x64%29","1":"Mozilla+Firefox+%28x64+en-US%29","2":"Mozilla+Maintenance+Service","3":"Microsoft+Office+Professional+Plus+2019+-+en-us","4":"Microsoft+Visual+C%2B%2B+2022+X64+Additional+Runtime+-+14%2E36%2E32532","5":"Office+16+Click-to-Run+Licensing+Component","6":"Office+16+Click-to-Run+Extensibility+Component+64-bit+Registration","7":"Adobe+Acrobat+%2864-bit%29","8":"Microsoft+Visual+C%2B%2B+2022+X64+Minimum+Runtime+-+14%2E36%2E32532","9":"Google+Chrome","10":"Microsoft+Edge","11":"Microsoft+Edge+Update","12":"Microsoft+Edge+WebView2+Runtime","13":"Java+Auto+Updater","14":"Java+8+Update+381","15":"Microsoft+Visual+C%2B%2B+2015-2022+Redistributable+%28x64%29+-+14%2E36%2E32532","16":"Office+16+Click-to-Run+Extensibility+Component"},"processes":{"0":"ApplicationFrameHost%2Eexe","1":"Memory+Compression","2":"OfficeClickToRun%2Eexe","3":"Registry","4":"RuntimeBroker%2Eexe","5":"SearchApp%2Eexe","6":"Setup%2Eexe","7":"SgrmBroker%2Eexe","8":"StartMenuExperienceHost%2Eexe","9":"System","10":"SystemSettings%2Eexe","11":"TextInputHost%2Eexe","12":"UserOOBEBroker%2Eexe","13":"WCKsatFYtLNCcBGzYutkrweBluUg%2Eexe","14":"WinStore%2EApp%2Eexe","15":"WmiPrvSE%2Eexe","16":"%5BSystem+Process%5D","17":"audiodg%2Eexe","18":"backgroundTaskHost%2Eexe","19":"conhost%2Eexe","20":"csrss%2Eexe","21":"ctfmon%2Eexe","22":"dasHost%2Eexe","23":"dllhost%2Eexe","24":"dwm%2Eexe",
Source: explorer.exe, 0000000C.00000002.3385003856.0000000009815000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f&0&000000
Source: PcAppStore.exe, 0000001E.00000002.2506009311.0000023DC2C60000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: stringComputer System ProductComputer System ProductHMFH4171434D56-1548-ED3D-AEE6-C75AECD93BF0VMware, Inc.Noney*
Source: chrome.exe, 00000001.00000002.3424227462.00001F5000F24000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: USB device added: path=\\?\usb#vid_0e0f&pid_0003#5&2dda038&0&5#{a5dcbf10-6530-11d2-901f-00c04fb951ed} vendor=3599 "VMware", product=3 "VMware Virtual USB Mouse", serial="", driver="usbccgp", guid=504170ed-5f6f-4c43-96d5-6f9856e9395f
Source: explorer.exe, 0000000C.00000002.3177256403.0000000007A34000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000C.00000000.2376803618.0000000007A34000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: Hyper-V RAWen-GBnx
Source: explorer.exe, 0000000C.00000002.3385003856.0000000009660000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\4&224F42EF&0&000000er
Source: explorer.exe, 0000000C.00000002.3035085879.0000000001240000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000
Source: Setup.exe, 00000000.00000003.1758122387.0000000000819000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: {"system_stats":{"os_name":"Microsoft+Windows+10+Pro","os_installdate":"20231003095718%2E000000%2B060","os_processes":"113","os_architecture":"64-bit","os_virtmem":"8387636","os_mem":"4193332","cpu_name":"Intel%28R%29+Core%28TM%292+CPU+6600+%40+2%2E40+GHz","cpu_maxclock":"2000","cpu_cores":"4","cpu_logicalproc":"1","pc_vendor":"VMware%2C+Inc%2E","pc_version":"None","gpu_name":"PR8CPK3Y","gpu_ram":"0","gpu_bitsperpixel":"32","gpu_x":"1280","gpu_y":"1024","disk_name":"GWPE9XE3+SCSI+Disk+Device","disk_size":"412300001200","sec_as":"","sec_av":"Windows+Defender","sec_fw":"","bios_releasedate":"20221121000000%2E000000%2B000"},"pcapps":{
Source: explorer.exe, 0000000C.00000002.3035085879.0000000001240000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: C:\Users\user\Desktop\Setup.exe API call chain: ExitProcess graph end node
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp API call chain: ExitProcess graph end node
Source: C:\Users\user\Desktop\Setup.exe Process information queried: ProcessInformation Jump to behavior
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Source: C:\Users\user\PCAppStore\PcAppStore.exe Code function: 10_2_00007FF71ADE1254 __vcrt_InitializeCriticalSectionEx,GetLastError,IsDebuggerPresent,OutputDebugStringW, 10_2_00007FF71ADE1254
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Source: C:\Users\user\PCAppStore\PcAppStore.exe Code function: 10_2_00007FF71ADE1254 __vcrt_InitializeCriticalSectionEx,GetLastError,IsDebuggerPresent,OutputDebugStringW, 10_2_00007FF71ADE1254
Contains functionality to dynamically determine API calls
Source: C:\Users\user\PCAppStore\PcAppStore.exe Code function: 10_2_00007FF71AC4BFE0 atomic,RoGetActivationFactory,atomic,LoadLibraryW,GetProcAddress,RoGetActivationFactory,atomic,atomic,type_info::_name_internal_method,Concurrency::details::WorkQueue::IsStructuredEmpty,LoadLibraryW,Concurrency::details::_Scheduler::_Scheduler,GetProcAddress,atomic, 10_2_00007FF71AC4BFE0
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Source: C:\Users\user\PCAppStore\PcAppStore.exe Code function: 10_2_00007FF71AC71E10 std::bad_exception::bad_exception,GetProcessHeap,HeapAlloc,std::bad_alloc::bad_alloc, 10_2_00007FF71AC71E10
Source: C:\Users\user\PCAppStore\PcAppStore.exe Code function: 10_2_00007FF71AE03990 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 10_2_00007FF71AE03990
Source: C:\Users\user\PCAppStore\PcAppStore.exe Code function: 10_2_00007FF71AE08CB8 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 10_2_00007FF71AE08CB8
Source: C:\Users\user\PCAppStore\Watchdog.exe Code function: 11_2_00007FF75C48255C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 11_2_00007FF75C48255C
Source: C:\Users\user\PCAppStore\Watchdog.exe Code function: 11_2_00007FF75C487EA8 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 11_2_00007FF75C487EA8
Source: C:\Users\user\PCAppStore\Watchdog.exe Code function: 11_2_00007FF75C482FDC IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 11_2_00007FF75C482FDC
Source: C:\Users\user\PCAppStore\Watchdog.exe Code function: 11_2_00007FF75C4831C0 SetUnhandledExceptionFilter, 11_2_00007FF75C4831C0

HIPS / PFW / Operating System Protection Evasion
barindex
Found direct / indirect Syscall (likely to bypass EDR)
Source: C:\Program Files (x86)\DrSXXVmHpZDxFgrRfOEBCcSJhLjFyVbPIcJlABnTLoDKq\WCKsatFYtLNCcBGzYutkrweBluUg.exe NtOpenKeyEx: Direct from: 0x76F02B9C
Source: C:\Program Files (x86)\DrSXXVmHpZDxFgrRfOEBCcSJhLjFyVbPIcJlABnTLoDKq\WCKsatFYtLNCcBGzYutkrweBluUg.exe NtOpenKeyEx: Direct from: 0x76F03C9C
Source: C:\Program Files (x86)\DrSXXVmHpZDxFgrRfOEBCcSJhLjFyVbPIcJlABnTLoDKq\WCKsatFYtLNCcBGzYutkrweBluUg.exe NtClose: Direct from: 0x76F02B6C
Source: C:\Program Files (x86)\DrSXXVmHpZDxFgrRfOEBCcSJhLjFyVbPIcJlABnTLoDKq\WCKsatFYtLNCcBGzYutkrweBluUg.exe NtReadVirtualMemory: Direct from: 0x76F02E8C
Source: C:\Program Files (x86)\DrSXXVmHpZDxFgrRfOEBCcSJhLjFyVbPIcJlABnTLoDKq\WCKsatFYtLNCcBGzYutkrweBluUg.exe NtProtectVirtualMemory: Direct from: 0x76F02F9C
Source: C:\Program Files (x86)\DrSXXVmHpZDxFgrRfOEBCcSJhLjFyVbPIcJlABnTLoDKq\WCKsatFYtLNCcBGzYutkrweBluUg.exe NtSetInformationProcess: Direct from: 0x76F02C5C
Source: C:\Program Files (x86)\DrSXXVmHpZDxFgrRfOEBCcSJhLjFyVbPIcJlABnTLoDKq\WCKsatFYtLNCcBGzYutkrweBluUg.exe NtQueryAttributesFile: Direct from: 0x76F02E6C
Source: C:\Program Files (x86)\DrSXXVmHpZDxFgrRfOEBCcSJhLjFyVbPIcJlABnTLoDKq\WCKsatFYtLNCcBGzYutkrweBluUg.exe NtCreateMutant: Direct from: 0x76F035CC
Source: C:\Program Files (x86)\DrSXXVmHpZDxFgrRfOEBCcSJhLjFyVbPIcJlABnTLoDKq\WCKsatFYtLNCcBGzYutkrweBluUg.exe NtMapViewOfSection: Direct from: 0x76F02D1C
Source: C:\Program Files (x86)\DrSXXVmHpZDxFgrRfOEBCcSJhLjFyVbPIcJlABnTLoDKq\WCKsatFYtLNCcBGzYutkrweBluUg.exe NtQueryVolumeInformationFile: Direct from: 0x76F02F2C
Source: C:\Program Files (x86)\DrSXXVmHpZDxFgrRfOEBCcSJhLjFyVbPIcJlABnTLoDKq\WCKsatFYtLNCcBGzYutkrweBluUg.exe NtOpenSection: Direct from: 0x76F02E0C
Source: C:\Program Files (x86)\DrSXXVmHpZDxFgrRfOEBCcSJhLjFyVbPIcJlABnTLoDKq\WCKsatFYtLNCcBGzYutkrweBluUg.exe NtDeviceIoControlFile: Direct from: 0x76F02AEC
Source: C:\Program Files (x86)\DrSXXVmHpZDxFgrRfOEBCcSJhLjFyVbPIcJlABnTLoDKq\WCKsatFYtLNCcBGzYutkrweBluUg.exe NtAllocateVirtualMemory: Direct from: 0x76F02BFC
Source: C:\Program Files (x86)\DrSXXVmHpZDxFgrRfOEBCcSJhLjFyVbPIcJlABnTLoDKq\WCKsatFYtLNCcBGzYutkrweBluUg.exe NtQueryValueKey: Direct from: 0x76F02BEC
Source: C:\Program Files (x86)\DrSXXVmHpZDxFgrRfOEBCcSJhLjFyVbPIcJlABnTLoDKq\WCKsatFYtLNCcBGzYutkrweBluUg.exe NtAddAtomEx: Direct from: 0x76F0312C
Source: C:\Program Files (x86)\DrSXXVmHpZDxFgrRfOEBCcSJhLjFyVbPIcJlABnTLoDKq\WCKsatFYtLNCcBGzYutkrweBluUg.exe NtCreateFile: Direct from: 0x76F02FEC
Source: C:\Program Files (x86)\DrSXXVmHpZDxFgrRfOEBCcSJhLjFyVbPIcJlABnTLoDKq\WCKsatFYtLNCcBGzYutkrweBluUg.exe NtOpenFile: Direct from: 0x76F02DCC
Source: C:\Program Files (x86)\DrSXXVmHpZDxFgrRfOEBCcSJhLjFyVbPIcJlABnTLoDKq\WCKsatFYtLNCcBGzYutkrweBluUg.exe NtSetInformationThread: Direct from: 0x76F02ECC
Source: C:\Program Files (x86)\DrSXXVmHpZDxFgrRfOEBCcSJhLjFyVbPIcJlABnTLoDKq\WCKsatFYtLNCcBGzYutkrweBluUg.exe NtTerminateThread: Direct from: 0x76F02FCC
Source: C:\Program Files (x86)\DrSXXVmHpZDxFgrRfOEBCcSJhLjFyVbPIcJlABnTLoDKq\WCKsatFYtLNCcBGzYutkrweBluUg.exe NtQueryInformationProcess: Direct from: 0x76F02C26
Contains functionality to simulate keystroke presses
Source: C:\Users\user\PCAppStore\PcAppStore.exe Code function: 10_2_00007FF71AC75130 keybd_event,keybd_event, 10_2_00007FF71AC75130
Creates a process in suspended mode (likely to inject code)
Source: C:\Users\user\Desktop\Setup.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://pcapp.store/installing.php?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&winver=19045&version=fa.1092c&nocache=20241031070029.271&_fcid=1730271248380473 Jump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exe Process created: unknown unknown Jump to behavior
Source: nsq4808.tmp, 00000009.00000002.2496609049.0000000002BD8000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 0000000A.00000000.2366309517.00007FF71AE4B000.00000002.00000001.01000000.00000016.sdmp, PcAppStore.exe, 0000000A.00000002.3233552193.00007FF71AE4B000.00000002.00000001.01000000.00000016.sdmp Binary or memory string: C++/WinRT version:2.0.220110.5productr_binErreCode=%dproductcreate_shortcutshortcut_erroroid=%luSHGetFolderPath_error_code=%X&oid=%luQueryInterface_error_code=%X&oid=%luCoCreateInstance_error_code=%X&oid=%lu.lnknfinityan.lnkindsnanproductshortcut_delete_erroreC=%XnfinityanindsnanShell_TrayWnd0p+00p+0unknowninfnan(ind)nannan(snan)infnan(ind)nannan(snan)infnan(ind)nannan(snan)infnan(ind)nannan(snan)unknownLTRRTLLTRinfnan(ind)nannan(snan)infnan(ind)nannan(snan)type must be string, but is type must be number, but is type must be number, but is \\\HKEY_CLASSES_ROOTHKEY_CURRENT_USERHKEY_LOCAL_MACHINEHKEY_USERSHKEY_CURRENT_CONFIGCurrentBuildBuildNumberSOFTWARE\Microsoft\Windows NT\CurrentVersionSOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon%lu%02X\/Software\Microsoft\Windows\CurrentVersion\RunSoftware\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\RunSoftware\Microsoft\Windows\CurrentVersion\RunSoftware\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\RunSoftware\PCAppStoreAppParamdefaultauto_start_oncontextual_offersperiodical_offerspersonilized_notifications%us%5B%5D=\uparamsnametype must be string, but is paramsnameurloidentryAppfilePath0e+000e+00RoGetActivationFactorycombase.dllCoIncrementMTAUsagecombase.dll^(https?://(?:www.)?([^/]+))(/.*)?$.dllDllGetActivationFactoryURL format is not valid : %wsWinHTTP 1.0handle initialization failuretimeout init failurehandle connection failureGEThandle request creation failurehandle request or response failurefile creation failurequery data not availableurloidlastTimeoTypesessionIdtagretmessageRoGetActivationFactorycombase.dllCoIncrementMTAUsagecombase.dll.dllDllGetActivationFactoryiconnamepathoidanimationsoundmenu_storemenu_searchhttps://pcapp.storenamepathmicrosoftIdregpathkeydisplaycountblinkingnotificationIconrunParampathalt_linkmicrosoftIdregpathkeyidwinGetParamsaltActionaltActionParamsid
Source: chrome.exe, 00000001.00000002.3214554762.000001FDA95E0000.00000002.00000001.00040000.00000000.sdmp, PcAppStore.exe, PcAppStore.exe, 0000000A.00000003.2553967758.00000274986C9000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 0000000A.00000003.2553824750.00000274986C0000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Shell_TrayWnd
Source: nsq4808.tmp, 00000009.00000002.2496609049.0000000002BD8000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 0000000A.00000000.2366309517.00007FF71AE4B000.00000002.00000001.01000000.00000016.sdmp, PcAppStore.exe, 0000000A.00000002.3233552193.00007FF71AE4B000.00000002.00000001.01000000.00000016.sdmp Binary or memory string: productui_creation_failedcreation_error=%wsui_termination_errordirectory_switching_error.\nwjs\NW_store.exe.\ui\.ENDING_EVT_HANDLERWindows Default Lock ScreenLocalPCAppStore\productsystem_eventmsg=shutdownshutdownproductsystem_eventmsg=logofflogoff{"app":{"menu_search":{"search_request":"", "page":"b"},"show_window": "menu_search"}}ClosingEventproducttaskbar_handler_erroreCode=%luShell_TrayWndStartTrayDummySearchControlTrayButton
Source: chrome.exe, 00000001.00000002.3214554762.000001FDA95E0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 0000000C.00000002.3052396901.00000000018A0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 0000000C.00000000.2373272008.00000000018A0000.00000002.00000001.00040000.00000000.sdmp Binary or memory string: Progman
Source: PcAppStore.exe, 0000000A.00000002.3088361173.0000027495EEE000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Program Managernstaller
Source: nsq4808.tmp, 00000009.00000002.2496609049.0000000002BD8000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 0000000A.00000000.2366309517.00007FF71AE4B000.00000002.00000001.01000000.00000016.sdmp, PcAppStore.exe, 0000000A.00000002.3233552193.00007FF71AE4B000.00000002.00000001.01000000.00000016.sdmp Binary or memory string: list too longStartMenuExperienceHost.exeShellExperienceHost.exeexplorer.exeSearchApp.exeSearchUI.exeSearchHost.exe{"app":{"menu_search":{"search_request":"", "page":"a", "top":%d,"left":%d,"bottom":%d,"right":%d},"show_window": "menu_search"}}{"app": {"hide_window": "menu_search"}}Shell_TrayWndStartTrayDummySearchControlTrayButton
Source: PcAppStore.exe, 0000000A.00000003.2553967758.00000274986C9000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 0000000A.00000003.2553824750.00000274986C0000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 0000000A.00000003.2554002235.00000274986CD000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Shell_TrayWnded.*
Source: explorer.exe, 0000000C.00000000.2372840527.0000000001240000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.3035085879.0000000001240000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: 1Progman$
Source: chrome.exe, 00000001.00000002.3214554762.000001FDA95E0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 0000000C.00000002.3052396901.00000000018A0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 0000000C.00000000.2373272008.00000000018A0000.00000002.00000001.00040000.00000000.sdmp Binary or memory string: Progmanlock
Source: chrome.exe, 00000001.00000002.3214554762.000001FDA95E0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 0000000C.00000002.3052396901.00000000018A0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 0000000C.00000000.2373272008.00000000018A0000.00000002.00000001.00040000.00000000.sdmp Binary or memory string: }Program Manager
Source: nsq4808.tmp, 00000009.00000002.2496609049.0000000002BD8000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 0000000A.00000000.2366309517.00007FF71AE4B000.00000002.00000001.01000000.00000016.sdmp, PcAppStore.exe, 0000000A.00000002.3233552193.00007FF71AE4B000.00000002.00000001.01000000.00000016.sdmp Binary or memory string: TTaskbarShell_TrayWnd{"app": {"init":{"direction":"%c","screen_size":{"with_topbar":%d,"t":%d,"l":%d,"b":%d,"r":%d}}}}
Source: PcAppStore.exe, 0000000A.00000003.2553756411.00000274986F2000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 0000000A.00000003.2553719445.00000274986EB000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 0000000A.00000003.2553891523.00000274986FB000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Shell_TrayWndV
Source: PcAppStore.exe, 0000000A.00000002.3088361173.0000027495EEE000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Program Managernstaller%p
Source: nsq4808.tmp, 00000009.00000002.2496609049.0000000002BD8000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 0000000A.00000000.2366309517.00007FF71AE4B000.00000002.00000001.01000000.00000016.sdmp, PcAppStore.exe, 0000000A.00000002.3233552193.00007FF71AE4B000.00000002.00000001.01000000.00000016.sdmp Binary or memory string: NWidgetShell_TrayWndTrayNotifyWnd+TrayButtonPNGArial++
Contains functionality to query CPU information (cpuid)
Source: C:\Users\user\PCAppStore\Watchdog.exe Code function: 11_2_00007FF75C4967D0 cpuid 11_2_00007FF75C4967D0
Contains functionality to query locales information (e.g. system language)
Source: C:\Users\user\PCAppStore\PcAppStore.exe Code function: GetLocaleInfoEx,Concurrency::details::WorkQueue::IsStructuredEmpty,GetLocaleInfoEx, 10_2_00007FF71AC67BE0
Source: C:\Users\user\PCAppStore\PcAppStore.exe Code function: GetLocaleInfoEx,FormatMessageA, 10_2_00007FF71ADE68B0
Source: C:\Users\user\PCAppStore\Watchdog.exe Code function: GetLocaleInfoEx,FormatMessageA, 11_2_00007FF75C481448
Queries the volume information (name, serial number etc) of a device
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exe Code function: 10_2_00007FF71ADE7B24 GetSystemTimePreciseAsFileTime,GetSystemTimeAsFileTime, 10_2_00007FF71ADE7B24
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_0040352D EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,ExitProcess,CoUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess, 0_2_0040352D
Source: C:\Windows\explorer.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Source: C:\Users\user\Desktop\Setup.exe WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : Select displayName from AntiSpywareProduct
Source: C:\Users\user\Desktop\Setup.exe WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : Select displayName from AntiVirusProduct
Source: C:\Users\user\Desktop\Setup.exe WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : Select displayName from FirewallProduct
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : Select displayName from AntiSpywareProduct
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : Select displayName from AntiVirusProduct
Source: C:\Users\user\AppData\Local\Temp\nsq4808.tmp WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : Select displayName from FirewallProduct

Stealing of Sensitive Information
barindex
Tries to harvest and steal browser information (history, passwords, etc)
Source: C:\Users\user\PCAppStore\PcAppStore.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences Jump to behavior
OS version to string mapping found (often used in BOTs)
Source: sr.pak.info.9.dr Binary or memory string: IDS_WIN_8_1_OBSOLETE,943,../../chrome/app/chromium_strings.grd
Source: sr.pak.info.9.dr Binary or memory string: IDS_WIN_XP_VISTA_OBSOLETE,940,../../chrome/app/chromium_strings.grd
Source: sr.pak.info.9.dr Binary or memory string: IDS_WIN_8_OBSOLETE,942,../../chrome/app/chromium_strings.grd
Source: sr.pak.info.9.dr Binary or memory string: IDS_WIN_7_OBSOLETE,941,../../chrome/app/chromium_strings.grd
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1546037 Sample: Setup.exe Startdate: 31/10/2024 Architecture: WINDOWS Score: 51 85 Machine Learning detection for sample 2->85 9 Setup.exe 2 42 2->9         started        process3 dnsIp4 81 159.223.126.41 CELANESE-US United States 9->81 83 195.181.170.18 CDN77GB United Kingdom 9->83 47 C:\Users\user\AppData\Local\...\nsq4808.tmp, PE32 9->47 dropped 49 C:\Users\user\AppData\Local\...\nsJSON.dll, PE32 9->49 dropped 51 C:\Users\user\AppData\Local\...\nsDialogs.dll, PE32 9->51 dropped 53 3 other files (none is malicious) 9->53 dropped 91 Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines) 9->91 14 nsq4808.tmp 11 252 9->14         started        18 chrome.exe 1 9->18         started        file5 signatures6 process7 dnsIp8 55 C:\Users\user\PCAppStore\nwjs\vulkan-1.dll, PE32+ 14->55 dropped 57 C:\Users\user\...\vk_swiftshader.dll, PE32+ 14->57 dropped 59 C:\Users\user\PCAppStore\nwjs\nw_elf.dll, PE32+ 14->59 dropped 61 17 other files (11 malicious) 14->61 dropped 93 Multi AV Scanner detection for dropped file 14->93 95 Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines) 14->95 97 Creates multiple autostart registry keys 14->97 21 PcAppStore.exe 2 4 14->21         started        26 Watchdog.exe 14->26         started        63 192.168.2.4 unknown unknown 18->63 65 239.255.255.250 unknown Reserved 18->65 28 chrome.exe 18->28         started        30 chrome.exe 18->30         started        32 chrome.exe 6 18->32         started        file9 signatures10 process11 dnsIp12 67 170.114.45.1 DORSEY-WHITNEYUS United States 21->67 69 170.114.52.2 DORSEY-WHITNEYUS United States 21->69 71 147.182.211.77 BV-PUBLIC-ASNUS United States 21->71 45 C:\Users\user\...\ZoomInstaller.exe, PE32+ 21->45 dropped 89 Tries to harvest and steal browser information (history, passwords, etc) 21->89 34 WCKsatFYtLNCcBGzYutkrweBluUg.exe 21->34 injected 37 explorer.exe 21->37 injected 39 WCKsatFYtLNCcBGzYutkrweBluUg.exe 21->39 injected 41 26 other processes 21->41 73 18.173.205.24 MIT-GATEWAYSUS United States 26->73 75 169.150.255.183 SPIRITTEL-ASUS United States 28->75 77 207.211.211.26 NAVISITE-EAST-2US United States 28->77 79 20 other IPs or domains 28->79 file13 signatures14 process15 signatures16 87 Found direct / indirect Syscall (likely to bypass EDR) 34->87 43 PcAppStore.exe 37->43         started        process17
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
173.194.76.156
 unknown United States
15169 GOOGLEUS false
142.250.185.99
 unknown United States
15169 GOOGLEUS false
142.250.185.78
 unknown United States
15169 GOOGLEUS false
142.250.186.67
 unknown United States
15169 GOOGLEUS false
207.246.91.177
 unknown United States
20473 AS-CHOOPAUS false
142.250.186.174
 unknown United States
15169 GOOGLEUS false
159.223.126.41
 unknown United States
46118 CELANESE-US false
172.217.23.104
 unknown United States
15169 GOOGLEUS false
142.250.185.100
 unknown United States
15169 GOOGLEUS false
142.250.185.106
 unknown United States
15169 GOOGLEUS false
74.125.206.84
 unknown United States
15169 GOOGLEUS false
18.173.205.24
 unknown United States
3 MIT-GATEWAYSUS false
147.182.211.77
 unknown United States
27555 BV-PUBLIC-ASNUS false
142.250.186.72
 unknown United States
15169 GOOGLEUS false
142.250.184.200
 unknown United States
15169 GOOGLEUS false
172.217.16.142
 unknown United States
15169 GOOGLEUS false
142.250.186.98
 unknown United States
15169 GOOGLEUS false
142.250.184.195
 unknown United States
15169 GOOGLEUS false
1.1.1.1
 unknown Australia
13335 CLOUDFLARENETUS false
170.114.52.2
 unknown United States
22347 DORSEY-WHITNEYUS false
142.250.186.162
 unknown United States
15169 GOOGLEUS false
195.181.170.18
 unknown United Kingdom
60068 CDN77GB false
142.250.181.226
 unknown United States
15169 GOOGLEUS false
239.255.255.250
 unknown Reserved
unknown unknown false
142.250.181.228
 unknown United States
15169 GOOGLEUS false
170.114.45.1
 unknown United States
22347 DORSEY-WHITNEYUS false
142.250.186.100
 unknown United States
15169 GOOGLEUS false
169.150.255.183
 unknown United States
2711 SPIRITTEL-ASUS false
207.211.211.26
 unknown United States
14135 NAVISITE-EAST-2US false

Private

IP
192.168.2.4